Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-06-21 12:34:05 |
BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks (lien direct) |
The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue. [...] |
Vulnerability
Patching
|
|
|
|
2019-06-20 14:05:03 |
Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day (lien direct) |
Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. [...] |
Vulnerability
|
|
|
|
2019-06-20 05:36:04 |
Samba Vulnerability Can Crash Active Directory Components (lien direct) |
A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of accessing directory, application, and server services. [...] |
Vulnerability
|
|
|
|
2019-06-20 00:30:01 |
Tor Browser 8.5.2 Released to Fix Critical Vulnerability (lien direct) |
Tor Browser 8.5.2 has been released to fix a critical vulnerability in Firefox that was fixed by Mozilla this week. It is strongly advised that all Tor users install this update as soon as possible. [...] |
Vulnerability
|
|
|
|
2019-06-19 07:46:02 |
Oracle Fixes Critical Bug in WebLogic Server Web Services (lien direct) |
Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. [...] |
Vulnerability
|
|
|
|
2019-06-18 15:58:02 |
Mozilla Firefox 67.0.3 Patches Actively Exploited Zero-Day (lien direct) |
Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to patch an actively exploited and critical severity vulnerability which could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions. [...] |
Vulnerability
|
|
|
|
2019-06-11 20:10:03 |
Bad Cert Vulnerability Can Bring Down Any Windows Server (lien direct) |
A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsoft's operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. [...] |
Vulnerability
|
|
|
|
2019-06-11 05:30:00 |
Finding Windows Systems Affected by BlueKeep Remote Desktop Bug (lien direct) |
Researchers have created tools and scripts that can be used to find Windows machines vulnerable to the BlueKeep vulnerability so that they can be patched. In this article we discuss two of these tools. [...] |
Vulnerability
|
|
|
|
2019-06-07 12:08:03 |
New Windows 10 Zero-Day Bug Emerges From Bypassing Patched Flaw (lien direct) |
Demo exploit code and details are now available about a new zero-day vulnerability in Windows 10 that allows elevating the privileges of a normal user to those of an administrator. An attacker can use it to install programs, view, change or delete data. [...] |
Vulnerability
|
|
|
|
2019-06-05 00:04:00 |
MetaSploit Module Created for BlueKeep Flaw, Private for Now (lien direct) |
A researcher has created a module for the Metasploit Framework for penetration testing that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. [...] |
Vulnerability
|
|
|
|
2019-06-04 13:06:03 |
Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions (lien direct) |
A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer. [...] |
Vulnerability
|
|
|
|
2019-05-31 12:23:03 |
Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch (lien direct) |
An unpatched local privilege escalation zero-day vulnerability in Windows 10 received a temporary patch today. The fix is delivered through the 0patch platform and can be applied on systems without rebooting them.. [...] |
Vulnerability
|
|
|
|
2019-05-31 09:00:00 |
Microsoft Warns Users Again to Patch Wormable BlueKeep Flaw (lien direct) |
Microsoft issued a second warning for users of older Windows releases to patch their systems to block potential attackers from abusing the critical Remote Desktop Services (RDS) remote code execution vulnerability dubbed BlueKeep. [...] |
Vulnerability
|
|
|
|
2019-05-30 03:16:00 |
Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin (lien direct) |
A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. [...] |
Vulnerability
|
|
|
|
2019-05-25 04:30:05 |
New unpatched macOS Gatekeeper Bypass Published Online (lien direct) |
Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. [...] |
Vulnerability
|
|
|
|
2019-05-25 04:30:05 |
macOS Unpatched for Executing Untrusted Code off the Network (lien direct) |
Proof-of-concept code has been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) that allows a hacker to execute arbitrary code without user interaction. [...] |
Vulnerability
|
|
|
|
2019-05-23 03:30:00 |
PoC Exploits Released for Two More Windows Vulnerabilities (lien direct) |
