What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-25 10:43:03 | Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak (lien direct) | Atlassian has warned customers that a vulnerability in Questions for Confluence will likely be used in attacks after someone made public a piece of information needed to exploit a recently addressed vulnerability. | Vulnerability | ||
|
2022-07-22 15:30:23 | Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari (lien direct) | A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft's Edge and Apple's Safari web browsers. | Vulnerability | ||
|
2022-07-15 01:26:53 | Log4j Software Flaw \'Endemic,\' New Cyber Safety Panel Says (lien direct) | A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden. | Vulnerability | ||
|
2022-07-07 14:21:31 | OpenSSL Patches Remote Code Execution Vulnerability (lien direct) | OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks. The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices. | Vulnerability | ||
|
2022-06-30 11:11:22 | Vulnerability in Amazon Photos Android App Exposed User Information (lien direct) | Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token. | Vulnerability | ||
|
2022-06-29 13:57:09 | Azure Service Fabric Vulnerability Can Lead to Cluster Takeover (lien direct) | Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster. | Vulnerability | ||
|
2022-06-28 16:43:08 | CISA Says \'PwnKit\' Linux Vulnerability Exploited in Attacks (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks. | Vulnerability | ||
|
2022-06-24 13:53:25 | Researchers: It Took Oracle 6 Months to Patch \'Mega\' Vulnerability Affecting Many Systems (lien direct) | Security researchers have published technical details on a critical Fusion Middleware vulnerability that Oracle took six months to patch. | Vulnerability | ||
|
2022-06-24 10:30:56 | US Agencies Warn Organizations of Log4Shell Attacks Against VMware Products (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have issued a joint advisory to warn organizations that threat actors continue to exploit the Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) servers. | Vulnerability Threat | ★★ | |
|
2022-06-22 13:42:57 | SMA Technologies Patches Critical Security Issue in Workload Automation Solution (lien direct) | A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations. Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations. | Vulnerability | ||
|
2022-06-17 12:00:51 | Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations (lien direct) | More than one million WordPress websites were potentially impacted by a critical Ninja Forms plugin vulnerability that appears to have been exploited in the wild. With over one million installations, the popular Ninja Forms plugin helps administrators add customizable forms to their WordPress sites. | Vulnerability | ||
|
2022-06-16 13:18:51 | Cisco Patches Critical Vulnerability in Email Security Appliance (lien direct) | Cisco on Wednesday announced patches for a critical vulnerability affecting its Email Security Appliance (ESA) and Secure Email and Web Manager products. | Vulnerability | ||
|
2022-06-15 13:52:14 | Critical Code Execution Vulnerability Patched in Splunk Enterprise (lien direct) | Splunk this week announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution. | Vulnerability Guideline | ★★★ | |
|
2022-06-15 10:32:34 | Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords (lien direct) | Citrix on Tuesday warned of a critical vulnerability in Citrix Application Delivery Management (ADM) that could essentially allow an unauthenticated attacker to log in as administrator. | Vulnerability | ||
|
2022-06-14 18:38:33 | Windows Updates Patch Actively Exploited \'Follina\' Vulnerability (lien direct) | Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190. | Vulnerability | ||
|
2022-06-13 11:09:48 | Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability (lien direct) | A recently patched Confluence Server vulnerability is being exploited by multiple cybercrime and state-sponsored threat groups, according to Microsoft. | Vulnerability Threat | ||
|
2022-06-09 13:51:23 | \'Follina\' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware (lien direct) | Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch. | Malware Vulnerability | ||
|
2022-06-09 10:42:29 | Threat Actors Start Exploiting Meeting Owl Pro Vulnerability Days After Disclosure (lien direct) | Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week. | Vulnerability | ||
|
2022-06-08 11:48:25 | Owl Labs Patches Severe Vulnerability in Video Conferencing Devices (lien direct) | Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices. Owl Labs' Meeting Owl Pro features a 360° lens camera to offer a panoramic view of the conference room. It offers support for various video conferencing solutions, including Zoom, Skype, and Google Meet. | Vulnerability | ||
