What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-09 09:35:29 | (Déjà vu) Palo Alto Networks addresses another high severity issue in PAN-OS devices (lien direct) | Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a […] | Vulnerability | ||
|
2020-07-09 07:44:30 | Google Tsunami vulnerability scanner is now open-source (lien direct) | Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users' […] | Vulnerability | ||
|
2020-07-06 07:42:48 | Threat actors are attempting to exploit recently fixed F5 BIG-IP flaw (lien direct) | Attackers are already attempting to exploit the recently fixed bug in F5 Networks BIG-IP product, security experts warn. A few days after the disclosure of the vulnerability in the F5 Networks BIG-IP product. F5 Networks has recently addressed a critical remote code execution (RCE) vulnerability, tracked as CVE-2020-5902, that resides in undisclosed pages of Traffic Management […] | Vulnerability Threat | ||
|
2020-07-05 12:33:56 | Cisco Talos discloses technicals details of Chrome, Firefox flaws (lien direct) | Cisco's Talos experts disclosed the details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers. Researchers from Cisco Talos disclosed technical details of recently patched vulnerabilities affecting the popular Chrome and Firefox web browsers. The first issue, tracked as CVE-2020-6463, is a memory corruption vulnerability that affects PDFium, an open source PDF […] | Vulnerability | ||
|
2020-06-22 13:18:15 | AMD is going to patch UEFI SMM callout privilege escalation flaw (lien direct) | AMD is going to release patches for a flaw affecting the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). AMD recently announced that it was preparing patches for an SMM Callout Privilege Escalation vulnerability, tracked as CVE-2020-12890, that affects the System Management Mode (SMM) of the Unified Extensible Firmware Interface (UEFI). The vulnerability […] | Vulnerability | ||
|
2020-06-11 11:08:41 | Cisco discloses technical details for Firefox code execution flaw (lien direct) | Cisco Talos experts released technical details on a recently addressed vulnerability in Firefox that could be exploited for code execution. Security experts from Cisco Talos have released technical details on a recently addressed vulnerability in Firefox, tracked as CVE-2020-12405, that could be exploited by attackers for remote code execution. The issue is a use-after-free in SharedWorkerService […] | Vulnerability | ||
|
2020-06-11 09:38:21 | SMBleed could allow a remote attacker to leak kernel memory (lien direct) | Microsoft addressed a Server Message Block (SMB) protocol issue, named SMBleed, that could allow an attacker to leak kernel memory remotely, without authentication. Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an attacker to leak kernel memory remotely, without […] | Vulnerability | ||
|
2020-06-10 23:41:49 | A high-severity flaw affects VMware Workstation, Fusion and vSphere products. (lien direct) | VMware has addressed a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products. VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products. The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team. ESXi, Workstation and Fusion […] | Vulnerability | ||
|
2020-06-09 07:54:56 | The CallStranger UPnP vulnerability affects billions of devices (lien direct) | Security experts discovered a new UPnP vulnerability, dubbed Call Stranger, that affects billions of devices and could be exploited for various malicious activities. Security experts disclosed a new UPnP vulnerability, named Call Stranger, that affects billions of devices and could be exploited for various malicious activities. that affects billions of devices, it could be exploited […] | Vulnerability | ||
|
2020-06-06 14:32:55 | Critical flaw could have allowed attackers to control traffic lights (lien direct) | A critical vulnerability in traffic light controllers manufactured by SWARCO could have been exploited by attackers to disrupt traffic lights. A critical vulnerability in traffic light controllers designed by SWARCO could have been exploited by hackers to disrupt traffic lights. SWARCO is the world’s largest manufacturer of signal heads and the number two internationally for […] | Vulnerability | ||
|
2020-06-02 15:30:51 | IP-in-IP flaw affects devices from Cisco and other vendors (lien direct) | A flaw in the IP-in-IP tunneling protocol that can be exploited for DoS attacks and to bypass security controls impact devices from Cisco and other vendors. A vulnerability that affects the IP-in-IP tunneling protocol (aka IP Encapsulation within IP) implemented by Cisco and other vendors could be exploited for denial-of-service (DoS) attacks and to bypass […] | Vulnerability | ||
|
2020-06-02 12:18:59 | Apple fixes CVE-2020-9859 zero-day used in recent Unc0ver jailbreak (lien direct) | This week Apple released security patches to address the CVE-2020-9859 zero-day vulnerability that had been used to jailbreak iPhones devices. Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones. The flaw was discovered by a team of cyber-security researchers and hackers that also […] | Vulnerability | ||
|
