Kaspersky signale des attaques exploitant une vulnérabilité zero-day de Microsoft Office récemment corrigé

La semaine dernière, Microsoft rapportait avoir identifié la vulnérabilité d’exécution de code à distance CVE-2021-40444 dans le moteur du navigateur Internet Explorer, appelé MSHTML. Selon l’entreprise, cette vulnérabilité a déjà été utilisée dans des attaques ciblées contre des utilisateurs de Microsoft Office et Microsoft a publié un correctif pour celle-ci le 14 septembre 2021. The […]

Continue Reading

46% of all on-prem databases are vulnerable to attack, breaches expected to grow

46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the […]

Continue Reading

Why XSS is still an XXL issue in 2021

Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a significant infosec problem, XSS attacks have remained a constant of the OWASP Top 10 Web Application Security Risks year after year and still make headlines. In fact, earlier this […]

Continue Reading

When exploit code precedes a patch, attackers gain a massive head start

Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security and Cyentia Institute has found. “This data-driven research, built over the course of several years, should remove any doubt,” said Ed Bellis, CTO of Kenna Security. “Practices that have long been […]

Continue Reading