Right on the heels of a privilege escalation zero-day vulnerability for Windows 10 released yesterday, the same researcher has released two more zero-day vulnerabilities [...] |
Vulnerability
|
|
|
|
2019-05-22 10:14:04 |
Researchers Demo PoC For Remote Desktop BlueKeep RCE Exploit (lien direct) |
A proof-of-concept remote code execution (RCE) exploit for the wormable BlueKeep vulnerability tracked as CVE-2019-0708 has been demoed by security researchers from McAfee Labs. [...] |
Vulnerability
|
|
|
|
2019-05-20 21:44:00 |
BlueKeep Remote Desktop Exploits Are Coming, Patch Now! (lien direct) |
Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind. [...] |
Vulnerability
|
|
|
|
2019-05-16 11:08:01 |
Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts (lien direct) |
Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication. [...] |
Vulnerability
|
|
|
|
2019-05-15 14:32:04 |
Google Discloses Bluetooth Flaw in Titan Security Key, Issues Recall (lien direct) |
Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols." [...] |
Vulnerability
|
|
|
|
2019-05-14 20:57:01 |
List of MDS Speculative Execution Vulnerability Advisories & Updates (lien direct) |
Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers. [...] |
Vulnerability
|
|
|
|
2019-05-13 15:20:02 |
Linksys Smart Wi-Fi Routers Leak Info of Connected Devices (lien direct) |
More than 25,000 Linksys Smart Wi-Fi routers are currently impacted by an information disclosure vulnerability which allows remote and unauthenticated access to a vast array of sensitive device information. [...] |
Vulnerability
|
|
|
|
2019-05-13 08:58:03 |
Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution (lien direct) |
Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks. [...] |
Vulnerability
Guideline
|
|
|
|
2019-05-08 19:59:01 |
Bug in Alpine Linux Docker Image Leaves Root Account Unlocked (lien direct) |
A security vulnerability in the Official Docker images based on the Alpine Linux distribution allowed for more than three years logging into the root account using a blank password. [...] |
Vulnerability
|
|
|
|
2019-05-07 17:10:01 |
Cisco Fixes Critical Vulnerability in Elastic Services Controller (lien direct) |
Cisco today released security updates for a critical vulnerability affecting its Elastic Services Controller (ESC). An unauthenticated, remote attacker could exploit the flaw on deployments that have REST API enabled. [...] |
Vulnerability
|
|
|
|
2019-04-26 18:07:04 |
The Week in Ransomware - April 26th 2019 - Targeting the Enterprise (lien direct) |
This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...] |
Ransomware
Vulnerability
|
|
|
|
2019-04-26 17:06:00 |
Old Vulnerabilities Are Still Good Tricks for Today\'s Attacks (lien direct) |
The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. [...] |
Vulnerability
|
|
|
|
2019-04-10 17:31:03 |
Popular Yuzo WordPress Plugin Exploited to Redirect Users to Scams (lien direct) |
A vulnerability in the popular WordPress plugin called Yuzo Related Posts is being targeted by attackers to inject JavaScript into the pages of the site. This JavaScript will cause visitors to be redirected to sites displaying scams, including tech support scams, and sites promoting unwanted software such as browser extensions. [...] |
Vulnerability
|
|
|
|
2019-04-10 03:35:00 |
Demo Exploit Code Available for Privilege Escalation Bug in Windows (lien direct) |
Proof-of-concept exploit code for a privilege escalation vulnerability affecting Windows operating system has been published today, soon after Microsoft rolled out its monthly batch of security patches. [...] |
Vulnerability
|
|
|
|
2019-04-05 14:23:05 |
Year-Old DoS Vulnerability Allows Attacks on Some MikroTik Routers (lien direct) |
MikroTik on Thursday published details about an issue that is easy to exploit remotely to cause a denial-of-service (DoS) condition on devices running RouterOS, which is most products from the maker. [...] |
Vulnerability
|
|
★★★★★
|
|
2019-04-04 13:28:05 |
Xiaomi Pre-Installed Security App Vulnerable to MiTM Attacks (lien direct) |
A vulnerability exposing users to Man-in-the-Middle (MiTM) attacks was patched by Xiaomi in the pre-installed security app Guard Provider after a disclosure report from Check Point Research. [...] |
Vulnerability
|
|
|
|
2019-04-03 09:00:03 |
Georgia Tech Data Breach Exposes Info for 1.3 Million People (lien direct) |
Georgia Tech announced yesterday that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. [...] |