2020-06-02 09:02:22 | Critical flaw in VMware Cloud Director allows hackers to take over company infrastructure (lien direct) | Researchers disclosed a flaw in VMware Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. Security researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers. VMware Cloud Director is a cloud service-delivery platform […] | Vulnerability | ||
|
2020-06-01 12:46:02 | VMware addresses Fusion flaw introduced in the attempt to fix CVE-2020-3950 issue (lien direct) | VMware has released an update to address a privilege escalation flaw in VMware for the macOS version of Fusion that was introduced by a previous patch. In March, VMware patched a high-severity privilege escalation vulnerability (CVE-2020-3950) in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The CVE-2020-3950 is a privilege escalation vulnerability caused by the […] | Vulnerability | ||
|
2020-05-28 19:15:41 | NSA warns Russia-linked APT group is exploiting Exim flaw since 2019 (lien direct) | The U.S. NSA warns that Russia-linked APT group known as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA). The U.S. National Security Agency (NSA) is warning that Russia-linked APT group tracked Sandworm Team has been exploiting a critical vulnerability (CVE-2019-10149) in the Exim mail transfer agent (MTA) software since […] | Vulnerability | ||
|
2020-05-26 20:57:40 | StrandHogg 2.0 Android flaw affects over 1 Billion devices (lien direct) | Researchers disclosed a new critical vulnerability (CVE-2020-0096, aka StrandHogg 2.0) affecting the Android operating system that could allow attackers to carry out a sophisticated version of Strandhogg attack. A group of Norwegian researchers disclosed a critical flaw, tracked as CVE-2020-0096, affecting Android OS that could allow attackers to carry out a sophisticated version of the […] | Vulnerability | ||
|
2020-05-22 15:39:28 | Experts found a Privilege escalation issue in Docker Desktop for Windows (lien direct) | A severe privilege escalation vulnerability, tracked as CVE-2020-11492, has been addressed in the Windows Docker Desktop Service. Cybersecurity researchers from Pen Test Partners publicly disclosed a privilege escalation vulnerability in the Windows Docker Desktop Service. The CVE-2020-11492 issue affects the way the service uses named pipes when communicating as a client to child processes. “Docker Desktop for […] | Vulnerability | ||
|
2020-05-20 22:17:11 | VMware fixes CVE-2020-3956 Remote Code Execution issue in Cloud Director (lien direct) | VMware has addressed a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, that affects its Cloud Director product. VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product. The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to […] | Vulnerability | ||
|
2020-05-19 22:04:23 | Bluetooth BIAS attack threatens billions of devices (lien direct) | Boffins disclosed a security flaw in Bluetooth, dubbed BIAS, that could potentially be exploited by an attacker to spoof a remotely paired device. Researchers from École Polytechnique Fédérale de Lausanne (EPFL) discovered a vulnerability in Bluetooth, dubbed Bluetooth Impersonation AttackS or BIAS, that could potentially be exploited by an attacker to spoof a remotely paired device. The issue potentially impact […] | Vulnerability | ||
|
2020-05-19 08:50:41 | Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways (lien direct) | Experts from Palo Alto Networks discovered that the Mirai and Hoaxcalls botnets are targeting a vulnerability in legacy Symantec Web Gateways. Palo Alto Networks Unit 42 researchers observed both the Mirai and Hoaxcalls botnets using an exploit for a post-authentication Remote Code Execution vulnerability in legacy Symantec Web Gateways 5.0.2.8. “I recently came across new […] | Vulnerability | ||
|
2020-05-15 10:22:37 | Palo Alto Networks addresses tens of serious issues in PAN-OS (lien direct) | Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company's next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company's next-generation firewalls. One of the most severe vulnerabilities, tracked as CVE-2020-2018, is an authentication bypass vulnerability […] | Vulnerability | ★★★★ | |
|
2020-05-12 11:33:25 | Patch now your vBulletin install before hacker will target your forum (lien direct) | Maintainers of the vBulletin project have released an important fix to address a security vulnerability tracked as CVE-2020-12720. Administrators of online discussion forums based on the popular vBulletin CMS urge to update their install to address a critical security vulnerability tracked as CVE-2020-12720. “A security exploit has been reported within vBulletin 5.6.1. To fix this issue, […] | Vulnerability | ||
|
2020-05-10 20:17:51 | Blue Mockingbird Monero-Mining campaign targets web apps (lien direct) | Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. The deserialization vulnerability CVE-2019-18935 could be exploited by attackers to achieve remote […] | Vulnerability | ||
|
2020-05-07 07:26:26 | (Déjà vu) Samsung fixes a zero-click issue affecting its phones (lien direct) | Samsung addressed this month a critical 0-click vulnerability that was discovered by security researchers from Google. Samsung released this week a security patch that addresses a critical vulnerability, tracked as CVE-2020-8899, impacting all smartphones sold since 2014. The flaw is tracked as SVE-2020-16747 in the Samsung security bulletin. “A possible memory overwrite vulnerability in Quram […] | Vulnerability | ★★★ | |
