iOS 15 includes Face ID fix for security bypass using fake heads
Fake heads! (Cue dystopian scifi music.) Source: Naked Security Sophos New feed
Continue ReadingCategory: patch
Kaspersky signale des attaques exploitant une vulnérabilité zero-day de Microsoft Office récemment corrigé
La semaine dernière, Microsoft rapportait avoir identifié la vulnérabilité d’exécution de code à distance CVE-2021-40444 dans le moteur du navigateur Internet Explorer, appelé MSHTML. Selon l’entreprise, cette vulnérabilité a déjà été utilisée dans des attaques ciblées contre des utilisateurs de Microsoft Office et Microsoft a publié un correctif pour celle-ci le 14 septembre 2021. The […]
Continue ReadingHack des appareils Apple par Pegasus : le décryptage de Darktrace
Hier, Apple a procédé en urgence à la mise à jour d’un patch de sécurité afin de contrer le logiciel de cyberespionnage Pegasus, qui utilisait une faille depuis février 2021 pour installer un logiciel espion. The post Hack des appareils Apple par Pegasus : le décryptage de Darktrace first appeared on UnderNews. Source: Undernewes
Continue Reading46% of all on-prem databases are vulnerable to attack, breaches expected to grow
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities. 56% of the Common Vulnerabilities and Exposures (CVEs) found were ranked as ‘High’ or ‘Critical’ severity, aligned with guidelines from the […]
Continue ReadingWhy XSS is still an XXL issue in 2021
Cross-site scripting (XSS) attacks take advantage of coding flaws in the way websites or web applications generate input from users. Despite their longstanding reputation as a significant infosec problem, XSS attacks have remained a constant of the OWASP Top 10 Web Application Security Risks year after year and still make headlines. In fact, earlier this […]
Continue ReadingDécouverte de quatre vulnérabilités de sécurité dans Microsoft Office
Check Point Research (CPR) invite les utilisateurs de Windows à mettre à jour leurs logiciels, après avoir découvert quatre failles de sécurité qui affectent les produits de la suite Microsoft Office, dont Excel et Office online. Trouvant leur origine dans un code patrimonial, ces vulnérabilités auraient pu permettre à un attaquant d’exécuter du code sur […]
Continue ReadingWhy is patch management so difficult to master?
This question has plagued IT and security departments for years. Each month these teams struggle to keep up with the number of patches issued by the myriad of vendors in their technology stack. And it’s not a small problem. According to a Ponemon Institute report, more than 40% of IT and security workers indicated they […]
Continue ReadingApple patches dangerous security holes, one in active use – update now!
It’s three weeks since last time. Now it’s this time, so patch now! Source: Naked Security Sophos New feed
Continue ReadingWhen exploit code precedes a patch, attackers gain a massive head start
Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security and Cyentia Institute has found. “This data-driven research, built over the course of several years, should remove any doubt,” said Ed Bellis, CTO of Kenna Security. “Practices that have long been […]
Continue ReadingFirefox 88 patches bugs and kills off a sneaky JavaScript tracking trick
What’s in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that. Source: Naked Security Sophos New feed
Continue Reading