What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-08-13 21:21:03 | Google hacker discloses 20-year-old Windows flaw still unpatched (lien direct) | Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched. The popular cyber security expert Tavis Ormandy, white hat hacker at Google’s Project Zero Team disclosed technical details of 20-year-old vulnerability that is still unpatched. The vulnerability, rated as high-severity, affects all versions […] | Vulnerability | ||
|
2019-08-11 06:52:03 | 10-year-old vulnerability in Avaya VoIP Phones finally fixed (lien direct) | Security researchers at McAfee have discovered that a vulnerability patched ten years ago is still affecting several Avaya phones. Security experts at McAfee discovered that a stack-based buffer overflow flaw in the Dynamic Host Configuration Protocol (DHCP) client discovered and fixed ten years ago is still affecting several Avaya phones. The vulnerability, tracked as CVE-2009-0692, could […] | Vulnerability | ||
|
2019-08-09 07:52:01 | A Zero-Day in Steam client for Windows affects over 100 Million users (lien direct) | Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk. Two security experts disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative privileges. The issue could be exploited […] | Vulnerability | ||
|
2019-08-07 07:07:02 | SWAPGS Attack – A new Spectre-V1 attack affects modern chips (lien direct) | Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […] | Vulnerability | ||
|
2019-08-06 19:37:00 | Expert publicly disclosed a zero-day vulnerability in KDE (lien direct) | A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […] | Vulnerability | ||
|
2019-08-01 09:21:05 | Cisco to pay $8.6 million fine for selling flawed surveillance technology to the US Gov (lien direct) | Cisco is going to pay $8.6 million to settle a legal dispute for selling vulnerable software to the US government. Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. The case was filed in the Federal […] | Vulnerability | ||
|
2019-07-26 18:10:01 | A flaw in LibreOffice could allow the hack of your PC (lien direct) | LibreOffice users have to know that their unpatched computers could be hacked by simply opening a specially crafted document. Bad news for LibreOffice users, the popular free and open-source office suite is affected by an unpatched remote code execution vulnerability Recently, LibreOffice released the latest version 6.2.5 that addresses two severe flaws tracked as CVE-2019-9848 and CVE-2019-9849. […] | Hack Vulnerability | ||
|
2019-07-25 15:17:03 | New variant of Linux Botnet WatchBog adds BlueKeep scanner (lien direct) | Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. Researchers at Intezer have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining botnet, that also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep vulnerability (CVE-2019-0708). […] | Vulnerability | ||
|
2019-07-23 19:07:03 | A new ProFTPD vulnerability exposes servers to hack (lien direct) | A flaw in the open-source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and potentially execute arbitrary code. The security researcher Tobias Mädel discovered a vulnerability in the open-source ProFTPD file transfer protocol (FTP) server that can be exploited to copy files to vulnerable servers and potentially execute arbitrary […] | Hack Vulnerability | ||
|
2019-07-23 13:56:05 | Comodo Antivirus is affected by several vulnerabilities (lien direct) | Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced. Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could […] | Vulnerability | ||
|
2019-07-23 06:51:05 | CERT-Bund warns of a critical vulnerability in VLC player (lien direct) | VLC player is still affected by a critical heap-based memory buffer over-read condition, tracked as CVE-2019-13615, that could be exploited by a remote attacker to execute arbitrary code. The VLC player is still affected by a critical remote code execution vulnerability tracked as CVE-2019-13615. The potential impact of the flaw is important because the software […] | Vulnerability | ||
|
2019-07-22 10:09:00 | BlackBerry Cylance addresses AI-based antivirus engine bypass (lien direct) | BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance's AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue. […] | Vulnerability | ||
|
2019-07-21 10:17:00 | Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw (lien direct) | Hackers breached at least 62 college and university networks exploiting a flaw in Ellucian Banner Web Tailor, a module of the Ellucian Banner ERP. US Department of Education warned that hackers have breached at least 62 college and university networks by exploiting a vulnerability in the Ellucian Banner Web Tailor module of the Ellucian Banner ERP. The module is […] | Vulnerability | ||
|
2019-07-17 09:53:05 | Expert was awarded $10,000 for disclosing XSS flaw to Tesla (lien direct) | Tesla paid $10,000 a researcher that found a stored cross-site scripting (XSS) vulnerability that could have been exploited to change vehicle information. The security researcher Sam Curry has earned $10,000 from Tesla after reporting a stored cross-site scripting (XSS) flaw that could have been exploited to obtain vehicle information and potentially modify it. Curry discovered […] | Vulnerability | ||
|
