Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-09-30 14:00:00 |
With the Software Supply Chain, You Can\'t Secure What You Don\'t Measure (lien direct) |
Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain. |
Vulnerability
|
|
|
|
2022-09-21 15:28:37 |
15-Year-Old Python Flaw Slithers into Software Worldwide (lien direct) |
An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559. |
Vulnerability
|
|
|
|
2022-09-09 17:56:48 |
Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy (lien direct) |
The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality. |
Vulnerability
|
|
|
|
2022-09-06 13:00:00 |
Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration (lien direct) |
Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready. |
Ransomware
Vulnerability
|
|
|
|
2022-09-01 19:49:52 |
Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (lien direct) |
The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices. |
Vulnerability
Patching
|
|
|
|
2022-09-01 14:45:27 |
Apple Quietly Releases Another Patch for Zero-Day RCE Bug (lien direct) |
Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices. |
Malware
Vulnerability
|
|
|
|
2022-08-31 16:00:00 |
TikTok for Android Bug Allows Single-Click Account Hijack (lien direct) |
A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns. |
Vulnerability
|
|
|
|
2022-08-30 13:33:35 |
Google Expands Bug Bounties to Its Open Source Projects (lien direct) |
The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects - with a focus on critical software such as Go and Angular. |
Vulnerability
|
|
|
|
2022-08-23 14:00:00 |
Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) |
Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. |
Vulnerability
Guideline
|
|
★★
|
|
2022-08-20 19:28:29 |
DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) |
DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. |
Vulnerability
|
|
|
|
2022-08-17 18:49:19 |
Google Chrome Zero-Day Found Exploited in the Wild (lien direct) |
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. |
Vulnerability
|
|
|
|
2022-08-16 14:39:57 |
Windows Vulnerability Could Crack DC Server Credentials Open (lien direct) |
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. |
Vulnerability
|
|
|
|
2022-08-15 18:56:45 |
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities (lien direct) |
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago. |
Vulnerability
|
|
|
|
2022-08-12 20:18:21 |
Patch Madness: Vendor Bug Advisories Are Broken, So Broken (lien direct) |
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs. |
Vulnerability
|
|
|
|
2022-08-11 23:54:33 |
Microsoft: We Don\'t Want to Zero-Day Our Customers (lien direct) |
The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse -- it is, she says, to protect customers. |
Vulnerability
|
|
|
|
2022-08-08 14:20:00 |
We Have the Tech to Scale Up Open Source Vulnerability Fixes - Now It\'s Time to Leverage It (lien direct) |
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation. |
Vulnerability
|
|
|
|
2022-08-04 20:36:33 |
Time to Patch VMware Products Against a Critical New Vulnerability (lien direct) |
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. |
Vulnerability
Threat
|
|
|
|
2022-08-04 18:35:41 |
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (lien direct) |
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. |
Vulnerability
|
|
|
|
2022-07-27 23:10:52 |
Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) |
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. |
Vulnerability
|
|
★★★★
|
|
2022-07-26 17:00:00 |
How Risk-Based Vulnerability Management Has Made Security Easier (lien direct) |
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort. |
Vulnerability
|
|
|
|
2022-07-18 17:55:01 |
WordPress Page Builder Plug-in Under Attack, Can\'t Be Patched (lien direct) |
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn. |
Vulnerability
|
|
|
|
2022-07-14 20:43:13 |
DHS Review Board Deems Log4j an \'Endemic\' Cyber Threat (lien direct) |
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says. |
Vulnerability
Threat
|
|
|
|
2022-07-13 19:39:00 |
The 3 Critical Elements You Need for Vulnerability Management Today (lien direct) |
Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now. |
Vulnerability
|
|
|
|
2022-07-13 14:54:51 |
Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication (lien direct) |
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. |
Vulnerability
|
|
|
|
2022-06-30 15:17:15 |
Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) |
