What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-27 11:13:25 | Apple Patches macOS Security Bypass Vulnerability Exploited by \'Shlayer\' Malware (lien direct) | Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group. | Malware Vulnerability Threat | ||
|
2021-04-27 00:16:39 | NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability (lien direct) | A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal. | Vulnerability | ||
|
2021-04-22 15:59:46 | AV Under Attack: Trend Micro Confirms Apex One Exploitation (lien direct) | Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines. | Vulnerability | ||
|
2021-04-21 13:46:02 | Vulnerability in CocoaPod Dependency Manager Exposed Millions of Apps (lien direct) | A remote code execution vulnerability identified on the central CocoaPods server could have allowed an attacker to poison any package download, security researcher Max Justicz reveals. | Vulnerability | ||
|
2021-04-16 14:04:26 | Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices (lien direct) | A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices. | Vulnerability | ||
|
2021-04-16 10:47:41 | Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy (lien direct) | Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. | Vulnerability | ||
|
2021-04-15 14:30:54 | Reddit Launches Public Bug Bounty Program (lien direct) | Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope. | Vulnerability | ||
|
2021-04-15 12:05:26 | (Déjà vu) Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched (lien direct) | A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week. | Vulnerability | ||
|
2021-04-14 11:50:58 | Another Critical Vulnerability Patched in SAP Commerce (lien direct) | On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce. | Vulnerability | ||
|
2021-04-13 13:50:20 | Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices (lien direct) | An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system. | Vulnerability | ||
|
2021-04-13 12:32:24 | (Déjà vu) PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers (lien direct) | A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers. | Vulnerability | ||
|
2021-04-08 13:47:10 | Cring Ransomware Targets Industrial Organizations (lien direct) | Cring ransomware operators are exploiting an old path traversal vulnerability in the FortiOS SSL VPN web portal to gain access to enterprise networks, Kaspersky warns. | Ransomware Vulnerability | ||
|
2021-04-08 10:50:21 | Vulnerability in \'Domain Time II\' Could Lead to Server, Network Compromise (lien direct) | A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday. | Vulnerability | ||
|
2021-04-07 11:33:06 | Google Patches Critical Code Execution Vulnerability in Android (lien direct) | The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component. | Vulnerability | ||
|
2021-04-06 14:23:10 | US DoD Launches Vuln Disclosure Program for Contractor Networks (lien direct) | The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks. | Vulnerability | ||
|
2021-04-05 15:51:20 | VMware Patches Critical Flaw in Carbon Black Cloud Workload (lien direct) | A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug. | Vulnerability | ||
|
2021-03-31 12:00:08 | Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape (lien direct) | Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser. | Vulnerability | ||
|
2021-03-29 18:30:38 | Vulnerability in \'netmask\' npm Package Affects 280,000 Projects (lien direct) | A vulnerability in the netmask npm package could expose private networks and lead to a variety of attacks, including malware delivery. | Malware Vulnerability Guideline | ||
|
2021-03-26 21:56:05 | Apple Patches Under-Attack iOS Zero-Day (lien direct) | Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild. | Vulnerability | ||
|
2021-03-26 15:05:29 | (Déjà vu) Severe Flaws in Official \'Facebook for WordPress\' Plugin (lien direct) | A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence. | Vulnerability Guideline | ||
|
2021-03-26 15:05:29 | Severe Flaws in Facebook for WordPress Plugin (lien direct) | A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence. | Vulnerability Guideline | ||
|
2021-03-23 13:07:30 | Recently Patched Android Vulnerability Exploited in Attacks (lien direct) | Google has warned Android users that a recently patched vulnerability has been exploited in attacks. The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021. | Vulnerability | ||
|
2021-03-23 04:52:53 | Remote Code Execution Vulnerability Patched in Apache OFBiz (lien direct) | One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication. | Vulnerability | ||
|
2021-03-15 11:37:12 | Google Releases PoC Exploit for Browser-Based Spectre Attack (lien direct) | Google last week announced the release of proof-of-concept (PoC) code designed to exploit the notorious Spectre vulnerability and leak information from web browsers. | Vulnerability | ||
|
2021-03-09 17:35:33 | Apple Patches Remote Code Execution Bug in WebKit (lien direct) | Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices. | Vulnerability | ||
|
2021-03-09 15:31:11 | Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild (lien direct) | A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns. | Vulnerability | ||
