What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-11-04 15:23:03 | PortSmash flaw in Hyper-Threading CPU could allow sensitive data theft (lien direct) | PortSmash side-channel flaw that could be exploited with a timing attack to steal information from other processes running in the same CPU core. PortSmash is a new side-channel vulnerability that could be exploited with a timing attack to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. A group of […] | Vulnerability | ||
|
2018-11-02 12:03:00 | CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks (lien direct) | Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition […] | Vulnerability Threat | ||
|
2018-10-29 09:45:02 | Systemd flaw could cause the crash or hijack of vulnerable Linux machines (lien direct) | Systemd is affected by a security vulnerability that can be exploited to crash a vulnerable Linux machine, and in the worst case to execute malicious code. An attacker can trigger the vulnerability using maliciously crafted DHCPv6 packets and modifying portions of memory of the vulnerable systems, potentially causing remote code execution. The flaw, tracked as CVE-2018-15688, […] | Vulnerability | ||
|
2018-10-26 18:51:03 | CVE-2018-14665 privilege escalation flaw affects popular Linux distros (lien direct) | Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. The Indian security researcher Narendra Shinde has discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions, including OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X project provides an open source implementation of the X Window […] | Vulnerability | ||
|
2018-10-25 10:22:03 | Experts discovered a severe command injection flaw in Cisco Webex Meetings Desktop (lien direct) | Researchers discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442, in Cisco Webex Meetings Desktop. It’s time to patch again the Cisco Webex video conferencing software of your organization to avoid ugly surprise. Researchers Ron Bowes and Jeff McJunkin of Counter Hack discovered a “high” severity command injection vulnerability, tracked as CVE-2018-15442, in Cisco Webex Meetings Desktop. The vulnerability […] | Vulnerability | ||
|
2018-10-24 14:53:02 | SandboxEscaper expert is back and disclosed a new Windows Zero-Day (lien direct) | The security researcher SandboxEscaper has released the proof-of-concept exploit code for a new Windows zero-day, Windows users are now exposed to attacks. The security researcher using the Twitter handle @SandboxEscaper is back and has released the proof-of-concept exploit code for a new Windows zero-day vulnerability. At the end of August, the same researcher disclosed the details of zero-day privilege escalation vulnerability […] | Vulnerability | ||
|
2018-10-23 07:45:04 | For the first time Japanese commission ordered Facebook to improve security (lien direct) | The Japanese government ordered Facebook to improve the protection of users’ personal information following the recent data breaches that exposed data from millions of people. At the end of September, Facebook admitted that attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. A couple of weeks […] | Vulnerability | ||
|
2018-10-23 06:49:01 | The fix for the DOM-based XSS in Branch.io introduced a new XSS flaw (lien direct) | The security patch for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. According to the security researcher Linus Särud, the security fix for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. The Branch.io company provides the leading mobile linking platform, with solutions that unify […] | Vulnerability Guideline | ||
|
2018-10-22 07:15:05 | MPlayer and VLC media player affected by critical flaw CVE-2018-4013 (lien direct) | Cisco Talos expert discovered a code execution vulnerability (CVE-2018-4013) that has been identified in Live Networks LIVE555 streaming media RTSPServer. Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability (CVE-2018-4013) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 […] | Vulnerability | ||
|
2018-10-20 08:33:02 | Thousands of applications affected by a zero-day issue in jQuery File Upload plugin (lien direct) | A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206, that affects older versions of the jQuery File Upload plugin since 2010. Attackers can exploit the vulnerability to carry out several malicious activities, including defacement, exfiltration, and malware infection. The flaw was reported by the Akamai researcher Larry Cashdollar, he explained that many other packages that include […] | Malware Vulnerability | ||
|
2018-10-19 15:09:00 | Drupal dev team fixed Remote Code Execution flaws in the popular CMS (lien direct) | The Drupal development team has patched several vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws. The development team of the Drupal content management system addressed several vulnerabilities in version 7 and 8, including some flaws that could be exploited for remote code execution. Drupal team fixed a critical vulnerability that resides in […] | Vulnerability | ||
