What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-26 06:32:00 | Malware spam campaign exploits WinRAR flaw to deliver Backdoor (lien direct) | Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a […] | Spam Malware Vulnerability | ||
|
2019-02-25 10:02:01 | Expert awarded $10,000 for a new XSS flaw in Yahoo Mail (lien direct) | A security expert discovered a critical cross-site scripting (XSS) flaw in Yahoo Mail that could have been exploited to steal the targeted user's emails and attach malicious code to their outgoing messages. Yahoo addressed a critical cross-site scripting (XSS) vulnerability in Yahoo Mail that could have been exploited by hackers to steal user's emails and […] | Vulnerability | Yahoo | |
|
2019-02-24 14:49:05 | CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER) (lien direct) | The British Airways Entertainment System, as installed on Boeing 777-36N(ER) and possibly other aircraft, is affected by a privilege escalation issue tracked as CVE-2019-9019. Experts discovered a critical vulnerability in the British Airways Entertainment System. The flaw is a privilege escalation issue that resides in the component USB Handler, an attacker could exploit it using […] | Vulnerability | ||
|
2019-02-21 20:39:01 | Adobe released second fix for the same Adobe Reader flaw (lien direct) | Adobe released a second patch to address the CVE 2019-7089 flaw in Adobe Reader after an expert found the way to bypass the first fix. Adobe on Thursday released a second patch to address a critical information disclosure vulnerability in Adobe reader, tracked as CVE 2019-7089, after the expert who initially discovered the flaw devised […] | Vulnerability | ||
|
2019-02-21 11:10:03 | Critical bug in WINRAR affects all versions released in the last 19 years (lien direct) | Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer Over 500 million users worldwide use the […] | Vulnerability | ||
|
2019-02-21 09:32:01 | CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution (lien direct) | Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack […] | Vulnerability | ||
|
2019-02-20 15:16:02 | Expert released a PoC for a remote code execution flaw in mIRC App (lien direct) | Security experts discovered a vulnerability in the mIRC application that allows attackers to execute commands remotely. Security researchers Benjamin Chetioui and Baptiste Devigne from ProofOfCalc discovered a vulnerability in the mIRC application that could be exploited by attackers to execute commands remotely. mIRC is a popular Internet Relay Chat application that allows users to chat […] | Vulnerability | ||
|
2019-02-20 07:31:05 | Experts found a Remote Code Execution flaw in WordPress 5.0.0 (lien direct) | Security experts disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. Security experts at RIPS Technologies GmbH disclosed a critical remote code execution vulnerability in versions of WordPress prior 5.0.3, that remained uncovered for 6 years. The experts discovered that the flaw could be exploited […] | Vulnerability | ||
|
2019-02-18 20:35:01 | PoC Exploit Code for recent container escape flaw in runc published online (lien direct) | The Proof-of-concept (PoC) exploit code for a recently discovered vulnerability in runc tracked as CVE-2019-5736 is now publicly available. Last week, Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O. The vulnerability was discovered by the security researchers Adam Iwaniuk and Borys […] | Vulnerability | ||
|
2019-02-17 09:35:03 | Facebook paid $25,000 for CSRF exploit that leads to Account Takeover (lien direct) | Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link. The white hat hacker who goes online with the moniker “Samm0uda” discovered a critical CSRF vulnerability in Facebook and the social network giant paid a […] | Vulnerability | ||
|
2019-02-14 07:55:01 | 0patch released micropatch for code execution flaw in OpenOffice (lien direct) | Experts at ACROS Security's 0patch released an unofficial patch for a recently disclosed remote code execution vulnerability in the Apache OpenOffice suite. ACROS Security's 0patch released an unofficial patch for a path traversal flaw recently disclosed in the Apache OpenOffice suite. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice […] | Vulnerability | ||
|
2019-02-13 21:41:01 | Ubuntu snapd flaw allows getting root access to the system. (lien direct) | Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API. Security researcher Chris Moberly discovered a vulnerability in the REST API for Canonical’s snapd daemon that could allow attackers to gain root access on Linux machines. Canonical, the makers of Ubuntu Linux, promotes their “Snap” packages to roll all […] | Vulnerability | ||
|
2019-02-12 06:53:03 | Docker runc flaw opens the door to a \'Doomsday scenario\' (lien direct) | Security experts found a serious flaw tracked CVE-2019-5736 affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O. Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc, the default container runtime for Docker, containerd, Podman, and CRI-O. The vulnerability was discovered by the security researchers […] | Vulnerability | ||