2019-07-16 20:13:01 | A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files (lien direct) | Experts at Vertical Structure and WhiteHat Security discovered a serious flaw that exposed millions of files stored on thousands of exposed Lenovo NAS devices. An analysis conducted by researchers at Vertical Structure and WhiteHat Security allowed discovering a vulnerability in discontinued Iomega/Lenovo NAS devices, tracked as CVE-2019-6160, that exposed millions of files. The discovery was […] | Vulnerability | ||
|
2019-07-15 20:30:04 | Flaw in Ad Inserter WordPress plugin allows remote attackers to execute code (lien direct) | A critical vulnerability affecting the Ad Inserter WordPress plugin could be exploited by authenticated attackers to remotely execute PHP code. Security researchers at Wordfence discovered a critical vulnerability in the Inserter WordPress plugin that could be exploited by authenticated attackers to remotely execute PHP code. Ad Inserter is an Ad management plugin that allows administrators to benefit of advanced features to insert ads […] | Vulnerability | ||
|
2019-07-15 13:04:00 | A flaw could have allowed hackers to take over any Instagram account in 10 minutes (lien direct) | Instagram has recently addressed a critical flaw that could have allowed hackers to take over any Instagram account without any user interaction. Instagram has recently addressed a critical vulnerability that could have allowed attackers to completely take over any account without user interaction. The news was first reported by TheHackerNews, the issue was reported to […] | Vulnerability | ||
|
2019-07-15 06:38:04 | Apple temporarily blocked Walkie-Talkie App on Apple Watch due to a flaw (lien direct) | A serious vulnerability in Walkie-Talkie App on Apple Watch forced the tech giant to disable the applications to avoid attackers spying on its users. Apple has temporarily disabled the Walkie-Talkie app on the Apple Watch due to a vulnerability that could be exploited to spy on users. The issue was reported to Apple via its report […] | Vulnerability | ||
|
2019-07-09 11:30:04 | Flaw in Zoom video conferencing software lets sites take over webcam on Mac (lien direct) | Zoom video conferencing software for Mac is affected by a flaw that could allow attackers to take over webcams when users visit a website. Cybersecurity expert Jonathan Leitschuh disclosed an unpatched critical security vulnerability in the Zoom app for Apple Mac computers, that is chained with another issue, could be exploited by attackers to execute […] | Vulnerability | ||
|
2019-07-04 13:50:03 | Magento fixed security flaws that allow complete site takeover (lien direct) | Magento addressed flaws that could be exploited by unauthenticated attackers to hijack administrative sessions and completely take over online stores. Magento addressed security vulnerabilities that could be chained by an unauthenticated attacker to hijack administrative sessions and completely take over online stores. The attacker would first exploit a Stored Cross-Site Scripting (XSS) vulnerability to inject […] | Vulnerability | ||
|
2019-07-04 11:58:03 | Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug (lien direct) | Kaspersky experts discovered that Sodinokibi, aka Sodin, Ransomware currently also exploits the CVE-2018-8453 vulnerability to elevate privileges in Windows The Sodinokibi Ransomware (aka Sodin, REvil) appeared in the threat landscape in April when crooks were delivering it by exploiting a recently patched Oracle WebLogic Server vulnerability. Now the threat is evolving, the Sodinokibi ransomware includes fresh […] | Ransomware Vulnerability Threat | ||
|
2019-07-03 06:26:03 | US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw (lien direct) | US Cyber Command posted on Twitter an alert about cyber attacks exploiting the CVE-2017-11774 vulnerability in Outlook. Yesterday I was using Twitter when I noticed the following alert issued by the account managed by the US Cyber Command: The alert refers to an ongoing activity aimed at infecting government networks by exploiting the CVE-2017-11774 Outlook […] | Vulnerability | ||
|
2019-06-30 20:34:03 | Bulgarian IT expert arrested after disclosing a flaw in kindergarten software (lien direct) | Bulgarian police arrested the IT expert Petko Petrov after he publicly demonstrated a security vulnerability in the kindergarten software used by local kindergartens. The IT expert Petko Petrov was arrested by the Bulgarian police because he publicly demonstrated the exploitation of a vulnerability in the software used by local kindergartens. Petrov exploited the flaw to […] | Vulnerability | ||
|
2019-06-30 10:19:05 | Vulnerability in Medtronic insulin pumps allow hacking devices (lien direct) | Medtronic and the US government have warned that some Medtronic MiniMed insulin pumps are vulnerable to cyber attacks. Medtronic and the United States government have warned of a security vulnerability affecting some Medtronic MiniMed insulin pumps that could be exploited by hackers. The Department of Homeland Security (DHS) and Medtronic, and the Food and Drug […] | Vulnerability | ||
|
2019-06-27 13:16:03 | Flaws in the BlueStacks Android emulator allows remote code execution and more (lien direct) | Multiple flaws in the BlueStacks Android emulator were addressed, including a vulnerability that allowed attackers to remotely control code execution. Other issues included information disclosure and a flaw that allowed attackers to steal backups of the VM and its data. In April, the researcher Nick Cano discovered that BlueStacks versions prior than v4.90.0.1046 are affected by a […] | Vulnerability | ||