|
2018-10-17 13:48:03 | Thousands of servers easy to hack due to a LibSSH Flaw (lien direct) | The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The Secure Shell (SSH) implementation library, the Libssh, is affected by a four-year-old severe vulnerability that could be exploited by attackers to completely bypass authentication and take over a vulnerable server without requiring a […] | Hack Vulnerability | ||
|
2018-10-17 09:23:04 | (Déjà vu) VMware addressed Code Execution Flaw in its ESXi, Workstation, and Fusion products (lien direct) | VMware has addressed a critical arbitrary code execution flaw affecting the SVGA virtual graphics card used by its ESXi, Workstation, and Fusion products. VMware has released security updated to fix a critical arbitrary code execution vulnerability (CVE-2018-6974) in the SVGA virtual graphics card used by its ESXi, Workstation, and Fusion solutions. The issue in the VMware products […] | Vulnerability | ||
|
2018-10-16 14:07:03 | Expert disclosed a new passcode bypass to access photos and contacts on a locked iPhone (lien direct) | iOS passionate Jose Rodriguez disclosed a new passcode bypass bug that could be to access photos and contacts on a locked iPhone XS. The security passionate Jose Rodriguez has discovered a new passcode bypass bug that could be exploited on the recently released iOS 12.0.1. A few weeks ago, Rodriguez discovered a passcode bypass vulnerability in Apple's new iOS […] | Vulnerability | ||
|
2018-10-14 18:50:02 | (Déjà vu) Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete (lien direct) | Experts from 0Patch revealed that the Microsoft Zero-Day Patch for JET Database Engine vulnerability (CVE-2018-8423) is incomplete. The vulnerability was discovered by the researcher Lucas Leong of the Trend Micro Security Research team that publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The flaw is an out-of-bounds (OOB) write in the JET Database Engine that […] | Vulnerability | ||
|
2018-10-14 09:11:04 | Expert released PoC Code Microsoft Edge Remote Code Execution flaw (lien direct) | Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical. One of the issues is a critical remote code execution vulnerability in Edge web browser […] | Vulnerability | ||
|
2018-10-10 13:45:02 | CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East (lien direct) | A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as […] | Vulnerability | ||
|
2018-10-10 11:39:01 | Hackers can compromise your WhatsApp account by tricking you into answering a video call (lien direct) | Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September. WhatsApp has addressed a vulnerability in the mobile applications that could have been exploited by attackers to crash victims instant messaging app simply by placing a call. The vulnerability is a memory heap overflow […] | Vulnerability | ||
|
2018-10-08 06:32:05 | The Git Project addresses a critical arbitrary code execution vulnerability in Git (lien direct) | The Git Project released a new version of the Git client, Github Desktop, or Atom. that addressed a critical remote code execution vulnerability in the Git. The Git Project addressed a critical remote code execution vulnerability in the Git command line client, Git Desktop, and Atom. The flaw tracked as CVE-2018-17456 could be exploited by malicious repositories to remotely […] | Vulnerability | ||
|
2018-10-06 18:25:04 | Sony Bravia Smart TVs affected by a critical vulnerability (lien direct) | Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical. Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, […] | Vulnerability | ||
|
2018-10-01 12:57:05 | Attackers chained three bugs to breach into the Facebook platform (lien direct) | Facebook has revealed additional details about the cyber attack that exposed personal information of 50 million accounts. Last week, Facebook announced that attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. The “View As” feature allows users to see how others see their profile, it was implemented […] | Vulnerability | ||
|
2018-10-01 07:45:04 | Expert demonstrated how to access contacts and photos from a locked iPhone XS (lien direct) | Expert discovered a passcode bypass vulnerability in Apple's new iOS version 12 that could be exploited to access photos, contacts on a locked iPhone XS . The Apple enthusiast and “office clerk” Jose Rodriguez has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that could be exploited by an attacker (with physical access to the iPhone) […] | Vulnerability | ||
|
2018-09-28 18:43:04 | Facebook hacked – 50 Million Users\' Data exposed in the security breach (lien direct) | Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users. […] | Vulnerability | ||
|
2018-09-28 09:32:05 | CVE-2018-17182 -Google Project Zero reports a new Linux Kernel flaw (lien direct) | Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-17182. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero's Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited […] | Vulnerability | ||
