{"id":160,"date":"2024-05-12T15:52:11","date_gmt":"2024-05-12T13:52:11","guid":{"rendered":"https:\/\/datalp.fr\/?page_id=160"},"modified":"2025-01-14T15:47:09","modified_gmt":"2025-01-14T14:47:09","slug":"cybersecurite","status":"publish","type":"page","link":"https:\/\/datalp.fr\/index.php\/cybersecurite\/","title":{"rendered":"Cybers\u00e9curit\u00e9"},"content":{"rendered":"\n<p>La s\u00e9curit\u00e9 des donn\u00e9es est primordiale. En particulier, l\u2019interconnexion des syst\u00e8mes informatiques via Internet qui rec\u00e8le des risques consid\u00e9rables tels que des virus, des malwares,&nbsp;l\u2019espionnage industriel, en passant par les actes de sabotages\u2026<\/p>\n\n\n\n<p>Vous \u00eates victime d&rsquo;une attaque ? Si c&rsquo;est le cas, d\u00e9clarez votre incident directement sur notre site internet aupr\u00e8s de <a href=\"https:\/\/www.cybermalveillance.gouv.fr\" target=\"_blank\" rel=\"noreferrer noopener\">www.cybermalveillance.gouv.fr<\/a> (fen\u00eatre en bas \u00e0 droite de l&rsquo;\u00e9cran). La plateforme gouvernementale vous orientera vers l&rsquo;un des experts r\u00e9partis \u00e0 travers le territoire, afin d&rsquo;assurer une r\u00e9solution optimale de votre incident.<\/p>\n\n\n\n<figure class=\"wp-block-video\"><video height=\"240\" style=\"aspect-ratio: 426 \/ 240;\" width=\"426\" autoplay loop preload=\"auto\" src=\"https:\/\/datalp.fr\/wp-content\/uploads\/2024\/05\/1053200240-lowres-1.mov\"><\/video><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>La protection et la s\u00e9curit\u00e9 des donn\u00e9es deviennent pour cette raison non seulement l\u2019un&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; des facteurs concurrentiels parmi les plus importants, mais \u00e9galement&nbsp;une imp\u00e9rative&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; n\u00e9cessit\u00e9&nbsp;en vue de pr\u00e9server le patrimoine immat\u00e9riel de l\u2019entreprise ou de la&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; collectivit\u00e9.<\/p>\n\n\n\n<p>\u200bLa norme ISO 27001 est la r\u00e9ponse adapt\u00e9e&nbsp;\u00e0 ces enjeux de s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information.<\/p>\n\n\n\n<p>\u200bCette norme de s\u00e9curit\u00e9 informatique est reconnue internationalement, elle permet&nbsp;aux organismes qui ont atteint les exigences de ce r\u00e9f\u00e9rentiel de d\u00e9montrer qu\u2019un syst\u00e8me efficace de protection et de s\u00e9curit\u00e9 des informations a \u00e9t\u00e9 mis en \u0153uvre, elle permet \u00e9galement d\u2019attester qu\u2019une surveillance rigoureuse de tous les processus est r\u00e9guli\u00e8rement r\u00e9alis\u00e9e.<\/p>\n\n\n\n<p>\u200b<strong>DATALP est reconnu pour la conception de pare-feu de nouvelle g\u00e9n\u00e9ration, lesquels sont hautement estim\u00e9s par les professionels du secteur pour leur niveau de protection exceptionnel ainsi que leur capacit\u00e9 de traitement et de stockage qui d\u00e9passent tr\u00e8s largement les normes standard.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"962\" height=\"540\" src=\"https:\/\/datalp.fr\/wp-content\/uploads\/2024\/05\/Pare-feu_edited.png\" alt=\"\" class=\"wp-image-320\" srcset=\"https:\/\/datalp.fr\/wp-content\/uploads\/2024\/05\/Pare-feu_edited.png 962w, https:\/\/datalp.fr\/wp-content\/uploads\/2024\/05\/Pare-feu_edited-300x168.png 300w, https:\/\/datalp.fr\/wp-content\/uploads\/2024\/05\/Pare-feu_edited-768x431.png 768w\" sizes=\"(max-width: 962px) 100vw, 962px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Bulletin d&rsquo;information de la cybers\u00e9curit\u00e9<\/h2>\n\n\n\n<p><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Menaces et incidents<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2026-CTI-002\/'>Panorama de la cybermenace 2025 (11 mars 2026)<\/a><\/div><time datetime=\"2026-03-11T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">11 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">En 2025, les fronti\u00e8res qui existent traditionnellement entre acteurs \u00e9tatiques et cybercriminels ont continu\u00e9 de s\u2019\u00e9roder, complexifiant notamment le processus d&#039;imputation. Ainsi par exemple le d\u00e9tournement, \u00e0 des fins malveillantes, d\u2019outils et de services l\u00e9gitimes, n&#039;est plus une pratique&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2026-CTI-001\/'>L\u2019intelligence artificielle g\u00e9n\u00e9rative face aux attaques informatiques (04 f\u00e9vrier 2026)<\/a><\/div><time datetime=\"2026-02-04T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">4 f\u00e9vrier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">En tant que service num\u00e9rique innovant, performant et flexible, l\u2019IA g\u00e9n\u00e9rative est progressivement int\u00e9gr\u00e9e \u00e0 l\u2019\u00e9ventail d\u2019outils et de services auxquels sont susceptibles de recourir les attaquants informatiques quel que soit leur profil. Des mod\u00e8les d\u2019IA g\u00e9n\u00e9rative sont ainsi utilis\u00e9es et\/ou&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-013\/'>\ud83c\uddec\ud83c\udde7 Mobile phones : Threat landscape since 2015 (26 novembre 2025)<\/a><\/div><time datetime=\"2025-11-26T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">26 novembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Version fran\u00e7aise: \ud83c\uddeb\ud83c\uddf7 Mobile phones are an integral part of everyday life. Their use in every aspect of life, personal as well as professional, makes them a prime target for malicious actors. Mobile phones actually offer unique opportunities for attackers, stemming from their specific use and&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-012\/'>T\u00e9l\u00e9phones mobiles : \u00c9tat de la menace depuis 2015 (26 novembre 2025)<\/a><\/div><time datetime=\"2025-11-26T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">26 novembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">English version : \ud83c\uddec\ud83c\udde7 Les t\u00e9l\u00e9phones mobiles font aujourd&#039;hui partie du quotidien. L&#039;augmentation croissante des usages, aussi bien li\u00e9s \u00e0 la vie personnelle que professionnelle, en font une cible de choix pour les attaquants. Comme tout \u00e9quipement informatique, et bien que de nouvelles mesures de&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-011\/'>Op\u00e9ration ENDGAME de novembre 2025 (13 novembre 2025)<\/a><\/div><time datetime=\"2025-11-13T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">13 novembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Dans le cadre de l&#039;op\u00e9ration de coop\u00e9ration judiciaire internationale ENDGAME lanc\u00e9e en mai 2024, de nouvelles actions de d\u00e9mant\u00e8lement ont \u00e9t\u00e9 men\u00e9es contre les infrastructures li\u00e9es \u00e0 des codes cybercriminels depuis la semaine du 3 novembre 2025. Ces op\u00e9rations ont impliqu\u00e9 les autorit\u00e9s&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-010\/'>Campagne de notifications de menace envoy\u00e9e par Apple (11 septembre 2025)<\/a><\/div><time datetime=\"2025-09-11T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">11 septembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Depuis 2021, Apple envoie des campagnes de notifications aux individus cibl\u00e9s par des attaques men\u00e9es \u00e0 l\u2019aide de logiciels espions. Ces logiciels, tels que Pegasus, Predator, Graphite ou Triangulation sont particuli\u00e8rement sophistiqu\u00e9s et difficiles \u00e0 d\u00e9tecter. Ces attaques complexes ciblent des&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-009\/'>\ud83c\uddec\ud83c\udde7 Houken seeking a path by living on the edge with zero-days (01 juillet 2025)<\/a><\/div><time datetime=\"2025-07-01T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">1 