Podtranscript
Log out

Le Comptoir Sécu: [SECActu] 16 Oct 2022 - Exchange, Uber, Implant ESX Bad VIB(E)S, PassKeys, Assises de la sécurité, etc.

L'équipe du Comptoir Sécu L'équipe du Comptoir Sécu 10/16/22 - Episode Page

<![CDATA[https://www.comptoirsecu.fr/images/covers/2022-10-16-secactu-vignette.jpg" />
]]>

<p>Nous venons de tourner un nouveau SECActu en live sur Discord. Comme d&rsquo;habitude, si vous avez raté l&rsquo;enregistrement, vous pouvez le retrouver sur vos lecteurs de podcast préférés, ou ci-dessous :</p>

<script type="application/ld+json" id="podigee-settings">
{
"options": {
"theme": "default"
},
"extensions": {
"ChapterMarks": {
"disabled": false
},
"EpisodeInfo": {},
"Playlist": {
"disabled": true
},
"Transcript": {
"disabled": true
}
},
"podcast": {
"feed": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2022-10-16.m4a"
},
"episode": {
"media": {
"mp3": "https://podcasts.comptoirsecu.fr/podcasts/SECHebdo/CSEC.SECHebdo.2022-10-16.m4a"
},
"coverUrl": "https://www.comptoirsecu.fr/images/covers/2022-10-16-secactu-vignette.jpg",
"title": "[SECActu] 16 Oct 2022",
"subtitle": "Exchange, Uber, Implant ESX Bad VIB(E)S, PassKeys, Assises de la sécurité, etc.",
"description": "Épisode du 2022-10-16 - SEC Actu est une revue de l&#39;actualité cybersécurité réalisée en live sur Youtube, quand on voit des choses intéressantes."

,"chaptermarks": [





{ "start": "00:01:30", "title": "Todo"}


]

}
}
</script>

<script type="text/javascript" src="https://www.comptoirsecu.fr/js/podigee-get-settings.min.192d4afa439903f73345b15d3d1b7132598bb1d2238d1f1fc91d39b516bf2ed2.js" integrity="sha256-GS1K&#43;kOZA/czRbFdPRtxMlmLsdIjjR8fyR05tRa/LtI="></script>
<script class="podigee-podcast-player" src="//cdn.podigee.com/podcast-player/javascripts/podigee-podcast-player.js" data-configuration="podigee"></script>


<p>Notre discord : <a href="http://discord.comptoirsecu.fr">http://discord.comptoirsecu.fr</a></p>

<p>A bientôt pour d&rsquo;autres émissions/podcasts!</p>

<h3 id="liste-des-sources">Liste des sources :</h3>

<ul>
<li>CISO d&#39;Uber dans la tourmente judiciaire, j&#39;aime ou j&#39;aime pas?

<ul>
<li><a href="https://www.securityweek.com/industry-reactions-conviction-former-uber-cso-joe-sullivan-feedback-friday">Industry Reactions to Conviction of Former Uber CSO Joe Sullivan: Feedback Friday | SecurityWeek.Com</a></li>
</ul></li>
<li>Ce n’est pas un temps à mettre un Exchange dehors

<ul>
<li><a href="https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html">Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | Blog | GTSC - Cung cấp các dịch vụ bảo mật toàn diện</a></li>
<li><a href="https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/">Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server – Microsoft Security Response Center</a></li>
<li><a href="https://www.youtube.com/watch?v=JQtW9xd5-Hw">🇻🇳 Microsoft Exchange mitigations bypass CVE-2022-41040, CVE-2022-41082 - YouTube</a></li>
<li><a href="https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/">Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - Microsoft Security Blog</a></li>
<li><a href="https://www.bleepingcomputer.com/news/security/fake-microsoft-exchange-proxynotshell-exploits-for-sale-on-github/">Just a moment&hellip;</a></li>
<li><a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-008/">[MaJ] Multiples vulnérabilités dans Microsoft Exchange – CERT-FR</a></li>
</ul></li>
<li>RCE exploitée dans GLPI

