What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-11-11 10:16:08 | Australian Govt agency ACSC warns of Emotet and BlueKeep attacks (lien direct) | The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) warns businesses and netizens of Emotet and BlueKeep attacks in the wild. The ACSC is warning organizations and people of a wave of cyberattacks exploiting the Windows BlueKeep vulnerability to deliver crypto-currency miners. “The Australian Signals Directorate's Australian Cyber Security Centre (ACSC), with its state and territory partners, […] | Vulnerability | ||
|
2019-11-02 15:53:12 | CVE-2019-2114 flaw allows hackers to plant malware on Android devices via NFC beaming (lien direct) | A vulnerability affecting devices running Andoid 8 (Oreo) or later, tracked as CVE-2019-2114, could be exploited by hackers to infect them via NFC beaming. Google has recently released a patch to address a vulnerability affecting devices running Android 8 (Oreo) or later, tracked as CVE-2019-2114, that could be exploited to infect nearby phones via NFC […] | Malware Vulnerability | ||
|
2019-10-30 09:55:01 | WhatsApp sued Israeli surveillance firm NSO Group and its parent Q Cyber Technologies (lien direct) | WhatsApp sued Israeli surveillance firm NSO Group, accusing it of using a flaw in its messaging service to conduct cyberespionage on journalists and activists. WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May, Facebook has patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has […] | Vulnerability | ||
|
2019-10-26 15:07:54 | CVE-2019-11043 exposes Web servers using nginx and PHP-FPM to hack (lien direct) | asty PHP7 remote code execution bug exploited in the wild Experts warn of a remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. A remote code execution vulnerability in PHP7, tracked as CVE-2019-11043, has been exploited in attacks in the wild. On October 22, the security expert […] | Hack Vulnerability | ||
|
2019-10-22 12:32:47 | Trend Micro Anti-Threat Toolkit could be used to run malware on Win PCs (lien direct) | A vulnerability in the Trend Micro Anti-Threat Toolkit (ATTK) can be exploited by attackers to run malware on targets’ Windows systems. The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit. Trend Micro ATTK allows analyzing malware issues and clean infections. It can […] | Malware Vulnerability | ||
|
2019-10-19 13:41:08 | A critical Linux Wi-Fi bug could be exploited to fully compromise systems (lien direct) | A researcher discovered a critical Linux vulnerability, tracked as CVE-2019-17666, that could be exploited to fully compromise vulnerable machines. Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666, that could be exploited by attackers to fully compromise vulnerable machines. The vulnerability affects Linux versions through 5.3.6, according to the […] | Vulnerability | ||
|
2019-10-17 14:36:37 | Critical and high-severity flaws addressed in Cisco Aironet APs (lien direct) | A critical flaw in Aironet access points (APs) can be exploited by a remote attacker to gain unauthorized access to vulnerable devices. Cisco disclosed a critical vulnerability in Aironet access points (APs), tracked as CVE-2019-15260, that can be exploited by a remote, unauthenticated attacker to gain unauthorized access to vulnerable devices with elevated privileges. This vulnerability […] | Vulnerability | ||
|
2019-10-15 10:09:47 | sudo flaw allows any users to run commands as Root on Linux (lien direct) | Experts discovered a security policy bypass issue in the Sudo utility that is installed as a command on almost every Linux and Unix system. The Sudo utility that is installed as a command on almost every Linux and Unix system is affected by a security policy bypass issue tracked as CVE-2019-14287. The vulnerability could be […] | Vulnerability | ||
|
2019-10-12 10:44:46 | (Déjà vu) SIM cards used in 29 countries are vulnerable to Simjacker attack (lien direct) | Security researchers at Adaptive Mobile who discovered the SimJacker issue have published the list of countries where mobile operators use flawed SIM cards. Exactly one month ago, researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just […] | Vulnerability | ||
|
2019-10-11 20:38:56 | Tens of million PCs potentially impacted by a flaw in HP Touchpoint Analytics (lien direct) | SafeBreach experts discovered that the HP Touchpoint Analytics service is affected by a potentially serious vulnerability. Security researchers at SafeBreach have discovered that the HP Touchpoint Analytics service is affected by a serious flaw tracked as CVE-2019-6333. The vulnerability received a CVSS score of 6.7 (medium severity). The TouchPoint Analytics is a service that allows the vendor to […] | Vulnerability | ||
|
2019-10-11 06:14:11 | Sophos fixed a critical vulnerability in Cyberoam firewalls (lien direct) | A vulnerability in Sophos Cyberoam firewalls could be exploited by an attacker to gain access to a target's internal network without authentication. Sophos addressed a vulnerability in its Cyberoam firewalls that could be exploited by an attacker to gain access to a company's internal network without providing a password. “A critical shell injection vulnerability in Sophos […] | Vulnerability | ||
|