|
2019-06-24 12:38:01 | CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting (lien direct) | Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server […] | Malware Vulnerability | ||
|
2019-06-23 14:25:02 | Hundreds of million computers potentially exposed to hack due to a flaw in PC-Doctor component (lien direct) | Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an […] | Hack Vulnerability | ||
|
2019-06-23 08:12:04 | (Déjà vu) Expert released PoC for Outlook for Android flaw addressed by Microsoft (lien direct) | Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. The vulnerability is a stored cross-site scripting issue that is related to the way […] | Vulnerability | ||
|
2019-06-21 06:18:05 | Microsoft fixed CVE-2019-1105 flaw in Outlook for Android (lien direct) | Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users. Microsoft has addressed an important flaw tracked as CVE-2019-1105 that affects versions of Outlook for Android app before 3.0.88. The vulnerability is a stored cross-site scripting issue that is related to the way the app parses incoming email […] | Vulnerability | ||
|
2019-06-20 19:56:02 | (Déjà vu) CVE-2019-11707 Firefox Zero-Day exploited to infect employees at cryptocurrency exchanges (lien direct) | Researchers discovered that recently patched Firefox zero-day (CVE-2019-11707) has been exploited to deliver Windows and Mac malware to cryptocurrency exchanges. Experts discovered that recently patched Firefox zero-day vulnerability (CVE-2019-11707) has been exploited by threat actors to deliver Windows and Mac malware to employees of cryptocurrency exchanges. CVE-2019-11707 is a type confusion vulnerability in Array.pop. Mozilla has addressed […] | Malware Vulnerability Threat | ||
|
2019-06-19 11:03:00 | Another Remote Code Execution flaw in WebLogic exploited in the wild (lien direct) | Oracle released emergency patches for another critical remote code execution vulnerability affecting WebLogic Server. On Tuesday, Oracle released emergency patches for another critical remote code execution vulnerability affecting the WebLogic Server. The vulnerability, tracked as CVE-2019-2729, affects WebLogic versions 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. The vulnerability is a remotely exploitable deserialization vulnerability via XMLDecoder in Oracle WebLogic […] | Vulnerability | ||
|
2019-06-19 09:57:02 | (Déjà vu) Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks (lien direct) | Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed […] | Vulnerability | ||
|
2019-06-18 13:02:04 | Expert found a critical RCE zero-day in TP-Link Wi-Fi Extenders (lien direct) | A zero-day vulnerability affects multiple models of TP-Link Wi-Fi extenders, it could be exploited to remotely execute code. Security expert Grzegorz Wypych from IBM X-Force found a zero-day flaw that affects multiple models of TP-Link Wi-Fi extenders. The Wi-Fi extenders capture the Wi-Fi signal from the main network device and rebroadcast it to areas where […] | Vulnerability | ||
|
2019-06-16 05:19:05 | (Déjà vu) XSS flaw would have allowed hackers access to Google\'s network and impersonate its employees (lien direct) | Bug hunter Thomas Orlita discovered an XSS vulnerability in Google’s Invoice Submission Portal that would have allowed attackers access to Google’s internal network The Czech researcher Thomas Orlita discovered an XSS vulnerability in Google’s Invoice Submission Portal that would have allowed attackers access to part of Google’s internal network. The Google Invoice Submission Portal is […] | Vulnerability | ||
|
2019-06-14 06:08:04 | Millions of Exim mail servers are currently under attack (lien direct) | Hackers are targeting millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions, threat actors leverage the CVE-2019-10149 flaw. Millions of mail servers running vulnerable Exim mail transfer agent (MTA) versions are under attack, threat actors are exploiting the CVE-2019-10149 flaw to take over them. A critical vulnerability affects versions 4.87 to 4.91 […] | Vulnerability Threat | ||
|
2019-06-13 07:29:03 | Flaw in Evernote Web Clipper for Chrome extension allows stealing data (lien direct) | Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users. Security experts at browser security firm Guardio discovered a critical universal cross-site scripting (XSS) vulnerability in the Evernote Web Clipper for Chrome. “In May 2019 Guardio’s research team has discovered […] | Vulnerability | ||
|
2019-06-11 19:52:05 | Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions (lien direct) | Security researchers at Alert Logic have discovered a vulnerability in the WordPress Live Chat plugin that could be exploited to steal and hijack sessions. Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. […] | Vulnerability | ||
|
2019-06-11 05:53:03 | CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign (lien direct) | The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports. Experts at Trend Micro reported that the recently patched CVE-2019-2725 vulnerability in Oracle WebLogic is being exploited in cryptojacking attacks. The flaw is a deserialization remote command execution zero-day vulnerability that affects the Oracle WebLogic wls9_async and wls–wsat components. The […] | Vulnerability | ||
