What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-29 12:49:01 | All Docker versions affected by an unpatched race condition issue (lien direct) | A race condition flaw that could be exploited by an attacker to read and write any file on the host system affects any versions of Docker. Experts found a race condition vulnerability in any versions of Docker, the vulnerability could be exploited by an attacker to read and write any file on the host system. […] | Vulnerability | ||
|
2019-05-28 19:48:01 | Internet scans found nearly one million systems vulnerable to BlueKeep (lien direct) | Roughly one million devices are vulnerable to attacks exploiting the BlueKeep Windows vulnerability and hackers are ready to hit them. Yesterday I reported the discovery made by experts at GreyNoise that detected scans for systems vulnerable to the BlueKeep (CVE-2019-0708) vulnerability. The scans were first detected on May 25, 2019, experts explained that a single […] | Vulnerability | ||
|
2019-05-28 11:11:04 | Siemens Healthineers medical products vulnerable to Windows BlueKeep flaw (lien direct) | Several products made by Siemens Healthineers are affected by a recently patched Windows BlueKeep vulnerability (CVE-2019-0708). The BlueKeep issue is a remote code execution vulnerability in Remote Desktop Services (RDS) that it can be exploited by an unauthenticated attacker by connecting to the targeted system via the RDP and sending specially crafted requests. As explained by […] | Vulnerability | ||
|
2019-05-27 16:53:02 | BlueKeep scans observed from exclusively Tor exit nodes (lien direct) | GreyNoise experts detected scans for systems vulnerable to the BlueKeep (CVE-2019-0708) vulnerability from exclusively Tor exit nodes. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that it can […] | Vulnerability | Wannacry | |
|
2019-05-25 12:02:02 | 0patch issued a micropatch to address the BlueKeep flaw in always-on servers (lien direct) | 0patch, released a security patch to address the BlueKeep vulnerability, that can be deployed by administrators to protect always-on servers. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry-like attack. The issue is a remote code execution flaw in Remote Desktop […] | Vulnerability | Wannacry | |
|
2019-05-23 09:43:04 | SandboxEscaper disclosed 3 Microsoft zero-day flaws in 24 hours (lien direct) | Yesterday SandboxEscaper publicly disclosed a Windows zero-day vulnerability, now she disclosed other two unknown issues in less than 24 hours. Just Yesterday, the popular developer SandboxEscaper publicly disclosed a Windows zero-day vulnerability in the Task Manager, now in less than 24 hours the revealed two more unpatched Microsoft zero-day flaws. The two new zero-day issues […] | Vulnerability | ||
|
2019-05-20 18:23:05 | Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS (lien direct) | Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a […] | Vulnerability Guideline | ||
|
2019-05-17 06:51:00 | XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites (lien direct) | A vulnerability in the Live Chat Support plugin for WordPress could be exploited by attackers to inject malicious scripts in websites using it Researchers at Sucuri have discovered a stored/persistent cross-site scripting (XSS) vulnerability in the WP Live Chat Support plugin for WordPress. The flaw could be exploited by remote, unauthenticated attackers to inject malicious […] | Vulnerability | ||
|
2019-05-16 12:15:00 | A flaw in Google Titan Security Keys expose users to Bluetooth Attacks (lien direct) | Titan Security Keys are affected by a severe vulnerability, for this reason, Google announced it is offering a free replacement for vulnerable devices. Google announced it is offering a free replacement for Titan Security keys affected by a serious vulnerability that could be exploited by to carry out Bluetooth attacks. The Titan Security Keys were introduced by […] | Vulnerability | ||
|
2019-05-15 12:57:05 | Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks (lien direct) | Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS flaw allowing WannaCry-Like attacks. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a Windows zero-day flaw and an RDS vulnerability that can be exploited to carry out WannaCry-like attack. The zero-day vulnerability addressed by Microsoft Patch Tuesday […] | Vulnerability | Wannacry | |
|
2019-05-14 14:17:04 | Thrangrycat flaw could allow compromising millions of Cisco devices (lien direct) | Security firm Red Balloon discovered a severe vulnerability dubbed Thrangrycat, in Cisco products that could be exploited to an implant persistent backdoor in many devices. Experts at Red Balloon Security disclosed two vulnerabilities in Cisco products. The first issue dubbed Thrangrycat, and tracked as CVE-2019-1649, affects multiple Cisco products that support Trust Anchor module (TAm). could be […] | Vulnerability | ||
|
