What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-04 07:26:31 | Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers (lien direct) | Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.
The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers |
Vulnerability | ||
|
2020-06-11 14:35:49 | A Bug in Facebook Messenger for Windows Could\'ve Helped Malware Gain Persistence (lien direct) | Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.
The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already |
Malware Vulnerability Threat | ||
|
2020-06-09 13:39:32 | SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol (lien direct) | Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed "wormable" bug, the flaw can be exploited to achieve remote code execution attacks.
Dubbed "SMBleed" (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in |
Vulnerability | ||
|
2020-06-08 03:07:20 | Any Indian DigiLocker Account Could\'ve Been Accessed Without Password (lien direct) | The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially allowed a remote attacker to bypass mobile one-time passwords (OTP) and sign in as other users to access their sensitive documents stored on the platform.
"The OTP function lacks authorization which makes it possible to perform OTP validation with |
Vulnerability | ||
|
2020-06-01 22:37:18 | Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers (lien direct) | Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.
Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to |
Vulnerability | ||
|
2020-05-30 08:43:58 | Critical \'Sign in with Apple\' Bug Could Have Let Attackers Hijack Anyone\'s Account (lien direct) | Apple recently paid Indian vulnerability researcher Bhavuk Jain a huge $100,000 bug bounty for reporting a highly critical vulnerability affecting its 'Sign in with Apple' system.
The now-patched vulnerability could have allowed remote attackers to bypass authentication and take over targeted users' accounts on third-party services and apps that have been registered using 'Sign in with Apple' |
Vulnerability | ||
|
2020-05-30 00:56:49 | Exclusive – Any Mitron (Viral TikTok Clone) Profile Can Be Hacked in Seconds (lien direct) | Mitron (means "friends" in Hindi), you have been fooled again!
Mitron is not really a 'Made in India' product, and the viral app contains a highly critical, unpatched vulnerability that could allow anyone to hack into any user account without requiring interaction from the targeted users or their passwords.
I am sure many of you already know what TikTok is, and those still unaware, it's a |
Hack Vulnerability | ★★★★★ | |
|
2020-05-26 07:40:30 | New Android Flaw Affecting Over 1 Billion Phones Let Attackers Hijack Apps (lien direct) | Remember Strandhogg?
A security vulnerability affecting Android that malicious apps can exploit to masquerade as any other app installed on a targeted device to display fake interfaces to the users, tricking them into giving away sensitive information.
Late last year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the |
Vulnerability | ||
|
2020-05-19 04:20:48 | New Bluetooth Vulnerability Exposes Billions of Devices to Hackers (lien direct) | Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers.
The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for |
Vulnerability | ||
|
2020-05-14 03:24:50 | Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable (lien direct) | Remember the Reverse RDP Attack-wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol?
Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward |
Vulnerability | ||
|
2020-05-11 12:11:00 | An Undisclosed Critical Vulnerability Affect vBulletin Forums - Patch Now (lien direct) | If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability.
Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720.
Written in PHP |
Vulnerability | ||
|
2020-05-04 02:58:02 | Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability (lien direct) | Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and Digicert.
Tracked as CVE-2020-11651 and CVE-2020-11652, the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data |
Vulnerability | ||
|
2020-04-27 01:34:39 | How An Image Could\'ve Let Attackers Hack Microsoft Teams Accounts (lien direct) | Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image.
The flaw, impacting both desktop and web versions of the app, was discovered by cybersecurity researchers at |
Hack Vulnerability | ★★★★ | |
|
2020-04-21 02:55:42 | Unpatchable \'Starbleed\' Bug in FPGA Chips Exposes Critical Devices to Hackers (lien direct) | A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.
The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays (FPGAs) have been covered in a paper titled "The |
Vulnerability | ||
|
2020-04-17 04:20:03 | CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution (RCE) vulnerability in Pulse Secure VPN servers-even if they have already patched it.
The warning comes three months after another |
Vulnerability | ||
|
2020-03-24 13:06:59 | Critical RCE Bug Affects Millions of OpenWrt-based Network Devices (lien direct) | A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic.
Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the |
Vulnerability | ||
|
2020-03-21 00:57:30 | Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices (lien direct) | A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines.
Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall |
Malware Vulnerability | ||
|
2020-03-12 10:54:00 | Critical Patch Released for \'Wormable\' SMBv3 Vulnerability - Install It ASAP! (lien direct) | Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.
The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that impacts Windows 10 version 1903 and 1909, |
Vulnerability | ||
|
2020-03-11 05:27:42 | Warning - Unpatched Critical \'Wormable\' Windows SMBv3 Flaw Disclosed (lien direct) | Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, |
Vulnerability | ★★★★ | |
|
2020-03-10 14:35:34 | Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks (lien direct) | Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.