|
2020-05-05 20:36:39 | Recorded Future to Provide Free Access to Elite Intelligence Through New Browser Extension (lien direct) | Level up Your Security Program With the Same Security Intelligence Used by the World’s Largest Governments and Many of the Fortune 1000 Recorded Future, the largest global security intelligence provider, today released a free browser extension that helps prioritize SIEM alerts and vulnerability patching, in addition to providing enhanced malware analysis. With this release, Recorded […] | Malware Vulnerability | ||
|
2020-05-05 11:38:33 | (Déjà vu) Expert released PoC exploit for CVE-2020-1967 DoS flaw in OpenSSL (lien direct) | A proof-of-concept (PoC) exploit for the recently fixed CVE-2020-1967 denial-of-service (DoS) issue in OpenSSL has been made public. Recently, the OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. The CVE-2020-1967 vulnerability has been described as a […] | Vulnerability | ||
|
2020-05-01 17:26:15 | Hackers are targeting recently patched WebLogic security vulnerability (lien direct) | Oracle warns of attacks against recently patched WebLogic security bug Oracle warns of attacks in the wild exploiting a recently patched vulnerability in WebLogic servers for which a PoC code is available on GitHub. IT giant Oracle published a security alert to warn organizations running WebLogic servers of ongoing attacks that exploit the CVE-2020-2883 vulnerability. […] | Vulnerability | ||
|
2020-04-29 15:24:54 | Estonian intelligence reports foreign hackers breached Mail.ee email provider (lien direct) | State-sponsored hackers have compromised a small number of accounts of the Estonian email provider Mail.ee belonging to high-profile people. Alleged state-sponsored hackers have hijacked a small number of accounts at the Estonian email provider Mail.ee, they exploited a zero-day vulnerability in the attack. According to the end-of-year report published this month by Estonian Internal Security […] | Vulnerability | ||
|
2020-04-28 09:03:11 | 100k+ WordPress sites exposed to hack due to a bug in Real-Time Find and Replace plugin (lien direct) | A bug in the Real-Time Find and Replace WordPress plugin could allow hackers to hackers to create rogue admin accounts on over 100,000 sites. A vulnerability in the Real-Time Find and Replace WordPress plugin could be exploited by attackers to create rogue admin accounts. The Real-Time Find and Replace WordPress plugin is currently installed on over 100,000 sites, it […] | Hack Vulnerability | ||
|
2020-04-27 09:52:56 | Hacking Microsoft Teams accounts with a GIF image (lien direct) | Experts discovered how to take over Microsoft Teams accounts by just sending recipients a regular GIF, it works for both desktop and web Teams versions. Microsoft has addressed a vulnerability in Teams workplace video chat and collaboration platform that could have allowed attackers to take Team accounts by sending participants a malicious link to an […] | Vulnerability | ||
|
2020-04-26 12:55:37 | Hackers exploit SQL injection zero-day issue in Sophos firewall (lien direct) | Cybersecurity firm Sophos releases an emergency patch to address an SQL injection flaw in its XG Firewall product that has been exploited in the wild. Cybersecurity firm Sophos has released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. Sophos was informed […] | Vulnerability | ||
|
2020-04-21 16:21:46 | OpenSSL Project fixed high-severity CVE-2020-1967 DoS issue in OpenSSL (lien direct) | The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in […] | Vulnerability | ||
|
2020-04-17 21:41:29 | (Déjà vu) Experts shed the light on the mysterious critical VMware vCenter Server issue (lien direct) | Security firm Guardicore released technical information on a critical VMware vCenter Server vulnerability recently disclosed by VMware. Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 vulnerability […] | Vulnerability | ||
|
2020-04-17 17:26:14 | Cisco addresses critical issues in IP Phones and UCS Director (lien direct) | Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director. The critical vulnerability fixed by Cisco affects IP Phones and resides on the webserver, the flaw could be exploited by a remote, unauthenticated attacker to execute code with root privileges. The flaw, tracked as CVE-2020-3161, […] | Vulnerability | ||
|
2020-04-15 22:43:09 | A zero-day exploit for Zoom Windows RCE offered for $500,000 (lien direct) | Hackers are selling two zero-day exploits for critical issues affecting the video conferencing software Zoom that would allow attackers to spy on communications. Hackers are offering for sale an exploit for a zero-day remote code execution vulnerability affecting the Windows client for Zoom. The zero-day exploit goes for $500,000, hackers are also offering another exploit code […] | Vulnerability | ||
|
2020-04-11 11:37:37 | Fake Cisco \'Critical Update\' used in phishing campaign to steal WebEx credentials (lien direct) | Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims' Webex credentials. The Cofense's phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. The phishing messages urge victims to install the “update,” but […] | Vulnerability | ||
