{"id":1252396,"date":"2024-07-24T22:37:07","date_gmt":"2024-07-25T00:37:07","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-ajoute-les-failles-de-twilio-authy-et-die-a-la-liste-des-vulnerabilites-exploitees\/"},"modified":"2024-07-24T22:37:11","modified_gmt":"2024-07-25T00:37:11","slug":"la-cisa-ajoute-les-failles-de-twilio-authy-et-die-a-la-liste-des-vulnerabilites-exploitees","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-ajoute-les-failles-de-twilio-authy-et-die-a-la-liste-des-vulnerabilites-exploitees\/","title":{"rendered":"La CISA ajoute les failles de Twilio Authy et d&#8217;IE \u00e0 la liste des vuln\u00e9rabilit\u00e9s exploit\u00e9es"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">24 juillet 2024<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Vuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 logicielle<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/La-CISA-ajoute-les-failles-de-Twilio-Authy-et-dIE.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a ajout\u00e9 deux failles de s\u00e9curit\u00e9 \u00e0 sa liste de vuln\u00e9rabilit\u00e9s connues exploit\u00e9es (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>) catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s sont r\u00e9pertori\u00e9es ci-dessous &#8211;<\/p>\n<ul>\n<li><strong><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2012-4792\" target=\"_blank\">CVE-2012-4792<\/a><\/strong>  (Score CVSS\u00a0: 9,3) \u2013 Vuln\u00e9rabilit\u00e9 de type \u00ab\u00a0Use-After-Free\u00a0\u00bb de Microsoft Internet Explorer<\/li>\n<li><strong><a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-39891\" target=\"_blank\">CVE-2024-39891<\/a><\/strong>  (Score CVSS\u00a0: 5,3) &#8211; Vuln\u00e9rabilit\u00e9 de divulgation d&#8217;informations Twilio Authy<\/li>\n<\/ul>\n<p>CVE-2012-4792 est une vuln\u00e9rabilit\u00e9 de type \u00ab use after free \u00bb vieille de dix ans dans Internet Explorer qui pourrait permettre \u00e0 un attaquant distant d&#8217;ex\u00e9cuter du code arbitraire via un site sp\u00e9cialement con\u00e7u.<\/p>\n<section class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thehackernews.uk\/intel-inside-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2024\/07\/1721628359_866_Nouvelle-variante-Linux-du-ransomware-Play-ciblant-les-systemes-VMWare.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/section>\n<p>Il n&#8217;est pas encore clair si la faille a fait l&#8217;objet de nouvelles tentatives d&#8217;exploitation, bien qu&#8217;elle ait \u00e9t\u00e9 exploit\u00e9e dans le cadre d&#8217;attaques de type &#8220;watering hole&#8221; ciblant les sites Web du Council on Foreign Relations (CFR) et de Capstone Turbine Corporation en d\u00e9cembre 2012.<\/p>\n<p>D&#8217;autre part, CVE-2024-39891 fait r\u00e9f\u00e9rence \u00e0 un bug de divulgation d&#8217;informations dans un point de terminaison non authentifi\u00e9 qui pourrait \u00eatre exploit\u00e9 pour \u00ab accepter une demande contenant un num\u00e9ro de t\u00e9l\u00e9phone et r\u00e9pondre avec des informations indiquant si le num\u00e9ro de t\u00e9l\u00e9phone a \u00e9t\u00e9 enregistr\u00e9 aupr\u00e8s d&#8217;Authy \u00bb.<\/p>\n<p>Plus t\u00f4t ce mois-ci, Twilio a d\u00e9clar\u00e9 avoir r\u00e9solu le probl\u00e8me dans les versions 25.1.0 (Android) et 26.1.0 (iOS) apr\u00e8s que des acteurs malveillants non identifi\u00e9s ont profit\u00e9 de la faille pour identifier les donn\u00e9es associ\u00e9es aux comptes Authy.<\/p>\n<p>\u00ab Ces types de vuln\u00e9rabilit\u00e9s sont des vecteurs d&#8217;attaque fr\u00e9quents pour les cyberacteurs malveillants et pr\u00e9sentent des risques importants pour l&#8217;entreprise f\u00e9d\u00e9rale \u00bb, a d\u00e9clar\u00e9 la CISA. <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2024\/07\/23\/cisa-adds-two-known-exploited-vulnerabilities-catalog\" target=\"_blank\">dit<\/a> dans un avis consultatif.<\/p>\n<p>Les agences du Federal Civilian Executive Branch (FCEB) sont tenues de rem\u00e9dier aux vuln\u00e9rabilit\u00e9s identifi\u00e9es d&#8217;ici le 13 ao\u00fbt 2024, afin de prot\u00e9ger leurs r\u00e9seaux contre les menaces actives.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ? Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire davantage de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2024\/07\/cisa-adds-twilio-authy-and-ie-flaws-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80224 juillet 2024\ue804R\u00e9dactionVuln\u00e9rabilit\u00e9 \/ S\u00e9curit\u00e9 logicielle L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a ajout\u00e9 deux failles de s\u00e9curit\u00e9 \u00e0 sa liste de vuln\u00e9rabilit\u00e9s connues exploit\u00e9es (KEV) catalogue, bas\u00e9 sur des preuves d&#8217;exploitation active. Les vuln\u00e9rabilit\u00e9s sont r\u00e9pertori\u00e9es ci-dessous &#8211; CVE-2012-4792 (Score CVSS\u00a0: 9,3) \u2013 Vuln\u00e9rabilit\u00e9 de type \u00ab\u00a0Use-After-Free\u00a0\u00bb de Microsoft Internet [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1252397,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[238714,200292,238582,238778,12361,239871,4805,4168,4158,4165,133,6635,4808,4806,65,238584,1917,200271,238334,98340,238617,4172,4169,98341,4166,238583,12365],"class_list":["post-1252396","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-des-hackers","tag-actualites-sur-la-cybersecurite","tag-actualites-sur-la-cybersecurite-aujourdhui","tag-actualites-sur-le-piratage-informatique","tag-ajoute","tag-authy","tag-cisa","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-des","tag-die","tag-exploitees","tag-failles","tag-les","tag-les-nouvelles-des-hackers","tag-liste","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-cybernetiques","tag-mises-a-jour-de-cybersecurite","tag-securite-de-linformation","tag-securite-informatique","tag-securite-internet","tag-twilio","tag-violation-de-donnees","tag-vulnerabilite-du-logiciel","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1252396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1252396"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1252396\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1252397"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1252396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1252396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1252396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}