What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-02 03:13:00 | Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking (lien direct) | If you use a Dell computer, then beware - hackers could compromise your system remotely.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer |
Vulnerability | ||
|
2019-05-01 00:31:02 | Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (lien direct) | Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a |
Ransomware Vulnerability | ||
|
2019-04-26 04:37:03 | Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company-called "Plugin Vulnerabilities"-that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once |
Vulnerability | ★★★★★ | |
|
2019-04-25 08:00:00 | \'Highly Critical\' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic (lien direct) | A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild.
Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services |
Vulnerability | ★★★ | |
|
2019-04-05 03:44:03 | Unpatched Flaw in Xiaomi\'s Built-in Browser App Lets Hackers Spoof URLs (lien direct) | EXCLUSIVE - Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.
That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a |
Vulnerability | ||
|
2019-04-03 07:54:01 | WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites (lien direct) | If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.
WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using |
Vulnerability | ||
|
2019-03-29 01:48:00 | Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites (lien direct) | If your online e-commerce business is running over the Magento platform, you must pay attention to this information.
Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.
Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of |
Vulnerability | ||
|
2019-03-14 02:41:02 | New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites (lien direct) | If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once |
Hack Vulnerability | ||
|
2019-03-12 09:22:01 | Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition (lien direct) | Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update.
The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities-one in Adobe Photoshop CC and another in Adobe Digital Editions.
Upon successful exploitation, both critical vulnerabilities could |
Vulnerability | ||
|
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability | ||
|
2019-03-06 01:52:05 | New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild (lien direct) | You must update your Google Chrome immediately to the latest version of the web browsing application.
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
The vulnerability, assigned as |
Vulnerability Threat | ||
|
2019-03-04 05:52:02 | Google Discloses Unpatched \'High-Severity\' Flaw in Apple macOS Kernel (lien direct) | Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified.
Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel |
Vulnerability | ||
|
2019-02-26 05:45:04 | Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers (lien direct) | It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week.
A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability |
Hack Vulnerability | ||
|
2019-02-26 04:52:04 | Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week (lien direct) | Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.
Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal |
Vulnerability | ||
|
2019-02-21 02:18:01 | Another Critical Flaw in Drupal Discovered - Update Your Site ASAP! (lien direct) | Developers of Drupal-a popular open-source content management system software that powers millions of websites-have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site.
The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites |
Hack Vulnerability | ||
|
2019-02-20 21:35:01 | Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years (lien direct) | Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR-a popular Windows file compression application with 500 million users worldwide-that affects all versions of the |
Vulnerability | ||
|
2019-02-19 11:45:04 | Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years (lien direct) | Exclusive - If you have not updated your website to the latest WordPress version 5.0.3, it's a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately.
Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that |
Vulnerability | ||
|
2019-02-18 01:37:01 | How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link (lien direct) | It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction.
A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into |
Hack Vulnerability | ||
|
2019-02-13 07:32:01 | Snapd Flaw Lets Attackers Gain Root Access On Linux Systems (lien direct) | Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system.
Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the |
Vulnerability | ||
|
2019-02-12 10:52:00 | New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History (lien direct) | A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app.
Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave, |
Vulnerability | ||
|
2019-02-12 00:59:02 | RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts (lien direct) | A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system.
The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly
|
Vulnerability | ||
|
2019-02-06 01:32:00 | Critical Zcash Bug Could Have Allowed \'Infinite Counterfeit\' Cryptocurrency (lien direct) | The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC).
Yes, infinite… like a never-ending source of money.
Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to be more anonymous
|
Vulnerability | ||
|
2019-02-05 03:28:03 | Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software (lien direct) | It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer.
No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives-LibreOffice and Apache OpenOffice-free, open source office software used by millions of Windows, MacOS and Linux users.
Security researcher
|
Vulnerability | ||
|
2019-02-01 06:56:05 | Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison (lien direct) | Many of you might have this question in your mind:
"Is it illegal to test a website for vulnerability without permission from the owner?"
Or… "Is it illegal to disclose a vulnerability publicly?"
Well, the answer is YES, it's illegal most of the times and doing so could backfire even when you have good intentions.
Last year, Hungarian police arrested a 20-year-old ethical hacker accused of
|
Vulnerability | ||
|
2019-01-16 04:56:03 | Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide (lien direct) | Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.
Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline
|
Vulnerability | ★★★★★ | |
|
2019-01-15 01:57:01 | Unpatched vCard Flaw Could Let Hackers Compromise Your Windows PCs (lien direct) | A zero-day vulnerability has been discovered and reported in the Microsoft's Windows operating system that, under a certain scenario, could allow a remote attacker to execute arbitrary code on Windows machine.
