What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-12 13:50:12 | CISA Releases Analysis of 2020 Risk and Vulnerability Assessments (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) has published the results of the Risk and Vulnerability Assessments (RVAs) it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations. | Vulnerability | ||
|
2021-07-07 14:37:34 | Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced (lien direct) | A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. | Vulnerability | ||
|
2021-07-06 21:40:57 | Microsoft Ships Emergency Patch for Critical Windows \'PrintNightmare\' Vulnerability (lien direct) | Microsoft late Tuesday pushed out an emergency patch to cover the Windows 'PrintNightmare' security flaw. | Vulnerability | ||
|
2021-07-06 13:51:22 | Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw (lien direct) | A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall's Network Security Manager (NSM) product. | Vulnerability | ||
|
2021-07-02 15:24:13 | Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability (lien direct) | Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year. | Vulnerability | ||
|
2021-07-02 14:20:14 | Microsoft Confirms \'PrintNightmare\' is New Windows Security Flaw (lien direct) | Microsoft late Thursday acknowledged a severe security vulnerability in the Print Spooler utility that ships by default on Windows and warned that the bug exposes users to computer takeover attacks. | Vulnerability | ||
|
2021-07-01 11:07:38 | Vulnerability Found in Industrial Remote Access Product From Claroty (lien direct) | The Secure Remote Access (SRA) product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations. | Vulnerability Threat | ||
|
2021-06-30 12:48:54 | Zero-Day Vulnerability Exploited in Recent Attacks on WD Storage Devices (lien direct) | Western Digital (WD) on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage (NAS) devices involved the exploitation of a zero-day vulnerability. | Vulnerability | ||
|
2021-06-30 11:14:33 | Google Working on Patching GCP Vulnerability That Allows VM Takeover (lien direct) | A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform. | Vulnerability Patching | ||
|
2021-06-28 11:31:03 | XSS Vulnerability in Cisco Security Products Exploited in the Wild (lien direct) | A cross-site scripting (XSS) vulnerability patched last year in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has reportedly been exploited in the wild. | Vulnerability Threat | ||
|
2021-06-25 14:17:19 | Old Vulnerability Exploited to Hack, Wipe WD Storage Devices (lien direct) | Many owners of My Book Live and My Book Live Duo network-attached storage (NAS) devices made by Western Digital (WD) reported having their files wiped, and it seems that it's the result of an attack exploiting an old vulnerability. | Vulnerability | ★★★ | |
|
2021-06-25 11:08:59 | Vulnerabilities Expose Fortinet Firewalls to Remote Attacks (lien direct) | A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands. The flaw can pose an even more serious risk if it's chained with a misconfiguration and another recently discovered security hole. | Vulnerability | ||
|
2021-06-24 11:05:17 | VMware Patches Critical Vulnerability in Carbon Black App Control (lien direct) | VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering. | Vulnerability | ||
|
2021-06-23 11:18:05 | VMware Patches Privilege Escalation Vulnerability in Tools for Windows (lien direct) | A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges. | Vulnerability | ||
|
2021-06-23 08:45:53 | Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR (lien direct) | A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product. | Vulnerability | ||
|
2021-06-22 19:26:09 | Tor Browser Patches Application Probing Vulnerability (lien direct) | A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites to track users across browsers by identifying applications running on their devices. | Vulnerability | ||
|
2021-06-22 04:10:56 | Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability (lien direct) | A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw. | Vulnerability | ||
|
2021-06-16 12:49:03 | Security Camera Feeds Exposed Due to Flaw in SDK Used by Many Vendors (lien direct) | A critical vulnerability discovered in a ThroughTek P2P software development kit (SDK) used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. | Vulnerability | ||
|
2021-06-15 14:46:43 | Researcher Earns $30,000 for Instagram Flaw Exposing Private Posts (lien direct) | A researcher says he has earned $30,000 through Facebook's bug bounty program for reporting an Instagram vulnerability that exposed private posts. | Vulnerability | ||
|
2021-06-11 13:09:45 | GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability (lien direct) | GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system. The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. | Vulnerability | ||
|
2021-06-08 13:52:16 | CISA Announces Vulnerability Disclosure Policy Platform (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform. | Vulnerability | ||
|
2021-06-07 12:55:35 | GitHub Updates Policies on Vulnerability Research, Exploits (lien direct) | Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research. | Vulnerability | ||
|
2021-06-07 10:55:52 | Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching (lien direct) | A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches. | Vulnerability Patching | ★★ | |
|
