Étiquette : vulnerability (Page 4 of 38)

With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?

14 septembre 2023 / noflux

“End users, admins, and researchers better brace yourselves: The number of apps being patched for zero-day vulnerabilities has skyrocketed this month and is likely to get worse in the following weeks. People have worked overtime in recent weeks to patch a raft of vulnerabilities actively exploited in the wild, with offerings from Apple, Microsoft, Google, Mozilla, Adobe, and Cisco all being affected since the beginning of the month. The number of zero-days tracked this month is considerably higher than the monthly average this year. September so far is at 10, compared with a total of 60 from January through August, according to security firm Mandiant. The company tracked 55 zero-days in 2022 and 81 in 2021. A sampling of the affected companies and products includes iOS and macOS, Windows, Chrome, Firefox, Acrobat and Reader, the Atlas VPN, and Cisco’s Adaptive Security Appliance Software and its Firepower Threat Defense. The number of apps is likely to grow because a single vulnerability that allows hackers to execute malicious code when users open a booby-trapped image included in a message or web page is present in possibly hundreds of apps.”

Source : With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica

Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found

8 août 2023 / noflux

“When The New York Times reported in April that a contractor had purchased and deployed a spying tool made by NSO, the contentious Israeli hacking firm, for use by the U.S. government, White House officials said they were unaware of the contract and put the F.B.I. in charge of figuring out who might have been using the technology. After an investigation, the F.B.I. uncovered at least part of the answer: It was the F.B.I.”

Source : Who Paid for a Mysterious Spy Tool? The FBI, an FBI Inquiry Found. – The New York Times

Des données ultrasensibles sur la sécurité de la Suisse sont en ligne sur le darknet

2 juillet 2023 / noflux

“La liste est donc sans fin, Xplain ayant des contrats avec d’innombrables services de sécurité en Suisse. Des questions fondamentales se posent: comment se fait-il que la société informatique ait gardé sur son infrastructure informatique autant de données opérationnelles de ses clients? Et pourquoi la Confédération n’a pas surveillé de près ce prestataire externe si important?”

Source : Des données ultrasensibles sur la sécurité de la Suisse sont en ligne sur le darknet – Le Temps

A Tale of Unwanted Disruption: My Week Without Amazon

14 juin 2023 / noflux

“This incident has led me to question my relationship with Amazon. After nearly a decade of loyalty, I’ve been given a harsh reminder that a misunderstanding can lead to such drastic measures. It seems more reasonable to handle such issues in a more compartmentalized way, rather than a blanket shutdown of all services. Due to this experience, I am seriously considering discontinuing my use of Amazon Echo devices and will caution others about this incident. This ordeal has made a case for a more personalized home assistant system, perhaps utilizing Raspberry Pi devices scattered around the house.”

Source : A Tale of Unwanted Disruption: My Week Without Amazon | by Brandon Jackson | Jun, 2023 | Medium

Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

4 juin 2023 / noflux

“Security experts have long said that any potential backdoors into encrypted communications or ways to decrypt services would undermine the overall security of the encryption. If law enforcement officials have a way to decipher messages, criminal hackers or those working on behalf of governments could exploit the same capabilities.”

Source : Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED

Story Killers: Des clients de hackers démasqués par des données bancaires suisses

21 mai 2023 / noflux

Un des deux paiements d’Arcanum à la société de «Jorge».

“Aujourd’hui, la question se pose de savoir si la Suisse aurait pu arrêter Jorge il y a huit ans déjà. Les fonctionnaires auraient-ils pu empêcher l’homme de continuer à manipuler des processus démocratiques? À l’époque, les autorités helvétiques disposaient des données bancaires de Jorge. La cellule enquête de Tamedia a analysé en détail ces documents bancaires issus des dossiers de procédure de 2015. Résultat: la clientèle de Jorge a transféré des sommes considérables sur le compte de sa société auprès de la banque tessinoise BSI. Rien qu’en 2014, l’équivalent de près de 850’000 francs ont été versés sur ce compte. De nombreux virements auraient pu éveiller les soupçons, comme le montrent les exemples qui suivent.”

Source : Enquête internationale – Story Killers: Des clients de hackers démasqués par des données bancaires suisses | 24 heures

PyPI temporarily pauses new users, projects amid high volume of malware

21 mai 2023 / noflux

pypi

“As of today, the Python Package Index, more commonly known as PyPI, has temporarily suspended new user registrations and project creations until further notice. « New user and new project name registration on PyPI is temporarily suspended, » states an incident notice posted by PyPI admins today, May 20th. « The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave. »”

Source : PyPI temporarily pauses new users, projects amid high volume of malware

App Store stopped more than $2 billion in fraudulent transactions in 2022

17 mai 2023 / noflux

“Apple announced that in 2022, the App Store prevented over $2 billion in potentially fraudulent transactions, and rejected nearly 1.7 million app submissions for failing to meet the App Store’s high standards for privacy, security, and content. ”

Source : App Store stopped more than $2 billion in fraudulent transactions in 2022 – Apple