juillet 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">In September 2024, ANSSI observed an attack campaign seeking initial access to French entities\u2019 networks through the exploitation of several zero-day vulnerabilities on Ivanti Cloud Service Appliance (CSA) devices. French organizations from governmental, telecommunications, media, finance, and&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-008\/'>Op\u00e9ration ENDGAME 2025 (23 mai 2025)<\/a><\/div><time datetime=\"2025-05-23T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">23 mai 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Entre le 19 et le 23 mai 2025, de nouvelles actions de d\u00e9mant\u00e8lement ont \u00e9t\u00e9 men\u00e9es contre plusieurs infrastructures li\u00e9es \u00e0 des codes cybercriminels. Ces actions ont \u00e9t\u00e9 r\u00e9alis\u00e9es dans le cadre de l\u2019op\u00e9ration de coop\u00e9ration judiciaire internationale ENDGAME lanc\u00e9e en&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-007\/'>\ud83c\uddec\ud83c\udde7 Targeting and compromise of french entities using the APT28 intrusion set (29 avril 2025)<\/a><\/div><time datetime=\"2025-04-29T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">29 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Version fran\u00e7aise: \ud83c\uddeb\ud83c\uddf7 ANSSI and its partners at the Cyber Crisis Coordination Center (C4) have observed informatic attacks conducted by APT28 operators between 2021 and 2024. The attackers are publicly linked to the Russian Federation. The APT28 intrusion set has been used againt various entities&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-006\/'>Ciblage et compromission d&#039;entit\u00e9s fran\u00e7aises au moyen du mode op\u00e9ratoire d&#039;attaque APT28 (29 avril 2025)<\/a><\/div><time datetime=\"2025-04-29T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">29 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">English version : \ud83c\uddec\ud83c\udde7 L\u2019ANSSI et ses partenaires du Centre de coordination des crises cyber (C4) ont observ\u00e9 entre 2021 et 2024 des attaques informatiques conduites par les op\u00e9rateurs d\u2019APT28, qui sont publiquement rattach\u00e9s par diff\u00e9rentes sources \u00e0 la Russie. Le mode op\u00e9ratoire d\u2019attaque APT28 a&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-005\/'>Transports urbains &#8211; \u00c9tat de la menace informatique (17 avril 2025)<\/a><\/div><time datetime=\"2025-04-17T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">17 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">La menace \u00e0 l\u2019encontre des entit\u00e9s des transports urbains cible des entreprises de toutes les tailles dans le monde entier qui op\u00e8rent diff\u00e9rents modes de transport. La convergence de technologies industrielles et bureautique, l\u2019interconnexion de r\u00e9seaux informatiques de grande taille compos\u00e9s&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-004\/'>\ud83c\uddec\ud83c\udde7 Cyber Threat Overview 2024 (11 mars 2025)<\/a><\/div><time datetime=\"2025-03-11T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">11 mars 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Version fran\u00e7aise: \ud83c\uddeb\ud83c\uddf7 In this fourth edition of the Cyber Threat Overview, The French Cybersecurity Agency (ANSSI) addresses prevalent cybersecurity threats and the pivotal incidents which occurred in 2024. In line with the previous years, ANSSI estimates that attackers associated with the&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-003\/'>Panorama de la cybermenace 2024 (11 mars 2025)<\/a><\/div><time datetime=\"2025-03-11T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">11 mars 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">English version : \ud83c\uddec\ud83c\udde7 Dans cette quatri\u00e8me \u00e9dition du panorama de la menace, l\u2019Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI) revient sur les grandes tendances de la menace informatique ainsi que sur les \u00e9l\u00e9ments et incidents marquants dont elle a eu connaissance en 2024. Dans&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-002\/'>Collectivit\u00e9s territoriales &#8211; Synth\u00e8se de la menace (24 f\u00e9vrier 2025)<\/a><\/div><time datetime=\"2025-02-24T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">24 f\u00e9vrier 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Les collectivit\u00e9s territoriales g\u00e8rent de nombreux services selon leurs comp\u00e9tences, en mati\u00e8re administrative et r\u00e9galienne, mais \u00e9galement sur de nombreux aspects de la vie sociale, territoriale et \u00e9conomique d\u2019un territoire. Les cons\u00e9quences d\u2019attaques informatiques peuvent donc \u00eatre majeures&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2025-CTI-001\/'>Secteur du cloud &#8211; \u00c9tat de la menace informatique (20 f\u00e9vrier 2025)<\/a><\/div><time datetime=\"2025-02-20T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">20 f\u00e9vrier 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Le *Cloud computing*, devenu incontournable pour les secteurs public et priv\u00e9, favorise la transformation num\u00e9rique mais offre \u00e9galement de nouvelles opportunit\u00e9s d\u2019attaques et probl\u00e9matiques de s\u00e9curit\u00e9 pour les organisations qui l\u2019utilisent. L&#039;ANSSI observe une augmentation des attaques contre&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2024-CTI-011\/'>Secteur de l&#039;eau : \u00e9tat de la menace informatique (28 novembre 2024)<\/a><\/div><time datetime=\"2024-11-28T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">28 novembre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">En 2024, le secteur de l&#039;eau a fait l&#039;objet d&#039;une attention particuli\u00e8re des attaquants informatiques notamment dans le contexte des Jeux Olympiques et Paralympiques 2024 et de l&#039;importance port\u00e9e \u00e0 la qualit\u00e9 de l&#039;eau de la Seine. A plusieurs reprises au cours de l&#039;ann\u00e9e, des groupes&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2024-CTI-010\/'>Secteur de la sant\u00e9 &#8211; \u00c9tat de la menace informatique (07 novembre 2024)<\/a><\/div><time datetime=\"2024-11-07T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">7 novembre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">Le secteur de la sant\u00e9 est un secteur hautement critique, qui int\u00e8gre une typologie d\u2019acteurs vari\u00e9e allant des acteurs li\u00e9s \u00e0 la gestion du syst\u00e8me de sant\u00e9, aux prestataires de soins, en passant par les industriels de produits de sant\u00e9 et les fournisseurs et prestataires pour le secteur de la&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2024-CTI-009\/'>Exfiltration de donn\u00e9es du secteur social &#8211; Retour d\u2019exp\u00e9rience du CERT-FR (24 septembre 2024)<\/a><\/div><time datetime=\"2024-09-24T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">24 septembre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">L\u2019ann\u00e9e 2023 et le d\u00e9but de l\u2019ann\u00e9e 2024 ont \u00e9t\u00e9 marqu\u00e9s par de nombreux incidents ciblant des entit\u00e9s du secteur social g\u00e9rant des donn\u00e9es \u00e0 caract\u00e8re personnel. Compte tenu des impacts qu\u2019ont eu ces exfiltrations de donn\u00e9es, le CERT-FR propose un retour d\u2019exp\u00e9rience sur la gestion de ces&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2024-CTI-008\/'>Organismes de recherche et think tanks &#8211; \u00c9tat de la menace informatique (02 septembre 2024)<\/a><\/div><time datetime=\"2024-09-02T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">2 