|
2021-03-04 13:46:44 | Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability (lien direct) | Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine. | Vulnerability | ||
|
2021-03-04 04:45:42 | Microsoft Pays $50,000 Bounty for Account Takeover Vulnerability (lien direct) | A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account. | Vulnerability | ||
|
2021-03-03 15:44:00 | Jetty Flaw Can Be Exploited to Inflate Target\'s Cloud Bill, Cause Disruption (lien direct) | A vulnerability affecting Eclipse Jetty web servers can be exploited by an attacker to inflate a targeted organization's cloud services bill or cause disruption, according to security researchers at tech company Synopsys. | Vulnerability | ||
|
2021-03-03 15:23:03 | VMware Patches Remote Code Execution Vulnerability in View Planner (lien direct) | VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution. | Vulnerability Guideline | ||
|
2021-03-03 13:22:12 | Chrome 89 Patches Actively Exploited Vulnerability (lien direct) | Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild. | Vulnerability | ||
|
2021-03-03 12:22:14 | Should You Be Concerned About the Recently Leaked Spectre Exploits? (lien direct) | A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. While some experts say this could increase the risk of exploitation for malicious purposes, others believe there is no reason for concern. | Malware Vulnerability | ||
|
2021-03-02 16:00:46 | Google Patches Critical Remote Code Execution Vulnerability in Android (lien direct) | Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component. | Vulnerability | ||
|
2021-03-02 15:47:00 | New \'Unc0ver\' Jailbreak Uses Vulnerability That Apple Said Was Exploited (lien direct) | 
The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January.
|
Vulnerability | ||
|
2021-03-01 11:24:11 | Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) | A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult. | Vulnerability Threat | ||
|
2021-02-26 11:54:50 | Unprotected Private Key Allows Remote Hacking of Rockwell Controllers (lien direct) | Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation. | Vulnerability | ||
|
2021-02-25 11:47:07 | Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability (lien direct) | Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers. | Vulnerability | ||
|
2021-02-25 04:28:48 | Google Discloses Details of Remote Code Execution Vulnerability in Windows (lien direct) | Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution. | Vulnerability | ||
|
2021-02-24 12:02:51 | Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks (lien direct) | VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges. | Vulnerability | ||
|
2021-02-22 15:06:35 | Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak (lien direct) | A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' “Lost in Translation” leak, cybersecurity firm Check Point says in a new report. | Vulnerability Threat | APT 31 | |
|
2021-02-18 13:20:51 | Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 (lien direct) | A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. | Vulnerability | ||
|
2021-02-16 18:40:55 | WebKit Zero-Day Vulnerability Exploited in Malvertising Operation (lien direct) | A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine. | Vulnerability | ||
|
2021-02-15 14:43:42 | Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability (lien direct) | Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers. | Vulnerability | ||
|
2021-02-15 11:59:05 | Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises (lien direct) | VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. | Vulnerability | ||
|
2021-02-10 15:07:13 | Apple Patches Recent Sudo Vulnerability in macOS (lien direct) | Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility. Present in most Unix- and Linux-based operating systems out there, Sudo is a tool that allows users to execute programs with the privileges of another user, which by default is superuser. | Tool Vulnerability | ||
|
2021-02-10 14:18:06 | Critical Vulnerability Patched in SAP Commerce Product (lien direct) | SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. It also updated six previously released notes. | Vulnerability | ||
|
2021-02-10 02:02:39 | Hack Exposes Vulnerability of Cash-Strapped US Water Plants (lien direct) | A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants. | Vulnerability | ||
|
2021-02-09 18:29:39 | Adobe Patches Reader Vulnerability Exploited in the Wild (lien direct) | Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. | Vulnerability | ||
|
2021-02-09 14:09:54 | Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs (lien direct) | An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. | Vulnerability | ||
|
2021-02-08 14:52:16 | Google Launches Database for Open Source Vulnerabilities (lien direct) | Google last week announced the launch of OSV (Open Source Vulnerabilities), which the internet giant has described as a vulnerability database and triage infrastructure for open source projects. | Vulnerability |
To see everything:
Our RSS (filtrered)
