Security CERT Global
- CERTFR-2024-AVI-0259 : Multiples vulnérabilités dans GitLab (28 mars 2024)
- CERTFR-2024-AVI-0260 : Multiples vulnérabilités dans les produits Cisco (28 mars 2024)
- CERTFR-2024-AVI-0257 : Multiples vulnérabilités dans Elasticsearch (28 mars 2024)
- CERTFR-2024-AVI-0261 : Multiples vulnérabilités dans Microsoft Edge (28 mars 2024)
- CERTFR-2024-AVI-0258 : Multiples vulnérabilités dans les produits Splunk (28 mars 2024)
- CERTFR-2024-AVI-0255 : Vulnérabilité dans GLPI (28 mars 2024)
- CERTFR-2024-AVI-0256 : Vulnérabilité dans Wireshark (28 mars 2024)
- CERT-SE:s veckobrev v.13
- JVN: EC-CUBE における認可回避の脆弱性
- openssl-1_0_0: CVSS (Max): 3.3
- openssl: CVSS (Max): 3.3
- openssl-1_1: CVSS (Max): 3.3
- MozillaFirefox: CVSS (Max): 8.1
- openssl-1_1: CVSS (Max): 3.3
- zziplib: CVSS (Max): 4.0
- jbcrypt and trilead-ssh2: CVSS (Max): 5.9
- axis: CVSS (Max): 4.9
- xen: CVSS (Max): 6.5
- openssl1: CVSS (Max): 3.3
- Linux Kernel: CVSS (Max): 7.8
- compat-openssl098: CVSS (Max): 3.3
- axis: CVSS (Max): 4.9
- java-1_8_0-openjdk: CVSS (Max): 7.4
- Linux Kernel: CVSS (Max): 7.8
- sudo: CVSS (Max): 7.0
- Linux Kernel: CVSS (Max): 7.8
- gnutls: CVSS (Max): 5.9
- Linux Kernel: CVSS (Max): 7.8
- python3: CVSS (Max): 8.4
- Cisco IOS XE Software: CVSS (Max): 7.4
- Red Hat Satellite 6.14: CVSS (Max): 7.5
- OpenShift Container Platform 4.13.38 low-latency extras: CVSS (Max): 5.9
- logging for Red Hat OpenShift: CVSS (Max): 5.9
- Cisco IOS Software and Cisco IOS XE Software: CVSS (Max): 8.6
- avahi: CVSS (Max): 6.2
- libvirt: CVSS (Max): 5.5
- krb5: CVSS (Max): 7.5
- python39: CVSS (Max): 8.4
- OpenShift Container Platform 4.12 low-latency extras: CVSS (Max): 5.9
- unixODBC: CVSS (Max): 7.1
- Thunderbird: CVSS (Max): 7.5
- logging for Red Hat OpenShift: CVSS (Max): 5.9
- shadow: CVSS (Max): 5.5
- cpio: CVSS (Max): 4.0
- EC-CUBE vulnerable to authorization bypass
- tiff: CVSS (Max): 6.5
- Cisco Catalyst Center: CVSS (Max): 4.3
- Linux Kernel: CVSS (Max): 8.4
- Splunk Enterprise: CVSS (Max): 7.2
- Splunk Enterprise: CVSS (Max): 7.5
MGS+ ICS Security Report April 2017
MGS+ ICS Security Report April 2017: Editor Picks: News Intelligence Alerts Report
2017 Security 100: 20 Coolest Endpoint Security Vendors
Source: http://www.crn.com/slide-shows/security/300084027/2017-security-100-20-coolest-endpoint-security-vendors.htm
Why Canada is well-positioned to be a global leader in cybersecurity
Cybersecurity: most IT personnel know of it. Even fewer follow up on the latest developments in the industry beyond notifications from their antivirus software that “143 latest threats” were just neutralized. Only a small handful of them actually go above and beyond, pushing the boundaries, proactively defending their organization from hundreds of new cyber threats unleashed daily.
Source: http://betakit.com/why-canada-is-well-positioned-to-be-a-global-leader-in-cybersecurity/
What the Best Transformational Leaders Do
Companies that claim to be “transforming” seem to be everywhere. But when you look more deeply into whether those organizations are truly redefining what they are and what they do, stories of successful change efforts are exceptionally rare. In a study of S&P 500 and Global 500 firms, our team found that those leading the most successful transformations, creating new offerings and business models to push into new growth markets, share common characteristics and strategies. Before describing those, let’s look at how we identified the exceptional firms that rose to the top of our ranking, a group we call the Transformation 10.
Source: https://hbr.org/2017/05/what-the-best-transformational-leaders-do
Europe Pumps Out 50% More Cybercrime Attacks Than US
Cyberattacks originating from Europe were substantially higher than nefarious activity launched from the US during the first quarter.
Source: http://www.darkreading.com/threat-intelligence/europe-pumps-out-50–more-cybercrime-attacks-than-us—/d/d-id/1328798
The Consequences of an Incomplete Threat Model
Source: https://www.carbonblack.com/2017/05/08/consequences-incomplete-threat-model/
Microsoft Calls on Governments to Stop Stockpiling Dangerous Software
In the wake of a major cyber attack that affected hospitals and other services in more than 150 countries, Microsoft has urged governments to stop their stockpiling of dangerous software that can be weaponized if leaked.
Source: http://time.com/4778646/microsoft-ransomware-cybersecurity-wannacrypt/