septembre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">Le secteur de la recherche et des *think tanks* couvre un p\u00e9rim\u00e8tre large et h\u00e9t\u00e9roclite. Celui-ci comprend des entit\u00e9s publiques et priv\u00e9es de toute nature, dont certaines peuvent \u00eatre des fondations, des organisations internationales ou des associations. Ces entit\u00e9s sont cibl\u00e9es par un vaste&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/cti\/CERTFR-2024-CTI-007\/'>Codes malveillants utilis\u00e9s \u00e0 des fins destructrices (11 juillet 2024)<\/a><\/div><time datetime=\"2024-07-11T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">11 juillet 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">Les attaques \u00e0 but de d\u00e9stabilisation constituent des menaces informatiques qui visent de mani\u00e8re r\u00e9currente les grands \u00e9v\u00e8nements sportifs. Si elles prennent souvent la forme d\u2019attaques par d\u00e9ni de service distribu\u00e9 (DDoS) ou de d\u00e9figurations de sites Web, elles peuvent aussi passer par des&#8230;<\/div><\/li><\/ul><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Situation temps r\u00e9el des alertes de s\u00e9curit\u00e9 (CERT-FR)<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2026-ALE-004\/'>Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP Access Policy Manager (31 mars 2026)<\/a><\/div><time datetime=\"2026-03-31T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">31 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Le 15 octobre 2025, F5 a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant entre autres la vuln\u00e9rabilit\u00e9 CVE-2025-53521. Celle-ci affecte BIG-IP APM et permet \u00e0 un attaquant non authentifi\u00e9 d&#039;ex\u00e9cuter du code \u00e0 distance. Le 29 mars 2026, l&#039;\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est exploit\u00e9e activement. Le&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2026-ALE-003\/'>Note d\u2019alerte \u2013 Ciblage des messageries instantan\u00e9es (20 mars 2026)<\/a><\/div><time datetime=\"2026-03-20T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">20 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Les travaux conjoints des services membres du **Centre de Coordination des Crises Cyber (C4)** ont permis d\u2019identifier une recrudescence de campagnes d\u2019attaques ciblant les comptes de messagerie instantan\u00e9es. Ces campagnes ciblent particuli\u00e8rement les secteurs r\u00e9galiens (personnalit\u00e9s politiques,&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2026-ALE-002\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Cisco Catalyst SD-WAN (25 f\u00e9vrier 2026)<\/a><\/div><time datetime=\"2026-02-25T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">25 f\u00e9vrier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Catalyst SD-WAN. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9. Cisco indique que la vuln\u00e9rabilit\u00e9 CVE-2026-20127 est activement exploit\u00e9e.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2026-ALE-001\/'>[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Ivanti Endpoint Manager Mobile (30 janvier 2026)<\/a><\/div><time datetime=\"2026-01-30T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">30 janvier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">[Mise \u00e0 jour du 09 f\u00e9vrier 2026] Le 6 f\u00e9vrier 2026, Ivanti a mis \u00e0 disposition des scripts RPM de d\u00e9tection d&#039;indicateurs de compromission, \u00e0 utiliser en fonction de la version d&#039;EPMM install\u00e9e. L&#039;\u00e9diteur a \u00e9galement mis son guide d&#039;analyse \u00e0 jour (cf. section Documentation). [Mise \u00e0 jour du 02&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-014\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans React Server Components (05 d\u00e9cembre 2025)<\/a><\/div><time datetime=\"2025-12-05T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">5 d\u00e9cembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">**[Mise \u00e0 jour du 11 d\u00e9cembre 2025]** Le CERT-FR a connaissance de multiples exploitations de la vuln\u00e9rabilit\u00e9 CVE-2025-55182. Les serveurs avec une version vuln\u00e9rable expos\u00e9s apr\u00e8s la publication des preuves de concept publiques du 5 d\u00e9cembre 2025 doivent \u00eatre consid\u00e9r\u00e9s comme compromis&#8230;.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-013\/'>[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Cisco ASA et FTD (25 septembre 2025)<\/a><\/div><time datetime=\"2025-09-25T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">25 septembre 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">**[Mise \u00e0 jour du 07 novembre 2025]** Le 5 novembre 2025, Cisco a mis a jour son billet de blogue initialement publi\u00e9 le 25 septembre 2025 (cf. section Documentation). L&#039;\u00e9diteur d\u00e9clare avoir connaissance d&#039;une nouvelle attaque, affectant les \u00e9quipements ASA et FTD vuln\u00e9rables, qui cause un d\u00e9ni&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-012\/'>Vuln\u00e9rabilit\u00e9 dans Citrix NetScaler ADC et NetScaler Gateway (26 ao\u00fbt 2025)<\/a><\/div><time datetime=\"2025-08-26T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">26 ao\u00fbt 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Le 26 ao\u00fbt 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9 (cf. section Documentation) concernant, entre autres, la vuln\u00e9rabilit\u00e9 CVE-2025-7775. Celle-ci permet une ex\u00e9cution de code arbitraire \u00e0 distance et affecte toutes les versions de Citrix NetScaler ADC et NetScaler Gateway, dans certaines&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-011\/'>Incidents de s\u00e9curit\u00e9 dans les pare-feux SonicWall (05 ao\u00fbt 2025)<\/a><\/div><time datetime=\"2025-08-05T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">5 ao\u00fbt 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">[Mise \u00e0 jour du 7 ao\u00fbt 2025] Le 6 ao\u00fbt 2025, SonicWall a remplac\u00e9 une partie de son communiqu\u00e9 initial pour indiquer que les incidents de s\u00e9curit\u00e9 \u00e9voqu\u00e9s \u00e9taient vraisemblablement corr\u00e9l\u00e9s \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-40766. Celle-ci a fait l&#039;objet d&#039;un bulletin de s\u00e9curit\u00e9, SNWLID-2024-0015 (cf&#8230;.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-010\/'>[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Microsoft SharePoint (21 juillet 2025)<\/a><\/div><time datetime=\"2025-07-21T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">21 juillet 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">**[Mise \u00e0 jour du 23 juillet 2025]** Le 20 juillet 2025, Microsoft a publi\u00e9 des correctifs pour une vuln\u00e9rabilit\u00e9 de type limitation insuffisante d&#039;un chemin d&#039;acc\u00e8s \u00e0 un r\u00e9pertoire restreint, aussi appel\u00e9 *path traversal*, affectant SharePoint Enterprise Server 2016, SharePoint Server 2019 et&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-009\/'>Multiples vuln\u00e9rabilit\u00e9s dans Citrix NetScaler ADC et NetScaler Gateway (01 juillet 2025)<\/a><\/div><time datetime=\"2025-07-01T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">1 juillet 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">**[Mise \u00e0 jour du 17 juillet 2025]** L&#039;\u00e9diteur a publi\u00e9 un lien contenant une m\u00e9thode d&#039;\u00e9valuation permettant d&#039;identifier des tentatives d&#039;exploitation dans les journaux applicatifs et syst\u00e8mes [12]. **[Mise \u00e0 jour du 7 juillet 2025]** Le 17 juin 2025, Citrix a publi\u00e9 un bulletin de s\u00e9curit\u00e9&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-008\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Roundcube (05 juin 2025)<\/a><\/div><time datetime=\"2025-06-05T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">5 juin 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">[Mise \u00e0 jour du 06 juin 2025] Une preuve de concept est publiquement disponible. [Publication initiale] Le 01 juin 2025, Roundcube a publi\u00e9 des correctifs concernant une vuln\u00e9rabilit\u00e9 critique affectant son portail de messagerie ainsi que tous les produits l&#039;incluant (par exemple cPanel et&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-007\/'>Multiples vuln\u00e9rabilit\u00e9s dans Ivanti Endpoint Manager Mobile (EPMM) (14 mai 2025)<\/a><\/div><time datetime=\"2025-05-14T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">14 mai 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">[Mise \u00e0 jour du 15 mai 2025] Une preuve de concept est publiquement disponible sur Internet. [Publication initiale] Le 13 mai 2025, Ivanti a publi\u00e9 deux avis de s\u00e9curit\u00e9 concernant les vuln\u00e9rabilit\u00e9s CVE-2025-4427 et CVE-2025-4428. L&#039;utilisation combin\u00e9e de ces deux vuln\u00e9rabilit\u00e9s permet&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-006\/'>Vuln\u00e9rabilit\u00e9 dans les produits Fortinet (13 mai 2025)<\/a><\/div><time datetime=\"2025-05-13T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">13 mai 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Le 13 mai 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 CVE-2025-32756. Celle-ci permet \u00e0 un attaquant non authentifi\u00e9 d&#039;ex\u00e9cuter du code arbitraire \u00e0 distance. L&#039;\u00e9diteur indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e. Les exploitations constat\u00e9es jusqu&#039;ici&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-005\/'>Vuln\u00e9rabilit\u00e9 dans SAP NetWeaver (28 avril 2025)<\/a><\/div><time datetime=\"2025-04-28T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">28 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Le 24 avril 2025, SAP a publi\u00e9 un bulletin de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2025-31324 qui permet l&#039;ex\u00e9cution de code arbitraire \u00e0 distance pour un utilisateur non authentifi\u00e9. Cette vuln\u00e9rabilit\u00e9 est provoqu\u00e9e par un contournement de la politique de s\u00e9curit\u00e9 qui permet de t\u00e9l\u00e9charger&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-004\/'>Activit\u00e9s de post-exploitation dans Fortinet FortiGate (11 avril 2025)<\/a><\/div><time datetime=\"2025-04-11T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">11 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Fortinet a publi\u00e9 le 10 avril 2025 un billet de blogue [1] indiquant l&#039;utilisation d&#039;une technique de post-exploitation qui permet une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es de l&#039;ensemble du syst\u00e8me des \u00e9quipements Fortigate affect\u00e9s. Cette technique repose sur l&#039;utilisation d&#039;un lien&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-003\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans les produits Ivanti (03 avril 2025)<\/a><\/div><time datetime=\"2025-04-03T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">3 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">**\\[Mise \u00e0 jour du 11 avril 2025\\]** Le CERT-FR a connaissance d&#039;une preuve de concept publique permettant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance. **[Mise \u00e0 jour du 04 avril 2025]** Le CERT-FR a connaissance d&#039;une preuve de concept publique permettant de provoquer un arr\u00eat du&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-002\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans les produits Fortinet (14 janvier 2025)<\/a><\/div><time datetime=\"2025-01-14T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">14 janvier 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">\\[Mise \u00e0 jour du 28 janvier 2025\\] Une preuve de concept permettant l&#039;exploitation de cette vuln\u00e9rabilit\u00e9 est disponible publiquement. Le 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant la vuln\u00e9rabilit\u00e9 critique CVE-2024-55591 affectant FortiOS et FortiProxy. Elle permet \u00e0 un&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2025-ALE-001\/'>[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans les produits Ivanti (09 janvier 2025)<\/a><\/div><time datetime=\"2025-01-09T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">9 janvier 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Une vuln\u00e9rabilit\u00e9 jour-z\u00e9ro de type d\u00e9bordement de pile a \u00e9t\u00e9 d\u00e9couverte dans Ivanti Connect Secure (ICS), Policy Secure (IPS), Neurons for Zero Trust Access (ZTA) gateways. Cette vuln\u00e9rabilit\u00e9, d&#039;identifiant CVE-2025-0282, permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une ex\u00e9cution de code&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2024-ALE-015\/'>[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s sur l&#039;interface d&#039;administration des \u00e9quipements Palo Alto Networks (15 novembre 2024)<\/a><\/div><time datetime=\"2024-11-15T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">15 novembre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">Le 8 novembre 2024, Palo Alto Networks a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 une vuln\u00e9rabilit\u00e9 critique dans certains pare-feux Palo Alto Networks. Elle permet \u00e0 un attaquant non authentifi\u00e9 d&#039;ex\u00e9cuter du code arbitraire \u00e0 distance sur l&#039;interface d&#039;administration des \u00e9quipements. L&#039;\u00e9diteur&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2024-ALE-014\/'>[M\u00e0J] Multiples vuln\u00e9rabilit\u00e9s dans Fortinet FortiManager (23 octobre 2024)<\/a><\/div><time datetime=\"2024-10-23T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">23 octobre 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">**[Mise \u00e0 jour du 14 janvier 2025]** **Publication des correctifs** Le 14 janvier 2025, Fortinet a publi\u00e9 un avis de s\u00e9curit\u00e9 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2024-50566 qui correspond \u00e0 la vuln\u00e9rabilit\u00e9 de type jour-z\u00e9ro pour laquelle une preuve de concept a \u00e9t\u00e9 publi\u00e9e en novembre 2024. Des&#8230;<\/div><\/li><\/ul><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Indicateurs de compromission<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2024-IOC-002\/'>Codes malveillants utilis\u00e9s \u00e0 des fins destructrices (11 juillet 2024)<\/a><\/div><time datetime=\"2024-07-11T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">11 juillet 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s \u00e0 des codes destructeurs connus \u00e0 ce jour (voir la publication \/cti\/CERTFR-2024-CTI-007\/ ) Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection :<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2024-IOC-001\/'>\ud83c\uddec\ud83c\udde7 Malicious activities linked to the Nobelium intrusion set (19 juin 2024)<\/a><\/div><time datetime=\"2024-06-19T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">19 juin 2024<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddec\ud83c\udde7 The following indicators of compromise are associated with the phishing campaigns by the Nobelium intrusion set described in the CERTFR-2024-CTI-006 report. These technical elements are provided to help detecting malicious activities in logs or inside live network trafic.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2023-IOC-001\/'>FIN 12 : Un groupe cybercriminel aux multiples ran\u00e7ongiciels (18 septembre 2023)<\/a><\/div><time datetime=\"2023-09-18T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">18 septembre 2023<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s au mode op\u00e9ratoire cybercriminel FIN12 (voir la publication CERTFR-2023-CTI-007). