Patrice Corteel
Paris et périphérie
470 relations
Voir les relations en commun avec Patrice
Nouveau sur LinkedIn ? Inscrivez-vous maintenant
Voir les relations en commun avec Patrice
Nouveau sur LinkedIn ? Inscrivez-vous maintenant
À propos
I'm currently leveraging our technical skills in cyber security, data and digital to…
Expérience
-
Néosoft Cyber Data
Paris, Île-de-France, France
-
-
Issy-Les-Moulineaux
-
-
Paris
Formation
-
ENSIIE - École Nationale Supérieure d'Informatique pour l'Industrie et l'Entreprise
-
Langues
-
English
Capacité professionnelle complète
-
Spanish
Capacité professionnelle complète
-
German
Notions
-
Français
Bilingue ou langue natale
Voir le profil complet de Patrice
Autres profils similaires
-
Christian Petit
CTO Dimo Software
Lyon et périphérieSe connecter -
Alexis Kartmann
ParisSe connecter -
Jean De Laulanie
FranceSe connecter -
Laurent Hill
CTO at Questel Inc.
Nice et périphérieSe connecter -
Nicolas Tostin
CTO & co-fondateur Propal | 16 ans d’expertise Drupal
Paris et périphérieSe connecter -
Serge Fantino
Paris et périphérieSe connecter -
Gilles DASSAC
CTO at The Explorers
Paris et périphérieSe connecter -
Franck Gendre
LyonSe connecter -
Patrick Herrmann
Paris et périphérieSe connecter -
Thomas Lim
VannesSe connecter -
Talal Mazroui
ParisSe connecter -
Clément Demily
LilleSe connecter -
Paul Rolland
Paris et périphérieSe connecter -
Vincent GRENIER
CTO at DOTFLUX SA and Owner, DOTFLUX SA
Nantes et périphérieSe connecter -
Alban Mouton
Saint-Nazaire et périphérieSe connecter -
Nicolas De Robert
ParisSe connecter -
Bertrand Guiheneuf
ParisSe connecter -
Frederic Stark
Paris et périphérieSe connecter -
Clément Denis
ParisSe connecter -
David Chevalier
En réflexion professionnelle
Bordeaux et périphérieSe connecter
Découvrir plus de posts
-
vulns.space
🚨 SECURITY ALERT: CVE-2024-7349 - LifterLMS 🚨 📝 CVE DETAILS: - 🆔 Vulnerability: CVE-2024-7349 - 🔥 Severity: High - 📉 CVSS Score: 7.2 - 🎯 Exploit Probability EPSS: The EPSS for this CVE has not been published yet. - 📜 Status according to CISA: Not actively exploited vulnerability. - 🛠️ Exploit: No exploit on GitHub or ExploitDB. - 🛡️ IoCs: No IoCs associated - 📅 Publication Date: 06/09/2024 07:33 UTC - 🌐 References: https://lnkd.in/etwTw-2r https://lnkd.in/egXc6_fB - 🖥️ Vulnerable Software: LifterLMS, <= 7.7.5, WordPress Plugin 🔍 EXPLANATION: The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 📈 TECHNICAL IMPACT: Attack Vector: Network access, Internet. Attack Complexity: Easy to exploit, does not require special skills. Privileges Required: Requires administrative privileges. User Interaction: No user interaction needed, can occur in the background. Scope: Does not spread to other systems Confidentiality: May reveal sensitive and critical information. Integrity: May modify or destroy important data. Availability: May cause the system to stop working completely. 🤖 Bot-generated post, gathering data from multiple sources and enhanced by AI. 📩 Contact: [email protected] #LifterLMS #CyberSecurity #InfoSec #Vulnerability #TechNews #AI #Automation
-
Ostorlab
Publishing research done by Youssef BADAOUI on the actively exploited Dolibarr SQL injection vulnerability! The research provided a PoC to the vulnerability and identified that the CVE references an incorrect fixed version (11.0.0 instead of 9.0.1). https://lnkd.in/eKZMUesj #KEV #SQLi #security #vulnerability
388 commentaires -
CybrMonk
‘Netfetcher’ package drops illicit ‘node’ binary on WindowsRecently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of these executables are called "node.exe" and even bear the NodeJS icon and metadata, making them evasive and easily mistaken for legitimate libraries. The post ‘Netfetcher’ package drops illicit ‘node’ binary on Windows appeared first on Security Boulevard. Article Link: 'Netfetcher' package drops illicit 'node' binary on Windows - Security Boulevard 1 post - 1 participant Read full topic‘Netfetcher’ package drops illicit ‘node’ binary on Windows
