Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-10-10 13:37:05 |
SAP Patches Critical Vulnerability in BusinessObjects (lien direct) |
This week, SAP released its October 2018 set of patches, which includes the first Hot News security note for SAP BusinessObjects in over five years.
|
Vulnerability
|
|
|
|
2018-10-09 17:37:00 |
Apple Patches Passcode Bypass in iOS (lien direct) |
Apple on Monday released patches for iOS devices to address a recently disclosed vulnerability that could result in |
Vulnerability
|
|
|
|
2018-10-01 12:51:05 |
Telegram Leaks User IP Addresses (lien direct) |
A vulnerability in Telegram Desktop results in the end-user public and private IP addresses being leaked during a call, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2018-09-26 13:01:02 |
Researchers See Improvements in Vehicle Cybersecurity (lien direct) |
Data from vulnerability assessments conducted by security consulting firm IOActive in the past years shows some improvements in vehicle cybersecurity.
|
Vulnerability
|
|
|
|
2018-09-26 10:25:03 |
Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian (lien direct) |
Qualys has disclosed the details of an integer overflow vulnerability in the Linux kernel that can be exploited by a local attacker for privilege escalation. The flaw, dubbed “Mutagen Astronomy,” affects certain versions of the Red Hat, CentOS and Debian distributions.
|
Vulnerability
|
|
|
|
2018-09-25 17:41:04 |
(Déjà vu) Third-Party Patch Available for Microsoft JET Database Zero-Day (lien direct) |
An unofficial patch is already available for the unpatched Microsoft JET Database Engine vulnerability that Trend Micro's Zero Day Initiative (ZDI) made public last week.
|
Vulnerability
|
|
|
|
2018-09-24 10:53:02 |
Cisco Removes Default Password From Video Surveillance Manager (lien direct) |
A critical vulnerability recently patched in the Cisco Video Surveillance Manager (VSM) could allow an unauthenticated attacker to log in as root.
|
Vulnerability
|
|
|
|
2018-09-21 16:14:01 |
ZDI Shares Details of Microsoft JET Database Zero-Day (lien direct) |
Trend Micro's Zero Day Initiative (ZDI) on Thursday made public details on a vulnerability impacting the Microsoft JET Database Engine, although a patch isn't yet available for it.
|
Vulnerability
|
|
|
|
2018-09-19 12:56:02 |
Privacy Protection Means Encryption at the Application Layer (lien direct) |
Comprehensive Data Security Measures Should Include a Formal Process for Application Security and Vulnerability Assessment
|
Vulnerability
|
|
|
|
2018-09-18 14:42:03 |
Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras (lien direct) |
A critical vulnerability in NUUO software could allow attackers to remotely view video feeds and tamper with the recordings of hundreds of thousands of surveillance cameras, Tenable reveals.
|
Vulnerability
|
|
|
|
2018-09-12 05:39:04 |
Address Bar Spoofing Flaw Found in Edge, Safari (lien direct) |
A researcher has discovered an address bar spoofing vulnerability in the Microsoft Edge and Apple Safari web browsers, but a patch is currently only available for the former.
|
Vulnerability
|
|
|
|
2018-09-11 18:04:05 |
SAP Patches Critical Vulnerability in Business Client (lien direct) |
SAP today released its September 2018 set of patches to address a total of 14 vulnerabilities in its products, including a critical bug in SAP Business Client.
|
Vulnerability
|
|
|
|
2018-09-10 20:04:05 |
Zerodium Discloses Flaw That Allows Code Execution in Tor Browser (lien direct) |
Exploit acquisition firm Zerodium has disclosed a NoScript vulnerability that can be exploited to execute arbitrary JavaScript code in the Tor Browser even if the maximum security level is used.
|
Vulnerability
|
|
|
|
2018-09-10 15:02:04 |
VPN Firms Release New Patches for Privilege Escalation Flaw (lien direct) |
Virtual private network (VPN) service providers ProtonVPN and NordVPN have made another attempt to patch a potentially serious privilege escalation vulnerability that they first tried to address a few months ago.
|
Vulnerability
|
|
|
|
2018-09-06 11:25:04 |
Flaw in Schneider PLC Allows Significant Disruption to ICS (lien direct) |
A vulnerability discovered in some of Schneider Electric's Modicon programmable logic controllers (PLCs) may allow malicious actors to cause significant disruption to industrial control systems (ICS).
|
Vulnerability
|
|
|
|
2018-09-05 15:08:02 |
Windows Zero-Day Exploited in Targeted Attacks by \'PowerPool\' Group (lien direct) |
A threat group tracked by security firm ESET as “PowerPool” has been exploiting a Windows zero-day vulnerability to elevate the privileges of a backdoor in targeted attacks.
|
Vulnerability
Threat
|
|
|
|
2018-09-04 10:22:05 |
(Déjà vu) Oracle Products Affected by Exploited Apache Struts Flaw (lien direct) |
Oracle informed customers over the weekend that some of the company's products are affected by a critical Apache Struts 2 vulnerability that has been exploited in the wild.