2019-05-14 08:02:01 | WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware (lien direct) | Facebook fixed a critical zero-day flaw in WhatsApp that has been exploited to remotely install spyware on phones by calling the targeted device. Facebook has recently patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device. WhatsApp did not name the threat […] | Vulnerability Threat | ||
|
2019-05-13 19:57:04 | CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8 (lien direct) | Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 that expose systems to remote code execution. Linux systems based on kernel versions prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free that could be exploited by hackers to get remote code execution. […] | Vulnerability Guideline | ||
|
2019-05-13 10:24:01 | Over 10k+ GPS trackers could be abused to spy on individuals in the UK (lien direct) | A vulnerability in a GPS tracker used by elderly people and kids could be exploited by an attacker to spy on individuals using it. Researchers at Fidus Information Security discovered a vulnerability in GPS trackers used by elderly people and kids could be exploited to spy on them. Experts discovered that the safety device can […] | Vulnerability | ||
|
2019-05-11 21:27:02 | Experts found a remote-code execution flaw in SQLite (lien direct) | Researchers at Cisco Talos discovered an use-after-free() vulnerability in SQLite that could be exploited by an attacker to remotely execute code on an affected device. Cisco Talos experts discovered an use-after-free() flaw in SQLite that could be exploited by an attacker to remotely execute code on an affected device. An attacker can trigger the flaw by sending […] | Vulnerability | ||
|
2019-05-11 07:30:03 | Microsoft SharePoint CVE-2019-0604 flaw exploited in the wild (lien direct) | According to researchers at AT&T Alien Labs, threat actors are attempting to exploit the CVE-2019-0604 Microsoft Sharepoint vulnerability in attacks in the wild. AlienLabs has seen a number of reports related to the active exploitation of the CVE-2019-0604 vulnerability in Microsoft Sharepoint. The CVE-2019-0604 vulnerability is a remote code execution flaw that is caused by […] | Vulnerability Threat | ||
|
2019-05-10 20:40:00 | Heap Buffer Overflow Vulnerability found in Kaspersky Antivirus Engine (lien direct) | Security researchers at the Imaginary team discovered a Heap Buffer Overflow Vulnerability in Kaspersky Antivirus Engine and responsibly reported it. Security experts at the Imaginary team discovered a Heap Buffer Overflow vulnerability in Kaspersky Antivirus Engine. The flaw tracked as CVE-2019-8285 affects Kaspersky Lab Antivirus Engine version before 04.apr.2019 and potentially allows arbitrary code execution. […] | Vulnerability | ||
|
2019-05-09 10:17:05 | Vulnerability in UC Browser Apps exposes to phishing attacks (lien direct) | Security researcher discovered a browser address bar spoofing flaw that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Security researcher and bug hunter Arif Khan has discovered a browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. The vulnerability affects latest version of the UC Browser 12.11.2.1184 and UC Browser Mini […] | Vulnerability | ||
|
2019-05-09 05:02:04 | Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware (lien direct) | Threat actors are exploiting a Jenkins vulnerability (CVE-2018-1000861) disclosed in 2018 to deliver a cryptocurrency miner using the Kerberods dropper. SANS expert Renato Marinho uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero cryptominer dubbed Kerberods. According to the SANS Institute's Internet Storm Center, attackers are exploiting the […] | Malware Vulnerability | ||
|
2019-05-08 06:54:03 | Cisco addresses a critical flaw in Elastic Services Controller (lien direct) | Cisco released security updates to address a critical vulnerability in its virtualized function automation tool Elastic Services Controller (ESC). Cisco has released security updates to address a critical vulnerability affecting its virtualized function automation tool, Cisco Elastic Services Controller (ESC). The flaw could be exploited by a remote attacker could be exploited by an unauthenticated, […] | Tool Vulnerability | ||
|
2019-05-06 18:45:04 | A bug in Mirai code allows crashing C2 servers (lien direct) | Ankit Anubhav, a principal researcher at NewSky Security, explained how to exploit a vulnerability in the Mirai bot to crash it. Ankit Anubhav, a principal researcher at NewSky, explained how to exploit a trivial bug in the code of the Mirai bot, which is present in many of its variants, to crash it. The expert […] | Vulnerability | ||
|
2019-04-28 07:50:03 | AESDDoS bot exploits CVE-2019-3396 flaw to hit Atlassian Confluence Server (lien direct) | A new variant of the AESDDoS bot is exploiting a recent vulnerability in the Atlassian collaborative software Confluence. Security experts at Trend Micro have spotted a new variant of AESDDoS botnet that is exploiting a recently discovered vulnerability in the Atlassian collaborative software Confluence. The flaw exploited in the attacks, tracked as CVE-2019-3396, is a […] | Vulnerability | ||
|
2019-04-19 08:30:02 | Broadcom WiFi Driver bugs expose devices to hack (lien direct) | Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary […] | Hack Vulnerability | ||