2019-10-10 21:00:58 | iTunes Zero-Day flaw exploited by the gang behind BitPaymer ransomware (lien direct) | The gang behind BitPaymer and ransomware attacks has been found exploiting Windows zero-day for Apple iTunes and iCloud. The cybercriminals behind BitPaymer and iEncrypt ransomware attacks have been found exploiting a Windows zero-day vulnerability for Apple iTunes and iCloud in attacks in the wild. The zero-day vulnerability resides in the Bonjour updater that comes packaged with […] | Ransomware Vulnerability | ||
|
2019-10-10 06:56:21 | Ops, popular iTerm2 macOS Terminal App is affected by a critical RCE since 2012 (lien direct) | Security experts discovered a critical remote code execution vulnerability, tracked as CVE-2019-9535, in the GPL-licensed iTerm2 macOS terminal emulator app. Security experts at cybersecurity firm Radically Open Security (ROS) discovered a 7-year old critical remote code execution vulnerability in the GPL-licensed iTerm2 macOS terminal emulator app. The iTerm2 macOS terminal emulator app is one of the most […] | Vulnerability | ||
|
2019-10-09 07:21:02 | Researchers discovered a code execution flaw in NSA GHIDRA (lien direct) | Security researchers discovered a code-execution vulnerability that affects versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux). The framework was first mentioned in the CIA Vault 7 dump that was leaked in 2017. WikiLeaks obtained thousands of files allegedly originating from […] | Vulnerability | ||
|
2019-10-08 05:32:23 | Hackers continue to exploit the Drupalgeddon2 flaw in attacks in the wild (lien direct) | Researchers from Akamai uncovered a new campaign targeting the Drupalgeddon2 vulnerability to deliver malware. The popular security expert Larry W. Cashdollar from Akamai has uncovered a new campaign targeting the popular Drupalgeddon2 vulnerability (CVE-2018-7600) to deliver malware. Drupalgeddon2 is a “highly critical” vulnerability that affects Drupal 7 and 8 core, it could be exploited by an attacker […] | Vulnerability | ||
|
2019-10-07 14:47:06 | D-Link router models affected by remote code execution issue that will not be fixed (lien direct) | Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019. The flaw has received a CVSS v31 base […] | Vulnerability | ||
|
2019-10-05 18:34:16 | A bug in Signal for Android could be exploited to spy on users (lien direct) | Researcher discovered a logical flaw in the Signal messaging app for Android that could be exploited by a malicious caller to force a call to be answered at the receiver’s end without interaction. Google Project Zero white-hat hacker Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could be exploited […] | Vulnerability | ||
|
2019-10-04 11:48:25 | Project Zero researcher found unpatched Android zero-day likely exploited by NSO group (lien direct) | Google Project Zero researcher Maddie Stone discovered a critical unpatched zero-day vulnerability affecting the Android mobile operating system. Maddie Stone, a member of the Google elite team Project Zero, discovered a critical unpatched zero-day vulnerability affecting the Android mobile operating system. According to the expert, the bug, tracked as CVE-2019-2215, was allegedly being used or […] | Vulnerability | ||
|
2019-10-02 20:17:05 | Expert disclosed details of remote code execution flaw in Whatsapp for Android (lien direct) | Researcher discovered a double-free vulnerability in WhatsApp for Android that could be exploited by remote attackers to execute arbitrary code on the vulnerable device. A security researcher that goes online with the moniker Awakened discovered a double-free vulnerability in WhatsApp for Android and demonstrated how to leverage on it to remotely execute arbitrary code on […] | Vulnerability | ||
|
2019-09-30 14:39:53 | (Déjà vu) A new critical flaw in Exim exposes email servers to remote attacks (lien direct) | Exim maintainers released an urgent security update to address a critical security flaw that could allow a remote attacker to potentially execute malicious code on targeted servers. Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on […] | Vulnerability | ||
|
2019-09-24 12:46:22 | Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild (lien direct) | Microsoft released an out-of-band patch to address a Zero-day memory corruption vulnerability in Internet Explorer that has been exploited in attacks in the wild. Microsoft has released an out-of-band patch for an Internet Explorer zero-day vulnerability that was exploited in attacks in the wild. The vulnerability tracked as CVE-2019-1367 is a memory corruption flaw that resides […] | Vulnerability | ||
|
2019-09-19 15:56:02 | At least 1,300 Harbor cloud registry installs open to attack (lien direct) | A critical security flaw in Harbor cloud native registry for container images could be exploited to obtain admin privileges on a vulnerable hosting system. Palo Alto Networks’ Unit 42 researcher Aviv Sasson discovered a critical vulnerability in Harbor cloud native registry for container images. The flaw, tracked as CVE-2019-16097, could be exploited to take control […] | Vulnerability | ||
|