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2022-IOC-001\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Feed MISP public (12 juillet 2022)<\/a><\/div><time datetime=\"2022-07-12T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">12 juillet 2022<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddeb\ud83c\uddf7 Le CERT-FR met \u00e0 disposition un feed MISP public regroupant des indicateurs de compromission marqu\u00e9s TLP:CLEAR dont la diffusion est libre. Il est accessible \u00e0 l&#039;adresse https:\/\/misp.cert.ssi.gouv.fr\/feed-misp. La documentation du projet MISP, plateforme open-source de partage d&#039;indicateurs de&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2021-IOC-005\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Campagnes d&#039;hame\u00e7onnage du mode op\u00e9ratoire d&#039;attaquants Nobelium (06 d\u00e9cembre 2021)<\/a><\/div><time datetime=\"2021-12-06T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">6 d\u00e9cembre 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddeb\ud83c\uddf7 Les marqueurs techniques suivants sont associ\u00e9s aux campagnes d&#039;hame\u00e7onnage du mode op\u00e9ratoire Nobelium d\u00e9crites dans la publication CERTFR-2021-CTI-010. Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection. \ud83c\uddec\ud83c\udde7 The following&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2021-IOC-004\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Identification d&#039;un nouveau groupe cybercriminel : Lockean (03 novembre 2021)<\/a><\/div><time datetime=\"2021-11-03T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">3 novembre 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddeb\ud83c\uddf7 Les marqueurs techniques suivants sont associ\u00e9s au groupe cybercriminel Lockean (voir la publication CERTFR-2021-CTI-008). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection. \ud83c\uddec\ud83c\udde7 The following indicators of compromise are associated&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2021-IOC-003\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7  [Maj] Campagne d&#039;attaque du mode op\u00e9ratoire APT31 ciblant la France (21 juillet 2021)<\/a><\/div><time datetime=\"2021-07-21T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">21 juillet 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddeb\ud83c\uddf7 L\u2019ANSSI traite actuellement une vaste campagne de compromission touchant de nombreuses entit\u00e9s fran\u00e7aises. Cette derni\u00e8re, toujours en cours et particuli\u00e8rement virulente, est conduite par le mode op\u00e9ratoire APT31 (voir CERTFR-2021-CTI-012 pour plus d&#039;informations). Les investigations montrent&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2021-IOC-002\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Campagne d\u2019attaque du mode op\u00e9ratoire Sandworm ciblant des serveurs Centreon (15 f\u00e9vrier 2021)<\/a><\/div><time datetime=\"2021-02-15T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">15 f\u00e9vrier 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques, les r\u00e8gles SNORT et YARA suivantes sont issues des analyses de l&#039;ANSSI lors du traitement d\u2019une campagne de compromission par le mode op\u00e9ratoire Sandworm touchant plusieurs entit\u00e9s fran\u00e7aises et ciblant le logiciel de supervision Centreon. Cette campagne d&#039;attaque est&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2021-IOC-001\/'>Infrastructure d&#039;attaque du groupe cybercriminel TA505 (10 f\u00e9vrier 2021)<\/a><\/div><time datetime=\"2021-02-10T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">10 f\u00e9vrier 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s \u00e0 l&#039;infrastructure d&#039;attaque utilis\u00e9e par le groupe cybercriminel TA505 depuis 2019 (voir la publication CERTFR-2021-CTI-002). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection temps&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-006\/'>\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Le ran\u00e7ongiciel Egregor (18 d\u00e9cembre 2020)<\/a><\/div><time datetime=\"2020-12-18T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">18 d\u00e9cembre 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">\ud83c\uddec\ud83c\udde7 The following indicators of compromise are associated with the Egregor ransomware described in the CERTFR-2021-CTI-007 report. These technical elements are provided to help detecting malicious activities in logs or inside live network trafic. \ud83c\uddeb\ud83c\uddf7 Les marqueurs techniques suivants sont associ\u00e9s&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-005\/'>[MaJ]\ud83c\uddeb\ud83c\uddf7\/\ud83c\uddec\ud83c\udde7 Le Ran\u00e7ongiciel Ryuk (30 novembre 2020)<\/a><\/div><time datetime=\"2020-11-30T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">30 novembre 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">[Mise \u00e0 jour du 26 f\u00e9vrier 2021] \ud83c\uddec\ud83c\udde7 The following indicators are new network indicators associated with the Ryuk ransomware described in the CERTFR-2021-CTI-006 report. These technical elements are provided to help detecting malicious activities in logs or inside live network trafic. Every&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-004\/'>Le groupe cybercriminel TA505 (22 juin 2020)<\/a><\/div><time datetime=\"2020-06-22T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">22 juin 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s au groupe cybercriminel TA505 (voir la publication CERTFR-2020-CTI-006). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection. Mise \u00e0 jour du 10 f\u00e9vrier 2021 : un nouveau rapport d\u00e9taillant&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-003\/'>Le code malveillant Dridex (25 mai 2020)<\/a><\/div><time datetime=\"2020-05-25T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">25 mai 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s en source ouverte au code malveillant Dridex (voir la publication CERTFR-2020-CTI-005). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques ou de d\u00e9tection. Toute communication depuis ou vers cette&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-002\/'>Le groupe cybercriminel SILENCE (07 mai 2020)<\/a><\/div><time datetime=\"2020-05-07T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">7 mai 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s en source ouverte au groupe cybercriminel SILENCE (voir la publication CERTFR-2020-CTI-004). Ils peuvent \u00eatre utilis\u00e9s \u00e0 des fins de recherche de compromission dans des journaux historiques. Toute communication depuis ou vers cette infrastructure ne&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/ioc\/CERTFR-2020-IOC-001\/'>Ran\u00e7ongiciel Maze et groupe d&#039;attaquants TA2101 (05 f\u00e9vrier 2020)<\/a><\/div><time datetime=\"2020-02-05T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">5 f\u00e9vrier 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">Les marqueurs techniques suivants sont associ\u00e9s en source ouverte au groupe d&#039;attaquants TA2101 utilisant le ran\u00e7ongiciel Maze (voir la publication CERTFR-2020-CTI-001). Ils sont fournis au format d&#039;export MISP et peuvent \u00eatre utilis\u00e9s \u00e0 des fins de d\u00e9tection et de blocage de cette menace. Cette&#8230;<\/div><\/li><\/ul><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Durcissement et recommandations<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/dur\/CERTFR-2025-DUR-003\/'>Recommandations \u00e0 destination  des acteurs du secteur de l\u2019\u00e9nergie et de l\u2019eau (22 janvier 2026)<\/a><\/div><time datetime=\"2026-01-22T02:00:00+01:00\" class=\"wp-block-rss__item-publish-date\">22 janvier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">**Objet** : Recommandations de s\u00e9curisation des syst\u00e8mes d\u2019information \u00e0 destination des producteurs, des int\u00e9grateurs et des installateurs des syst\u00e8mes de production industriels du secteur de l\u2019\u00e9nergie et de l\u2019eau en France. **Annexe** : Liens et r\u00e9f\u00e9rences Depuis plusieurs mois, l\u2019Agence&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/dur\/CERTFR-2025-DUR-002\/'>10 best practice rules for using mobile phones (03 avril 2025)<\/a><\/div><time datetime=\"2025-04-03T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">3 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">With the proliferation of threats targeting mobile phones, ANSSI recommands adopting 10 best practice rules for using these devices.