What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-08 04:54:33 | vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities (lien direct) | After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software.
If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take |
Vulnerability | ★★★★★ | |
|
2019-10-04 02:03:57 | New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild (lien direct) | Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.
What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group-infamous for selling zero-day exploits to governments-or one of its customers, to gain control of |
Vulnerability | ||
|
2019-09-30 05:14:12 | New Critical Exim Flaw Exposes Email Servers to Remote Attacks - Patch Released (lien direct) | A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.
Exim maintainers today released an urgent security update-Exim version 4.92.3-after publishing an early warning two days ago, giving system administrators an early |
Vulnerability | ||
|
2019-09-27 12:54:42 | More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed (lien direct) | Remember the Simjacker vulnerability?
Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
If you can recall, the Simjacker vulnerability resides in a dynamic |
Vulnerability | ★★★★ | |
|
2019-09-24 11:58:28 | [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly (lien direct) | An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin-one of the widely used internet forum software.
One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication.
Written in |
Vulnerability | ||
|
2019-09-24 00:48:06 | Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw (lien direct) | It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild.
Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the |
Vulnerability Threat | ||
|
2019-09-18 02:21:57 | Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (lien direct) | A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin-one of the most popular applications for managing the MySQL and MariaDB databases.
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other |
Tool Vulnerability | ||
|
2019-09-13 11:06:09 | Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug (lien direct) | Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.
Yes, we're excited about, but here comes the bad news...
iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker |
Vulnerability | ||
|
2019-09-12 04:56:01 | New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS (lien direct) | Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit that is widely being used by |
Vulnerability | ||
|
2019-09-12 04:44:00 | WebARX - A Defensive Core For Your Website (lien direct) | Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web.
It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or |
Vulnerability | ||
|
2019-09-11 06:09:04 | NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs (lien direct) | Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff |
Malware Vulnerability | ||
|
2019-09-06 05:48:02 | Exim TLS Flaw Opens Email Servers to Remote \'Root\' Code Execution Attacks (lien direct) | A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.
Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that affect all |
Vulnerability | ||
|
2019-09-04 01:37:02 | Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells 'full chain, zero-click, with persistence' Android zero-days. | Vulnerability | ||
|
2019-08-29 11:38:00 | Google Will Now Pay Anyone Who Reports Apps Abusing Users\' Data (lien direct) | In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
The expansion in Google's vulnerability reward program majorly includes two main announcements.
First, a new program, dubbed 'Developer Data |
Malware Vulnerability | ||
|
2019-08-20 01:40:03 | Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers (lien direct) | Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.
Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure-that surprisingly persisted into |
Vulnerability | ||
|
2019-08-14 09:47:01 | New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections (lien direct) | Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.
The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices |
Vulnerability | ||
|
2019-08-13 09:37:04 | Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows (lien direct) | A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.
The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher |
Vulnerability | ||
|
2019-08-07 00:26:05 | KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files (lien direct) | If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's |
Vulnerability | ||
|
2019-08-06 13:23:01 | SWAPGS Attack - New Speculative Execution Flaw Affects All Modern Intel CPUs (lien direct) | A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, |
Vulnerability | ||
|
2019-07-31 03:37:01 | DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks (lien direct) | What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?
Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with |
Vulnerability | ||
|
2019-07-26 07:31:01 | Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched) (lien direct) | Are you using LibreOffice?
You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.
LibreOffice is one of the most popular and open source |
Malware Hack Vulnerability | ||
|
2019-07-25 11:43:04 | Your Android Phone Can Get Hacked Just By Playing This Video (lien direct) | Are you using an Android device?
Beware! You should be more careful while playing a video on your smartphone-downloaded anywhere from the Internet or received through email.
That's because, a specially crafted innocuous-looking video file can compromise your Android smartphone-thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS |
Vulnerability | ||
|
2019-07-25 02:38:03 | Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List (lien direct) | Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote |
Malware Vulnerability | ||
|
2019-07-23 11:31:05 | A New \'Arbitrary File Copy\' Flaw Affects ProFTPD Powered FTP Servers (lien direct) | A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide.
The vulnerable software in question is ProFTPD, an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and |
Vulnerability | ||
|
2019-07-15 01:50:02 | This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes (lien direct) | Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users.