Data Breach
Vulnerability
|
|
|
|
2019-03-28 17:31:02 |
Zero-Day TP-Link SR20 Router Vulnerability Disclosed by Google Dev (lien direct) |
TP-Link's SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands as disclosed on Twitter by Google security developer Matthew Garrett. [...] |
Vulnerability
|
|
|
|
2019-03-26 16:01:00 |
NVIDIA Patches High Severity GeForce Experience Vulnerability (lien direct) |
NVIDIA released a security update for the NVIDIA GeForce Experience software for Windows to patch a vulnerability that could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform denial-of-service (DoS) attacks. [...] |
Vulnerability
|
|
|
|
2019-03-22 14:12:00 |
Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects (lien direct) |
WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a zero-day stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the plugin. [...] |
Vulnerability
|
|
|
|
2019-03-20 09:43:00 |
Google Photos Bug Exposed the Location & Time of Your Pictures (lien direct) |
A vulnerability in the web version of Google Photos allowed websites to learn a user's location history based on the images they stored in the account. [...] |
Vulnerability
|
|
|
|
2019-03-15 12:13:02 |
Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug (lien direct) |
A code execution vulnerability in WinRAR generated over a hundred distinct exploits in the first week since its disclosure, and the number of exploits keeps on swelling. [...] |
Vulnerability
|
|
|
|
2019-03-13 11:18:04 |
Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers (lien direct) |
The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted comments on WordPress websites with the comments module enabled. [...] |
Vulnerability
|
|
|
|
2019-03-07 19:01:03 |
Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug (lien direct) |
Google recommends users of Windows 7 to give it up and move to Microsoft's latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild. [...] |
Vulnerability
|
|
|
|
2019-03-06 08:00:00 |
Hackers Revive Microsoft Office Equation Editor Exploit (lien direct) |
Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago. [...] |
Vulnerability
|
|
|
|
2019-03-04 20:37:05 |
Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns (lien direct) |
Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month. [...] |
Vulnerability
|
|
|
|
2019-03-01 18:30:04 |
Update ColdFusion Now, Critical Zero-Day Bug Exploited in the Wild (lien direct) |
Adobe today released emergency updates that fix a critical vulnerability for the ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild. [...] |
Vulnerability
Guideline
|
|
|
|
2019-03-01 11:28:01 |
First Hacker Millionaire on HackerOne (lien direct) |
At 19, Santiago Lopez is already counting earnings totaling over USD 1 million from reporting security vulnerabilities through vulnerability coordination and bug bounty program HackerOne. He's the first to make this kind of money on the platform. [...] |
Vulnerability
|
|
|
|
2019-02-28 16:04:01 |
App Security Improvement Alerts Android Devs of 6 New Vulnerabilities (lien direct) |
Google announced the addition of six extra vulnerability warnings to the Application Security Improvement (ASI) program after previously announcing updates for the Google Play Protect, the built-in malware protection for Android. [...] |
Malware
Vulnerability
|
|
|
|
2019-02-28 12:57:05 |
Cisco Fixes Critical RCE Vulnerability in RV110W, RV130W, and RV215W Routers (lien direct) |
Cisco fixed a critical remote code execution vulnerability present in the web-based management interface of the RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. [...] |
Vulnerability
|
|
|
|
2019-02-27 08:00:00 |
New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings (lien direct) |
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...] |
Vulnerability
|
|
|
|
2019-02-25 16:08:02 |
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor (lien direct) |
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...] |
Malware
Vulnerability
|
|
★★
|
|
2019-02-22 14:12:00 |
19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support (lien direct) |
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...] |
Tool
Vulnerability
|
|
|
|
2019-02-21 08:42:01 |
Drupal Fixes Highly Critical Vulnerability (lien direct) |
Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances. [...] |
Vulnerability
Guideline
|
|
|