-
vulns.space
🚨 SECURITY ALERT: CVE-2024-6698 - FundEngine plugin 🚨 📝 CVE DETAILS: - 🆔 Vulnerability: CVE-2024-6698 - 🔥 Severity: High - 📉 CVSS Score: 8.8 - 🎯 Exploit Probability EPSS: The EPSS for this CVE has not been published yet. - 📜 Status according to CISA: Not actively exploited vulnerability. - 🛠️ Exploit: No exploit on GitHub or ExploitDB. - 🛡️ IoCs: No IoCs associated - 📅 Publication Date: 01/08/2024 04:44 UTC - 🖥️ Vulnerable Software: FundEngine plugin, WordPress 🔍 EXPLANATION AND MITIGATION: 1. Cause of the Vulnerability: The FundEngine plugin for WordPress allows users to update their user metadata without proper verification. This means that attackers can change their user metadata to gain administrator privileges, even if they only have subscriber-level access. 2. Steps for Mitigation: 1. Update the FundEngine plugin to version 1.7.1 or later. 2. If you cannot update the plugin immediately, you can disable it by going to the "Plugins" page in your WordPress dashboard and clicking "Deactivate" next to the FundEngine plugin. 3. Once the plugin is disabled, you should manually check all user metadata and remove any suspicious entries. You can do this by going to the "Users" page in your WordPress dashboard and clicking "Edit" next to each user. 4. In the "User Profile" section, look for any suspicious entries in the "User Metadata" field. If you find any suspicious entries, delete them. 5. Once you have checked all user metadata, you can re-enable the FundEngine plugin. 📈 TECHNICAL IMPACT: Attack Vector: Network access, Internet. Attack Complexity: Easy to exploit, does not require special skills. Privileges Required: Requires some limited privileges. User Interaction: No user interaction needed, can occur in the background. Scope: Does not spread to other systems Confidentiality: May reveal sensitive and critical information. Integrity: May modify or destroy important data. Availability: May cause the system to stop working completely. 🔗 STAY SAFE AND INFORMED #FundEngineplugin #CyberSecurity #InfoSec #Vulnerability #TechNews #AI #Automation
-
CYBERNOE®,the first Secure by Design Assistant
🚨CVE-2024-39891: Twilio Authy API vulnerability In June 2024, a vulnerability (CVE-2024-39891) was found in the Twilio Authy API, affecting Authy Android (before 25.1.0) and Authy iOS (before 26.1.0). This flaw exposed an unauthenticated endpoint that allowed attackers to check if specific phone numbers were registered with Authy, without compromising the accounts themselves. The vulnerability stems from improper authentication (CWE-287). The affected endpoint accepted phone numbers and returned registration status, leading to an information disclosure issue. This vulnerability is easy to exploit, requires no authentication, and can be executed remotely. The CVSS 3.1 Base Score is 5.3 (medium severity). The main impact is on confidentiality. Exploitation was observed in the wild, with attackers verifying millions of phone numbers. Mitigation --> Users should upgrade to Authy Android 25.1.0 and Authy iOS 26.1.0 or later. If upgrades are not possible, discontinuing use of affected versions is recommended. CISA’s deadline for mitigation is August 13, 2024. CVE-2024-39891 proves the need for robust authentication. Immediate action is necessary to update or discontinue vulnerable versions. Implementing "secure by design" principles could significantly help mitigate such vulnerabilities. By embedding security considerations from the ground up, developers can prevent improper authentication flaws. This includes rigorous input validation, robust authentication mechanisms and thorough security testing. Remain vigilant to prevent exploitation ! 🛡️ Contact us for an innovative solution to integrate Secure by Design into your development processes. Source: https://lnkd.in/dstthR2y #cybersecurity #securebydesign #authenticationflaw #mitigation
10