2019-09-18 20:37:33 | More than 737 million medical radiological images found on open PACS servers (lien direct) | Researchers at Greenbone Networks vulnerability analysis and management company discovered 400 Million medical radiological images exposed online via unsecured PACS servers. The experts at Greenbone Networks vulnerability analysis and management company discovered 600 unprotected servers exposed online that contained medical radiological images. The research was conducted between mid-July 2019 and early September 2019. The unprotected […] | Vulnerability | ||
|
2019-09-18 13:06:33 | Memory corruption flaw in AMD Radeon driver allows VM escape (lien direct) | Experts at Cisco Talos group discovered a vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver that could lead to VM escape. Researchers at Cisco Talos group discovered a vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver that be exploited by an attacker to escale the VM and execute code on the host. This flaw affects […] | Vulnerability Guideline | ||
|
2019-09-16 11:57:15 | A flaw in LastPass password manager leaks credentials from previous site (lien direct) | A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […] | Vulnerability | LastPass | |
|
2019-09-15 08:23:08 | A bug in Instagram exposed user accounts and phone numbers (lien direct) | Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name. ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional […] | Vulnerability | ||
|
2019-09-12 22:03:02 | SimJacker attack allows hacking any phone with just an SMS (lien direct) | SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just […] | Vulnerability | ||
|
2019-09-11 22:02:02 | (Déjà vu) NetCAT attack allows hackers to steal sensitive data from Intel CPUs (lien direct) | Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by mounting a side-channel attack over the […] | Vulnerability | ||
|
2019-09-10 06:21:03 | DoS attack the caused disruption at US power utility exploited a known flaw (lien direct) | A DoS attack that caused disruptions at a power utility in the United States exploited a flaw in a firewall used in the facility. The incident took place earlier this year, threat actors exploited a known vulnerability in a firewall used by the affected facility to cause disruption. In May, the Department of Energy confirmed […] | Vulnerability Threat | ||
|
2019-09-09 06:52:00 | China-linked APT3 was able to modify stolen NSA cyberweapons (lien direct) | China-linked APT3 stole cyberweapons from the NSA and reverse engineered them to create its arsenal. In 2010, security firm FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, […] | Vulnerability Threat | APT 3 | |
|
2019-09-06 16:00:02 | CVE-2019-15846 Exim mail server flaw allows Remote Code Execution (lien direct) | A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges. The vulnerability […] | Vulnerability | ||
|
2019-09-05 22:02:05 | Zero-day vulnerability in Android OS yet to be patched (lien direct) | Maintainers of the Android Open Source Project (AOSP) failed to address a privilege escalation bug in the Android mobile OS that was reported six months ago. Experts disclosed details of a zero-day vulnerability that affects the Android mobile operating system. The high-severity zero-day issue resides in the driver for the Video For Linux 2 (V4L2) […] | Vulnerability | ||
|
2019-09-05 14:18:02 | Year-Old Samba flaw allows escaping from the share path definition (lien direct) | Experts discovered a year-old flaw in Samba software that could be exploited to bypass file-sharing permissions and access forbidden root shares paths. Security researchers discovered a year-old vulnerability in Samba software that could be exploited, under certain conditions, to bypass file-sharing permissions and access forbidden root shares paths. “On a Samba SMB server for all […] | Vulnerability | ||
|
2019-09-03 21:42:02 | USBAnywhere BMC flaws expose Supermicro servers to hack (lien direct) | USBAnywhere – Tens of thousands of enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in USB devices. Tens of thousands of servers worldwide powered by Supermicro motherboards are affected by a vulnerability that would allow an attacker to remotely take over them. Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities […] | Hack Vulnerability | ||
|
2019-09-01 15:09:05 | Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE (lien direct) | Cisco released security updates for Cisco IOS XE operating system to address a critical vulnerability that could be exploited by a remote attacker to bypass authentication. Cisco released security updates for Cisco IOS XE OS to address a critical flaw, tracked as CVE-2019-12643, that could be exploited by a remote attacker to bypass authentication. “On […] | Vulnerability | ||
|
2019-08-27 06:17:01 | White hat hacker demonstrated how to hack a million Instagram accounts (lien direct) | A researcher was awarded $10,000 by Facebook for the discovery of a critical vulnerability that could have been exploited to hack Instagram accounts. The white-hat hacker Laxman Muthiyah has discovered a critical vulnerability that could have been exploited to hack Instagram accounts. The process affected Instagram's password recovery process for mobile devices that leverages on […] | Hack Vulnerability | ||
|