|
2019-04-18 08:13:03 | Cisco addresses a critical bug in ASR 9000 series Routers (lien direct) | Cisco released security patches for 30 vulnerabilities, including a critical flaw in ASR 9000 Series Aggregation Services Routers running IOS XR 64-bit. The critical vulnerability in ASR 9000 Series Aggregation Services Routers running IOS XR 64-bit is tracked as CVE-2019-1710 (CVSS score of 9.8). The flaw could be exploited by an unauthenticated, remote attacker to […] | Vulnerability | ||
|
2019-04-17 20:12:00 | RCE flaw in Electronic Arts Origin client exposes gamers to hack (lien direct) | Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. Electronic Arts (EA) has addressed a vulnerability in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer. […] | Hack Vulnerability | ★★ | |
|
2019-04-12 09:35:02 | Zero-day in popular Yuzo Related Posts WordPress Plugin exploited in the wild (lien direct) | According to experts a vulnerability in the popular WordPress plugin Yuzo Related Posts is exploited by attackers to redirect users to malicious sites. The XSS flaw allows attackers to inject a JavaScript into the sites that redirect visitors to websites displaying scams, including tech support scams, and sites promoting unwanted software. The Yuzo Related Posts […] | Vulnerability | ||
|
2019-04-05 07:51:04 | (Déjà vu) More than 2 million Apache HTTP servers still affected by CVE-2019-0211 flaw (lien direct) | Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw. An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems via scoreboard […] | Vulnerability | ||
|
2019-04-04 20:36:03 | Cisco fixes flaws RV320 and RV325 routers targeted in attacks (lien direct) | On Thursday Cisco announced new security patches to definitively address two vulnerabilities in Small Business RV320 and RV325 routers. Last week Cisco revealed that security patches released in January to address vulnerabilities in Small Business RV320 and RV325 routers were incomplete. “The initial fix for this vulnerability was found to be incomplete. Cisco is currently […] | Vulnerability | ||
|
2019-04-02 19:43:00 | CVE-2019-0211 Apache flaw allows getting root access via script (lien direct) | The privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain […] | Vulnerability | ||
|
2019-04-02 09:07:05 | Closure JavaScript Library introduced XSS issue in Google Search and potentially other services (lien direct) | A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library. The library is named Closure and according to the […] | Vulnerability | ||
|
2019-03-29 13:55:01 | Magento fixed a critical Magento SQL Injection flaw (lien direct) | There is an important news for administrators of e-commerce websites running over the Magento platform, Magento fixed a critical SQL injection flaw. Administrators of Magento e-commerce websites have to update their installations due to the presence of a critical SQL injection vulnerability in the popular CMS. The flaw could have a significant impact considering that […] | Vulnerability | ||
|
2019-03-29 07:15:05 | Google developer disclosed Zero-Day flaw in TP-Link SR20 Routers (lien direct) | Google security developer Matthew Garrett disclosed a zero-day arbitrary code execution (ACE) vulnerability affecting the TP-Link SR20 routers. Google security developer Matthew Garrett discovered a zero-day arbitrary code execution (ACE) vulnerability in TP-Link SR20 routers. The vulnerability in TP-Link SR20 routers could be exploited by potential attackers on the same network to execute arbitrary commands. […] | Vulnerability | ||
|
2019-03-28 19:08:01 | WinRAR CVE-2018-20250 flaw exploited in multiple campaigns (lien direct) | The recently patched vulnerability affecting the popular archiver utility WinRAR has been exploited to deliver new malware to targeted users. A recently patched vulnerability affecting the popular archiver utility WinRAR it becoming a commodity in the cybercrime underground, experts reported it has been exploited to deliver new malware in targeted attacks. The vulnerability, tracked as […] | Malware Vulnerability | ||
|
2019-03-24 11:01:03 | (Déjà vu) WordPress Social Warfare plugin zero-day exploited in attacks (lien direct) | A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin […] | Vulnerability | ||
|
2019-03-21 08:33:03 | Experts found a critical vulnerability in the NSA Ghidra tool (lien direct) | A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is […] | Tool Vulnerability | ||
|
2019-03-19 14:57:04 | New JNEC.a Ransomware delivered through WinRAR exploit (lien direct) | A new strain of ransomware tracked as JNEC.a is spreading through an exploit that triggers the recently discovered vulnerability in WinRAR. The ransomware was involved in the attacks observed by the Qihoo 360 Threat Intelligence Center in the wild, threat actors used an archive named “vk_4221345.rar” that delivers JNEC.a when its contents are extracted with […] | Ransomware Vulnerability Threat | ||
|
