Blog – Pagina 97 – Luca Donetti Dontin

Apr022024

Campagna phishing a tema “liquidazione fatture” (AL02/240329/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

È stata rilevata una campagna di phishing, volta a carpire le credenziali delle potenziali vittime, che esorta l’utente a visualizzare un presunto documento contenente delle fatture da liquidare. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mar312024

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

in Cybersecurity
Tagged with Cisa

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow…

Continue reading →

Mar312024

Rilevata backdoor in XZ Utils (AL01/240330/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Ricercatori di sicurezza hanno rilevato la presenza di una backdoor nei tool di compressione dati XZ Utils utilizzati in diverse distribuzioni Linux Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mar292024

Cisco Releases Security Updates for Multiple Products

in Cybersecurity
Tagged with Cisa

Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco…

Continue reading →

Mar292024

Rilevate vulnerabilità in prodotti Splunk (AL03/240328/CSIRT-ITA)

in Cybersecurity
Tagged with csirt

Splunk ha rilasciato aggiornamenti di sicurezza per correggere 2 vulnerabilità con gravità “alta” nel noto prodotto per l’analisi del traffico di rete Enterprise. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mar272024

CISA Adds One Known Exploited Vulnerability to Catalog

in Cybersecurity
Tagged with Cisa

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational…

Continue reading →

Mar272024

Aggiornamenti Mensili Microsoft (AL01/230510/CSIRT-ITA) – Aggiornamento

in Cybersecurity
Tagged with csirt

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 38 nuove vulnerabilità, 3 di tipo 0-day. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.

Continue reading →

Mar262024

Optimized NAT46 Config on a FortiGate

in Blog
Tagged with

Johannes published a basic NAT46 configuration for a Fortigate firewall with FortiOS 7.0 some time ago. I run such a service (legacy IPv4 access to IPv6-only resources) since FortiOS 5.6, which means more than six years; lastly with FortiOS 6.4. It’s running for more than…

Continue reading →