What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-20 17:23:19 | La vulnérabilité de Schneider Power Metter ouvre la porte aux pannes de courant Schneider Power Meter Vulnerability Opens Door to Power Outages (lien direct) |
Une vulnérabilité de sécurité sévère permet aux informations d'identification des compteurs de puissance de transmettre en continu en texte clair, permettant la prise de contrôle des appareils.
A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover. |
Vulnerability | ★★★ | |
|
2023-06-16 18:15:00 | Vulnérabilité de transfert de troisième Moveit divulguée par le logiciel de progrès Third MOVEit Transfer Vulnerability Disclosed by Progress Software (lien direct) |
Moveit a créé un correctif pour résoudre le problème et exhorte les clients à prendre des mesures pour protéger leur environnement, car les attaques CL0P contre le service continuent de monter.
MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks on the service continue to mount. |
Vulnerability | ★★ | |
|
2023-06-15 21:57:00 | La coalition libère le système de notation de la vulnérabilité de sécurité Coalition Releases Security Vulnerability Exploit Scoring System (lien direct) |
La coalition ESS utilise l'IA pour générer des scores de risque dynamiques pour aider les organisations à atténuer leurs risques les plus critiques plus rapidement.
Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster. |
Vulnerability | ★★ | |
|
2023-06-14 15:49:00 | Fortinet: une faille critique corrigée peut avoir été exploitée Fortinet: Patched Critical Flaw May Have Been Exploited (lien direct) |
Les utilisateurs ont demandé à appliquer des mises à jour à Fortios SSL-VPN après que les attaquants ont peut-être exploité une vulnérabilité récemment découverte dans les attaques contre les organisations gouvernementales, de fabrication et d'infrastructure critiques.
Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations. |
Vulnerability | ★★ | |
|
2023-06-01 18:44:27 | Le bug de l'API du plugin Jetpack WordPress déclenche des mises à jour de masse Jetpack WordPress Plug-in API Bug Triggers Mass Updates (lien direct) |
Un audit découvre une vulnérabilité de sécurité liée à l'API datant de Jetpack version 2.0 publiée en 2012 - et il affecte des millions de sites Web.
An audit uncovers an API-related security vulnerability dating back to Jetpack version 2.0 released in 2012 - and it affects millions of websites. |
Vulnerability | ★★★ | |
|
2023-05-31 20:05:00 | MacOS \\ 'migraine \\' bug: gros mal de tête pour l'intégrité du système de périphérique MacOS \\'Migraine\\' Bug: Big Headache for Device System Integrity (lien direct) |
Microsoft affirme que la vulnérabilité pourrait permettre aux cyberattaquants ayant un accès root aux protections de sécurité et à l'installation de logiciels malveillants.
Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware. |
Vulnerability | ★★ | |
|
2023-05-25 14:18:20 | Google Cloud Bug permet le contrôle du serveur à partir du service Cloudsql Google Cloud Bug Allows Server Takeover From CloudSQL Service (lien direct) |
Les chercheurs pourraient accéder aux données sensibles et voler des secrets en exploitant une vulnérabilité dans la couche de sécurité de GCP \\, éventuellement en séduisant dans l'environnement.
Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP\'s security layer, eventually running rampant in the environment. |
Vulnerability Cloud | ★★ | |
|
2023-05-24 17:45:00 | OAuth Flaw in Exo Platform affecte des centaines de sites tiers, applications OAuth Flaw in Expo Platform Affects Hundreds of Third-Party Sites, Apps (lien direct) |
Une vulnérabilité de cybersécurité trouvée dans une mise en œuvre de la fonctionnalité de connexion sociale ouvre la porte aux prises de contrôle et plus encore.
A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more. |
Vulnerability | ★★★★ | |
|
2023-05-19 13:05:00 | Google Debuts Quality Ratings for Security Bug Disclosures (lien direct) | Les nouvelles règles visent à améliorer la qualité des soumissions au programme de récompense de vulnérabilité de Google et Android.
New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program. |
Vulnerability | ★★ | |
|
2023-05-18 21:33:00 | Vulnérabilité Keepass LEALS MASTOS MOTS MOTS KeePass Vulnerability Imperils Master Passwords (lien direct) |
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target\'s master password - and proof-of-concept code is available.
A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target\'s master password - and proof-of-concept code is available. |
Vulnerability | ★★ | |
|
2023-05-15 16:00:00 | Microsoft Follina Bug est de retour dans des cyberattaques sur le thème des mèmes contre les organisations de voyage Microsoft Follina Bug Is Back in Meme-Themed Cyberattacks Against Travel Orgs (lien direct) |
Un comédien à deux bits utilise une vulnérabilité Microsoft corrigée pour attaquer l'industrie hôtelière et la poser vraiment en cours de route.