2021-06-03 13:49:50 | Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS (lien direct) | Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. | Vulnerability | ||
|
2021-06-02 15:02:21 | Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores (lien direct) | More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns. | Vulnerability | ||
|
2021-06-02 12:06:38 | Vulnerability in Lasso Library Impacts Products From Cisco, Akamai (lien direct) | A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. | Vulnerability | ★★★ | |
|
2021-06-01 20:03:39 | Report: Accellion Failed to Notify Customers of FTA Zero-Day (lien direct) | Accellion failed to notify customers of a zero-day vulnerability in its file transfer application (FTA) and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG. | Vulnerability | ||
|
2021-05-31 13:04:35 | SonicWall Patches Command Injection Flaw in Firewall Management Application (lien direct) | SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager (NSM) product. | Vulnerability | ||
|
2021-05-28 15:08:02 | Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens. | Hack Vulnerability | ||
|
2021-05-28 14:09:57 | Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations (lien direct) | One of the Chinese threat actors targeting Pulse Secure VPN appliances via a recently disclosed vulnerability has been attempting to cover its tracks by removing its webshells from victim networks, FireEye reports. | Vulnerability Threat | ||
|
2021-05-27 03:48:25 | Code Execution Flaw in Checkbox Survey Exploited in the Wild (lien direct) | A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns. | Vulnerability | ||
|
2021-05-26 14:29:30 | VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability (lien direct) | VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. | Vulnerability | ||
|
2021-05-26 10:31:30 | Rising Cyberattacks in West Highlight Vulnerabilities (lien direct) | A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution. | Vulnerability | ||
|
2021-05-25 11:37:55 | Apple Patches macOS Big Sur Vulnerability Exploited by Malware (lien direct) | Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks. | Malware Vulnerability | ||
|
2021-05-24 17:32:14 | QNAP Says Recently Patched Flaw Exploited in Qlocker Ransomware Attacks (lien direct) | Taiwanese network-attached storage (NAS) appliance manufacturer QNAP Systems has revealed that a vulnerability in its Hybrid Backup Sync software has been exploited in Qlocker ransomware attacks. | Ransomware Vulnerability | ||
|
2021-05-18 14:01:39 | PoC Exploit Released for Wormable Windows Vulnerability (lien direct) | A researcher has released a proof-of-concept (PoC) exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable. | Vulnerability | ||
|
2021-05-14 13:29:52 | Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure (lien direct) | Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. | Vulnerability | ||
|
2021-05-14 12:45:48 | Cisco to Acquire Vulnerability Management Firm Kenna Security (lien direct) | Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology. | Vulnerability | ||
|
2021-05-13 14:57:32 | Citrix Patches Vulnerability in Workspace App for Windows (lien direct) | Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. | Vulnerability | ★★★ | |
|
2021-05-07 12:36:26 | TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers (lien direct) | Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. | Vulnerability | ||
|
2021-05-07 10:50:57 | VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm (lien direct) | VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. | Vulnerability | ||
|
2021-05-06 16:59:25 | Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (lien direct) | Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem (MSM) chip A vulnerability in Qualcomm's Mobile Station Modem (MSM) chip– installed in around 30% of the world's mobile devices – can be exploited from within Android. | Vulnerability | ||
|
2021-05-05 19:09:32 | DOD Expands Vulnerability Disclosure Program to Web-Facing Targets (lien direct) | The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. | Vulnerability | ||
|
2021-05-05 13:19:04 | Chrome for Windows Gets Hardware-enforced Exploitation Protection (lien direct) | Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. | Vulnerability | ||
|
2021-04-30 14:03:48 | SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched (lien direct) | A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. | Ransomware Vulnerability | ||
|
2021-04-29 15:04:59 | Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (lien direct) | F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions. | Vulnerability | ||
|
2021-04-29 14:35:46 | DigitalOcean Discloses Breach Involving Billing Information (lien direct) | Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems. | Vulnerability | APT 32 | |
|
2021-04-29 11:59:49 | Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (lien direct) | Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. | Vulnerability | ||
|
2021-04-28 16:00:25 | Death of the Manual Pen-Test: Blind Spots, Limited Visibility (lien direct) | Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited. | Vulnerability | ||
|
2021-04-28 08:43:52 | Google Patches Yet Another Serious V8 Vulnerability in Chrome (lien direct) | An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser. The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab. | Vulnerability |
To see everything:
Our RSS (filtrered)
