Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-10-24 20:00:00 |
Cisco warns of ISE vulnerability with no fixed release or workaround (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Cisco
Tags: Identity Services Engine
Tags: AnyConnect VPN server
Tags: CVE-2022-20822
Tags: CVE-2022-20959
Tags: CVE-2022-20933
Tags: input validation
Cisco's latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files.
(Read more...)
|
Vulnerability
|
|
|
|
2022-10-19 19:00:00 |
Why Log4Text is not another Log4Shell (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Log4Text
Tags: Apache
Tags: Commons Text
Tags: CVE-2022-42889
Tags: Log4j
Tags: Log4Shell
Tags: interpolators
Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry?
(Read more...)
|
Vulnerability
|
|
|
|
2022-10-06 11:00:00 |
BOD 23-01: Improving asset visibility and vulnerability detection on federal networks (lien direct) |
>Categories: NewsTags: BOD 23-01
Tags: asset visibility
Tags: vulnerability detection
Tags: federal networks
Tags: CISA
Tags: CDM
Tags:
CISA has issued BOD 23-10 which requires all FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodic scans of these devices, and provide this information to CISA.
(Read more...)
|
Vulnerability
|
|
|
|
2022-10-03 12:00:00 |
Actively exploited vulnerability in Bitbucket Server and Data Center (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Atlassian
Tags: Bitbucket
Tags: git
Tags: CVE-2022-36804
Tags: RCE
Tags: read permission
International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center
(Read more...)
|
Vulnerability
|
|
|
|
2022-09-14 11:00:00 |
WPGateway WordPress plugin vulnerability could allow full site takeover (lien direct) |
>Categories: NewsTags: WPGateway
Tags: WordPress
Tags: plugin
Tags: vulnerability
Tags: CVE
We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin.
(Read more...)
|
Vulnerability
|
|
|
|
2022-09-13 12:00:00 |
BackupBuddy WordPress plugin vulnerable to exploitation, update now! (lien direct) |
>Categories: NewsTags: BackupBuddy
Tags: WordPress
Tags: vulnerability
Tags: exploit
Tags: hack
Tags: compromise
Tags: update
We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it.
(Read more...)
|
Vulnerability
|
|
★★★★
|
|
2022-09-08 11:00:00 |
Vulnerability response for SMBs: The Malwarebytes approach (lien direct) |
>Categories: BusinessAt Malwarebytes, we understand that small-and-medium sized businesses find it uniquely difficult to quickly respond to vulnerabilities. In this post, learn more about our approach to vulnerability response and how our Vulnerability Assessment and Patch Management solutions can address common SMB pain points.
(Read more...)
|
Vulnerability
|
|
|
|
2022-09-06 10:00:00 |
Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: QNAP
Tags: Photo Station
Tags: Deadbolt
Tags: ransomware
Tags: VPN
QNAP says it's detected that DeadBolt is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems directly connected to the internet.
(Read more...)
|
Vulnerability
|
|
|
|
2022-09-01 19:00:00 |
Apple releases security update for iPhones and iPads to address vulnerability (lien direct) |
>Categories: NewsTags: Apple
Tags: iOS 12.5.6
Tags: webkit
Tags: CVE-2022-32893
Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices.
(Read more...)
|
Vulnerability
|
|
|
|
2022-09-01 12:00:00 |
TikTok vulnerability could have allowed hijackers to take over accounts (lien direct) |
>Categories: NewsTags: Exploit
Tags: vulnerability
Tags: Tik-Tok
Tags: Microsoft
Tags: JavaScript
We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed.
(Read more...)
|
Vulnerability
|
|
|
|
2022-08-25 12:00:00 |
Introducing Patch Management for OneView (lien direct) |
>Categories: BusinessWe're thrilled to announce our Patch Management module for OneView, which is paired alongside our Vulnerability Assessment module to help you uncover vulnerabilities, respond to threats, and keep your customers productive and safe.
(Read more...)
|
Vulnerability
|
|
★★★★★
|
|
2022-08-25 10:00:00 |
Update now! GitLab issues critical security release for RCE vulnerability (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: GitLab
Tags: RCE
Tags: CVE-2022-2884
Tags: GitHub
Tags: import
GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884.
(Read more...)
|
Vulnerability
|
|
★★★★
|
|
2022-08-24 11:00:00 |
ChromeOS vulnerability found by Microsoft (lien direct) |
>Categories: NewsTags: Microsoft
Tags: ChromeOS
Tags: Chrome
Tags: Google
Tags: audio
Tags: bluetooth
Tags: exploit
Tags: vulnerability
Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week.