Discovered by security researcher John Page (@hyp3rlinx), the vulnerability was reported to the Microsoft security team through Trend Micro's Zero Day Initiative (ZDI) Program over 6
|
Vulnerability | ★★★ | |
|
2019-01-08 04:00:00 | Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers!
Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications.
Zerodium-a startup by the infamous French-based company Vupen that buys and sells
|
Vulnerability | ||
|
2019-01-03 04:37:04 | Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure (lien direct) | Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities.
The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android
|
Vulnerability | ★★★ | |
|
2018-12-20 07:49:02 | Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system.
SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them.
The
|
Vulnerability | ||
|
2018-12-19 23:35:00 | (Déjà vu) Microsoft Issues Emergency Patch For Under-Attack IE Zero Day (lien direct) | Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers.
Discovered by security researcher Clement Lecigne of Google's Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE
|
Hack Vulnerability Threat | ★★★★★ | |
|
2018-12-18 03:35:03 | Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach (lien direct) | Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack.
In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users' exposed information.
The impacted
|
Data Breach Vulnerability | ||
|
2018-12-14 22:05:01 | Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers (lien direct) | Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications.
SQLite is a
|
Vulnerability | ||
|
2018-12-10 13:02:02 | Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users (lien direct) | Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private
|
Vulnerability | ||
|
2018-12-06 08:17:03 | Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command (lien direct) | Hold tight, this may blow your mind…
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly-thanks to a newly discovered vulnerability.
The reported vulnerability actually resides in PolicyKit (also known as polkit)-an application-level toolkit for Unix-like operating systems that defines
|
Vulnerability | ||
|
2018-12-06 03:22:02 | New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs (lien direct) | Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution.
The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute
|
Vulnerability | ||
|
2018-12-05 03:39:01 | WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers (lien direct) | Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications.
Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations
|
Vulnerability | ||
|
2018-11-22 03:19:04 | US Postal Service Left 60 Million Users Data Exposed For Over a Year (lien direct) | The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The U.S.P.S. is an independent agency of the American federal government responsible for providing postal service in the United States and is one of the few government agencies explicitly authorized by the
|
Vulnerability | ||
|
2018-11-15 06:57:03 | Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now (lien direct) | A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.
The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for
|
Vulnerability | ||
|
2018-11-13 10:45:04 | Another Facebook Bug Could Have Exposed Your Private Information (lien direct) | Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk.
Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for
|
Vulnerability | ||
|
2018-11-08 10:47:05 | DJI Flaws Could Have Allowed Hackers to Hijack Users\' Drone Accounts (lien direct) | Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight.
Thought the vulnerability was discovered and responsibly reported by the
|
Vulnerability | ||
|
2018-11-08 01:25:03 | Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online (lien direct) | An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox-a popular open source virtualization software developed by Oracle-that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects
|
Vulnerability | ||
|
2018-11-07 01:01:00 | Popular WooCommerce WordPress Plugin Patches Critical Vulnerability (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store.
Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the
|
Vulnerability | ||
|
2018-11-04 01:24:00 | New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data (lien direct) | A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other
|
Vulnerability | ||
|
2018-10-24 01:53:04 | Hacker Discloses New Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper-who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler-has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege
|
Vulnerability | ||
|
2018-10-19 07:12:00 | Critical Flaw Found in Streaming Library Used by VLC and Other Media Players (lien direct) | Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library-which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media.
LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to
|
Vulnerability | ||
|
2018-10-17 11:16:00 | Tumblr Patches A Flaw That Could Have Exposed Users\' Account Info (lien direct) | Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.
The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email
|
Vulnerability | ||
|
2018-10-17 03:39:03 | LibSSH Flaw Allows Hackers to Take Over Servers Without Password (lien direct) | A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in
|
Vulnerability | ||
|
2018-10-16 00:54:05 | New iPhone Bug Gives Anyone Access to Your Private Photos (lien direct) | A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.
Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts
|
Vulnerability | ★★★★★ | |
|
2018-10-10 00:43:04 | Just Answering A Video Call Could Compromise Your WhatsApp Account (lien direct) | What if just receiving a video call on WhatsApp could hack your smartphone?
This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue
|
Hack Vulnerability | ||
|
2018-10-08 12:31:00 | Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users\' Data (lien direct) | Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.
According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their
|
Data Breach Vulnerability |
To see everything:
Our RSS (filtrered)