2019-03-15 14:00:04 | Recently fixed WinRAR bug actively exploited in the wild (lien direct) | Several threat actors are still exploiting a recently patched critical vulnerability in the popular compression software WinRAR. Several threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR. The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of […] | Vulnerability Threat | ||
|
2019-03-15 08:48:01 | Experts published details of the actively exploited CVE-2019-0808 Windows Flaw (lien direct) | Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft. The vulnerability was reported to Microsoft by researchers from Google's Threat Analysis Group that observed […] | Vulnerability Threat | ||
|
2019-03-14 14:38:00 | Cisco addresses a critical static credential flaw in Common Services Platform Collector (lien direct) | Cisco released security updates to address a critical vulnerability in its Cisco Common Services Platform Collector (CSPC) software. Cisco released security updates to address a critical flaw, tracked as CVE-2019-1723, that consists in the presence of a default account with a static password. The account hasn’t admin privileges, but it could be exploited by an […] | Vulnerability | ||
|
2019-03-14 11:31:01 | CSRF flaw in WordPress potentially allowed the hack of websites (lien direct) | Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1. […] | Hack Vulnerability Guideline | ||
|
2019-03-12 07:42:04 | Vulnerability research hub Crowdfense is willing to pay $3 Million for iOS, Android zero-day exploits (lien direct) | orld-leading vulnerability research hub Crowdfense is offering up to $3 million for full-chain, zero-day exploits for iOS and Android. Vulnerability research firm Crowdfense is offering up to $3 million for working exploits for iOS and Android zero-day. In 2018, Crowdfence ran a $10 million bug bounty program, now the company decided to increment the value […] | Vulnerability Guideline | ||
|
2019-03-11 14:49:04 | Severe RCE vulnerability affected popular StackStorm Automation Software (lien direct) | The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows […] | Vulnerability | ||
|
2019-03-08 11:11:04 | (Déjà vu) Google discloses Windows zero-day actively exploited in targeted attacks (lien direct) | Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation […] | Vulnerability | ||
|
2019-03-06 15:34:05 | Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild (lien direct) | A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […] | Vulnerability Threat | ||
|
2019-03-05 12:13:03 | Hundreds of Docker Hosts compromised in cryptojacking campaigns (lien direct) | Poorly protected Docker hosts exposed online continue to be a privileged target of crooks that abuse their computational resources in cryptojacking campaigns. Security experts have recently discovered hundreds of exposed Docker hosts that have been compromised by hackers exploiting the CVE-2019-5736 runc vulnerability in February. The flaw was discovered by the security researchers Adam Iwaniuk […] | Vulnerability | ||
|
2019-03-04 20:57:05 | Google Project Zero discloses zero-day in Apple macOS Kernel (lien direct) | Cybersecurity expert at Google Project Zero has publicly disclosed details and proof-of-concept exploit for a high-severity security vulnerability in macOS operating system. Google Project Zero white hat hacker Jann Horn disclosed the flaw according to the 90-days disclosure policy of the company because Apple failed to address the issue within 90 days of being notified. […] | Vulnerability | ||
|
2019-03-03 13:17:00 | A Cobalt Strike flaw exposed attackers\' infrastructure (lien direct) | According to security experts at Fox-IT, a recently addressed flaw in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. Security experts at Fox-IT discovered that a recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. The vulnerability was addressed in Cobalt Strike […] | Vulnerability | ||
|
2019-03-02 08:23:04 | (Déjà vu) Adobe releases patches to address ColdFusion 0day exploited in the Wild (lien direct) | Adobe has released out-of-band updates to address a critical flaw in ColdFusion web application development platform that has been exploited in the wild. Adobe has released out-of-band updates to address a zero-day vulnerability in the ColdFusion web application development platform that has been exploited in the wild. The vulnerability, tracked as CVE-2019-7816, has been described by […] | Vulnerability | ||
|
2019-02-28 07:22:02 | Cisco WebEx Meetings affected by a new elevation of privilege flaw (lien direct) | A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows could allow elevation of privilege A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows tracked as CVE-2019-1674 could be exploited by an unprivileged local attacker to elevate privileges and run arbitrary commands using the […] | Vulnerability | ||
|
2019-02-28 04:15:03 | PDF zero-day samples harvest user data when opened in Chrome (lien direct) | Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data. Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the […] | Vulnerability |
To see everything:
Our RSS (filtrered)
