Voici la sélection des vulnérabilités de cybersécurité les plus critiques découvertes la semaine passée.
Vous retrouvez ci-dessous les liens directs vers les articles les plus intéressants. Pour information, cette veille est préparée avec un vrai cerveau non artificiel, alors bonne lecture et merci de soutenir le Décodeur !
Les actus sélectionnées cette semaine
Hacker gains admin control of Sourcegraph and gives free access to the masses
We’ve said it before; we’ll say it again: Don’t put credentials in publicly available code.
NYC subway security flaw makes it possible to track riders’ journeys | Engadget
The contactless payment system for New York City’s subways has a security hole.
LogicMonitor customers hit by hackers, because of default passwords | TechCrunch
An unknown number of LogicMonitor’s customers have been hacked due to the fact that the company set weak default passwords.
Kroll’s Crypto Breach Highlights SIM-Swapping Risk
Information was exposed on hundreds of crypto-related bankruptcy claimants in proceedings involving FTX, Genesis, and BlockFI.
MOVEit Breach Shows Us SQL Injections Are Still Our Achilles’ Heel
SQL injection and its ilk will stop being “a thing” only after organizations focus on security by construction.
Multiple Notepad++ Flaws Let Attackers Execute Arbitrary Code
Several Buffer Overflow vulnerabilities have been discovered in Notepad++ that can be exploited by threat actors for malicious purposes.
How Hackers Abusing ChatGPT Features For Their Cybercriminal Activities – Bypass Censorship
Cybersecurity analysts at Trend Micro, Europol, and UNICRI jointly studied criminal AI exploitation, releasing the “Malicious Uses and Abuses of Artificial Intelligence”.
Citrix NetScaler Alert: Ransomware Hackers Exploiting Critical Vulnerability
Unpatched Citrix systems under attack! Unknown threat actors are exploiting a critical vulnerability (CVE-2023-3519) for ransomware attacks.
Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
New research uncovers how hackers could cleverly bypass endpoint security by exploiting Windows Container Isolation
Polish train chaos blamed on radio hackers
IT specialists say radio attacks point to long-standing weaknesses in rail network’s security.
Voice Deepfakes Are Coming for Your Bank Balance
Artificial intelligence tools have given scammers a potent weapon for trying to trick people into sending them money.