Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-09-09 19:18:00 |
BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys (lien direct) |
All devices using the Bluetooth standard 4.0 through 5.0 are vulnerable. Patches not immediately available. |
Vulnerability
|
|
|
|
2020-09-06 08:46:32 |
Millions of WordPress sites are being probed & attacked with recent plugin bug (lien direct) |
An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree. |
Vulnerability
|
|
|
|
2020-09-03 09:29:35 |
WordPress File Manager plugin flaw causing website hijack exploited in the wild (lien direct) |
The critical vulnerability has been utilized in hundreds of thousands of attacks. |
Vulnerability
|
|
|
|
2020-08-31 13:58:27 |
Cisco warns of actively exploited IOS zero-day (lien direct) |
The vulnerability has been used to exhaust process memory and crash devices. |
Vulnerability
|
|
|
|
2020-07-23 07:20:53 |
IBM Verify Gateway vulnerability allowed remote attackers to brute-force their way in (lien direct) |
The severe bug could be harnessed for brute-force attacks. |
Vulnerability
|
|
|
|
2020-07-22 22:53:31 |
Google\'s Project Zero team won\'t be applying for Apple\'s SRD program (lien direct) |
Other security researchers have expressed similar intentions to skip the Apple SRD program after the program rules give Apple full control of the vulnerability disclosure process. |
Vulnerability
|
|
|
|
2020-07-16 21:18:55 |
DHS CISA tells government agencies to patch Windows Server DNS bug within 24h (lien direct) |
CISA cites "likelihood of the vulnerability being exploited" and widespread use of Windows Server as primary reason for today's rare measure. |
Vulnerability
|
|
|
|
2020-07-14 17:43:00 |
SigRed: A 17-year-old \'wormable\' vulnerability for hijacking Microsoft Windows Server (lien direct) |
The vulnerability, fixed in Microsoft's Patch Tuesday, has been awarded a severity rating of 10.0. |
Vulnerability
|
|
|
|
2020-07-10 07:08:38 |
KingComposer patches XSS flaw impacting 100,000 WordPress websites (lien direct) |
The vulnerability could be exploited to execute malicious payloads in visitor browsers. |
Vulnerability
|
|
|
|
2020-07-09 18:00:00 |
Zoom working on patching zero-day disclosed in Windows client (lien direct) |
Security firm has disclosed today a zero-day vulnerability in Zoom's Windows client. |
Vulnerability
Patching
|
|
|
|
2020-07-09 02:42:47 |
Nvidia fixes code execution vulnerability in GeForce Experience (lien direct) |
Security updates have also been released for the JetPack software development kit. |
Vulnerability
|
|
|
|
2020-07-08 17:16:14 |
Google open-sources Tsunami vulnerability scanner (lien direct) |
Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. |
Vulnerability
|
|
|
|
2020-07-03 19:44:00 |
F5 patches vulnerability that received a CVSS 10 severity score (lien direct) |
Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions. |
Vulnerability
|
|
|
|
2020-06-09 19:27:00 |
New CrossTalk attack impacts Intel\'s mobile, desktop, and server CPUs (lien direct) |
Academics detail a new vulnerability named CrossTalk that can be used to leak data across Intel CPU cores. |
Vulnerability
|
|
★★★
|
|
2020-06-08 19:51:00 |
CallStranger vulnerability lets attacks bypass security systems and scan LANs (lien direct) |
The CallStranger vulnerability can also be used to launch major DDoS attacks. |
Vulnerability
|
|
★★★★★
|
|
2020-06-02 05:00:08 |
VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure (lien direct) |
The security flaw handed over the keys to enterprise infrastructure. |
Vulnerability
|
|
|
|
2020-05-25 14:33:16 |
Thousands of enterprise systems infected by new Blue Mockingbird malware gang (lien direct) |
Hackers are exploiting a dangerous and hard to patch vulnerability to go after enterprise servers. |
Malware
Vulnerability
|
|
|
|
2020-05-22 12:21:19 |
Privilege escalation vulnerability patched in Docker Desktop for Windows (lien direct) |
The security flaw could be used to trick the service into connecting to malicious processes. |
Vulnerability
|
|
|
|
2020-05-19 21:23:00 |
NXNSAttack technique can be abused for large-scale DDoS attacks (lien direct) |
New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor. |
Vulnerability
|
|
|
|
2020-05-19 04:20:06 |
FBI warns about attacks on Magento online stores via old plugin vulnerability (lien direct) |
FBI says hackers have been planting card skimmers on online stores by exploiting a 2017 bug in the MAGMI plugin. |
Vulnerability
|
|
★★
|
|
2020-05-13 17:31:09 |
PrintDemon vulnerability impacts all Windows versions (lien direct) |
PrintDemon vulnerability impacts Windows versions released as far back as 1996. Patches available. |
Vulnerability
|
|
|
|
2020-05-06 18:35:00 |
Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 (lien direct) |
Samsung patched this month a critical bug discovered by Google security researchers. |
Vulnerability
|
|
|
|
2020-05-06 12:56:55 |
Search provider Algolia discloses security incident due to Salt vulnerability (lien direct) |
Algolia now joins the ranks of LineageOS, Ghost, Digicert, and Xen Orchestra. |
Vulnerability
|
|
|
|
2020-05-03 17:46:00 |
Ghost blogging platform servers hacked and infected with crypto-miner (lien direct) |
Ghost platform got hacked via the same vulnerability that allowed hackers to breach LineageOS servers hours before. |
Vulnerability
|
|
|
|
2020-05-03 09:25:15 |
Hackers breach LineageOS servers via unpatched vulnerability (lien direct) |
