Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-12-05 12:22:36 |
HackerOne awards $20,000 bug bounty for private data access vulnerability on its own platform (lien direct) |
An analyst and a cut-and-paste job resulted in a critical security problem. |
Vulnerability
|
|
★★★
|
|
2019-11-27 20:58:00 |
Adobe discloses security breach impacting Magento Marketplace users (lien direct) |
Security breach was detected last week and traced back to a vulnerability in the Magento Marketplace website. |
Vulnerability
|
|
|
|
2019-11-22 21:17:36 |
Smartphone maker OnePlus discloses data breach (lien direct) |
Hackers accessed some OnePlus customer data through a vulnerability in the vendor's website. |
Data Breach
Vulnerability
|
|
|
|
2019-11-18 11:18:02 |
Google patches \'awesome\' XSS vulnerability in Gmail dynamic email feature (lien direct) |
The bug bounty hunter who disclosed the issue says the bug is a prime example of DOM Clobbering. |
Vulnerability
|
|
★★★★
|
|
2019-11-18 09:56:03 |
Attackers using WhatsApp MP4 video files vulnerability can remotely execute code (lien direct) |
The buffer overflow flow bug has been disclosed by Facebook. |
Vulnerability
|
|
|
|
2019-11-14 14:44:43 |
Windows & Linux get options to disable Intel TSX to prevent Zombieload v2 attacks (lien direct) |
Disclosure of new Zombieload v2 vulnerability prompts OS makers to react with ways to disable Intel's TSX technology. |
Vulnerability
|
|
|
|
2019-11-12 16:05:19 |
McAfee antivirus software impacted by code execution vulnerability (lien direct) |
The severe security flaw can bypass self-defense mechanisms. |
Vulnerability
|
|
|
|
2019-11-06 00:53:28 |
Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD (lien direct) |
Bug discovered by Google. Impacts Linux and BSD distros, but not Windows and macOS. |
Vulnerability
|
|
|
|
2019-10-29 10:13:00 |
Major vulnerability patched in the EU\'s eIDAS authentication system (lien direct) |
Exclusive: Vulnerability would have allowed attackers to pose as any EU citizen or business. |
Vulnerability
|
|
|
|
2019-10-12 07:00:05 |
Vulnerability found and fixed in HP bloatware (lien direct) |
HP releases security update for HP Touchpoint Analytics app. Device owners advised to update. |
Vulnerability
|
|
★★★
|
|
2019-10-07 09:25:04 |
D-Link router remote code execution vulnerability will not be patched (lien direct) |
The security issue won't be resolved, considering the age of the products. |
Vulnerability
|
|
|
|
2019-10-04 07:29:17 |
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices (lien direct) |
Vulnerability was patched in older Android OS versions, but resurfaced in newer releases. |
Vulnerability
|
|
★★★
|
|
2019-10-03 10:45:45 |
WhatsApp vulnerability exploited through malicious GIFs to hijack chat sessions (lien direct) |
Personal files and messages are at risk in unpatched builds of the app. |
Vulnerability
|
|
★★
|
|
2019-09-23 11:28:34 |
Privilege escalation vulnerability patched in Forcepoint VPN for Windows (lien direct) |
The bug could also be used post-exploit to circumvent PC defenses. |
Vulnerability
|
|
|
|
2019-09-19 09:59:11 |
Patch now: 1,300 Harbor cloud registries open to attack (lien direct) |
A severe critical privilege escalation vulnerability has been found in the open source registry software. |
Vulnerability
|
|
★★★
|
|
2019-09-16 11:00:06 |
Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities (lien direct) |
A new study reveals vulnerability rates are not decreasing in our connected devices -- far from it. |
Vulnerability
|
|
|
|
2019-09-16 08:45:40 |
LastPass bug leaks credentials from previous site (lien direct) |
LastPass has released a fix last week. Vulnerability details are now public. Users advised to update. |
