{"id":614043,"date":"2023-02-18T12:45:40","date_gmt":"2023-02-18T14:45:40","guid":{"rendered":"https:\/\/teknomers.com\/fr\/godaddy-divulgue-une-violation-de-securite-pluriannuelle-provoquant-des-installations-de-logiciels-malveillants-et-le-vol-de-code-source\/"},"modified":"2023-02-18T12:45:42","modified_gmt":"2023-02-18T14:45:42","slug":"godaddy-divulgue-une-violation-de-securite-pluriannuelle-provoquant-des-installations-de-logiciels-malveillants-et-le-vol-de-code-source","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/godaddy-divulgue-une-violation-de-securite-pluriannuelle-provoquant-des-installations-de-logiciels-malveillants-et-le-vol-de-code-source\/","title":{"rendered":"GoDaddy divulgue une violation de s\u00e9curit\u00e9 pluriannuelle provoquant des installations de logiciels malveillants et le vol de code source"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">18 f\u00e9vrier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 du serveur \/ Logiciels malveillants<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Le fournisseur de services d&#8217;h\u00e9bergement Web GoDaddy a r\u00e9v\u00e9l\u00e9 vendredi une faille de s\u00e9curit\u00e9 pluriannuelle qui a permis \u00e0 des acteurs malveillants inconnus d&#8217;installer des logiciels malveillants et de siphonner le code source li\u00e9 \u00e0 certains de ses services.<\/p>\n<p>La soci\u00e9t\u00e9 a attribu\u00e9 la campagne \u00e0 un &#8220;groupe sophistiqu\u00e9 et organis\u00e9 ciblant les services d&#8217;h\u00e9bergement&#8221;.<\/p>\n<p>GoDaddy a d\u00e9clar\u00e9 en d\u00e9cembre 2022 qu&#8217;il avait re\u00e7u un nombre ind\u00e9termin\u00e9 de plaintes de clients concernant la redirection sporadique de leurs sites Web vers des sites malveillants, ce qui, selon lui, \u00e9tait d\u00fb \u00e0 l&#8217;acc\u00e8s par un tiers non autoris\u00e9 aux serveurs h\u00e9berg\u00e9s dans son environnement cPanel.<\/p>\n<p>L&#8217;acteur de la menace &#8220;a install\u00e9 un logiciel malveillant provoquant la redirection intermittente des sites Web des clients&#8221;, la soci\u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/aboutus.godaddy.net\/newsroom\/company-news\/news-details\/2023\/Statement-on-recent-website-redirect-issues\/default.aspx\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>L&#8217;objectif ultime des intrusions, a d\u00e9clar\u00e9 GoDaddy, est &#8220;d&#8217;infecter les sites Web et les serveurs avec des logiciels malveillants pour les campagnes de phishing, la distribution de logiciels malveillants et d&#8217;autres activit\u00e9s malveillantes&#8221;.<\/p>\n<p>Dans un dossier 10-K connexe aupr\u00e8s de la Securities and Exchange Commission (SEC) des \u00c9tats-Unis, la soci\u00e9t\u00e9 a d\u00e9clar\u00e9 que l&#8217;incident de d\u00e9cembre 2022 est li\u00e9 \u00e0 deux autres \u00e9v\u00e9nements de s\u00e9curit\u00e9 qu&#8217;elle a rencontr\u00e9s en mars 2020 et novembre 2021.<\/p>\n<p>La violation de 2020 a entra\u00een\u00e9 la compromission des identifiants de connexion d&#8217;h\u00e9bergement d&#8217;environ 28 000 clients d&#8217;h\u00e9bergement et d&#8217;un petit nombre de son personnel.<\/p>\n<p>Puis en 2021, GoDaddy a d\u00e9clar\u00e9 qu&#8217;un acteur malveillant avait utilis\u00e9 un mot de passe compromis pour acc\u00e9der \u00e0 un syst\u00e8me d&#8217;approvisionnement dans sa base de code h\u00e9rit\u00e9e pour Managed WordPress (MWP), affectant pr\u00e8s de 1,2 million de clients MWP actifs et inactifs sur plusieurs marques GoDaddy.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/02\/godaddy-discloses-multi-year-security.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80218 f\u00e9vrier 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 du serveur \/ Logiciels malveillants Le fournisseur de services d&#8217;h\u00e9bergement Web GoDaddy a r\u00e9v\u00e9l\u00e9 vendredi une faille de s\u00e9curit\u00e9 pluriannuelle qui a permis \u00e0 des acteurs malveillants inconnus d&#8217;installer des logiciels malveillants et de siphonner le code source li\u00e9 \u00e0 certains de ses services. La soci\u00e9t\u00e9 a attribu\u00e9 la campagne \u00e0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":614044,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[5597,4168,4158,4165,4161,133,6905,146787,33725,4157,4159,4171,4170,4167,4589,4590,4160,4163,4162,100836,34279,1835,4172,4169,11137,196,899,4166,1976,4164],"class_list":["post-614043","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-code","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-divulgue","tag-godaddy","tag-installations","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-logiciels","tag-malveillants","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pluriannuelle","tag-provoquant","tag-securite","tag-securite-informatique","tag-securite-internet","tag-source","tag-une","tag-violation","tag-violation-de-donnees","tag-vol","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/614043","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=614043"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/614043\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/614044"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=614043"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=614043"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=614043"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}