(Read more...)
|
Vulnerability
|
|
|
|
2022-08-11 13:00:00 |
Thousands of Zimbra mail servers backdoored in large scale attack (lien direct) |
>Categories: Exploits and vulnerabilitiesCategories: NewsTags: Zimbra
Tags: ZVS
Tags: cve-2022-27925
Tags: web shell
Tags: cve-2022-37042
Tags: authentication
Tags: RCE
Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers
(Read more...)
|
Vulnerability
|
|
|
|
2022-08-01 17:31:40 |
Millions of Arris routers are vulnerable to path traversal attacks (lien direct) |
>A researcher has found a serious vulnerability in the muhttpd webserver that is used in millions of routers and modems. A patch is available but ISPs are often slow to push out firmware updates.
|
Vulnerability
|
|
★★★★★
|
|
2022-07-13 12:21:53 |
Update now-July Patch Tuesday patches include fix for exploited zero-day (lien direct) |
>July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS.
|
Vulnerability
|
|
|
|
2022-07-05 13:56:04 |
Update now! Chrome patches ANOTHER zero-day vulnerability (lien direct) |
>Google has patched a vulnerability in Chrome which was being exploited in the wild. Make sure you're using the latest version.
|
Vulnerability
|
|
|
|
2022-06-30 15:25:24 |
Amazon Photos vulnerability could have given attackers access to user files and data (lien direct) |
The retail giant patched a serious flaw in its Amazon Photos app that left user access token exposed to potential attackers.
|
Vulnerability
|
|
|
|
2022-06-14 12:38:13 |
Introducing Malwarebytes Vulnerability Assessment for OneView: How to check for Common Vulnerabilities and Exposures (CVEs) (lien direct) |
In this post, we'll give you a step-by-step on how to complete an Inventory and vulnerability scan in Malwarebytes Vulnerability Assessment for OneView.
|
Vulnerability
|
|
|
|
2022-06-14 09:53:27 |
Don\'t panic! “Unpatchable” Mac vulnerability discovered (lien direct) |
>Researchers at MIT have published details about an attack that uses a flaw in the M1 security feature pointer authentication codes.
|
Vulnerability
|
|
|
|
2022-06-03 14:41:58 |
Unpatched Atlassian Confluence vulnerability is actively exploited (lien direct) |
>A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched.
|
Vulnerability
|
|
|
|
2022-05-30 18:09:26 |
Microsoft Office zero-day “Follina”-it\'s not a bug, it\'s a feature! (It\'s a bug) (lien direct) |
Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina.
|
Vulnerability
|
|
|
|
2022-05-12 12:51:25 |
F5 BIG-IP vulnerability is now being used to disable servers (lien direct) |
>At least one group of threat actors is using the recently patched vulnerability in F5 BIG-IP to wipe the file system of vulnerable devices.
|
Threat
Vulnerability
|
|
|
|
2022-05-11 14:36:23 |
Update now! Microsoft releases patches, including one for actively exploited zero-day (lien direct) |
May's Patch Tuesday includes one actively exploited zero-day vulnerability and some other interesting ones.
|
Vulnerability
|
|
|
|
2022-05-09 15:39:17 |
Update now! F5 BIG-IP vulnerability being actively exploited (lien direct) |
>Only a few days after the release of the patch for a vulnerability in F5 BIG-IP, exploits were developed and are now being deployed.
|
Vulnerability
|
|
|
|
2020-10-26 10:58:14 |
Google patches actively exploited zero-day bug that affects Chrome users (lien direct) |
Update your Chrome browser to its latest version-86.0.4240.111-to protect yourself from a vulnerability that Google says is being actively exploited.
Categories:
Exploits and vulnerabilities
Tags: 86.0.4240.111browser exploitChrome vulnerabilityCVE-2020-15999FreeTypeFreeType 2.10.4FreeType zero-day
(Read more...)
|
Vulnerability
|
|
★★★★★
|
|
2020-10-21 20:41:32 |
XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability (lien direct) |
This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection.
Categories:
Cybercrime
Social engineering
Tags: cross-site scriptingtech support scamTSSvulnerabilityxss
(Read more...)
|
Vulnerability
|
|
|
|
2020-05-13 15:30:00 |
How CVSS works: characterizing and scoring vulnerabilities (lien direct) |
CVSS, or Common Vulnerability Scoring System, provides developers, testers, and security professionals with a standardized process to assess vulnerabilities.