Instagram is growing quickly-and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user |
Hack Vulnerability | ||
|
2019-07-13 04:20:00 | Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw (lien direct) | The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet.
As suspected, it turns out that the core issue-a locally installed web server by the software-was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control |
Vulnerability | ★★★ | |
|
2019-07-09 09:08:05 | Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library (lien direct) | Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base.
Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, |
Vulnerability | ||
|
2019-06-26 10:59:05 | Account Takeover Vulnerability Found in Popular EA Games Origin Platform (lien direct) | A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data.
The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)-the world's second-largest gaming company with over |
Vulnerability | ||
|
2019-06-25 05:30:00 | New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched (lien direct) | Cybersecurity researchers are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
Joshua Long, a security researcher at Intego, last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to |
Malware Vulnerability | ||
|
2019-06-22 01:28:05 | PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery (lien direct) | As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.
However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site |
Vulnerability | ★★★★★ | |
|
2019-06-21 02:11:04 | Firefox 67.0.4 Released - Mozilla Patches Second 0-Day Flaw This Week (lien direct) | Okay, folks, it's time to update your Firefox web browser once again-yes, for the second time this week.
After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild.
The newly patched issue (CVE-2019-11708) is a "sandbox |
Vulnerability Patching | ||
|
2019-06-21 02:11:03 | Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers (lien direct) | Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.
Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a |
Vulnerability | ||
|
2019-06-20 12:39:04 | Important Flaw in Outlook App for Android Affects Over 100 Millions Users (lien direct) | Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email |
Vulnerability | ||
|
2019-06-20 02:57:03 | Tor Browser 8.5.2 Released - Update to Fix Critical Firefox Vulnerability (lien direct) | Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle.
Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely take full |
Vulnerability | ||
|
2019-06-19 11:55:01 | New Critical Oracle WebLogic Flaw Under Active Attack - Patch Now (lien direct) | Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.
According to Oracle, the vulnerability-which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10-is already being exploited in the wild by an unnamed group of attackers.
Oracle WebLogic is a Java-based multi-tier enterprise application |
Vulnerability | ||
|
2019-06-18 19:59:05 | Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks (lien direct) | If you use the Firefox web browser, you need to update it right now.
Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.
Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow |
Vulnerability | ||
|
2019-06-11 03:41:02 | New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions (lien direct) | Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions.
The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to |
Vulnerability | ||
|
2019-06-10 11:26:04 | Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor (lien direct) | Linux users, beware!
If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.
Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim-two most popular and powerful command-line |
Vulnerability | ★★★★ | |
|
2019-06-07 03:52:01 | Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw (lien direct) | An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.
SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half |
Vulnerability | ||
|
2019-06-04 12:36:03 | Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions (lien direct) | A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).
Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.
Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists |
Vulnerability | ||
|
2019-05-28 05:08:00 | Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw (lien direct) | Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)-two weeks after Microsoft releases the security patch.
If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what |
Vulnerability | ||
|
2019-05-23 00:00:01 | Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours (lien direct) | Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.
The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11.
Just yesterday, while releasing a |
Vulnerability | ||
|
2019-05-21 23:46:04 | PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online (lien direct) | An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system-that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.
Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local |
Vulnerability | ||
|
2019-05-16 03:55:05 | Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement (lien direct) | A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update.
However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.
In a security advisory published Wednesday, Google |
Vulnerability | ||
|
2019-05-13 23:10:02 | Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones (lien direct) | Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call.
Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs |
Malware Vulnerability | ||
|
2019-05-08 04:19:01 | Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks (lien direct) | A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide. |
Vulnerability | ||
|
2019-05-02 03:13:00 | Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking (lien direct) | If you use a Dell computer, then beware - hackers could compromise your system remotely.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer |
Vulnerability | ||
|
2019-05-01 00:31:02 | Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (lien direct) | Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a |
Ransomware Vulnerability | ||
|
2019-04-26 04:37:03 | Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company-called "Plugin Vulnerabilities"-that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once |
Vulnerability | ★★★★★ | |
|
2019-04-25 08:00:00 | \'Highly Critical\' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic (lien direct) | A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild.
Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services |
Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