|
2019-02-07 13:55:00 | Expert publicly disclosed the existence of 0day flaw in macOS Mojave (lien direct) | A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave […] | Malware Vulnerability | ||
|
2019-01-29 09:47:02 | Disable FaceTime, a bug lets you hear a person\'s audio before he answers (lien direct) | A major vulnerability in the Apple FaceTime lets you hear the audio of the person you are calling … before they pick up the call. iPhone, iPad, or Mac users might disable FaceTime to avoid being spied through their devices. Experts warn that it is possible to call someone via FaceTime and listen via the […] | Vulnerability | ||
|
2019-01-26 12:27:05 | Local privilege escalation bug fixed in CheckPoint ZoneAlarm (lien direct) | Check Point released a security update to address a flaw in its ZoneAlarm security software that could allow privilege escalation. Check Point released a security update to fix a vulnerability in its antivirus and firewall ZoneAlarm, the flaw could be exploited by attackers to escalate privileges on a system running it. The flaw was discovered […] | Vulnerability | ||
|
2019-01-25 12:28:03 | Microsoft Exchange zero-day and exploit could allow anyone to be an admin (lien direct) | The security expert Dirk-jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have […] | Vulnerability | ||
|
2019-01-22 21:00:02 | Critical flaw in Linux APT package manager could allow remote hack (lien direct) | Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The independent security consultant Max Justicz has discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The flaw, tracked as CVE-2019-3462, affects package manager version 0.8.15 and later, […] | Hack Vulnerability | ||
|
2019-01-21 07:04:05 | Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack (lien direct) | Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow […] | Hack Vulnerability | ||
|
2019-01-19 11:02:01 | ES File Explorer vulnerabilities potentially impact 100 Million Users (lien direct) | Security expert Robert Baptiste (akaElliot Alderson) discovered a vulnerability (CVE-2019-6447) in the ES File Explorer that potentially expose hundreds of million Android installs. The ES File Explorer is an Android file manager that has over 100,000,000 installs and more than 500 million users worldwide according to its developer. Baptiste discovered that the application uses a local […] | Vulnerability | ||
|
2019-01-17 12:39:02 | Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 (lien direct) | Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way […] | Vulnerability | ||
|
2019-01-16 13:16:05 | Multiple Fortnite flaws allowed experts to takeover players\' accounts (lien direct) | Security researchers at Check Point have discovered several flaws in the popular game Fortnite that could be exploited to takeover gamers’account. Security experts at Check Point discovered several issues in the popular online battle game Fortnite. One of the flaws is an OAuth account takeover vulnerability that could have allowed a remote attacker to takeover […] | Vulnerability | ||
|
2019-01-15 15:27:00 | A flaw in vCard processing could allow hackers to compromise a Win PC (lien direct) | A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC The security expert John Page (@hyp3rlinx), discovered a zero-day vulnerability in the processing of VCard files that could be exploited by a remote attacker, under certain conditions, to hack Windows […] | Hack Vulnerability | ||
|
2019-01-12 10:26:02 | (Déjà vu) Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections (lien direct) | Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims' inboxes. The vulnerability ties with the […] | Vulnerability | ||
|
2019-01-09 22:06:01 | First Google security patches for Android in 2019 fix a critical flaw (lien direct) | Google released its security patches for Android in 2019 that addressed tens of vulnerabilities in the popular mobile OS. Google released the first batch of security patches for Android in 2019 that addressed tens of flaws, the most severe of them is the CVE-2018-9583 issue. The CVE-2018-9583 flaw is a critical remote code execution vulnerability affecting […] | Vulnerability | ||
|
2019-01-05 10:23:02 | High Severity DoS bug affects Several Yokogawa products (lien direct) | A serious DoS flaw affects several industrial automation products manufactured by the Yokogawa Electric. The DoS vulnerability in several Yokogawa Electric products affects the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. The flaw, tracked as CVE-2018-16196, could be exploited by an attacker to stop communication function of Vnet/IP Open Communication […] | Vulnerability | ||
|
2019-01-04 20:55:05 | Flaw in Skype for Android exposes photos and contacts (lien direct) | A security expert found a flaw in Skype for Android that could be exploited by an unauthenticated attacker to view photos and contacts, and even open links in the browser. Security expert Florian Kunushevci (19) discovered a vulnerability that allows an unauthenticated local attacker to view photos and contacts, and also to open links in […] | Vulnerability | ||