Categories:
Malwarebytes news
Tags: attack complexityattack vectorbug bountycommon vulnerability scoring systemCVSSCVSS 3.1FIRSTForum of Incident Response and Security Teamsprivileges requiredsoftware vulnerabilitystandardizationuser interaction (UI)vulnerabilitiesvulnerability
(Read more...)
|
Vulnerability
|
|
|
|
2020-04-22 17:54:33 |
iOS Mail bug allows remote zero-click attacks (lien direct) |
A newly-discovered vulnerability in iOS Mail can be used to attack an iPhone remotely using a malicious e-mail message, even if you're running the latest version of iOS (13.4.1).
Categories:
Mac
Tags: AppleApple mailiOSiOS mailiOS mail bugiOS mail vulnerabilityiOS vulnerabilitymailmaildvulnerabilityzero-day vulnerability
(Read more...)
|
Vulnerability
|
|
|
|
2019-10-18 16:36:36 |
Pulse VPN patched their vulnerability, but businesses are trailing behind (lien direct) |
After a vulnerability in a popular business VPN solutions was discussed at length and an easy to use exploit is availbale, organizations still fail to apply the patch. What's up?
Categories:
Business
Tags: cybercriminalsexploitexploit kitsexploitspatchpatchingpulsevpnvulnerabilitiesvulnerability
(Read more...)
|
Vulnerability
|
|
★★★★
|
|
2019-09-12 15:00:00 |
(Déjà vu) Five years later, Heartbleed vulnerability still unpatched (lien direct) |
The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems.
Categories:
Malwarebytes news
Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL
(Read more...)
|
Vulnerability
|
|
|
|
2019-08-30 16:16:00 |
Everything you need to know about the Heartbleed vulnerability (lien direct) |
The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems.
Categories:
Exploits and vulnerabilities
Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL
(Read more...)
|
Vulnerability
|
|
★★★
|
|
2019-08-21 15:56:04 |
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks (lien direct) |
Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk?
Categories:
Awareness
Tags: AppleblackberrybluetoothCiscoCVE-2019-9506iOSKey Negotiation of BluetoothKNOB attackmacOSman-in-the-middle attackmicrosoftmitmret hatwatchoswindows
(Read more...)
|
Vulnerability
|
|
|
|
2019-08-09 16:10:02 |
Backdoors are a security vulnerability (lien direct) |
Upset by their inability to access potentially vital evidence for criminal investigations, the federal government has, for years, pushed to convince tech companies to build backdoors that will, allegedly, only be used by law enforcement agencies. The problem, cybersecurity researchers say, is that those backdoors can easily be exploited by criminals.
Categories:
Privacy
Tags: AppleAttorney GeneralbackdoorClipper ChipDepartment of Justiceencryptionfbigolden keyGoogleiMessageiOS 8iPhonelawful interceptluggageNational Security AgencyNSAsignalTransportation Security AdministrationTSAwhatsappWilliam Barr
(Read more...)
|
Vulnerability
|
|
|
|
2019-02-06 17:16:05 |
New critical vulnerability discovered in open-source office suites (lien direct) |
A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild?
Categories:
Exploits
Threat analysis
Tags: CVE-2018-16858exploitlibreofficeopenofficepythonrce
(Read more...)
|
Vulnerability
|
|
|
|
2018-10-01 16:44:02 |
A week in security (September 24 – 30) (lien direct) |
A roundup of the security news from September 24–30 including phishing, Apple woes, a vulnerability in the wild, e-commerce attacks, phone spam, and a massive Facebook breach.
Categories:
Security world
Week in security
Tags: CVECVE-2018-8373facebookGooglriPhoneXSLojaxMagecartmicrosoftMojavemutagen astronomyosxphishingport of san diegoquasar ratsafari extensionssms phishingtelegramTV licensingunwanted calls
(Read more...)
|
Vulnerability
|
|
|
|
2018-09-26 17:13:02 |
Buggy implementation of CVE-2018-8373 vulnerability used to deliver Quasar RAT (lien direct) |
A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks.
Categories:
Exploits
Threat analysis
Tags: anti exploitCVE-2018-8174CVE-2018-8373exploitIndicators of compromiseIOCIOCspastebinpatchQuasarratremote administration toolvirustotalvulnerabilitiesvulnerability
(Read more...)
|
Threat
Vulnerability
|
|
|