Vulnerability
|
LastPass
|
|
|
2019-09-12 10:20:03 |
Google discloses vulnerability in Chrome OS \'built-in security key\' feature (lien direct) |
Security issue fixed in late June, with the release of Chrome OS 75. Additional remediation steps below. |
Vulnerability
|
|
|
|
2019-08-15 10:18:01 |
Trend Micro fixes privilege escalation security flaw in Password Manager (lien direct) |
The vulnerability could be used for privilege escalation and code execution attacks. |
Vulnerability
|
|
|
|
2019-08-13 18:02:03 |
Vulnerability in Microsoft CTF protocol goes back to Windows XP (lien direct) |
Insecure CTF protocol allows hackers to hijack any Windows app, escape sandboxes, get admin rights. |
Vulnerability
|
|
★★★★
|
|
2019-08-13 12:32:01 |
Steam vulnerability reportedly exposes Windows gamers to system hijacking (lien direct) |
The researcher was asked not to disclose the bug but did so anyway. |
Vulnerability
|
|
|
|
2019-08-08 19:00:00 |
Decade-old remote code execution bug found in phones used by Fortune 500 (lien direct) |
The firmware vulnerability lurked undetected for ten years. |
Vulnerability
|
|
|
|
2019-08-06 11:05:00 |
Unpatched KDE vulnerability disclosed on Twitter (lien direct) |
Just viewing --not running-- a malicious .desktop or .directory file inside a file browser can run malicious code on a user's system. |
Vulnerability
|
|
|
|
2019-07-23 12:36:00 |
Critical flaw in Palo Alto VPN solution impacts Uber, other enterprises may be at risk (lien direct) |
Updated: The critical vulnerability exists in old, vulnerable versions of the software still in use by companies including Uber. |
Vulnerability
|
Uber
|
|
|
2019-07-23 11:19:04 |
Remote code execution vulnerability in VLC remains unpatched (lien direct) |
The bug is present in VLC's latest release. |
Vulnerability
|
|
|
|
2019-07-19 21:04:00 |
Hackers target 62 US colleges by exploiting ERP vulnerability (lien direct) |
Attacks failed; however, the Department of Education is alerting colleges about ongoing exploitation attempts. |
Vulnerability
|
|
|
|
2019-07-05 10:47:05 |
Tor Project to fix bug used for DDoS attacks on Onion sites for years (lien direct) |
Tor vulnerability has been exploited for years and has been used for censorship, sabotage, and extortion of Onion sites. |
Vulnerability
|
|
|
|
2019-07-02 20:06:02 |
US Cyber Command issues alert about hackers exploiting Outlook vulnerability (lien direct) |
US Cyber Command shares links to new malware exploiting an Outlook bug patched in 2017. |
Malware
Vulnerability
|
|
|
|
2019-06-30 16:25:04 |
Bulgarian IT expert arrested after demoing vulnerability in kindergarten software (lien direct) |
Vulnerability allowed him to download data of over 235,000 Bulgarian citizens. |
Vulnerability
|
|
|
|
2019-06-24 08:45:02 |
User data stolen from \'human hacking\' forum Social Engineered, published on rival site (lien direct) |
A vulnerability in MyBB has been blamed. |
Vulnerability
|
|
★★★★★
|
|
2019-06-20 08:51:00 |
Tor Browser 8.5.2 release patches critical Firefox vulnerability exploited in the wild (lien direct) |
The release resolves a critical Mozilla Firefox vulnerability in active use. |
Vulnerability
|
|
|
|
2019-06-11 22:56:02 |
Microsoft blocks BLE security keys with known pairing vulnerability (lien direct) |
Windows security update will block pairing of certain weak BLE security keys at the OS level. |
Vulnerability
|
|
|
|
2019-06-09 14:45:05 |
Microsoft warns about email spam campaign abusing Office vulnerability (lien direct) |
Dangerous spam campaign targets European users with backdoor trojan. |
Spam
Vulnerability
|
|
|
|
2019-06-05 21:07:02 |