|
2022-06-06 14:52:15 | Critical Account Takeover Vulnerability Patched in GitLab Enterprise Edition (lien direct) | DevOps platform GitLab has announced security updates that resolve multiple vulnerabilities, including a critical-severity bug leading to account takeover. | Vulnerability Guideline | ||
|
2022-06-06 10:53:20 | Critical U-Boot Vulnerability Allows Rooting of Embedded Systems (lien direct) | A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group. | Vulnerability | ||
|
2022-06-06 10:02:46 | Atlassian Patches Confluence Zero-Day as Exploitation Attempts Surge (lien direct) | Atlassian informed customers on Friday that it has released patches for the critical Confluence Server vulnerability that has been exploited in attacks. The announcement came just before cybersecurity organizations warned that exploitation attempts have spiked. | Vulnerability | ||
|
2022-06-03 10:00:06 | Atlassian Confluence Servers Hacked via Zero-Day Vulnerability (lien direct) | Atlassian scrambling to patch Confluence Server zero-day exploited by multiple threat groups Atlassian customers have been warned that hackers are exploiting a Confluence Server zero-day vulnerability. The flaw is currently unpatched and it appears to have been exploited by multiple threat groups. | Vulnerability Threat | ||
|
2022-06-02 15:00:17 | Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks (lien direct) | Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point. | Vulnerability | ||
|
2022-06-01 14:56:36 | Unpatched Vulnerability Exposes Horde Webmail Servers to Attacks (lien direct) | The Horde webmail software is affected by a serious vulnerability that can be exploited to gain complete access to an organization's emails. | Vulnerability | ★★★ | |
|
2022-06-01 10:21:24 | Chinese Threat Actors Exploiting \'Follina\' Vulnerability (lien direct) | The Windows zero-day vulnerability identified as Follina and CVE-2022-30190 is being exploited in an increasing number of attacks, including by a Chinese APT group. | Vulnerability Threat | ||
|
2022-05-31 10:25:25 | Microsoft Confirms Exploitation of \'Follina\' Zero-Day Vulnerability (lien direct) | Microsoft has confirmed that Windows is affected by a zero-day vulnerability after researchers warned of exploitation in the wild. | Vulnerability | ||
|
2022-05-30 11:10:12 | Document Exploiting New Microsoft Office Zero-Day Seen in the Wild (lien direct) | Cybersecurity researchers have issued a warning after spotting what appears to be a new Microsoft Office zero-day vulnerability that may have been exploited in the wild. | Vulnerability | ||
|
2022-05-27 18:15:33 | Exploitation of VMware Vulnerability Imminent Following Release of PoC (lien direct) | When VMware announced patches for a critical vulnerability on May 18, users were warned that exploitation in the wild would likely start soon, and now a proof-of-concept (PoC) exploit targeting the flaw has been made public. | Vulnerability | ||
|
2022-05-26 13:04:32 | QCT Servers Affected by \'Pantsdown\' BMC Vulnerability (lien direct) | Servers made by Quanta Cloud Technology (QCT) are affected by the baseboard management controller (BMC) vulnerability known as CVE-2019-6260 and “Pantsdown.” | Vulnerability | ||
|
2022-05-25 10:05:50 | Trend Micro Patches Vulnerability Exploited by Chinese Cyberspies (lien direct) | Cybersecurity company Trend Micro has updated one of its products to patch a vulnerability that has been exploited by a threat actor linked to China. | Vulnerability Threat | ||
|
2022-05-23 10:23:44 | Cisco Warns of Exploitation Attempts Targeting New IOS XR Vulnerability (lien direct) | Cisco informed customers on Friday that it's aware of in-the-wild exploitation attempts targeting a new vulnerability affecting its IOS XR software. | Vulnerability | ||
|
2022-05-18 08:38:10 | Large-Scale Attack Targeting Tatsu Builder WordPress Plugin (lien direct) | Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin. | Vulnerability | ||
|
2022-05-16 12:52:02 | \'Sysrv\' Botnet Targeting Recent Spring Cloud Gateway Vulnerability (lien direct) | A new variant of the Sysrv botnet has added a recent Spring Cloud Gateway vulnerability to its exploit portfolio, Microsoft warns. The Sysrv botnet has been active since at least late 2020, looking to exploit known security bugs in access interfaces in order to compromise Windows and Linux systems and install a Monero cryptominer on them. | Vulnerability | ★★ | |
|
2022-05-16 12:05:07 | SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances (lien direct) | SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access. | Vulnerability Guideline | ★★★★ | |
|