An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. |
Tool
Vulnerability
|
|
|
|
2022-06-28 17:58:36 |
Atlassian Confluence Exploits Peak at 100K Daily (lien direct) |
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week. |
Vulnerability
|
|
|
|
2022-06-28 13:00:00 |
New Vulnerability Database Catalogs Cloud Security Issues (lien direct) |
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services - plus fixes for them where available. |
Vulnerability
|
|
★★★
|
|
2022-06-24 21:32:18 |
Why We\'re Getting Vulnerability Management Wrong (lien direct) |
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. |
Vulnerability
Patching
|
|
|
|
2022-06-13 13:59:07 |
DoS Vulnerability Allows Easy Envoy Proxy Crashes (lien direct) |
The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. |
Vulnerability
|
|
|
|
2022-06-02 20:54:49 |
Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (lien direct) |
79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments. |
Vulnerability
|
|
|
|
2022-05-31 17:08:46 |
New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada (lien direct) |
For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs. |
Vulnerability
|
|
|
|
2022-05-16 16:30:10 |
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) |
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. |
Vulnerability
|
|
|
|
2022-05-10 15:36:55 |
Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) |
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . |
Vulnerability
|
|
|
|
2020-10-05 16:45:00 |
Android Camera Bug Under the Microscope (lien direct) |
Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location. |
Vulnerability
|
|
|
|
2020-07-29 17:40:00 |
\'BootHole\' Vulnerability Exposes Secure Boot Devices to Attack (lien direct) |
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot. |
Vulnerability
|
|
|
|
2020-06-23 15:35:00 |
(Déjà vu) Twitter Says Business Users Were Vulnerable to Data Breach (lien direct) |
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. |
Data Breach
Vulnerability
|
|
|
|
2020-06-23 15:35:00 |
Twitter Says Biz Users Were Vulnerable to Data Breach (lien direct) |
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. |
Data Breach
Vulnerability
|
|
|
|
2020-05-11 15:20:00 |
Researchers Analyze Oracle WebLogic Flaw Under Attack (lien direct) |
Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server. |
Vulnerability
|
|
|
|
2020-02-18 10:55:00 |
1.7M Nedbank Customers Affected via Third-Party Breach (lien direct) |
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. |
Vulnerability
|
|
|
|
2020-01-21 17:00:00 |
Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users (lien direct) |
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed. |
Vulnerability
|
|
|
|
2020-01-07 14:00:00 |
The Discovery and Implications of \'MDB Leaker\' (lien direct) |
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched. |
Vulnerability
Guideline
|
|
|
|
2019-11-20 09:00:00 |
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones (lien direct) |
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call. |
Vulnerability
|
|
|
|
2019-11-01 12:15:00 |
Google Patches Chrome Zero-Day Under Active Attack (lien direct) |
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers. |
Vulnerability
|
|
|
|
2019-10-04 11:50:00 |
Android 0-Day Seen Exploited in the Wild (lien direct) |
The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices. |
Vulnerability
|
|
|
|
2019-05-28 19:10:00 |
FirstAm Leak Highlights Importance of Verifying the Basics (lien direct) |
The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing. |
Vulnerability
|
|
|
|
2019-03-19 16:30:00 |
Microsoft Office Dominates Most Exploited List (lien direct) |
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals. |
Vulnerability
|
|
|
|
2019-01-17 15:30:00 |
New Attacks Target Recent PHP Framework Vulnerability (lien direct) |
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads. |
Malware
Vulnerability
Threat
|
|
|
|
2019-01-16 12:00:00 |
Fortnite Players Compromised Via Epic Games Vulnerability (lien direct) |
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency. |
Vulnerability
|
|
|
|
2019-01-14 14:30:00 |
Radiflow: New Approach for Classifying OT Attack Flaws (lien direct) |
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis. |
Vulnerability
|
|
★★★
|
|
2018-12-11 17:40:00 |
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack (lien direct) |
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw. |
Vulnerability
|
|
|