Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-18 14:31:38 |
Google Patches Chrome\'s Fifth Zero-Day of the Year (lien direct) |
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […] |
Vulnerability
|
|
|
|
2022-07-11 20:26:40 |
Rethinking Vulnerability Management in a Heightened Threat Landscape (lien direct) |
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist. |
Vulnerability
Threat
|
|
|
|
2022-06-28 11:57:06 |
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data (lien direct) |
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. |
Vulnerability
Threat
|
|
|
|
2022-06-21 15:19:15 |
Modern IT Security Teams\' Inevitable Need for Advanced Vulnerability Management (lien direct) |
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today's dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks. |
Vulnerability
|
|
|
|
2022-06-07 12:45:00 |
Follina Exploited by State-Sponsored Hackers (lien direct) |
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets. |
Vulnerability
|
|
|
|
2022-06-07 11:21:47 |
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw (lien direct) |
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. |
Tool
Vulnerability
|
|
|
|
2022-05-19 13:03:37 |
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover (lien direct) |
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites. |
Vulnerability
|
|
|
|
2022-05-05 12:48:08 |
F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems (lien direct) |
The vulnerability is 'critical' with a CVSS severity rating of 9.8 out of 10. |
Vulnerability
|
|
|
|
2022-04-07 13:46:17 |
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts (lien direct) |
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. |
Vulnerability
|
|
|
|
2022-03-31 13:22:49 |
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug (lien direct) |
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
|
Vulnerability
|
|
|
|
2022-03-15 16:58:43 |
Most QNAP NAS Devices Affected by \'Dirty Pipe\' Linux Flaw (lien direct) |
The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage (NAS) appliances, the Taiwanese manufacturer warned on Monday. Dirty Pipe, a recently reported local privilege escalation vulnerability, affects the Linux kernel on QNAP […] |
Vulnerability
|
|
|
|
2022-01-31 21:59:35 |
Public Exploit Released for Windows 10 Bug (lien direct) |
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update. |
Vulnerability
|
|
|
|
2022-01-18 20:21:04 |
The Log4j Vulnerability Puts Pressure on the Security World (lien direct) |
It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. |
Vulnerability
|
|
|
|
2022-01-11 14:09:21 |
Critical SonicWall NAC Vulnerability Stems from Apache Mods (lien direct) |
Researchers offer more detail on the bug, which can allow attackers to completely take over targets. |
Vulnerability
|
|
|
|
2021-12-23 19:04:13 |
4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code (lien direct) |
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. |
Vulnerability
|
|
|
|
2021-12-22 18:24:07 |
All in One SEO Plugin Bug Threatens 3M Websites with Takeovers (lien direct) |
A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers. |
Vulnerability
Guideline
|
|
|
|
2021-12-21 14:42:02 |
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack (lien direct) |
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. |
Malware
Vulnerability
|
|
|
|
2021-12-20 16:01:57 |
Third Log4J Bug Can Trigger DoS; Apache Issues Patch (lien direct) |
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. |
Vulnerability
|
|
|
|
2021-12-15 19:31:30 |
SAP Kicks Log4Shell Vulnerability Out of 20 Apps (lien direct) |
SAP's still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
|
Vulnerability
|
|
|
|
2021-12-10 17:58:04 |
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack (lien direct) |
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.” |
Tool
Vulnerability
Guideline
|
|
|
|
2021-11-19 17:39:18 |
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years (lien direct) |
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. |
Vulnerability
|
|
|
|
2021-11-10 17:00:35 |
Massive Zero Day Hole Found in Palo Alto Security Appliances (lien direct) |
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
|
Vulnerability
|
|
|
|
2021-11-08 16:38:05 |
Zoho Password Manager Flaw Torched by Godzilla Webshell (lien direct) |
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and […] |
Vulnerability
Threat
|
|
|
|
2021-10-26 21:22:26 |
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure (lien direct) |
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner. |
Vulnerability
|
|
|
|
2021-10-19 21:42:49 |
Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services (lien direct) |
The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: Global Offensive and Portal 2 – and in cloud services such as Twilio Electric Imp. |
Vulnerability
|
|
|
|
2021-09-23 18:35:31 |
100M IoT Devices Exposed By Zero-Day Bug (lien direct) |
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more. |
Vulnerability
|
|
|
|
2021-09-13 18:08:10 |
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing (lien direct) |
The security vulnerability can be exploited with a malicious CSV file. |
Vulnerability
|
|
|
|
2021-09-09 12:58:48 |
Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix (lien direct) |
An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom. |
Vulnerability
Guideline
|
|
|
|
2021-09-08 12:24:51 |
Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows (lien direct) |
Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files. |
Vulnerability
|
|
★★★★
|
|
2021-08-27 13:00:36 |
Top Strategies That Define the Success of a Modern Vulnerability Management Program (lien direct) |
Modern vulnerability management programs require a strategy that defines what success means for your organization's cybersecurity goals. By incorporating a few simple cyber hygiene routines to your daily security routine, you'll set up your IT teams to be better equipped to steer off cyberattacks. |
Vulnerability
|
|
|
|
2021-08-17 16:20:30 |
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop (lien direct) |
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek's Kalay network, used in 83m devices.
