What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-17 18:49:19 | Google Chrome Zero-Day Found Exploited in the Wild (lien direct) | The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. | Vulnerability | ||
|
2022-08-16 14:39:57 | Windows Vulnerability Could Crack DC Server Credentials Open (lien direct) | The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. | Vulnerability | ||
|
2022-08-15 18:56:45 | Most Q2 Attacks Targeted Old Microsoft Vulnerabilities (lien direct) | The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago. | Vulnerability | ||
|
2022-08-12 20:18:21 | Patch Madness: Vendor Bug Advisories Are Broken, So Broken (lien direct) | Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs. | Vulnerability | ||
|
2022-08-11 23:54:33 | Microsoft: We Don\'t Want to Zero-Day Our Customers (lien direct) | The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse -- it is, she says, to protect customers. | Vulnerability | ||
|
2022-08-08 14:20:00 | We Have the Tech to Scale Up Open Source Vulnerability Fixes - Now It\'s Time to Leverage It (lien direct) | Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation. | Vulnerability | ||
|
2022-08-04 20:36:33 | Time to Patch VMware Products Against a Critical New Vulnerability (lien direct) | A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. | Vulnerability Threat | ||
|
2022-08-04 18:35:41 | High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (lien direct) | The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. | Vulnerability | ||
|
2022-07-27 23:10:52 | Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) | Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. | Vulnerability | ★★★★ | |
|
2022-07-26 17:00:00 | How Risk-Based Vulnerability Management Has Made Security Easier (lien direct) | Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort. | Vulnerability | ||
|
2022-07-18 17:55:01 | WordPress Page Builder Plug-in Under Attack, Can\'t Be Patched (lien direct) | An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn. | Vulnerability | ||
|
2022-07-14 20:43:13 | DHS Review Board Deems Log4j an \'Endemic\' Cyber Threat (lien direct) | Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says. | Vulnerability Threat | ||
|
2022-07-13 19:39:00 | The 3 Critical Elements You Need for Vulnerability Management Today (lien direct) | Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now. | Vulnerability | ||
|
2022-07-13 14:54:51 | Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication (lien direct) | The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. | Vulnerability | ||
|
2022-06-30 15:17:15 | Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) | An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. | Tool Vulnerability | ||
|
2022-06-28 17:58:36 | Atlassian Confluence Exploits Peak at 100K Daily (lien direct) | Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week. | Vulnerability | ||
|
2022-06-28 13:00:00 | New Vulnerability Database Catalogs Cloud Security Issues (lien direct) | Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services - plus fixes for them where available. | Vulnerability | ★★★ | |
|
2022-06-24 21:32:18 | Why We\'re Getting Vulnerability Management Wrong (lien direct) | Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. | Vulnerability Patching | ||
|
2022-06-13 13:59:07 | DoS Vulnerability Allows Easy Envoy Proxy Crashes (lien direct) | The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. | Vulnerability | ||
|
2022-06-02 20:54:49 | Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (lien direct) | 79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments. | Vulnerability | ||
|
2022-05-31 17:08:46 | New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada (lien direct) | For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs. | Vulnerability | ||
|
2022-05-16 16:30:10 | Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) | Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. | Vulnerability | ||
|
2022-05-10 15:36:55 | Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) | Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . | Vulnerability | ||
|
2020-10-05 16:45:00 | Android Camera Bug Under the Microscope (lien direct) | Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location. | Vulnerability | ||
|
2020-07-29 17:40:00 | \'BootHole\' Vulnerability Exposes Secure Boot Devices to Attack (lien direct) | A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot. | Vulnerability | ||
|
2020-06-23 15:35:00 | (Déjà vu) Twitter Says Business Users Were Vulnerable to Data Breach (lien direct) | The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. | Data Breach Vulnerability | ||
|
2020-06-23 15:35:00 | Twitter Says Biz Users Were Vulnerable to Data Breach (lien direct) | The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. | Data Breach Vulnerability | ||
|
2020-05-11 15:20:00 | Researchers Analyze Oracle WebLogic Flaw Under Attack (lien direct) | Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server. | Vulnerability | ||
|
2020-02-18 10:55:00 | 1.7M Nedbank Customers Affected via Third-Party Breach (lien direct) | A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. | Vulnerability | ||
|
2020-01-21 17:00:00 | Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users (lien direct) | Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed. | Vulnerability | ||
|
2020-01-07 14:00:00 | The Discovery and Implications of \'MDB Leaker\' (lien direct) | The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched. | Vulnerability Guideline | ||
|
2019-11-20 09:00:00 | Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones (lien direct) | Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call. | Vulnerability | ||
|
2019-11-01 12:15:00 | Google Patches Chrome Zero-Day Under Active Attack (lien direct) | The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers. | Vulnerability | ||
|
2019-10-04 11:50:00 | Android 0-Day Seen Exploited in the Wild (lien direct) | The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices. | Vulnerability | ||
|
2019-05-28 19:10:00 | FirstAm Leak Highlights Importance of Verifying the Basics (lien direct) | The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing. | Vulnerability | ||
|
2019-03-19 16:30:00 | Microsoft Office Dominates Most Exploited List (lien direct) | Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals. | Vulnerability | ||
|
2019-01-17 15:30:00 | New Attacks Target Recent PHP Framework Vulnerability (lien direct) | Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads. | Malware Vulnerability Threat | ||
|
2019-01-16 12:00:00 | Fortnite Players Compromised Via Epic Games Vulnerability (lien direct) | Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency. | Vulnerability | ||
|
2019-01-14 14:30:00 | Radiflow: New Approach for Classifying OT Attack Flaws (lien direct) | The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis. | Vulnerability | ★★★ | |
|
2018-12-11 17:40:00 | Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack (lien direct) | Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw. | Vulnerability | ||
|
2018-11-06 17:40:00 | \'PortSmash\' Brings New Side-Channel Attack to Intel Processors (lien direct) | New vulnerability exposes encryption keys in the first proof-of-concept code. | Vulnerability | ||
|
2018-11-02 08:00:00 | Speed Up AppSec Improvement With an Adversary-Driven Approach (lien direct) | Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes. | Vulnerability | ||
|
2018-10-18 11:00:00 | Apache Access Vulnerability Could Affect Thousands of Applications (lien direct) | A recently discovered issue with a common file access method could be a major new attack surface for malware authors. | Malware Vulnerability | ||
|
2018-09-05 17:26:00 | PowerPool Malware Uses Windows Zero-Day Posted on Twitter (lien direct) | Researchers detected the vulnerability in an attack campaign two days after it was posted on social media. | Malware Vulnerability | ||
|
2018-08-07 10:00:00 | US-CERT Warns of New Linux Kernel Vulnerability (lien direct) | Patches now available to prevent DoS attack on Linux systems. | Vulnerability | ||
|
2018-06-25 12:50:00 | iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes (lien direct) | A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices. | Hack Vulnerability |
To see everything:
Our RSS (filtrered)