2022-05-16 11:16:20 | (Déjà vu) CISA Removes Windows Vulnerability From \'Must-Patch\' List Due to Buggy Update (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has temporarily removed a Windows flaw from its Known Exploited Vulnerabilities Catalog after it was informed by Microsoft that a recent update can cause problems on some types of systems. | Vulnerability | ||
|
2022-05-16 10:05:34 | Zyxel Firewall Vulnerability Exploitation Attempts Seen One Day After Disclosure (lien direct) | Exploitation attempts targeting a recently disclosed vulnerability affecting Zyxel firewalls started just one day after the flaw's existence came to light. | Vulnerability | ||
|
2022-05-13 15:11:38 | Hackers Can Make Siemens Building Automation Controllers \'Unavailable for Days\' (lien direct) | A vulnerability affecting building automation controllers from Siemens can be exploited to disrupt a device for an extended period of time, according to OT and IoT cybersecurity firm Nozomi Networks. | Vulnerability | ||
|
2022-05-13 12:41:23 | Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (lien direct) | Thousands of Zyxel firewalls could be vulnerable to remote attacks due to a vulnerability discovered recently by cybersecurity firm Rapid7. The vendor was quick to release a patch, but it did not immediately inform customers about it. | Vulnerability | ||
|
2022-05-11 11:17:40 | SAP Patches Spring4Shell Vulnerability in More Products (lien direct) | As part of its May 2022 Security Patch Day, SAP announced on Tuesday the release of eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products. | Vulnerability | ★★★ | |
|
2022-05-11 10:49:16 | Critical Vulnerability Exploited to \'Destroy\' BIG-IP Appliances (lien direct) | The recently patched F5 BIG-IP vulnerability tracked as CVE-2022-1388 is being increasingly exploited by threat actors, including to “destroy” affected appliances. | Vulnerability Threat | ★★★ | |
|
2022-05-10 17:22:14 | Microsoft Azure Vulnerability Allowed Code Execution, Data Theft (lien direct) | Microsoft on Monday shared information on patches and mitigations for a vulnerability impacting Azure Data Factory and Azure Synapse Pipelines. | Vulnerability | ★★★★ | |
|
2022-05-10 11:26:52 | Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability (lien direct) | Indicators of compromise (IoCs) and other resources have been released to help defenders deal with the actively exploited F5 BIG-IP vulnerability tracked as CVE-2022-1388. | Vulnerability | ★★★★ | |
|
2022-05-10 10:51:50 | QNAP Patches Critical Vulnerability in Network Surveillance Products (lien direct) | Taiwanese network-attached storage (NAS) solutions provider QNAP Systems on Friday announced patches for a critical vulnerability impacting some of its network surveillance products. | Vulnerability | ★★★ | |
|
2022-05-09 11:32:32 | RubyGems Fixes Critical Gem Takeover Vulnerability (lien direct) | RubyGems has addressed a critical vulnerability that could have allowed any RubyGems.org user to remove and replace certain Ruby gems. A package hosting service for the Ruby programming language, RubyGems.org hosts more than 170,000 gems. RubyGems also functions as a package manager. | Vulnerability | ★★ | |
|
2022-05-09 11:06:56 | F5 BIG-IP in Attacker Crosshairs Following Disclosure of Critical Vulnerability (lien direct) | Organizations using F5's BIG-IP application delivery controllers are advised to immediately update their systems as a recently patched vulnerability is already being exploited in the wild. | Vulnerability | ★★★★ | |
|
2022-05-04 10:37:29 | Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption (lien direct) | A researcher has shown how a type of vulnerability affecting many ransomware families can be exploited to control the malware and terminate it before it can encrypt files on compromised systems. | Ransomware Malware Vulnerability | ||
|
2022-05-03 13:27:38 | DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors (lien direct) | The US Department of Defense (DoD) on Monday announced the conclusion of a 12-month pilot Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) aimed at finding flaws in contractor networks. | Vulnerability | ||
|
2022-05-03 12:46:32 | Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library (lien direct) | Nozomi Networks, a firm specialized in securing operational technology (OT) and IoT systems, has disclosed a potentially serious vulnerability affecting a C standard library used by several major companies. | Vulnerability | ||
|
2022-04-29 12:06:05 | Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability (lien direct) | Rapid7 security researchers have identified 2,000 internet-exposed Linux servers that appear to be impacted by a Redis vulnerability that has been exploited in attacks. | Vulnerability |
To see everything:
Our RSS (filtrered)