New RCE vulnerability impacts nearly half of the internet\'s email servers (lien direct) |
Exim vulnerability lets attackers run commands as root on remote email servers. |
Vulnerability
|
|
★★★★★
|
|
2019-05-15 18:12:01 |
Google to replace faulty Titan security keys (lien direct) |
Vulnerability in Bluetooth pairing protocol forces Google to replace Titan keys sold in the US. |
Vulnerability
|
|
|
|
2019-04-04 15:40:00 |
Vulnerability found in Xiaomi phones\' pre-installed security app (lien direct) |
Interactions between Avast and AVL SDKs spawned dangerous flaw on Xiaomi smartphones. |
Vulnerability
|
|
|
|
2019-04-04 12:17:00 |
Researcher publishes Google Chrome exploit (lien direct) |
Vulnerability patched in Chrome's V8 JavaScript engine, but the fix has not yet reached the Chrome stable branch. |
Vulnerability
|
|
|
|
2019-04-02 11:55:05 |
Hackers reveal how to trick a Tesla into steering towards oncoming traffic (lien direct) |
A root vulnerability and a few stickers were all it took. |
Vulnerability
|
Tesla
|
|
|
2019-03-29 13:06:03 |
Google security engineer discloses zero-day flaw in TP-Link smart home routers (lien direct) |
The zero-day vulnerability was disclosed publicly after TP-Link failed to respond. |
Vulnerability
|
|
|
|
2019-03-27 10:25:00 |
Nvidia patches code execution vulnerability in GeForce Experience (lien direct) |
The severe security flaw can also lead to denial of service attacks and privilege escalation. |
Vulnerability
Guideline
|
|
|
|
2019-03-22 10:42:03 |
Critical flaw revealed in Facebook Fizz TLS project (lien direct) |
The DoS vulnerability is trivially easy to trigger. |
Vulnerability
|
|
|
|
2019-03-20 13:00:00 |
Google Photos vulnerability could have let hackers retrieve image metadata (lien direct) |
Browser side-channel leaks are emerging as the next big threat for per-target stalking ops. |
Vulnerability
Threat
|
|
|
|
2019-03-19 17:15:00 |
Severe security bug found in popular PHP library for creating PDF files (lien direct) |
Vulnerability patched last year, but many websites and web apps will most likely remain vulnerable for years. |
Vulnerability
|
|
|
|
2019-03-15 12:41:03 |
\'100 unique exploits and counting\' for latest WinRAR security bug (lien direct) |
As expected, the recent WinRAR vulnerability is now being abused en-masse by multiple threat actors. |
Vulnerability
Threat
|
|
|
|
2019-03-12 16:23:00 |
Vulnerability in Swiss e-voting system could have led to vote alterations (lien direct) |
A fix has been deployed to Switzerland's e-voting system, slated to roll out later this year. |
Vulnerability
|
|
|
|
2019-03-04 13:06:02 |
Google\'s Project Zero reveals zero-day macOS vulnerability to the public (lien direct) |
The copy-on write vulnerability has not been patched. |
Vulnerability
|
|
|
|
2019-02-22 10:28:02 |
Adobe sends out second fix for critical Reader data leak vulnerability (lien direct) |
The original patch issued for the zero-day can be bypassed. |
Vulnerability
|
|
|
|
2019-02-13 01:33:05 |
New macOS security flaw lets malicious apps steal your Safari browsing history (lien direct) |
Vulnerability is not remotely exploitable. Users need to install a malicious app beforehand. Exploitation details have been shared privately with Apple's security team last week. |
Vulnerability
|
|
|
|
2019-02-12 22:37:04 |
Dirty Sock vulnerability lets attackers gain root access on Linux systems (lien direct) |
After Dirty COW caused headaches in 2016, now Linux sysadmins have to worry about Dirty Sock. |
Vulnerability
|
|
|
|
2019-02-12 09:34:05 |
Micropatch released for Adobe Reader zero-day vulnerability (lien direct) |
The 0patch fix temporarily patches a data-stealing exploit in Adobe Reader. |
Vulnerability
|
|
|