Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-08-17 18:49:19 |
Google Chrome Zero-Day Found Exploited in the Wild (lien direct) |
The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. |
Vulnerability
|
|
|
|
2022-08-16 14:39:57 |
Windows Vulnerability Could Crack DC Server Credentials Open (lien direct) |
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. |
Vulnerability
|
|
|
|
2022-08-15 18:56:45 |
Most Q2 Attacks Targeted Old Microsoft Vulnerabilities (lien direct) |
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago. |
Vulnerability
|
|
|
|
2022-08-12 20:18:21 |
Patch Madness: Vendor Bug Advisories Are Broken, So Broken (lien direct) |
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs. |
Vulnerability
|
|
|
|
2022-08-11 23:54:33 |
Microsoft: We Don\'t Want to Zero-Day Our Customers (lien direct) |
The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse -- it is, she says, to protect customers. |
Vulnerability
|
|
|
|
2022-08-08 14:20:00 |
We Have the Tech to Scale Up Open Source Vulnerability Fixes - Now It\'s Time to Leverage It (lien direct) |
Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation. |
Vulnerability
|
|
|
|
2022-08-04 20:36:33 |
Time to Patch VMware Products Against a Critical New Vulnerability (lien direct) |
A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. |
Vulnerability
Threat
|
|
|
|
2022-08-04 18:35:41 |
High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (lien direct) |
The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. |
Vulnerability
|
|
|
|
2022-07-27 23:10:52 |
Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) |
Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. |
Vulnerability
|
|
★★★★
|
|
2022-07-26 17:00:00 |
How Risk-Based Vulnerability Management Has Made Security Easier (lien direct) |
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort. |
Vulnerability
|
|
|
|
2022-07-18 17:55:01 |
WordPress Page Builder Plug-in Under Attack, Can\'t Be Patched (lien direct) |
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn. |
Vulnerability
|
|
|
|
2022-07-14 20:43:13 |
DHS Review Board Deems Log4j an \'Endemic\' Cyber Threat (lien direct) |
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says. |
Vulnerability
Threat
|
|
|
|
2022-07-13 19:39:00 |
The 3 Critical Elements You Need for Vulnerability Management Today (lien direct) |
Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now. |
Vulnerability
|
|
|
|
2022-07-13 14:54:51 |
Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication (lien direct) |
The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. |
Vulnerability
|
|
|
|
2022-06-30 15:17:15 |
Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) |
An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. |
Tool
Vulnerability
|
|
|
|
2022-06-28 17:58:36 |
Atlassian Confluence Exploits Peak at 100K Daily (lien direct) |
Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week. |
Vulnerability
|
|
|
|
2022-06-28 13:00:00 |
New Vulnerability Database Catalogs Cloud Security Issues (lien direct) |
Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services - plus fixes for them where available. |
Vulnerability
|
|
★★★
|
|
2022-06-24 21:32:18 |
Why We\'re Getting Vulnerability Management Wrong (lien direct) |
Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. |
Vulnerability
Patching
|
|
|
|
2022-06-13 13:59:07 |
DoS Vulnerability Allows Easy Envoy Proxy Crashes (lien direct) |
The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. |
Vulnerability
|
|
|
|
2022-06-02 20:54:49 |
Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (lien direct) |
79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments. |
Vulnerability
|
|
|
|
2022-05-31 17:08:46 |
New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada (lien direct) |
For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs. |
Vulnerability
|
|
|
|
2022-05-16 16:30:10 |
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) |
Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. |
Vulnerability
|
|
|
|
2022-05-10 15:36:55 |
Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) |
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . |
Vulnerability
|
|
|
|
2020-10-05 16:45:00 |
Android Camera Bug Under the Microscope (lien direct) |
Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location. |
Vulnerability
|
|
|
|
2020-07-29 17:40:00 |
\'BootHole\' Vulnerability Exposes Secure Boot Devices to Attack (lien direct) |
A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot. |
Vulnerability
|
|
|
|
2020-06-23 15:35:00 |
(Déjà vu) Twitter Says Business Users Were Vulnerable to Data Breach (lien direct) |
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. |
Data Breach
Vulnerability
|
|
|
|
2020-06-23 15:35:00 |
Twitter Says Biz Users Were Vulnerable to Data Breach (lien direct) |
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. |
Data Breach
Vulnerability
|
|
|
|
2020-05-11 15:20:00 |
Researchers Analyze Oracle WebLogic Flaw Under Attack (lien direct) |
Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server. |
Vulnerability
|
|
|
|
2020-02-18 10:55:00 |
1.7M Nedbank Customers Affected via Third-Party Breach (lien direct) |
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. |
Vulnerability
|
|
|
|
2020-01-21 17:00:00 |
Microsoft, DHS Warn of Zero-Day Attack Targeting IE Users (lien direct) |
Software firm is "aware of limited targeted attacks" exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed. |
Vulnerability
|
|
|
|
2020-01-07 14:00:00 |
The Discovery and Implications of \'MDB Leaker\' (lien direct) |
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched. |
Vulnerability
Guideline
|
|
|
|
2019-11-20 09:00:00 |
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones (lien direct) |
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call. |
Vulnerability
|
|
|
|
2019-11-01 12:15:00 |
Google Patches Chrome Zero-Day Under Active Attack (lien direct) |
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers. |
Vulnerability
|
|
|
|
2019-10-04 11:50:00 |
Android 0-Day Seen Exploited in the Wild (lien direct) |
The local privilege escalation vulnerability affects Pixel, Samsung, Huawei, Xiaomi, and other devices. |
Vulnerability
|
|
|
|
2019-05-28 19:10:00 |
FirstAm Leak Highlights Importance of Verifying the Basics (lien direct) |
The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing. |
Vulnerability
|
|
|
|
2019-03-19 16:30:00 |
Microsoft Office Dominates Most Exploited List (lien direct) |
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals. |
Vulnerability
|
|
|
|
2019-01-17 15:30:00 |
New Attacks Target Recent PHP Framework Vulnerability (lien direct) |
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads. |
Malware
Vulnerability
Threat
|
|
|
|
2019-01-16 12:00:00 |
Fortnite Players Compromised Via Epic Games Vulnerability (lien direct) |
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency. |
Vulnerability
|
|
|
|
2019-01-14 14:30:00 |
Radiflow: New Approach for Classifying OT Attack Flaws (lien direct) |
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis. |
Vulnerability
|
|
★★★
|
|
2018-12-11 17:40:00 |
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack (lien direct) |
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw. |
Vulnerability
|
|
|
|
2018-11-06 17:40:00 |
\'PortSmash\' Brings New Side-Channel Attack to Intel Processors (lien direct) |
New vulnerability exposes encryption keys in the first proof-of-concept code. |
Vulnerability
|
|
|
|
2018-11-02 08:00:00 |
Speed Up AppSec Improvement With an Adversary-Driven Approach (lien direct) |
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes. |
Vulnerability
|
|
|
|
2018-10-18 11:00:00 |
Apache Access Vulnerability Could Affect Thousands of Applications (lien direct) |
A recently discovered issue with a common file access method could be a major new attack surface for malware authors. |
Malware
Vulnerability
|
|
|
|
2018-09-05 17:26:00 |
PowerPool Malware Uses Windows Zero-Day Posted on Twitter (lien direct) |
Researchers detected the vulnerability in an attack campaign two days after it was posted on social media. |
Malware
Vulnerability
|
|
|
|
2018-08-07 10:00:00 |
US-CERT Warns of New Linux Kernel Vulnerability (lien direct) |
Patches now available to prevent DoS attack on Linux systems. |
Vulnerability
|
|
|
|
2018-06-25 12:50:00 |
iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes (lien direct) |
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices. |
Hack
Vulnerability
|
|
|