LineageOS source code, OS builds, and signing keys were unaffected, developers said. |
Vulnerability
|
|
|
|
2020-05-01 10:22:09 |
Ninja Forms WordPress bug exposed over a million users to XSS attacks, website hijacking (lien direct) |
The severe XSS vulnerability permitted site takeover and visitor browser redirection to malicious websites. |
Vulnerability
|
|
|
|
2020-04-15 13:03:42 |
Rapid7 launches AttackerKB, a service for crowdsourcing vulnerability assessments (lien direct) |
AttackerKB portal enters public beta. |
Vulnerability
|
|
|
|
2020-04-09 13:00:04 |
Bugcrowd vulnerability bounty platform snags $30 million in fresh funding round (lien direct) |
The Series D round capitalizes on enterprise booking growth of 100%. |
Vulnerability
|
|
|
|
2020-03-19 13:34:41 |
Cisco tackles root privilege vulnerability in SD-WAN software (lien direct) |
Three vulnerabilities have been patched in SD-WAN, two of which can lead to root privilege escalation. |
Vulnerability
Guideline
|
|
|
|
2020-03-18 11:50:05 |
VMware patches privilege escalation vulnerability in Fusion, Horizon (lien direct) |
Exploits to root systems with Fusion, VMRC or Horizon Client installations were possible. |
Vulnerability
|
|
|
|
2020-03-16 10:12:27 |
Slack fixes vulnerability exploitable for session hijacking, account takeovers (lien direct) |
Slack's team jumped on the critical bug and patched the flaw within a matter of hours. |
Vulnerability
|
|
|
|
2020-03-11 20:25:06 |
Avast disables JavaScript engine in its antivirus following major bug (lien direct) |
Vulnerability would have allowed attackers to take over computers running the Avast antivirus. |
Vulnerability
|
|
|
|
2020-03-10 20:58:00 |
Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu (lien direct) |
SMB vulnerability is currently not patched, but now everyone knows it's there. |
Vulnerability
|
|
|
|
2020-03-10 13:59:50 |
Avast AntiTrack certificate bug allowed others to snoop on your online activities (lien direct) |
The vulnerability opened up PCs to browser hijacking and more. |
Vulnerability
|
|
|
|
2020-02-28 14:34:00 |
Ghostcat bug impacts all Apache Tomcat versions released in the last 13 years (lien direct) |
Ghostcat vulnerability can allow hackers to read configuration files or plant backdoors on Tomcat servers. |
Vulnerability
|
|
|
|
2020-02-27 13:20:06 |
Cisco patches incoming to address Kr00k vulnerability impacting routers, firewall products (lien direct) |
There are no workarounds for the Wi-Fi communications bug. |
Vulnerability
|
|
|
|
2020-02-26 15:00:07 |
New Kr00k vulnerability lets attackers decrypt WiFi packets (lien direct) |
Kr00k affects devices using Broadcom and Cypress Wi-Fi chips. |
Vulnerability
|
|
★★★★★
|
|
2020-02-24 10:00:27 |
LTE security flaw can be abused to take out subscriptions at your expense (lien direct) |
Researchers say the vulnerability impacts “virtually all” smartphones on the market. |
Vulnerability
|
|
|
|
2020-02-16 01:39:27 |
IOTA cryptocurrency shuts down entire network after wallet hack (lien direct) |
Hackers exploit vulnerability in official IOTA wallet to steal millions |
Hack
Vulnerability
|
|
|
|
2020-02-14 10:27:00 |
Nedbank says 1.7 million customers impacted by breach at third-party provider (lien direct) |
Hacker(s) believed to have exploited a vulnerability to breach Nedbank's marketing contractor. |
Vulnerability
|
|
|
|
2020-02-13 14:08:27 |
Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent (lien direct) |
The plugin is actively installed on over 700,000 websites. |
Vulnerability
|
|
|
|
2020-02-02 18:48:00 |
Hackers are hijacking smart building access systems to launch DDoS attacks (lien direct) |
More than 2,300 building access systems can be hijacked due to a severe vulnerability left without a fix. |
Vulnerability
|
|
|
|
2020-01-24 11:58:50 |
Citrix releases new patches to plug critical server vulnerability (lien direct) |
Additional versions of Citrix ADC and Citrix Gateway can now be protected against the severe security issue. |
Vulnerability
|
|
|
|
2020-01-20 07:58:00 |
Citrix rolls out patches for critical ADC vulnerability exploited in the wild (lien direct) |
Citrix is racing to develop patches for software builds vulnerable to the severe bug. |
Vulnerability
|
|
|
|
2020-01-17 13:10:22 |
WordPress plugin vulnerability can be exploited for total website takeover (lien direct) |
The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters. |
Vulnerability
|
APT 19
|
|
|
2020-01-16 21:22:01 |
FBI: Nation-state actors have breached two US municipalities (lien direct) |
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaw |
Vulnerability
|
|
|
|
2020-01-14 20:48:33 |
Microsoft January 2020 Patch Tuesday fixes 49 security bugs (lien direct) |
Today's patches also fix a major vulnerability in Windows' cryptographic library. |
Vulnerability
|
|
|
|
2020-01-10 18:21:35 |
Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability (lien direct) |
Cable modems using Broadcom chips are vulnerable to a new vulnerability named Cable Haunt, researchers say. |
Vulnerability
|
|
|
|
2020-01-09 14:52:01 |
Hackers probe Citrix servers for weakness to remote code execution vulnerability (lien direct) |
At least 80,000 organizations could be at risk. |
Vulnerability
|
|
|
|
2019-12-05 22:20:00 |
New vulnerability lets attackers sniff or hijack VPN connections (lien direct) |
OpenVPN, WireGuard, and IKEv2/IPSec VPNs are vulnerable to attacks. |
Vulnerability
|
|
★★★★★
|