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/dur\/CERTFR-2025-DUR-001\/'>10 bonnes pratiques pour l\u2019utilisation des t\u00e9l\u00e9phones mobiles (03 avril 2025)<\/a><\/div><time datetime=\"2025-04-03T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">3 avril 2025<\/time> <div class=\"wp-block-rss__item-excerpt\">Dans un contexte de prolif\u00e9ration des menaces ciblant les t\u00e9l\u00e9phones mobiles, l\u2019ANSSI pr\u00e9conise d\u2019adopter 10 r\u00e8gles de bonnes pratiques pour l\u2019utilisation de ces \u00e9quipements.<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/dur\/CERTFR-2021-DUR-001\/'>Classe de vuln\u00e9rabilit\u00e9s en environnement Active Directory (15 octobre 2021)<\/a><\/div><time datetime=\"2021-10-15T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">15 octobre 2021<\/time> <div class=\"wp-block-rss__item-excerpt\">R\u00e9sum\u00e9 Le protocole d\u2019authentification NTLM souffre de faiblesses permettant, sous conditions, \u00e0 un attaquant de relayer une authentification qu\u2019il re\u00e7oit d\u2019une victime vers un serveur cible. Ceci peut potentiellement permettre \u00e0 cet attaquant d\u2019\u00e9lever ses privil\u00e8ges ou d\u2019envoyer des commandes \u00e0&#8230;<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/www.cert.ssi.gouv.fr\/dur\/CERTFR-2020-DUR-001\/'>Points de contr\u00f4le Active Directory (02 juin 2020)<\/a><\/div><time datetime=\"2020-06-02T02:00:00+02:00\" class=\"wp-block-rss__item-publish-date\">2 juin 2020<\/time> <div class=\"wp-block-rss__item-excerpt\">L&#039;annuaire Active Directory, centre n\u00e9vralgique de la s\u00e9curit\u00e9 des syst\u00e8mes d&#039;information Microsoft, est un \u00e9l\u00e9ment critique permettant la gestion centralis\u00e9e de comptes, de ressources et de permissions. L&#039;obtention de privil\u00e8ges \u00e9lev\u00e9s sur cet annuaire entra\u00eene une prise de contr\u00f4le instantan\u00e9e&#8230;<\/div><\/li><\/ul><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">FortiGuard Labs<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6428'>Apache ActiveMQ RCE<\/a><\/div><time datetime=\"2026-04-21T06:56:55+02:00\" class=\"wp-block-rss__item-publish-date\">21 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Vulnerability? CVE-2026-34197 is a high-severity remote code execution (RCE) vulnerability affecting Apache ActiveMQ Classic. The flaw resides in the exposed Jolokia JMX-HTTP interface and allows attackers to execute arbitrary commands on the underlying system via crafted broker management requests. Recent reporting indicates that this vulnerability has been added to CISA\u2019s Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild and elevating its priority for remediation. What is the recommended Mitigation? \u2022 Immediate Actions: Upgrade to: ActiveMQ 5.19.4+ ActiveMQ 6.2.3+ \u2022 Restrict access to ActiveMQ web console (port 8161) \u2022 Disable or tightly restrict Jolokia API [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6398'>Medusa Ransomware Attack<\/a><\/div><time datetime=\"2026-04-11T03:25:49+02:00\" class=\"wp-block-rss__item-publish-date\">11 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? Microsoft Threat Intelligence has identified Storm-1175, a financially motivated threat actor conducting high-tempo ransomware operations leveraging the Medusa ransomware variant. The group specializes in rapidly exploiting vulnerable web-facing systems, often weaponizing newly disclosed vulnerabilities (N-days) and even zero-days before public disclosure. Storm-1175 | Medusa ransomware operations | Microsoft Security Blog A defining characteristic of this campaign is speed; attackers can move from initial access to full ransomware deployment within 24 hours, significantly reducing detection and response windows. \u2022 Observed targeting includes: Healthcare Education Financial services Professional services \u2022 Primary regions impacted: United States United Kingdom Australia [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6394'>TrueConf Zero-Day Attack<\/a><\/div><time datetime=\"2026-04-08T07:04:49+02:00\" class=\"wp-block-rss__item-publish-date\">8 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? Operation TrueChaos is a targeted cyber espionage campaign exploiting a zero-day vulnerability in the TrueConf video conferencing platform. The campaign primarily targets government entities in Southeast Asia by replacing a legitimate update with a malicious one. Threat actors effectively weaponized the product\u2019s trusted update mechanism, transforming it into a covert malware distribution channel. The campaign has been observed leveraging this flaw to deploy the open-source Havoc command-and-control (C2) framework to compromised endpoints, enabling persistent remote access, post-exploitation control, and lateral movement within affected environments. On April 2, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6390'>Axios npm Supply Chain Compromise<\/a><\/div><time datetime=\"2026-04-03T04:50:07+02:00\" class=\"wp-block-rss__item-publish-date\">3 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer\u2019s npm account and published malicious package versions 1.14.1 and 0.30.4. These versions introduced a concealed dependency, plain-crypto-js@4.2.1, which executed during installation and deployed a cross-platform remote access trojan (RAT). Axios is a widely adopted HTTP client for both browser and Node.js environments, with more than 100 million weekly downloads and extensive use across: &#8211; Web applications &#8211; Backend services &#8211; CI\/CD pipelines The malicious versions were available for approximately 2\u20133 hours before being removed. Any system that [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6389'>DarkSword iOS Exploit Chain<\/a><\/div><time datetime=\"2026-03-27T05:54:34+01:00\" class=\"wp-block-rss__item-publish-date\">27 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple surveillance vendors and suspected state-sponsored actors. Observed since at least November 2025, the exploit has been deployed in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine, enabling silent compromise of iOS devices and delivery of post-exploitation malware. DarkSword targets iOS 18.4\u201318.7, leveraging six vulnerabilities to achieve: Remote Code Execution (RCE) Sandbox Escape Kernel-Level Privilege Escalation Campaign-Specific Tradecraft: Saudi Arabia: Fake Snapchat lookalike used as a social engineering lure Ukraine: Compromise of at least two local websites, including [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6383'>Handala Wiper Attack<\/a><\/div><time datetime=\"2026-03-20T03:18:22+01:00\" class=\"wp-block-rss__item-publish-date\">20 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? A large-scale cyberattack against medical technology company Stryker resulted in widespread system outages. The attack was driven by a destructive wiper campaign attributed to Iran-linked threat actors, including the hacktivist group Handala. Following the incident, CISA issued an alert highlighting the compromise of endpoint management infrastructure- specifically platforms such as Microsoft Intune- as a critical attack vector. The activity underscores a shift toward targeting centralized device management systems, enabling adversaries to execute large-scale, coordinated, and destructive actions across enterprise environments. What is the recommended Mitigation? \u2022 Harden endpoint management configurations (Intune and equivalents). \u2022 Enforce MFA [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5612'>Ivanti Connect Secure Zero-Day Vulnerability<\/a><\/div><time datetime=\"2026-03-14T02:03:22+01:00\" class=\"wp-block-rss__item-publish-date\">14 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What are the Vulnerabilities? Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (\u201cICS\u201d) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges. According to a blog released by Mandiant, it has identified zero-day exploitation of CVE-2025-0282 in the wild beginning [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6347'>Dell RecoverPoint for Virtual Machines Zero Day Attack<\/a><\/div><time datetime=\"2026-02-19T06:23:02+01:00\" class=\"wp-block-rss__item-publish-date\">19 f\u00e9vrier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Attack? The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day vulnerability in Dell\u2019s RecoverPoint for Virtual Machines platform. The flaw (CVE-2026-22769) stems from hard-coded credentials embedded within the appliance, allowing unauthenticated remote attackers to gain administrative access. Because RecoverPoint is a disaster recovery and backup solution, successful exploitation gives attackers high-value access to core infrastructure systems that often sit deep inside enterprise networks. Once access is obtained, the attackers deploy web shells and custom backdoors to establish persistent control. According to reporting from Google Threat Intelligence Group, [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6324'>Zimbra Collaboration Local File Inclusion<\/a><\/div><time datetime=\"2026-01-31T05:04:11+01:00\" class=\"wp-block-rss__item-publish-date\">31 janvier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Vulnerability? A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise. Successful exploitation may allow threat actors to: \u2022 Leak sensitive files from the system WebRoot directory \u2022 Gain reconnaissance and foothold inside the targeted environment. \u2022 Potentially leverage exposed information for further exploitation or escalation. \u2022 A public proof-of-concept exploit is available, and active exploitation has been observed. [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/threat-signal-report\/6327'>Versa Concerto SD-WAN Authentication Bypass<\/a><\/div><time datetime=\"2026-01-30T08:30:02+01:00\" class=\"wp-block-rss__item-publish-date\">30 janvier 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">What is the Vulnerability? A critical security vulnerability (CVE-2025-34026) has been identified in the Versa Concerto SD-WAN orchestration platform, impacting versions 12.1.2 through 12.2.0. The issue allows unauthorized actors to bypass standard authentication controls and access internal management components. If exploited, this vulnerability could expose sensitive system information and increase the risk of broader platform compromise, making it a high-priority security concern. The vulnerability originates from a configuration weakness in the platform\u2019s reverse proxy layer, which improperly permits unauthenticated access to restricted administrative interfaces. Once inside, an attacker could reach internal diagnostic endpoints that may disclose detailed runtime data, configuration [&hellip;]<\/div><\/li><\/ul><\/blockquote>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\">Foriguard EndPoint status<\/h2>\n\n\n<ul class=\"has-dates has-authors has-excerpts wp-block-rss\"><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-23T04:27:28+02:00\" class=\"wp-block-rss__item-publish-date\">23 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (99)Grafana CVE-2026-21721 Authorization Bypass VulnerabilityGrafana CVE-2025-12141 Information Disclosure VulnerabilityGrafana CVE-2026-21727 Permission Bypass VulnerabilityJetBrains YouTrack CVE-2026-33392 VulnerabilityGolang Go Programming Language CVE-2026-27138 Certificate Validation Bypass VulnerabilityGolang Go Programming Language CVE-2026-27142 Cross Site Scripting VulnerabilityGolang Go Programming Language CVE-2026-27139 Path Traversal VulnerabilityGolang Go Programming Language CVE-2026-27137 Certificate Validation Bypass VulnerabilityGolang Go Programming Language CVE-2026-25679 VulnerabilitySecurity Vulnerability fixed in Thunderbird 140.10Security Vulnerability fixed in Firefox ESR 140.10Security Vulnerability fixed in Firefox ESR 115.35Security Vulnerability fixed in Firefox 150Oracle MySQL CVE-2025-11187 Denial of Service VulnerabilityOracle MySQL CVE-2025-13034 Certificate Validation Bypass VulnerabilityOracle MySQL CVE-2025-14017 VulnerabilityOracle MySQL CVE-2025-14524 Spoofing VulnerabilityOracle MySQL CVE-2025-14819 Certificate Validation Bypass [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-21T13:49:01+02:00\" class=\"wp-block-rss__item-publish-date\">21 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (18)Security Vulnerabilities fixed in Microsoft Office Excel MS09-009Security Vulnerabilities fixed in Microsoft Office MS12-046Golang Go Programming Language CVE-2026-33810 Certificate Validation Bypass VulnerabilityImageMagick CVE-2026-33899 Buffer Overflow VulnerabilityImageMagick CVE-2026-33900 Buffer Overflow VulnerabilityImageMagick CVE-2026-33901 Buffer Overflow VulnerabilityImageMagick CVE-2026-33902 VulnerabilityImageMagick CVE-2026-33905 Out of Bounds Read VulnerabilityImageMagick CVE-2026-33908 VulnerabilityImageMagick CVE-2026-34238 Buffer Overflow VulnerabilityImageMagick CVE-2026-40169 Buffer Overflow VulnerabilityImageMagick CVE-2026-40183 Buffer Overflow VulnerabilityImageMagick CVE-2026-40310 Buffer Overflow VulnerabilityImageMagick CVE-2026-40311 Use After Free VulnerabilityImageMagick CVE-2026-40312 Denial of Service VulnerabilitySplunk Enterprise CVE-2026-20202 VulnerabilitySplunk Enterprise CVE-2026-20203 Privilege Escalation VulnerabilitySplunk Enterprise CVE-2026-20204 Vulnerability<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-19T10:52:15+02:00\" class=\"wp-block-rss__item-publish-date\">19 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (33)Security Vulnerabilities fixed in Adobe Acrobat APSB26-44Security Vulnerabilities fixed in Adobe Acrobat Reader APSB26-44Apache Tomcat CVE-2026-24880 HTTP Request Smuggling VulnerabilityApache Tomcat CVE-2026-25854 Spoofing VulnerabilityApache Tomcat CVE-2026-29129 VulnerabilityApache Tomcat CVE-2026-29145 Authentication Bypass VulnerabilityApache Tomcat CVE-2026-29146 VulnerabilityApache Tomcat CVE-2026-32990 Input Validation Bypass VulnerabilityApache Tomcat CVE-2026-34483 Code Injection VulnerabilityApache Tomcat CVE-2026-34486 VulnerabilityApache Tomcat CVE-2026-34487 VulnerabilityApache Tomcat CVE-2026-34500 Authentication Bypass VulnerabilityGPAC CVE-2026-33144 Out of Bounds Write VulnerabilitySecurity Vulnerabilities fixed in Google Chrome 147.0.7727.101Adobe InDesign CVE-2026-27238 Buffer Overflow VulnerabilityAdobe InDesign CVE-2026-27283 Use After Free VulnerabilityAdobe InDesign CVE-2026-27284 Out