What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-03-24 13:06:59 | Critical RCE Bug Affects Millions of OpenWrt-based Network Devices (lien direct) | A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic.
Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the |
Vulnerability | ||
|
2020-03-21 00:57:30 | Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices (lien direct) | A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines.
Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall |
Malware Vulnerability | ||
|
2020-03-12 10:54:00 | Critical Patch Released for \'Wormable\' SMBv3 Vulnerability - Install It ASAP! (lien direct) | Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically.
The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that impacts Windows 10 version 1903 and 1909, |
Vulnerability | ||
|
2020-03-11 05:27:42 | Warning - Unpatched Critical \'Wormable\' Windows SMBv3 Flaw Disclosed (lien direct) | Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
It appears Microsoft originally planned to fix the flaw as part of its March 2020 Patch Tuesday update only, |
Vulnerability | ★★★★ | |
|
2020-03-10 14:35:34 | Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks (lien direct) | Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips.
To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target |
Vulnerability | ★★★★ | |
|
2020-03-10 10:46:38 | LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk (lien direct) | It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them.
Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The |
Vulnerability | ★★★★ | |
|
2020-03-06 12:47:58 | This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years (lien direct) | All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.
The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM ("read-only memory") |
Vulnerability | ★★★★★ | |
|
2020-03-05 12:22:14 | Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers (lien direct) | The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication |
Vulnerability | ||
|
2020-02-28 10:37:33 | GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat (lien direct) | If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug' |
Vulnerability | ||
|
2020-02-26 10:15:25 | New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices (lien direct) | Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some |
Vulnerability | ||
|
2020-02-25 02:54:39 | New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers (lien direct) | OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. |
Vulnerability | ||
|
2020-02-17 13:15:53 | Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers (lien direct) | A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development |
Vulnerability | ||
|
2020-02-11 09:43:34 | Adobe Releases Patches for Dozens of Critical Flaws in 5 Software (lien direct) | Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could |
Vulnerability | ★★★★ | |
|
2020-02-05 12:46:06 | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras (lien direct) | Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a |
Vulnerability | ||
|
2020-02-04 02:43:30 | Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users (lien direct) | Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved |
Vulnerability | ||
|
2020-02-03 10:10:48 | Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root (lien direct) | Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on |
Vulnerability | ★★★★ | |
|
2020-01-30 01:07:11 | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers (lien direct) | Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many |
Vulnerability | ||
|
2020-01-20 06:24:27 | Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack (lien direct) | Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit |
Vulnerability | ||
|
2020-01-18 07:56:53 | Microsoft Warns of Unpatched IE Browser Zero-Day That\'s Under Active Attacks (lien direct) | Internet Explorer is dead, but not the mess it left behind.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote |
Vulnerability | ||
|
2020-01-11 02:22:37 | PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability (lien direct) | It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC |
Vulnerability | ||
|
2020-01-09 02:34:19 | Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! (lien direct) | Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems?
If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website.
Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing |
Vulnerability | ||
|
2020-01-07 07:02:17 | Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020? (lien direct) | January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.
Cynet 360 autonomous breach protection is a |
Vulnerability | ||
|
2019-12-13 02:53:40 | Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites (lien direct) | Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow |
Hack Vulnerability | ★★ | |
|
2019-12-10 22:19:18 | Latest Microsoft Update Patches New Windows 0-Day Under Active Attack (lien direct) | With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 |
Vulnerability | ★★★★ | |
|
2019-12-05 04:02:57 | Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD (lien direct) | OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, |
Vulnerability | ||
|
2019-12-02 23:28:16 | Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild (lien direct) | Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities.
Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a |
Vulnerability | ||
|
2019-11-22 22:52:54 | OnePlus Suffers New Data Breach Impacting Its Online Store Customers (lien direct) | Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident.
According |
Data Breach Vulnerability | ||
|
2019-11-19 21:48:38 | New Flaw Lets Rogue Android Apps Access Camera Without Permission (lien direct) | An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos - even when they don't have specific device permissions to do so.