A two-bit comedian is using a patched Microsoft vulnerability to attack the hospitality industry, and really laying it on thick along the way. |
Vulnerability | ★★ | |
|
2023-05-10 19:30:00 | Microsoft corrige le correctif échoué pour la vulnérabilité Outlook exploitée Microsoft Fixes Failed Patch for Exploited Outlook Vulnerability (lien direct) |
L'ajout d'un seul caractère à une fonction dans le patch Outlook précédent rendu qui a correctement inutile, selon les chercheurs.
Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say. |
Vulnerability | ★★ | |
|
2023-05-03 20:38:00 | La vulnérabilité des équipements de séquençage d'ADN ajoute une nouvelle torsion aux cyber-menaces de dispositifs médicaux DNA Sequencing Equipment Vulnerability Adds New Twist to Medical Device Cyber Threats (lien direct) |
Une vulnérabilité dans un séquenceur d'ADN met en évidence la surface d'attaque élargie des organisations de soins de santé, mais montre également que la déclaration des vulnérabilités des dispositifs médicaux fonctionne.
A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works. |
Vulnerability Medical | ★★★ | |
|
2023-05-03 13:05:00 | Hôtels à risque de Bug dans Oracle Property Management Software Hotels at Risk From Bug in Oracle Property Management Software (lien direct) |
La caractérisation d'Oracle \\ de la vulnérabilité dans son logiciel d'opéra en tant que complexe et difficile à exploiter est incorrecte, les chercheurs qui ont trouvé le défaut et l'ont signalé.
Oracle\'s characterization of the vulnerability in its Opera software as complex and hard to exploit is incorrect, researchers who found the flaw and reported it say. |
Vulnerability | ★★ | |
|
2023-04-26 17:52:38 | Le défaut SLP de haute sévérité peut amplifier les attaques DDOS jusqu'à 2 200 fois High-Severity SLP Flaw Can Amplify DDoS Attacks up to 2,200 Times (lien direct) |
Plus de 2 000 organisations mondiales - y compris les entreprises du Fortune 1 000 - risquent de réflexion des attaques DDOS qui exploitent une vulnérabilité découverte dans le protocole Internet hérité.
More than 2,000 global organizations - including Fortune 1,000 companies - are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol. |
Vulnerability | ★★ | |
|
2023-04-17 20:59:00 | Google émet une mise à jour d'urgence chromée pour le bogue zéro-jour Google Issues Emergency Chrome Update for Zero-Day Bug (lien direct) |
Étant donné que la vulnérabilité de sécurité est sous exploitation active, Google n'est pas de libérer tous les détails de la faille tandis que les utilisateurs pourraient rester vulnérables.
Because the security vulnerability is under active exploit, Google isn\'t releasing full details of the flaw while users could remain vulnerable. |
Vulnerability | ★★ | |
|
2023-03-31 21:34:00 | Elastic étend les capacités de sécurité du cloud pour AWS [Elastic Expands Cloud Security Capabilities for AWS] (lien direct) | Lance CSPM, la sécurité de la charge de travail des conteneurs et la gestion de la vulnérabilité cloud pour moderniser les opérations de sécurité cloud.
Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations. |
Vulnerability Cloud | ★★★ | |
|
2023-03-30 18:58:13 | Microsoft patchs \\ 'dangereux \\' rce flaw in azure cloud service [Microsoft Patches \\'Dangerous\\' RCE Flaw in Azure Cloud Service] (lien direct) | La vulnérabilité aurait permis à un attaquant non authentifié d'exécuter du code sur un conteneur hébergé sur l'un des nœuds de la plate-forme \\.
The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform\'s nodes. |
Vulnerability Cloud | ★★ | |
|
2023-03-29 20:25:00 | Patch maintenant: les cybercriminels se déroulent sur le bogue de transfert de fichiers IBM critique [Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug] (lien direct) | Une vulnérabilité avec une note CVSS de 9,8 dans l'offre Aspera Faspex largement déployée d'IBM \\ est activement exploitée pour compromettre les entreprises.