<ul>
<li><a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-010/">Multiples vulnérabilités dans GLPI – CERT-FR</a></li>
<li><a href="https://github.com/glpi-project/glpi/releases/tag/9.5.9">Release 9.5.9 · glpi-project/glpi · GitHub</a></li>
<li><a href="https://github.com/glpi-project/glpi/releases/tag/10.0.3">Release 10.0.3 · glpi-project/glpi · GitHub</a></li>
<li><a href="https://www.synology.com/fr-fr/security/advisory/Synology_SA_22_15">Synology_SA_22_15 | Synology Inc.</a></li>
</ul></li>
<li>persistence sur les serveurs ESXi : ça va loin !

<ul>
<li><a href="https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence">Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant</a></li>
<li><a href="https://core.vmware.com/vsphere-esxi-mandiant-malware-persistence#section6">Protecting vSphere From Specialized Malware | VMware</a></li>
<li><a href="https://kb.vmware.com/s/article/89619">https://kb.vmware.com/s/article/89619</a></li>
</ul></li>
<li>RCE / authent by pass Forti exploitée CVE-2022-40684

<ul>
<li><a href="https://www.fortiguard.com/psirt/FG-IR-22-377">PSIRT Advisories | FortiGuard</a></li>
<li><a href="https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/">FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive (CVE-2022-40684) – Horizon3.ai</a></li>
<li><a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-011/">Vulnérabilité dans les produits Fortinet – CERT-FR</a></li>
</ul></li>
<li>RCE exploitée dans Zimbra

<ul>
<li><a href="https://blog.zimbra.com/2022/09/security-update-make-sure-to-install-pax-spax/">Security Update - make sure to install pax/spax - Zimbra : Blog</a></li>
<li><a href="https://www.rapid7.com/blog/post/2022/10/06/exploitation-of-unpatched-zero-day-remote-code-execution-vulnerability-in-zimbra-collaboration-suite-cve-2022-41352/">Unpatched Zero-Day RCE Vulnerability in Zimbra Collaboration Suite | Rapid7 Blog</a></li>
<li><a href="https://www.cert.ssi.gouv.fr/alerte/CERTFR-2022-ALE-009/">[MaJ] Vulnérabilité dans Zimbra Collaboration – CERT-FR</a></li>
<li><a href="https://blog.zimbra.com/2022/10/new-zimbra-patches-9-0-0-patch-27-8-8-15-patch-34/">NEW! Zimbra Patches: 9.0.0 Patch 27 &#43; 8.8.15 Patch 34 - Zimbra : Blog</a></li>
</ul></li>
<li>Persistance et exécution via ESXi

<ul>
<li><a href="https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence">Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant</a></li>
<li><a href="https://www.mandiant.com/resources/blog/esxi-hypervisors-detection-hardening">Bad VIB(E)s Part Two: Detection and Hardening within ESXi Hypervisors | Mandiant</a></li>
</ul></li>
<li>Passkeys, le passwordless enfin à portée de main

<ul>
<li><a href="https://developers.google.com/identity/passkeys">Passwordless login with passkeys  |  Google Identity  |  Google Developers</a></li>
<li><a href="https://android-developers.googleblog.com/2022/10/bringing-passkeys-to-android-and-chrome.html?m=1">Android Developers Blog: Bringing passkeys to Android &amp; Chrome</a></li>
<li><a href="https://www.youtube.com/watch?v=SWocv4BhCNg">Passkeys in Action - YouTube</a></li>
<li><a href="https://www.theverge.com/2022/8/5/23293643/apple-passkeys-fido-alliance-passwordless-google-microsoft">Passkeys were never an Apple-only word, but the confusion is understandable - The Verge</a></li>
<li><a href="https://www.passkeys.io/">Passkeys.io – A Passkey Authentication Demo</a></li>
</ul></li>
</ul>