|
Vulnerability
|
|
|
|
2018-08-31 14:29:04 |
Critical Vulnerability Patched in PHP Package Repository (lien direct) |
A critical remote code execution vulnerability was recently addressed in packagist.org |
Vulnerability
|
|
|
|
2018-08-28 14:07:03 |
Critical Apache Struts Vulnerability Exploited in Live Attacks (lien direct) |
A Critical remote code execution vulnerability in Apache Struts 2 that was patched last week is already being abused in malicious attacks, threat intelligence firm Volexity warns.
|
Vulnerability
Threat
|
|
★★
|
|
2018-08-28 11:21:03 |
Exploit Published for Windows Task Scheduler Zero-Day (lien direct) |
Details of an unpatched vulnerability in Microsoft's Windows 10 operating system were made public on Monday, via Twitter.
|
Vulnerability
|
|
|
|
2018-08-27 09:52:02 |
(Déjà vu) Exploit for Recent Critical Apache Struts Vulnerability Published (lien direct) |
Exploit code for a |
Vulnerability
|
|
|
|
2018-08-20 13:40:00 |
Vulnerability in IP Relay Service Impacts Major Canadian ISPs (lien direct) |
A recently addressed local file disclosure vulnerability in the SOLEO IP Relay service impacted nearly all major Internet service providers (ISPs) in Canada, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2018-08-09 05:18:03 |
Flaw in BIND Security Feature Allows DoS Attacks (lien direct) |
The Internet Systems Consortium (ISC) revealed on Wednesday that the BIND DNS software is affected by a serious vulnerability that can be exploited for denial-of-service (DoS) attacks.
|
Vulnerability
|
|
|
|
2018-08-07 14:39:00 |
\'SegmentSmack\' Flaw in Linux Kernel Allows Remote DoS Attacks (lien direct) |
A vulnerability in the Linux kernel can allow a remote attacker to trigger a denial-of-service (DoS) condition by sending specially crafted packets to the targeted system. The flaw could impact many companies.
|
Vulnerability
|
|
★★★★★
|
|
2018-07-25 14:13:03 |
Researchers Resurrect Decade-Old Oracle Solaris Vulnerability (lien direct) |
One of the Solaris vulnerabilities patched by Oracle with its July 2018 Critical Patch Update (CPU) exists due to an ineffective fix implemented by the company for a flaw first discovered in 2007.
|
Vulnerability
|
|
|
|
2018-07-20 17:22:05 |
Microsoft Addresses Serious Vulnerability in Translator Hub (lien direct) |
A serious vulnerability in the Microsoft Translator Hub could be exploited to delete any or all of the 13000+ projects hosted by the service, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2018-07-20 10:57:03 |
Adobe Patches Vulnerability Affecting Internal Systems (lien direct) |
Adobe has patched what researchers describe as a potentially serious security issue in its internal systems, but the company has downplayed the impact of the vulnerability.
|
Vulnerability
|
|
|
|
2018-07-19 09:28:05 |
ABB to Patch Code Execution Flaw in HMI Tool (lien direct) |
Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools.
|
Tool
Vulnerability
|
|
|
|
2018-07-18 18:18:05 |
Vulnerability or Not? Pen Tester Quarrels With Software Maker (lien direct) |
|
Vulnerability
|
|
|
|
2018-06-27 11:25:02 |
Unpatched WordPress Flaw Leads to Site Takeover, Code Execution (lien direct) |
A file deletion vulnerability that remains unpatched 7 months after being reported allows for the complete takeover of WordPress sites and for arbitrary code execution.
|
Vulnerability
|
|
|
|
2018-06-27 04:50:05 |
Cisco ASA Flaw Exploited in DoS Attacks (lien direct) |
Cisco has informed users that a recently patched vulnerability affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has been exploited in denial-of-service (DoS) attacks.
|
Vulnerability
Threat
|
|
|
|
2018-06-25 09:04:01 |
Rockwell Patches Flaw Affecting Safety Controllers From Several Vendors (lien direct) |
In April, at SecurityWeek's ICS Cyber Security Conference in Singapore, industrial cybersecurity firm Applied Risk disclosed the details of a serious denial-of-service (DoS) vulnerability affecting safety controllers from several major vendors.
|
Vulnerability
|
|
|
|
2018-06-22 17:19:05 |
"Wavethrough" Bug in Microsoft Edge Leaks Sensitive Information (lien direct) |
A security vulnerability |
Vulnerability
|
|
|
|
2018-06-22 12:21:02 |
Hackers Exploit Drupal Flaw for Monero Mining (lien direct) |
Network attacks exploiting a recently patched Drupal vulnerability are attempting to drop Monero mining malware onto vulnerable systems, Trend Micro reports.
|
Malware
Vulnerability
|
|
|