A vulnerability with a 9.8 CVSS rating in IBM\'s widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises. |
Vulnerability | ★★ | |
|
2023-03-17 18:23:11 | Microsoft Outlook Vulnerability Could Be 2023\'s \'It\' Bug (lien direct) | Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim. | Vulnerability Vulnerability | ★★★★ | |
|
2023-03-15 20:53:00 | Cyberattackers Continue Assault Against Fortinet Devices (lien direct) | Patched earlier this month, a code-execution vulnerability is the latest FortiOS weakness to be exploited by attackers, who see the devices as well-placed targets for initial access operations. | Vulnerability | ★★★ | |
|
2023-03-10 21:01:30 | BlackLotus Secure Boot Bypass Malware Set to Ramp Up (lien direct) | BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity. | Malware Vulnerability | ★★★ | |
|
2023-02-27 19:25:00 | All CVEs Are Not Created Equal (lien direct) | Vulnerabilities impact each industry differently, so each sector needs to think about its defenses and vulnerability management differently. | Vulnerability | ★★★ | |
|
2023-02-24 19:41:05 | \'New Class of Bugs\' in Apple Devices Opens the Door to Complete Takeover (lien direct) | With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone. | Vulnerability | ★★★ | |
|
2023-02-22 17:50:00 | Google Delivers Record-Breaking $12M in Bug Bounties (lien direct) | Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers. | Vulnerability | ★★ | |
|
2023-02-15 22:50:00 | ChatGPT Subs In as Security Analyst, Hallucinates Only Occasionally (lien direct) | Incident response triage and software vulnerability discovery are two areas where the large language model has demonstrated success, although false positives are common. | Vulnerability | ChatGPT | ★★★ |
|
2023-02-14 16:00:00 | (Déjà vu) Cyber-Physical Systems Vulnerability Disclosures Reach Peak, While Disclosures by Internal Teams Increase 80% Over 18 Months (lien direct) | State of XIoT Security Report: 2H 2022 from Claroty's Team82 reveals positive impact by researchers on strengthening XIoT security and increased investment among XIoT vendors in securing their products. | Vulnerability | ★★ | |
|
2023-02-07 22:54:00 | \'Money Lover\' Finance App Exposes User Data (lien direct) | A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app. | Vulnerability | ★★★ | |
|
2023-02-06 22:11:00 | Global Ransomware Attack on VMware EXSi Hypervisors Continues to Spread (lien direct) | The fresh "ESXiArgs" malware is exploiting a 2-year-old RCE security vulnerability (tracked as CVE-2021-21974), resulting in thousands of unpatched servers falling prey to the campaign. | Ransomware Malware Vulnerability | ★★ | |
|
2023-02-02 11:01:00 | Discrepancies Discovered in Vulnerability Severity Ratings (lien direct) | Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says. | Vulnerability | ★★★ | |
|
2023-01-30 19:00:00 | Facebook Bug Allows 2FA Bypass Via Instagram (lien direct) | The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports. | Vulnerability | ★★★ | |
|
2023-01-26 20:00:00 | SaaS RootKit Exploits Hidden Rules in Microsoft 365 (lien direct) | A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit. | Vulnerability | ★★★ | |
|
2023-01-25 20:30:00 | Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI (lien direct) | The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things. | Vulnerability | ★★ | |
|
2023-01-25 18:00:00 | Log4j Vulnerabilities Are Here to Stay - Are You Prepared? (lien direct) | Don't make perfect the enemy of good in vulnerability management. Context is key - prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset. | Vulnerability | ★★ | |
|
2023-01-17 15:00:00 | 3 Lessons Learned in Vulnerability Management (lien direct) | In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting. | Vulnerability | ★★★★ | |
|
2023-01-09 23:41:00 | Firmware Vulnerability in Chips Helps Hackers Take Control of Systems (lien direct) | The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations. | Vulnerability | ★★ | |
|
2022-12-22 15:00:01 | Google WordPress Plug-in Bug Allows AWS Metadata Theft (lien direct) | A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands. | Vulnerability | ★★★ | |
|
2022-12-14 18:00:00 | CSAF Is the Future of Vulnerability Management (lien direct) | Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation. | Vulnerability | ★★★ | |
|
2022-12-14 17:20:07 | Apple Zero-Day Actively Exploited on iPhone 15 (lien direct) | Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code. | Vulnerability | ★★ | |
|
2022-10-11 15:21:39 | Skybox Security Unveils Industry\'s First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments (lien direct) | Skybox Security Cloud Edition ushers in a new era of proactive cybersecurity . | Vulnerability | ||
|
2022-09-30 14:00:00 | With the Software Supply Chain, You Can\'t Secure What You Don\'t Measure (lien direct) | Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain. | Vulnerability | ||
|
2022-09-21 15:28:37 | 15-Year-Old Python Flaw Slithers into Software Worldwide (lien direct) | An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559. | Vulnerability | ||
|
2022-09-09 17:56:48 | Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy (lien direct) | The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality. | Vulnerability | ||
|
2022-09-06 13:00:00 | Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration (lien direct) | Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready. | Ransomware Vulnerability | ||
|
2022-09-01 19:49:52 | Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (lien direct) | The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices. | Vulnerability Patching | ||
|
2022-09-01 14:45:27 | Apple Quietly Releases Another Patch for Zero-Day RCE Bug (lien direct) | Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices. | Malware Vulnerability | ||
|
2022-08-31 16:00:00 | TikTok for Android Bug Allows Single-Click Account Hijack (lien direct) | A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns. | Vulnerability | ||
|
2022-08-30 13:33:35 | Google Expands Bug Bounties to Its Open Source Projects (lien direct) | The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects - with a focus on critical software such as Go and Angular. | Vulnerability | ||
|
2022-08-23 14:00:00 | Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) | Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. | Vulnerability Guideline | ★★ | |
|
2022-08-20 19:28:29 | DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) | DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. | Vulnerability |
To see everything:
Our RSS (filtrered)
