What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-13 04:20:00 | Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw (lien direct) | The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet.
As suspected, it turns out that the core issue-a locally installed web server by the software-was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control |
Vulnerability | ★★★ | |
|
2019-07-09 09:08:05 | Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library (lien direct) | Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base.
Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, |
Vulnerability | ||
|
2019-06-26 10:59:05 | Account Takeover Vulnerability Found in Popular EA Games Origin Platform (lien direct) | A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data.
The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)-the world's second-largest gaming company with over |
Vulnerability | ||
|
2019-06-25 05:30:00 | New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched (lien direct) | Cybersecurity researchers are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
Joshua Long, a security researcher at Intego, last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to |
Malware Vulnerability | ||
|
2019-06-22 01:28:05 | PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery (lien direct) | As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.
However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site |
Vulnerability | ★★★★★ | |
|
2019-06-21 02:11:04 | Firefox 67.0.4 Released - Mozilla Patches Second 0-Day Flaw This Week (lien direct) | Okay, folks, it's time to update your Firefox web browser once again-yes, for the second time this week.
After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild.
The newly patched issue (CVE-2019-11708) is a "sandbox |
Vulnerability Patching | ||
|
2019-06-21 02:11:03 | Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers (lien direct) | Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.
Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a |
Vulnerability | ||
|
2019-06-20 12:39:04 | Important Flaw in Outlook App for Android Affects Over 100 Millions Users (lien direct) | Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email |
Vulnerability | ||
|
2019-06-20 02:57:03 | Tor Browser 8.5.2 Released - Update to Fix Critical Firefox Vulnerability (lien direct) | Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle.
Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely take full |
Vulnerability | ||
|
2019-06-19 11:55:01 | New Critical Oracle WebLogic Flaw Under Active Attack - Patch Now (lien direct) | Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.
According to Oracle, the vulnerability-which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10-is already being exploited in the wild by an unnamed group of attackers.
Oracle WebLogic is a Java-based multi-tier enterprise application |
Vulnerability | ||
|
2019-06-18 19:59:05 | Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks (lien direct) | If you use the Firefox web browser, you need to update it right now.
Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.
Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow |
Vulnerability | ||
|
2019-06-11 03:41:02 | New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions (lien direct) | Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions.
The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to |
Vulnerability | ||
|
2019-06-10 11:26:04 | Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor (lien direct) | Linux users, beware!
If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.
Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim-two most popular and powerful command-line |
Vulnerability | ★★★★ | |
|
2019-06-07 03:52:01 | Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw (lien direct) | An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.
SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half |
Vulnerability | ||
|
2019-06-04 12:36:03 | Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions (lien direct) | A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).
Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.
Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists |
Vulnerability | ||
|
2019-05-28 05:08:00 | Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw (lien direct) | Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)-two weeks after Microsoft releases the security patch.
If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what |
Vulnerability | ||
|
2019-05-23 00:00:01 | Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours (lien direct) | Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.
The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11.
Just yesterday, while releasing a |
Vulnerability | ||
|
2019-05-21 23:46:04 | PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online (lien direct) | An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system-that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.
Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local |
Vulnerability | ||
|
2019-05-16 03:55:05 | Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement (lien direct) | A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update.
However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.
In a security advisory published Wednesday, Google |
Vulnerability | ||
|
2019-05-13 23:10:02 | Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones (lien direct) | Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call.
Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs |
Malware Vulnerability | ||
|
2019-05-08 04:19:01 | Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks (lien direct) | A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide. |
Vulnerability | ||
|
2019-05-02 03:13:00 | Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking (lien direct) | If you use a Dell computer, then beware - hackers could compromise your system remotely.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer |
Vulnerability | ||
|
2019-05-01 00:31:02 | Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (lien direct) | Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a |
Ransomware Vulnerability | ||
|
2019-04-26 04:37:03 | Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company-called "Plugin Vulnerabilities"-that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once |
Vulnerability | ★★★★★ | |
|
2019-04-25 08:00:00 | \'Highly Critical\' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic (lien direct) | A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild.
Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services |
Vulnerability | ★★★ | |
|
2019-04-05 03:44:03 | Unpatched Flaw in Xiaomi\'s Built-in Browser App Lets Hackers Spoof URLs (lien direct) | EXCLUSIVE - Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.
That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a |
Vulnerability | ||
|
2019-04-03 07:54:01 | WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites (lien direct) | If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.
WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using |
Vulnerability | ||
|
2019-03-29 01:48:00 | Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites (lien direct) | If your online e-commerce business is running over the Magento platform, you must pay attention to this information.
Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.
Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of |
Vulnerability | ||
|
2019-03-14 02:41:02 | New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites (lien direct) | If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once |
Hack Vulnerability | ||
|
2019-03-12 09:22:01 | Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition (lien direct) | Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update.
The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities-one in Adobe Photoshop CC and another in Adobe Digital Editions.
Upon successful exploitation, both critical vulnerabilities could |
Vulnerability | ||
|
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability | ||
|
2019-03-06 01:52:05 | New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild (lien direct) | You must update your Google Chrome immediately to the latest version of the web browsing application.
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
The vulnerability, assigned as |
Vulnerability Threat | ||
|
2019-03-04 05:52:02 | Google Discloses Unpatched \'High-Severity\' Flaw in Apple macOS Kernel (lien direct) | Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified.
Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel |
Vulnerability | ||
|
2019-02-26 05:45:04 | Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers (lien direct) | It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week.
A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability |
Hack Vulnerability | ||
|
2019-02-26 04:52:04 | Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week (lien direct) | Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.
Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal |
Vulnerability | ||
|
2019-02-21 02:18:01 | Another Critical Flaw in Drupal Discovered - Update Your Site ASAP! (lien direct) | Developers of Drupal-a popular open-source content management system software that powers millions of websites-have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site.
The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites |
Hack Vulnerability | ||
|
2019-02-20 21:35:01 | Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years (lien direct) | Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR-a popular Windows file compression application with 500 million users worldwide-that affects all versions of the |
Vulnerability | ||
|
2019-02-19 11:45:04 | Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years (lien direct) | Exclusive - If you have not updated your website to the latest WordPress version 5.0.3, it's a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately.
Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that |
Vulnerability | ||
|
2019-02-18 01:37:01 | How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link (lien direct) | It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction.
A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into |
Hack Vulnerability | ||
|
2019-02-13 07:32:01 | Snapd Flaw Lets Attackers Gain Root Access On Linux Systems (lien direct) | Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system.
Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the |
Vulnerability | ||
|
2019-02-12 10:52:00 | New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History (lien direct) | A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app.
Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave, |
Vulnerability | ||
|
2019-02-12 00:59:02 | RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts (lien direct) | A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system.
The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly
|
Vulnerability | ||
|
2019-02-06 01:32:00 | Critical Zcash Bug Could Have Allowed \'Infinite Counterfeit\' Cryptocurrency (lien direct) | The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC).
Yes, infinite… like a never-ending source of money.
Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to be more anonymous
|
Vulnerability | ||
|
2019-02-05 03:28:03 | Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software (lien direct) | It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer.
No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives-LibreOffice and Apache OpenOffice-free, open source office software used by millions of Windows, MacOS and Linux users.
Security researcher
|
Vulnerability | ||
|
2019-02-01 06:56:05 | Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison (lien direct) | Many of you might have this question in your mind:
"Is it illegal to test a website for vulnerability without permission from the owner?"
Or… "Is it illegal to disclose a vulnerability publicly?"
Well, the answer is YES, it's illegal most of the times and doing so could backfire even when you have good intentions.
Last year, Hungarian police arrested a 20-year-old ethical hacker accused of
|
Vulnerability | ||
|
2019-01-16 04:56:03 | Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide (lien direct) | Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.
Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline
|
Vulnerability | ★★★★★ | |
|
2019-01-15 01:57:01 | Unpatched vCard Flaw Could Let Hackers Compromise Your Windows PCs (lien direct) | A zero-day vulnerability has been discovered and reported in the Microsoft's Windows operating system that, under a certain scenario, could allow a remote attacker to execute arbitrary code on Windows machine.
Discovered by security researcher John Page (@hyp3rlinx), the vulnerability was reported to the Microsoft security team through Trend Micro's Zero Day Initiative (ZDI) Program over 6
|
Vulnerability | ★★★ | |
|
2019-01-08 04:00:00 | Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers!
Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications.
Zerodium-a startup by the infamous French-based company Vupen that buys and sells
|
Vulnerability | ||
|
2019-01-03 04:37:04 | Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure (lien direct) | Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities.
The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android
|
Vulnerability | ★★★ | |
|
2018-12-20 07:49:02 | Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system.
SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them.
The
|
Vulnerability |
To see everything:
Our RSS (filtrered)