|
2019-01-02 11:20:02 | Hackers stole $750,000 worth Bitcoin from Electrum wallets (lien direct) | The latest attack of 2018 against cryptocurrency wallets and organizations in the cryptocurrency industry hit the popular Electrum wallets. Hackers hit Electrum Bitcoin wallet and stole over 200 bitcoin, more than $750,000. The attack started on December 21th, 2018, and hackers leveraged a critical vulnerability that was addressed in early 2018. The vulnerability could be […] | Vulnerability | ||
|
2018-12-29 14:32:00 | Guardzilla Security Video System Footage exposed online (lien direct) | A vulnerability in the Guardzilla home video surveillance system could be exploited by users to watch Guardzilla footage of other users. The Guardzilla All-In-One Video Security System is an indoor video surveillance solution. The flaw was discovered by the researchers Nick McClendon, Andrew Mirghassemi, Charles Dardaman, INIT_6 and Chris, from 0DayAllDay, the issue was reported […] | Vulnerability | ||
|
2018-12-28 11:53:01 | Expert published a PoC exploit code for RCE flaw in Microsoft Edge (lien direct) | The security researcher Bruno Keith from the Phoenhex group published a PoC code for a remote code execution flaw in Microsoft Edge browser (CVE-2018-8629). The vulnerability affects the JavaScript engine Chakra implemented in the Edge web browser, an attacker could exploit it to execute arbitrary code on the target machine with the same privileges as […] | Vulnerability | ||
|
2018-12-26 14:40:04 | Experts discovered a critical bug in Schneider Electric Vehicle Charging Stations (lien direct) | A critical vulnerability affects Schneider Electric electric vehicle charging stations, the EVLink Parking systems. EVlink Parking charging solutions are usually in parking environments, including offices, hotels, supermarkets, fleets, and municipals. According to the company, the issue is tied to a hard-coded credential bug that could be exploited by attackers to gain access to the system. […] | Vulnerability | ||
|
2018-12-25 15:37:05 | Over 19,000 Orange Livebox ADSL modems leak WiFi credentials (lien direct) | Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. Threat actors in the wild are attempting to exploit a vulnerability in LiveBox ADSL modems from Orange, the issue could be triggered to retrieve their SSID and WiFi password in plaintext by simply […] | Vulnerability Threat | ||
|
2018-12-24 21:24:04 | Experts disclosed an unpatched Kernel buffer overflow in Trusteer Rapport for MacOS (lien direct) | Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer Rapport endpoint security tool is a lightweight software component that […] | Tool Vulnerability | ||
|
2018-12-24 06:57:00 | Information Disclosure flaw allows attackers to find Huawei routers with default credentials (lien direct) | Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have […] | Vulnerability | ||
|
2018-12-23 08:33:04 | (Déjà vu) Cisco ASA is affacted by a privilege escalation flaw. Patch it now! (lien direct) | Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform […] | Vulnerability | ||
|
2018-12-20 20:41:03 | Researcher disclosed a Windows zero-day for the third time in a few months (lien direct) | Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter The security researcher SandboxEscaper is back and for the third time in a few months, released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows OS. Since August, SandboxEscaper has […] | Vulnerability | ||
|
2018-12-20 09:34:01 | Microsoft issues emergency patch for IE Zero Day exploited in the wild (lien direct) | Microsoft has issued an out-of-band security update to fix a critical zero-day flaw in the Internet Explorer (IE) browser. Microsoft has rolled out an out-of-band security update to address a critical zero-day vulnerability affecting the Internet Explorer (IE) browser. According to the tech giant, attackers already exploited in the wild the vulnerability tracked as CVE-2018-8653. The zero-day […] | Vulnerability | ||
|
2018-12-18 10:08:04 | Twitter uncovered a possible nation-state attack (lien direct) | Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure vulnerability affecting its support forms. The experts discovered that the attack was launched from IP addresses that may be linked to nation-state actors. The flaw affected […] | Vulnerability | ||
|
2018-12-15 13:12:02 | Magellan RCE flaw in SQLite potentially affects billions of apps (lien direct) | Security experts at Tencent’s Blade security team discovered the Magellan RCE flaw in SQLite database software that exposes billions of vulnerable apps. Security experts at Tencent’s Blade security team have discovered a critical vulnerability in SQLite database software that exposes billions of vulnerable apps to hackers. The vulnerability tracked as ‘Magellan‘ could allow remote attackers […] | Vulnerability | ||