To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target |
Vulnerability | ★★★★ | |
|
2020-03-10 10:46:38 | LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk (lien direct) | It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them.
Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The |
Vulnerability | ★★★★ | |
|
2020-03-06 12:47:58 | This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years (lien direct) | All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.
The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM ("read-only memory") |
Vulnerability | ★★★★★ | |
|
2020-03-05 12:22:14 | Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers (lien direct) | The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication |
Vulnerability | ||
|
2020-02-28 10:37:33 | GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat (lien direct) | If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug' |
Vulnerability | ||
|
2020-02-26 10:15:25 | New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices (lien direct) | Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some |
Vulnerability | ||
|
2020-02-25 02:54:39 | New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers (lien direct) | OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. |
Vulnerability | ||
|
2020-02-17 13:15:53 | Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers (lien direct) | A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development |
Vulnerability | ||
|
2020-02-11 09:43:34 | Adobe Releases Patches for Dozens of Critical Flaws in 5 Software (lien direct) | Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could |
Vulnerability | ★★★★ | |
|
2020-02-05 12:46:06 | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras (lien direct) | Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a |
Vulnerability | ||
|
2020-02-04 02:43:30 | Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users (lien direct) | Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved |
Vulnerability | ||
|
2020-02-03 10:10:48 | Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root (lien direct) | Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on |
Vulnerability | ★★★★ | |
|
2020-01-30 01:07:11 | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers (lien direct) | Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many |
Vulnerability | ||
|
2020-01-20 06:24:27 | Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack (lien direct) | Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit |
Vulnerability | ||
|
2020-01-18 07:56:53 | Microsoft Warns of Unpatched IE Browser Zero-Day That\'s Under Active Attacks (lien direct) | Internet Explorer is dead, but not the mess it left behind.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote |
Vulnerability | ||
|
2020-01-11 02:22:37 | PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability (lien direct) | It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC |
Vulnerability | ||
|
2020-01-09 02:34:19 | Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! (lien direct) | Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems?
If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website.
Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing |
Vulnerability | ||
|
2020-01-07 07:02:17 | Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020? (lien direct) | January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.
Cynet 360 autonomous breach protection is a |
Vulnerability | ||
|
2019-12-13 02:53:40 | Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites (lien direct) | Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow |
Hack Vulnerability | ★★ | |
|
2019-12-10 22:19:18 | Latest Microsoft Update Patches New Windows 0-Day Under Active Attack (lien direct) | With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 |
Vulnerability | ★★★★ | |
|
2019-12-05 04:02:57 | Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD (lien direct) | OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, |
Vulnerability | ||
|
2019-12-02 23:28:16 | Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild (lien direct) | Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities.
Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a |
Vulnerability | ||
|
2019-11-22 22:52:54 | OnePlus Suffers New Data Breach Impacting Its Online Store Customers (lien direct) | Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident.
According |
Data Breach Vulnerability | ||
|
2019-11-19 21:48:38 | New Flaw Lets Rogue Android Apps Access Camera Without Permission (lien direct) | An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos - even when they don't have specific device permissions to do so.
You must already know that the security model of the Android mobile operating system is primarily based on device |
Vulnerability | ||
|
2019-11-16 02:46:46 | New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices (lien direct) | The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform is in choppy waters once again.
The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on |
Vulnerability | ||
|
2019-11-13 07:46:20 | New ZombieLoad v2 Attack Affects Intel\'s Latest Cascade Lake CPUs (lien direct) | Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data |
Vulnerability | ||
|
2019-11-07 06:58:43 | Amazon\'s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password (lien direct) | Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.
In case you don't own one of these, Amazon's Ring Video Doorbell is a smart wireless home |
Vulnerability | ||
|
2019-11-05 02:11:04 | Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light (lien direct) | A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices - all just by shining a laser at the targeted device instead of using spoken words.
Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally |
Hack Vulnerability | ||
|
2019-11-03 03:34:41 | First Cyber Attack \'Mass Exploiting\' BlueKeep RDP Flaw Spotted in the Wild (lien direct) | Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.
In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed BlueKeep, in its Windows Remote Desktop Services |
Vulnerability | ||
|
2019-10-26 12:53:02 | New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers (lien direct) | If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could |
Hack Vulnerability | ||
|
2019-10-22 05:06:08 | Cynet\'s Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure (lien direct) | Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks.
Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software |
Vulnerability |
To see everything:
Our RSS (filtrered)