|
2020-04-10 14:22:09 | CVE-2020-3952 flaw could allow attackers to hack VMware vCenter Server (lien direct) | VMware has addressed a critical information disclosure vulnerability related to the Directory Service that can be exploited to compromise vCenter Server. VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 […] | Hack Vulnerability | ||
|
2020-04-10 11:45:04 | Hacker stole $250K from decentralized Bitcoin exchange Bisq (lien direct) | Cryptocurrency exchange Bisq stopped trading activities due to a cyberattack, crooks have stolen $250,000 worth of virtual currency from the company. The decentralized exchange (DEX) Bisq rang stopped trading activities late Tuesday night after it uncovered a critical security vulnerability that was exploited by a hacker to steal more than $250,000 worth of cryptocurrency from […] | Vulnerability | ||
|
2020-04-06 13:24:48 | DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies (lien direct) | DarkHotel nation-state actor is exploiting a VPN zero-day to breach Chinese government agencies in Beijing and Shanghai Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access […] | Vulnerability | ||
|
2020-04-03 08:50:13 | 100,000 WordPress sites using the Contact Form 7 Datepicker plugin are exposed to hack (lien direct) | An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […] | Hack Vulnerability | ||
|
2020-04-01 20:34:24 | Zoom client for Windows could allow hackers to steal users\'Windows password (lien direct) | The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoom is an efficient […] | Vulnerability | ||
|
2020-03-31 21:43:12 | A critical flaw in Rank Math WordPress plugin allows hackers to give users Admins privileges (lien direct) | A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […] | Vulnerability Threat | ||
|
2020-03-25 13:39:19 | Tor Browser 9.0.7 addresses a flaw that could allow unmasking Tor users (lien direct) | The Tor Project released Tor Browser 9.0.7 that definitively addresses a vulnerability that allowed to execute JavaScript code on sites it should not. The Tor Project released Tor Browser 9.0.7 that permanently addresses a severe bug that allowed JavaScript code to run on sites it should not. A couple of weeks ago, the Tor Project […] | Vulnerability | ||
|
2020-03-24 16:25:45 | Adobe addressed a critical vulnerability in Adobe Creative Cloud App that allows deleting files (lien direct) | Adobe has addressed a critical vulnerability in its Creative Cloud desktop application that can be exploited by hackers to delete arbitrary files. Adobe has fixed a critical vulnerability in its Creative Cloud desktop application that can be exploited by attackers to delete arbitrary files. Creative Cloud is a collection of 20+ desktop and mobile apps […] | Vulnerability | ||
|
2020-03-14 17:50:13 | Slack bugs allowed take over victims\' accounts (lien direct) | Slack addressed a critical flaw within 24 hours from its disclosure, the issue allowed attackers to carry out automate account takeover. The researcher Evan Custodio discovered a critical vulnerability in Slack that could have allowed attackers to launch automate account takeover. Slack addressed the vulnerability within 24 hours it was reported by the researcher, the […] | Vulnerability | ||
|
2020-03-12 19:04:32 | Microsoft fixes CVE-2020-0796, the SMBv3 wormable bug recently leaked (lien direct) | Microsoft released security updates to fix a recently disclosed CVE-2020-0796 vulnerability in SMBv3 protocol that could be abused by wormable malware. Microsoft has released security updates to address the CVE-2020-0796 vulnerability in SMBv3 protocol that could be exploited by vxers to implement “wormable” malware. On March 10, 2019, Microsoft accidentally leaked info on a security update for […] | Vulnerability | ||
|
2020-03-11 23:26:39 | Avast disables the JavaScript engine component due to a severe issue (lien direct) | Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs. The issue […] | Hack Vulnerability | ||
|
2020-03-11 21:27:02 | RCE in popular ThemeREX WordPress Plugin has been actively exploited (lien direct) | The WordPress plugin ‘ThemeREX Addons’ is affected by a critical vulnerability that could allow remote attackers to execute arbitrary code. A critical vulnerability in the WordPress plugin known as ThemeREX Addons could be exploited for remote code execution. The plugin is currently installed on tens of thousands of websites and according to the security firm […] | Vulnerability | ||
|
2020-03-11 13:06:30 | Bugs in Avast AntiTrack expose users to cyber attacks (lien direct) | A flaw in the impacting Avast and AVG AntiTrack privacy software could expose users to browser hijacking and Man-in-The-Middle (MiTM) attacks. Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with consequent exposure of sensitive data. “A […] | Vulnerability | ||
|
2020-03-10 22:53:40 | Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 Flaw (lien direct) | Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server […] | Vulnerability |
To see everything:
Our RSS (filtrered)
