What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-08 08:34:05 | New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access (lien direct) | A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year.
The vulnerability, identified as CVE-2018-14847, was initially rated
|
Vulnerability | ||
|
2018-10-02 02:36:05 | New iPhone Passcode Bypass Hack Exposes Photos and Contacts (lien direct) | Looking for a hack to bypass the passcode or screen lock on iPhones?
Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models.
Rodriguez, who also discovered iPhone lock screen
|
Hack Vulnerability | ||
|
2018-09-29 02:41:03 | Hackers Stole 50 Million Facebook Users\' Access Tokens Using Zero-Day Flaw (lien direct) | Logged out from your Facebook account automatically? Well you're not alone…
Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.
UPDATE: 10 Important Updates You Need To Know About the Latest Facebook Hacking Incident.
In a brief
|
Vulnerability | ||
|
2018-09-28 01:35:00 | Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit (lien direct) | A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.
Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to
|
Vulnerability Guideline | ★★★★ | |
|
2018-09-27 00:26:02 | ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability (lien direct) | The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data.
On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls,
|
Vulnerability | ||
|
2018-09-26 05:14:02 | New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions (lien direct) | Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system.
The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed "Mutagen Astronomy," affects the kernel versions
|
Vulnerability | ||
|
2018-09-21 10:36:02 | Researcher Discloses New Zero-Day Affecting All Versions of Windows (lien direct) | A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database
|
Vulnerability | ||
|
2018-09-21 01:45:02 | Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable (lien direct) | A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system.
The vulnerability-discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab-can be exploited by a low privileged user
|
Vulnerability | ||
|
2018-09-19 02:23:05 | Western Digital\'s My Cloud NAS Devices Turn Out to Be Easily Hacked (lien direct) | Security researchers have discovered an authentication bypass vulnerability in Western Digital's My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.
Western Digital's My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their
|
Vulnerability | ||
|
2018-09-12 04:50:03 | Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs (lien direct) | A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS.
While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks.
|
Hack Vulnerability | ||
|
2018-09-10 12:07:02 | Tor Browser Zero-Day Exploit Revealed Online – Patch Now (lien direct) | Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit.
In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with
|
Vulnerability | ||
|
2018-09-06 01:53:01 | Cisco Issues Security Patch Updates for 32 Flaws in its Products (lien direct) | Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild.
Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco
|
Vulnerability | ||
|
2018-09-04 02:53:01 | Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic (lien direct) | Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks.
Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy
|
Malware Vulnerability | ||
|
2018-08-28 03:30:02 | Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC) (lien direct) | A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.
And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system."
The vulnerability is a privilege
|
Vulnerability | ||
|
2018-08-23 11:30:05 | New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers (lien direct) | Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers.
Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including
|
Vulnerability | ★★★★★ | |
|
2018-08-22 01:27:01 | Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking (lien direct) | Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript-an open source interpreter for Adobe Systems' PostScript and PDF page description languages.
Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the
|
Vulnerability | ||
|
2018-08-16 07:35:03 | Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You (lien direct) | With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users.
If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser.
Ron Masas, a security researcher from Imperva, has discovered a vulnerability in web browsers that
|
Vulnerability | ||
|
2018-08-13 22:11:00 | ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability (lien direct) | Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application
|
Vulnerability | ||
|
2018-08-03 04:13:00 | Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers-Patch Now (lien direct) | It's time to update your Drupal websites.
Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites.
The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation
|
Vulnerability | ||
|
2018-07-24 01:39:05 | New Bluetooth Hack Affects Millions of Devices from Major Vendors (lien direct) | Yet another bluetooth hacking technique has been uncovered.
A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.
The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects
|
Hack Vulnerability | ||
|
2018-06-27 02:31:04 | Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site (lien direct) | Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server.
Discovered by researchers at RIPS Technologies GmbH, the "authenticated arbitrary file deletion" vulnerability was reported 7 months ago to the WordPress security team but remains unpatched and affects all
|
Vulnerability |
To see everything:
Our RSS (filtrered)