|
Vulnerability
|
|
|
|
2021-08-12 20:30:58 |
Black Hat: Novel DNS Hack Spills Confidential Corp Data (lien direct) |
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS. |
Hack
Vulnerability
|
|
|
|
2021-07-16 11:57:53 |
Microsoft: New Unpatched Bug in Windows Print Spooler (lien direct) |
Another vulnerability separate from PrintNightmare allows for local elevation of privilege and system takeover. |
Vulnerability
|
|
|
|
2021-07-13 12:58:11 |
SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack (lien direct) |
Microsoft alerted the company to a security vulnerability in its Serv-U Managed File Transfer and Secure FTP products that a cyberattacker is using to target a “limited” amount of customers. |
Vulnerability
|
|
|
|
2021-07-12 18:01:46 |
Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack (lien direct) |
The attacks are enabled by an unpatched security vulnerability in ForgeRock's Access Management, a popular platform that front-ends web apps and remote-access setups. |
Vulnerability
|
|
|
|
2021-07-06 15:42:42 |
Kaseya Patches Imminent After Zero-Day Exploits, 1,500 Impacted (lien direct) |
REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116. |
Ransomware
Vulnerability
|
|
|
|
2021-06-28 20:38:29 |
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug (lien direct) |
A vulnerability in NVIDIA's GeForce Experience software opens the door to remote data access, manipulation and deletion. |
Vulnerability
|
|
|
|
2021-06-14 20:45:49 |
Utilities \'Concerningly\' at Risk from Active Exploits (lien direct) |
Utilities' vulnerability to application exploits goes from bad to worse in just weeks. |
Vulnerability
|
|
|
|
2021-05-24 19:33:45 |
Restaurant Reservation System Patches Easy-to-Exploit XSS Bug (lien direct) |
A WordPress reservation plugin has a vulnerability that allows unauthenticated hackers to access reservation data stored by site owners. |
Vulnerability
|
|
|
|
2021-05-11 18:38:36 |
Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader (lien direct) |
A patch for Adobe Acrobat, the world's leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution. |
Vulnerability
Guideline
|
|
|
|
2021-04-20 15:59:56 |
GEICO Alerts Customers Hackers Stole Driver License Data for Two Months (lien direct) |
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website. |
Vulnerability
|
|
|
|
2021-04-14 20:56:27 |
Security Bug Allows Attackers to Brick Kubernetes Clusters (lien direct) |
The vulnerability is triggered when a cloud container pulls a malicious image from a registry. |
Vulnerability
|
Uber
|
|
|
2021-04-05 19:10:53 |
Apple Mail Zero-Click Security Vulnerability Allows Email Snooping (lien direct) |
The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. |
Vulnerability
|
|
|
|
2021-03-17 20:26:52 |
Cisco Plugs Security Hole in Small Business Routers (lien direct) |
The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. |
Vulnerability
|
|
|
|
2021-03-15 15:40:21 |
Google Warns Mac, Windows Users of Chrome Zero-Day Flaw (lien direct) |
The use-after-free vulnerability is the third Google Chrome zero-day flaw to be disclosed in three months. |
Vulnerability
|
|
|
|
2021-02-09 19:40:47 |
Attackers Exploit Critical Adobe Flaw to Target Windows Users (lien direct) |
A critical vulnerability in Adobe Reader has been exploited in "limited attacks." |
Vulnerability
|
|
|
|
2021-02-05 15:47:55 |
Google Chrome Zero-Day Afflicts Windows, Mac Users (lien direct) |
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exploited by attackers. |
Vulnerability
|
|
|
|
2021-01-25 17:53:51 |
Cisco DNA Center Bug Opens Enterprises to Remote Attack (lien direct) |
The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. |
Vulnerability
|
|
|
|
2021-01-12 15:00:19 |
Ethical Hackers Breach U.N., Access 100,000 Private Records (lien direct) |
Researchers informed organization of a flaw that exposed GitHub credentials through the organization's vulnerability disclosure program. |
Vulnerability
|
|
|
|
2021-01-06 16:40:26 |
Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw (lien direct) |
More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover. |
Vulnerability
|
|
|