of Bounds Read VulnerabilityAdobe InDesign CVE-2026-27285 Buffer Overflow VulnerabilityAdobe InDesign CVE-2026-27286 Buffer Overflow VulnerabilityAdobe InDesign [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-15T07:07:34+02:00\" class=\"wp-block-rss__item-publish-date\">15 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (156)Apache ActiveMQ CVE-2026-34197 Code Injection VulnerabilitySecurity Vulnerabilities fixed in Adobe Acrobat APSB26-43Security Vulnerabilities fixed in Adobe Acrobat Reader APSB26-43Security Vulnerabilities fixed in Microsoft Edge 147.0.3912.60Grafana CVE-2026-21724 Authorization Bypass VulnerabilityMicrosoft Windows Management Services CVE-2026-20930 Elevation of Privilege VulnerabilityCVE-2026-25250 Secure Boot disable Eazy FixMicrosoft Applocker Filter Driver CVE-2026-25184 Elevation of Privilege VulnerabilityMicrosoft SharePoint Server CVE-2026-20945 Spoofing VulnerabilityMicrosoft Windows Virtualization-Based Security CVE-2026-23670 Security Feature Bypass VulnerabilityMicrosoft Remote Desktop CVE-2026-26151 Spoofing VulnerabilityMicrosoft Windows Server Update Service CVE-2026-26154 Tampering VulnerabilityMicrosoft Local Security Authority Subsystem Service CVE-2026-26155 Information Disclosure VulnerabilityMicrosoft Remote Desktop Licensing Service CVE-2026-26160 Elevation of Privilege VulnerabilityMicrosoft Windows Sensor Data Service CVE-2026-26161 [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-12T15:21:09+02:00\" class=\"wp-block-rss__item-publish-date\">12 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (8)Security Vulnerabilities fixed in Dell BIOS Updates &#8211; dsa-2025-088TrueConf Client CVE-2026-3502 Arbitrary Code Execution VulnerabilitySecurity Vulnerabilities fixed in Dell BIOS Updates &#8211; dsa-2026-010Security Vulnerability fixed in Thunderbird 140.9.1Security Vulnerability fixed in Firefox ESR 140.9.1Security Vulnerability fixed in Firefox ESR 115.34.1Security Vulnerability fixed in Firefox 149.0.2Security Vulnerabilities fixed in Google Chrome 147.0.7727.55<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-08T04:36:59+02:00\" class=\"wp-block-rss__item-publish-date\">8 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (10)ImageMagick CVE-2026-33535 Out of Bounds Write VulnerabilityImageMagick CVE-2026-33536 Buffer Overflow VulnerabilityDevolutions Server CVE-2026-4828 VulnerabilityDevolutions Server CVE-2026-4829 Authentication Bypass VulnerabilityDevolutions Server CVE-2026-4924 VulnerabilityDevolutions Server CVE-2026-4925 Authorization Bypass VulnerabilityDevolutions Server CVE-2026-4927 VulnerabilityDevolutions Server CVE-2026-4989 Server Side Reqeust Forgery VulnerabilityDevolutions Server CVE-2026-5175 Authorization Bypass VulnerabilitySecurity Vulnerabilities fixed in Microsoft Edge 146.0.3856.97<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-07T00:44:30+02:00\" class=\"wp-block-rss__item-publish-date\">7 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (7)Security Vulnerabilities fixed in Google Chrome 146.0.7680.177Grafana CVE-2026-33375 Denial of Service VulnerabilityGrafana CVE-2026-27876 Code Injection VulnerabilityGrafana CVE-2026-27877 VulnerabilityGrafana CVE-2026-27879 Out of Bounds Write VulnerabilityGrafana CVE-2026-27880 Out of Bounds Write VulnerabilityGrafana CVE-2026-28375 Denial of Service Vulnerability<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-04-02T02:32:14+02:00\" class=\"wp-block-rss__item-publish-date\">2 avril 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (23)Splunk Enterprise CVE-2026-20163 Command Injection VulnerabilitySplunk Enterprise CVE-2026-20164 Information Disclosure VulnerabilitySplunk Enterprise CVE-2026-20165 VulnerabilitySplunk Enterprise CVE-2026-20166 Information Disclosure VulnerabilitySecurity Vulnerability fixed in Thunderbird 140.9Kovid Goyal Calibre CVE-2026-33205 Server Side Reqeust Forgery VulnerabilityKovid Goyal Calibre CVE-2026-33206 VulnerabilityDevolutions Server CVE-2026-3638 Authorization Bypass VulnerabilityDevolutions Server CVE-2026-4434 Certificate Validation Bypass VulnerabilitySecurity Vulnerabilities fixed in Foxit PDF Reader 2026.1Security Vulnerabilities fixed in Foxit PDF Editor 2026.1Icinga 2 CVE-2025-61909 Privileges Bypass VulnerabilityIcinga 2 CVE-2025-61907 Information Disclosure VulnerabilityIcinga 2 CVE-2025-61908 Denial of Service VulnerabilityIcinga 2 CVE-2025-48057 VulnerabilityIcinga 2 CVE-2026-24413 Incorrect Default Permissions VulnerabilityKentico Xperience CVE-2025-2748 Cross Site Scripting VulnerabilityKentico Xperience CVE-2025-2794 VulnerabilityKentico Xperience CVE-2025-2749 Path [&hellip;]<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-03-25T04:12:10+01:00\" class=\"wp-block-rss__item-publish-date\">25 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (7)VMware vCenter Server DCERPC protocol Remote Code Execution VulnerabilitySecurity Vulnerabilities fixed in VMware vCenter Server VMSA-2024-0019Security Vulnerabilities fixed in Google Chrome 146.0.7680.164Splunk Enterprise CVE-2026-20162 Cross Site Scripting VulnerabilitySecurity Vulnerability fixed in Firefox ESR 140.9Security Vulnerability fixed in Firefox ESR 115.34Security Vulnerability fixed in Firefox 149<\/div><\/li><li class='wp-block-rss__item'><div class='wp-block-rss__item-title'><a href='https:\/\/fortiguard.fortinet.com\/updates\/epvuln?version=1.010'>1.010<\/a><\/div><time datetime=\"2026-03-22T18:57:00+01:00\" class=\"wp-block-rss__item-publish-date\">22 mars 2026<\/time> <div class=\"wp-block-rss__item-excerpt\">Newly Added (22)GPAC CVE-2025-70298 Out of Bounds Read VulnerabilityGPAC CVE-2025-70304 Buffer Overflow VulnerabilityGPAC CVE-2025-70305 Buffer Overflow VulnerabilityGPAC CVE-2025-70308 Out of Bounds Read VulnerabilityGPAC CVE-2025-70309 Buffer Overflow VulnerabilityGPAC CVE-2025-70310 Buffer Overflow VulnerabilityGPAC CVE-2025-70302 Buffer Overflow VulnerabilityGPAC CVE-2025-70303 Buffer Overflow VulnerabilityGPAC CVE-2026-1415 Denial of Service VulnerabilityGPAC CVE-2026-1416 Denial of Service VulnerabilityGPAC CVE-2026-1417 Denial of Service VulnerabilityGPAC CVE-2026-1418 Buffer Overflow VulnerabilityGPAC CVE-2025-70299 Buffer Overflow VulnerabilityGPAC CVE-2025-70307 Buffer Overflow VulnerabilityGPAC CVE-2026-27821 Buffer Overflow VulnerabilityImageMagick CVE-2026-31853 Buffer Overflow VulnerabilityKovid Goyal Calibre CVE-2026-30853 Path Traversal VulnerabilityGrafana CVE-2026-21725 Privilege Escalation VulnerabilityImageMagick CVE-2026-30937 Buffer Overflow VulnerabilityImageMagick CVE-2026-32259 Buffer Overflow VulnerabilityImageMagick CVE-2026-32636 Out of Bounds Write VulnerabilitySecurity Vulnerabilities fixed [&hellip;]<\/div><\/li><\/ul><\/blockquote>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>La s\u00e9curit\u00e9 des donn\u00e9es est primordiale. En particulier, l\u2019interconnexion des syst\u00e8mes informatiques via Internet qui rec\u00e8le des risques consid\u00e9rables tels que des virus, des malwares,&nbsp;l\u2019espionnage industriel, en passant par les actes de sabotages\u2026 Vous \u00eates victime d&rsquo;une attaque ? Si c&rsquo;est le cas, d\u00e9clarez votre incident directement sur notre site internet aupr\u00e8s de www.cybermalveillance.gouv.fr (fen\u00eatre [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-160","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/pages\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":25,"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/pages\/160\/revisions"}],"predecessor-version":[{"id":542,"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/pages\/160\/revisions\/542"}],"wp:attachment":[{"href":"https:\/\/datalp.fr\/index.php\/wp-json\/wp\/v2\/media?parent=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}