|
2019-06-10 20:28:02 | CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system (lien direct) | Bad news for Linux users, a flaw tracked as CVE-2019-12735 allows to hack their systems by tricking them into opening a specially crafted file in Vim or Neovim Editor. Security expert Armin Razmjou has recently found a high-severity vulnerability (CVE-2019-12735) in Vim and Neovim command-line text editing applications. The vulnerability, tracked as CVE-2019-12735, is classified as an arbitrary OS command […] | Hack Vulnerability | ||
|
2019-06-09 15:54:02 | Millions of Exim mail servers vulnerable to cyber attacks (lien direct) | Millions of Exim mail servers are exposed to attacks due to a critical vulnerability that makes it possible for unauthenticated remote attackers to execute arbitrary commands. A critical vulnerability affects versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software. The flaw could be exploited by unauthenticated remote attackers to execute arbitrary commands […] | Vulnerability | ||
|
2019-06-09 09:28:00 | Critical RCE affects older Diebold Nixdorf ATMs (lien direct) | Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs, Diebold Nixdorf […] | Vulnerability | ||
|
2019-06-06 18:56:00 | VMware addressed flaws in its Workstation and Tools (lien direct) | VMware has informed its users that it has patched two high-severity vulnerabilities that affect its Tools and Workstation software. VMware has patched two high-severity flaws that affect its Tools and Workstation software. The first security flaw, tracked as CVE-2019-5522, affects VMware Tools 10.x on Windows. The vulnerability is an out-of-bounds read issue in the vm3dmp driver in […] | Vulnerability | ||
|
2019-06-06 06:14:01 | (Déjà vu) 0patch experts released unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day (lien direct) | Experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. Security experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. A couple of weeks ago, researcher SandboxEscaper released a working exploit for the vulnerability, Like the […] | Vulnerability | ||
|
2019-06-05 14:10:04 | (Déjà vu) NSA urges Windows Users and admins to Patch BlueKeep flaw (lien direct) | The National Security Agency (NSA) is urging Windows users and administrators to install security updates to address BlueKeep flaw (aka CVE-2019-0708). Last week Microsoft issued a second security advisory to warn users of older Windows OS versions to update their systems in order to patch the remote code execution vulnerability dubbed BlueKeep. Now the National Security […] | Vulnerability | ||
|
2019-06-05 08:30:05 | Expert developed a MetaSploit module for the BlueKeep flaw (lien direct) | A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Zǝɹosum0x0 has developed a module for the popular Metasploit penetration testing framework to exploit the critical BlueKeep flaw. The vulnerability, tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May […] | Vulnerability | ||
|
2019-06-04 21:01:04 | (Déjà vu) CVE-2019-9510 flaw allows hackers to bypass Windows lock screen on RDP sessions (lien direct) | A security expert disclosed technical details of a new unpatched vulnerability (CVE-2019-9510) that affects Microsoft Windows Remote Desktop Protocol (RDP). Security expert Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), discovered a new unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). The flaw, tracked as CVE-2019-9510, could be exploited by client-side attackers to […] | Vulnerability | ||
|
2019-06-04 06:36:05 | macOS zero-day in Mojave could allow Synthetic Clicks attacks (lien direct) | A security expert found a flaw could be exploited to bypass macOS security and privacy features by using synthetic clicks. The popular white hat hacker Patrick Wardle, co-founder and chief research officer at Digita Security, discovered a vulnerability that could be exploited to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without […] | Vulnerability | ||
|
2019-05-31 14:26:03 | Microsoft warns for the second time of applying BlueKeep patch (lien direct) | Microsoft issued a new warning for users to update their systems to address the remote code execution vulnerability dubbed BlueKeep. Microsoft issued a new warning for users of older Windows OS versions to update their systems in order to patch the remote code execution vulnerability dubbed BlueKeep. The vulnerability, tracked as CVE-2019-0708, impacts the Windows […] | Vulnerability | ||
|
2019-05-30 13:02:05 | Convert Plus WordPress plugin flaw allows hackers to create Admin accounts (lien direct) | The WordPress plugin Convert Plus is affected by a critical flaw that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. The WordPress plugin Convert Plus is affected by a critical vulnerability that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. A vulnerability ties with the […] | Vulnerability | ||
|
2019-05-29 19:56:04 | Google white hat hacker found code execution flaw in Notepad (lien direct) | The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft's Notepad text editor. The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft's Notepad text editor. Ormandy reported the issue to Microsoft and will wait 90 days according to Google vulnerability […] | Vulnerability |
To see everything:
Our RSS (filtrered)