|
2018-12-12 10:55:01 | New threat actor SandCat exploited recently patched CVE-2018-8611 0day (lien direct) | Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability (CVE-2018-8611) has been exploited by several threat actors. Microsoft's Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. The flaw, tracked as CVE-2018-8611, is as a privilege escalation flaw caused by the failure of […] | Vulnerability Threat | ||
|
2018-12-02 16:37:01 | (Déjà vu) Cisco addressed SQL Injection flaw in Cisco Prime License Manager (lien direct) | Cisco has released security updates to address a vulnerability in the web framework code of Cisco Prime License Manager that could be exploited by an attacker to execute arbitrary SQL queries. Cisco has fixed a vulnerability in Cisco Prime License Manager that could be exploited by a remote unauthenticated attacker to execute arbitrary SQL queries. The flaw is caused by the […] | Vulnerability | ||
|
2018-11-23 15:31:05 | VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition (lien direct) | VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered by Tianwen Tang of Qihoo 360's Vulcan Team at the Tianfu Cup PWN competition. White hat hackers earned more than $1 million for […] | Vulnerability | ||
|
2018-11-14 07:06:05 | Facebook flaw could have exposed private info of users and their friends (lien direct) | Security experts from Imperva reported a new Facebook flaw that could have exposed private info of users and their friends A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts. The recently discovered issue raises once again […] | Vulnerability | ||
|
2018-11-12 10:08:01 | A critical flaw in GDPR compliance plugin for WordPress exploited in the wild (lien direct) | A critical security vulnerability affects a GDPR compliance plugin for WordPress has been already exploited in the wild to take control of vulnerable websites. Users warn of cyber attacks exploiting a critical security vulnerability in the WordPress GDPR Compliance plugin for WordPress to take over of websites using it. The WordPress GDPR Compliance plugin was used by more than […] | Vulnerability | ||
|
2018-11-11 13:58:00 | CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild (lien direct) | Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961, is an unrestricted file upload vulnerability, successful exploitation could lead to […] | Vulnerability Guideline | ||
|
2018-11-09 20:48:01 | VMware releases security patches for a critical virtual machine escape flaw (lien direct) | VMware released security patches for a critical virtual machine (VM) escape vulnerability that was recently discovered at a Chinese hacking contest. VMware has released security patches for a critical virtual machine (VM) escape vulnerability (CVE-2018-6981 and CVE-2018-6982) that was recently discovered by the researcher Zhangyanyu at the Chinese GeekPwn2018 hacking contest. The cause for the […] | Vulnerability | ||
|
2018-11-07 19:25:01 | A flaw in WooCommerce WordPress Plugin could be exploited to take over e-stores (lien direct) | A critical Remote Code Execution vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. A critical vulnerability affects eCommerce website running on WordPress and using the WooCommerce plugin. WooCommerce is one of the major eCommerce plugins for WordPress that allows operators to easily build e-stores based on the popular CMS, it accounts for more than 4 million installations with 35% […] | Vulnerability | ||
|
2018-11-07 12:47:00 | Researcher discloses VirtualBox Zero-Day without reporting it to Oracle (lien direct) | Security expert disclosed the details of a zero-day flaw affecting Oracle's VirtualBox virtualization software without waiting for a patch from Oracle The security expert Sergey Zelenyuk has disclosed the details of a zero-day vulnerability affecting Oracle's VirtualBox virtualization software that could be exploited by an attacker to make a guest-to-host escape. Zelenyuk publicly disclosed the vulnerability […] | Vulnerability | ||
|
2018-11-06 10:55:03 | IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities (lien direct) | The National Institute of Standards and Technology (NIST) is planning to use Artificial Intelligence to assign the CVSS scores to reported vulnerabilities. The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. A Common Vulnerability Scoring System (CVSS) score between 0.0 and 10.0 that is assigned to each flaw according to its severity. […] | Vulnerability | ||
|
2018-11-05 10:32:04 | High severity XML external entity flaw affects Sauter building automation product (lien direct) | A security researcher has found a serious vulnerability in a building automation product from Sauter AG that could be exploited to steal files from an affected system. Sauter AG CASE Suit is a building automation product used worldwide that is affected by a high severity XML external entity (XXE) vulnerability that could be exploited to steal files from an affected […] | Vulnerability |
To see everything:
Our RSS (filtrered)