2019-08-26 22:55:00 | Apple released an emergency patch to address CVE-2019-8605 iOS flaw (lien direct) | Apple has released an emergency patch in iOS 12.4.1 that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak. Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices. Experts discovered that the iOS version 12.4 released in June has reintroduced a security […] | Vulnerability | ||
|
2019-08-23 22:33:05 | Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes (lien direct) | Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log […] | Vulnerability | ||
|
2019-08-23 16:02:00 | Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs (lien direct) | Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. The CVE-2018-13379 is a path traversal vulnerability in the […] | Vulnerability Threat | ||
|
2019-08-23 07:09:00 | Cisco warns of the availability of public exploit code for critical flaws in Cisco Small Business switches (lien direct) | Cisco provided updates for security advisories for three flaws affecting Cisco Small Business 220 Series Smart Switches patched in early August. Cisco has updated security advisories for three vulnerability in Cisco Small Business 220 Series Smart Switches that have been patched in early August. The three vulnerabilities were reported by the security researcher Pedro Ribeiro, […] | Vulnerability | ||
|
2019-08-22 08:28:00 | (Déjà vu) A new Zero-Day in Steam client impacts over 96 million Windows users (lien direct) | A new zero-day vulnerability in the for Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. A news zero-day flaw in the Steam client for Windows client impacts over 96 million users. The flaw is a privilege escalation vulnerability and it has been publicly disclosed by researcher Vasily Kravets. Kravets is one of the […] | Vulnerability | ||
|
2019-08-20 06:40:03 | Backdoored Webmin versions were available for download for over a year (lien direct) | Webmin, the popular open-source web-based interface for Unix admin contained a remote code execution vulnerability for more than a year. Webmin is an open-source web-based interface for system administration for Linux and Unix. It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. News of the day […] | Vulnerability | ||
|
2019-08-19 22:36:02 | Hacker publicly releases Jailbreak for iOS version 12.4 (lien direct) | Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers. A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had […] | Vulnerability | ||
|
2019-08-18 17:26:00 | (Déjà vu) Security Affairs newsletter Round 227 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 10-year-old vulnerability in Avaya VoIP Phones […] | Vulnerability | ||
|
2019-08-18 07:50:03 | (Déjà vu) Intel addresses High-Severity flaws in NUC Firmware and other tools (lien direct) | Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program. Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program. One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that […] | Vulnerability | ||
|
2019-08-17 15:37:04 | Trend Micro addressed two DLL Hijacking flaws in Trend Micro Password Manager (lien direct) | Trend Micro addressed 2 DLL hijacking flaws in Trend Micro Password Manager that could allow malicious actors to escalate privileges and much more. Security expert Peleg Hadar from SafeBreach discovered a DLL hijacking vulnerability in the Trend Micro Password Manager that could be exploited to execute arbitrary code with the permissions of the most privileged […] | Vulnerability | ||
|
2019-08-17 08:02:03 | Expert shows how to bypass a fix for a recently discovered Steam flaw (lien direct) | A security researcher demonstrated how to bypass a fix released by Valve for a recently discovered Steam vulnerability re-enabling the attack. A few days ago, the security experts Matt Nelson and Vasily Kravets separately disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative […] | Vulnerability | ||
|
2019-08-16 06:56:01 | Mozilla addresses “master password” security bypass flaw in Firefox (lien direct) | The latest update released by Mozilla for Firefox patches a flaw in Firefox Password Manager that can be exploited to access stored passwords. The latest release for Mozilla Firefox (Firefox 68.0.2) fixes a vulnerability that can be exploited to bypass the master password in Firefox Password Manager and access stored passwords. “When a master password […] | Vulnerability | ||
|
2019-08-15 15:24:03 | A flaw in Kaspersky Antivirus allowed tracking its users online (lien direct) | A vulnerability in Kaspersky Antivirus had exposed a unique identifier associated with users to every website they have visited in the past 4 years. A vulnerability in the Kaspersky Antivirus software, tracked as CVE-2019-8286, had exposed a unique identifier associated with its users to every website they have visited in the past 4 years. The […] | Vulnerability | ||
|
2019-08-15 06:23:00 | KNOB attack threatens over a billion Bluetooth-enabled devices (lien direct) | A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation of Bluetooth (KNOB) attack could allow attackers to spy on encrypted connections. Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) found a new Bluetooth vulnerability, referred as Key Negotiation of Bluetooth (KNOB) attack, that could allow attackers to spy on encrypted connections. The […] | Vulnerability |
To see everything:
Our RSS (filtrered)