You must already know that the security model of the Android mobile operating system is primarily based on device |
Vulnerability | ||
|
2019-11-16 02:46:46 | New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices (lien direct) | The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform is in choppy waters once again.
The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on |
Vulnerability | ||
|
2019-11-13 07:46:20 | New ZombieLoad v2 Attack Affects Intel\'s Latest Cascade Lake CPUs (lien direct) | Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data |
Vulnerability | ||
|
2019-11-07 06:58:43 | Amazon\'s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password (lien direct) | Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.
In case you don't own one of these, Amazon's Ring Video Doorbell is a smart wireless home |
Vulnerability | ||
|
2019-11-05 02:11:04 | Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light (lien direct) | A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices - all just by shining a laser at the targeted device instead of using spoken words.
Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally |
Hack Vulnerability | ||
|
2019-11-03 03:34:41 | First Cyber Attack \'Mass Exploiting\' BlueKeep RDP Flaw Spotted in the Wild (lien direct) | Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.
In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed BlueKeep, in its Windows Remote Desktop Services |
Vulnerability | ||
|
2019-10-26 12:53:02 | New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers (lien direct) | If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could |
Hack Vulnerability | ||
|
2019-10-22 05:06:08 | Cynet\'s Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure (lien direct) | Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks.
Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software |
Vulnerability | ||
|
2019-10-14 11:46:58 | Sudo Flaw Lets Linux Users Run Commands As Root Even When They\'re Restricted (lien direct) | Attention Linux Users!
A vulnerability has been discovered in Sudo-one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted |
Vulnerability | ||
|
2019-10-12 03:02:51 | SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks (lien direct) | Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS.
If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and |
Hack Vulnerability | ||
|
2019-10-10 10:11:29 | Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks (lien direct) | Watch out Windows users!
The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.
The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network |
Ransomware Vulnerability | ||
|
2019-10-09 11:38:18 | 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App (lien direct) | A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app-one of the most popular open source replacements for Mac's built-in terminal app.
Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity |
Vulnerability | ★★★★ | |
|
2019-10-08 04:54:33 | vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities (lien direct) | After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software.
If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take |
Vulnerability | ★★★★★ | |
|
2019-10-04 02:03:57 | New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild (lien direct) | Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.
What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group-infamous for selling zero-day exploits to governments-or one of its customers, to gain control of |
Vulnerability | ||
|
2019-09-30 05:14:12 | New Critical Exim Flaw Exposes Email Servers to Remote Attacks - Patch Released (lien direct) | A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.
Exim maintainers today released an urgent security update-Exim version 4.92.3-after publishing an early warning two days ago, giving system administrators an early |
Vulnerability | ||
|
2019-09-27 12:54:42 | More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed (lien direct) | Remember the Simjacker vulnerability?
Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
If you can recall, the Simjacker vulnerability resides in a dynamic |
Vulnerability | ★★★★ | |
|
2019-09-24 11:58:28 | [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly (lien direct) | An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin-one of the widely used internet forum software.
One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication.
Written in |
Vulnerability | ||
|
2019-09-24 00:48:06 | Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw (lien direct) | It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild.
Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the |
Vulnerability Threat | ||
|
2019-09-18 02:21:57 | Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (lien direct) | A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin-one of the most popular applications for managing the MySQL and MariaDB databases.
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other |
Tool Vulnerability | ||
|
2019-09-13 11:06:09 | Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug (lien direct) | Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.
Yes, we're excited about, but here comes the bad news...
iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker |
Vulnerability | ||
|
2019-09-12 04:56:01 | New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS (lien direct) | Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit that is widely being used by |
Vulnerability | ||
|
2019-09-12 04:44:00 | WebARX - A Defensive Core For Your Website (lien direct) | Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web.
It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or |
Vulnerability | ||
|
2019-09-11 06:09:04 | NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs (lien direct) | Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff |
Malware Vulnerability |
To see everything:
Our RSS (filtrered)
