{"id":1146352,"date":"2024-02-13T03:05:32","date_gmt":"2024-02-13T05:05:32","guid":{"rendered":"https:\/\/teknomers.com\/fr\/alerte-cisa-met-en-garde-contre-les-attaques-actives-par-courrier-electronique-roundcube-mettez-a-jour-maintenant\/"},"modified":"2024-02-13T03:05:36","modified_gmt":"2024-02-13T05:05:36","slug":"alerte-cisa-met-en-garde-contre-les-attaques-actives-par-courrier-electronique-roundcube-mettez-a-jour-maintenant","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/alerte-cisa-met-en-garde-contre-les-attaques-actives-par-courrier-electronique-roundcube-mettez-a-jour-maintenant\/","title":{"rendered":"Alerte\u00a0:\u00a0CISA met en garde contre les attaques actives par courrier \u00e9lectronique \u00ab\u00a0Roundcube\u00a0\u00bb\u00a0&#8211;\u00a0Mettez \u00e0 jour maintenant"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">13 f\u00e9vrier 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 des e-mails<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/02\/Alerte-CISA-met-en-garde-contre-les-attaques-actives-par-courrier.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 lundi <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/02\/12\/cisa-adds-one-known-exploited-vulnerability-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille de s\u00e9curit\u00e9 de gravit\u00e9 moyenne impactant le logiciel de messagerie Roundcube sur ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>), fond\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>Le probl\u00e8me, suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-43770\" target=\"_blank\"><strong>CVE-2023-43770<\/strong><\/a>  (score CVSS : 6,1), concerne une faille de cross-site scripting (XSS) qui d\u00e9coule de la gestion des r\u00e9f\u00e9rences de liens dans les messages en texte brut.<\/p>\n<p>&#8220;Roundcube Webmail contient une vuln\u00e9rabilit\u00e9 persistante de cross-site scripting (XSS) qui peut conduire \u00e0 la divulgation d&#8217;informations via des r\u00e9f\u00e9rences de liens malveillants dans des messages bruts\/texte&#8221;, a d\u00e9clar\u00e9 CISA.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tl_d1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/01\/Les-attaques-DDoS-contre-le-secteur-des-services-environnementaux-augmentent.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Selon une description du bug dans la National Vulnerability Database (NVD) du NIST, la vuln\u00e9rabilit\u00e9 affecte les versions de Roundcube ant\u00e9rieures \u00e0 1.4.14, 1.5.x avant 1.5.4 et 1.6.x avant 1.6.3.<\/p>\n<p>Le d\u00e9faut \u00e9tait <a rel=\"nofollow noopener\" href=\"https:\/\/github.com\/roundcube\/roundcubemail\/releases\/tag\/1.6.3\" target=\"_blank\">adress\u00e9<\/a> par les responsables de Roundcube avec <a rel=\"nofollow noopener\" href=\"https:\/\/roundcube.net\/news\/2023\/09\/15\/security-update-1.6.3-released\" target=\"_blank\">version 1.6.3<\/a>qui a \u00e9t\u00e9 publi\u00e9 le 15 septembre 2023. Niraj Shivtarkar, chercheur en s\u00e9curit\u00e9 chez Zscaler, a \u00e9t\u00e9 reconnu pour avoir d\u00e9couvert et signal\u00e9 la vuln\u00e9rabilit\u00e9.<\/p>\n<p>On ne sait pas actuellement comment cette vuln\u00e9rabilit\u00e9 est exploit\u00e9e dans la nature, mais des failles dans le client de messagerie Web ont \u00e9t\u00e9 exploit\u00e9es par des acteurs malveillants li\u00e9s \u00e0 la Russie comme APT28 et Winter Vivern l&#8217;ann\u00e9e derni\u00e8re.<\/p>\n<p>Les agences du Federal Civilian Executive Branch (FCEB) des \u00c9tats-Unis ont \u00e9t\u00e9 mandat\u00e9es pour appliquer les correctifs fournis par les fournisseurs d&#8217;ici le 4 mars 2024, afin de s\u00e9curiser leurs r\u00e9seaux contre les menaces potentielles.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/02\/alert-cisa-warns-of-active-roundcube.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80213 f\u00e9vrier 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9\/S\u00e9curit\u00e9 des e-mails L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 lundi ajout\u00e9e une faille de s\u00e9curit\u00e9 de gravit\u00e9 moyenne impactant le logiciel de messagerie Roundcube sur ses vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV), fond\u00e9 sur des preuves d&#8217;exploitation active. Le probl\u00e8me, suivi comme CVE-2023-43770 (score CVSS : 6,1), concerne une [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1146353,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[21116,200292,229659,8074,4168,841,6814,4165,4161,200267,5568,525,3995,4159,4171,65,200271,617,4955,200268,200269,200270,164,229660,128318,4172,4169,4166,4164],"class_list":["post-1146352","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actives","tag-actualites-sur-la-cybersecurite","tag-alertecisa","tag-attaques","tag-comment-pirater","tag-contre","tag-courrier","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-electronique","tag-garde","tag-jour","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-maintenant","tag-met","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-par","tag-roundcubemettez","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1146352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1146352"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1146352\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1146353"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1146352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1146352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1146352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}