|
2018-09-26 05:49:00 | oPatch community released micro patches for Microsoft JET Database Zero-Day (lien direct) | 0patch community released an unofficial patch for the Microsoft JET Database Engine zero-day vulnerability disclosed by Trend Micro’s Zero Day Initiative Experts from 0patch, a community of experts that aims at addressing software flaws, released an unofficial patch for the Microsoft JET Database Engine zero-day vulnerability that Trend Micro’s Zero Day Initiative (ZDI) disclosed last […] | Vulnerability | ||
|
2018-09-25 14:35:05 | Bitcoin Core Team fixes a critical DDoS flaw in wallet software (lien direct) | Bitcoin Core Software fixed a critical DDoS attack vulnerability in the Bitcoin Core wallet software tracked as CVE-2018-17144. The Bitcoin Core team urges miners to update client software with the latest Bitcoin Core 0.16.3 version as soon as possible. “A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up […] | Vulnerability | ||
|
2018-09-25 08:38:04 | White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day (lien direct) | The popular macOS expert and former NSA hacker has discovered a zero-day vulnerability in macOS on Mojave ‘s release day. It is always Patrick Wardle, this time the popular expert and former NSA hacker has found a zero-day flaw in macOS on Mojave ‘s release day. According to the expert, the implementation bug can be […] | Vulnerability | ||
|
2018-09-24 13:04:04 | Critical flaw affects Cisco Video Surveillance Manager (lien direct) | Cisco has patched a critical vulnerability in the Cisco Video Surveillance Manager (VSM) could be exploited by an unauthenticated remote attacker to gain root access. Cisco has fixed a critical vulnerability in the Cisco Video Surveillance Manager software running on some Connected Safety and Security Unified Computing System (UCS) platforms. The flaw could give an unauthenticated, […] | Vulnerability | ||
|
2018-09-21 21:50:04 | Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows (lien direct) | A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The researcher Lucas Leong of the Trend Micro Security Research team publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The flaw is an out-of-bounds (OOB) write in the JET Database Engine […] | Vulnerability | ||
|
2018-09-20 05:21:02 | Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw (lien direct) | Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code. “Adobe has released security updates for Adobe Acrobat and Reader for Windows […] | Vulnerability | ||
|
2018-09-19 07:18:01 | Flaw in Western Digital My Cloud exposes the content to hackers (lien direct) | An authentication bypass vulnerability in Western Digital My Cloud NAS could allow hackers to access the content of the storage Researchers at security firm Securify have discovered an elevation of privilege vulnerability in the Western Digital My Cloud platform that could be exploited by attackers to gain admin-level access to the device via an HTTP request. The flaw, […] | Vulnerability | ||
|
2018-09-17 07:59:01 | Google Android team found high severity flaw in Honeywell Android-based handheld computers (lien direct) | Experts at the Google Android team have discovered high severity privilege escalation vulnerability in some of Honeywell Android-based handheld computers. Security experts from the Google Android team have discovered a high severity privilege escalation vulnerability in some of Honeywell Android-based handheld computers that could be exploited by an attacker to gain elevated privileges. According to the vendor, Honeywell handheld computers […] | Vulnerability | ||
|
2018-09-15 15:01:05 | Experts disclose a Webroot SecureAnywhere macOS Kernel Level bug found months ago (lien direct) | Security experts disclosed a locally exploitable kernel-level vulnerability in the Webroot SecureAnywhere macOS security software. The Webroot SecureAnywhere macOS security software was affected by a locally exploitable kernel-level vulnerability. An attacker that exploit the flaw could execute malware at the “kernel level” on a vulnerable Mac system. The vulnerability, tracked as CVE-2018-16962, was patched months ago but publicly disclosed […] | Vulnerability | ||
|
2018-09-11 21:39:05 | Adobe Patch Tuesday for September 2018 fixes 10 flaws in Flash Player and ColdFusion (lien direct) | Adobe Patch Tuesday updates for September 2018 address a total of 10 vulnerabilities in Flash Player and ColdFusion, the good news is that none is severe. The Adobe Patch Tuesday updates for September 2018 addressed an important privilege escalation vulnerability (CVE-2018-15967) in Adobe Flash Player 30.0.0.154 and earlier versions. The successful exploitation of the flaw could lead to information […] | Vulnerability Guideline | ||
|
2018-09-11 07:57:02 | Zerodium disclose exploit for NoScript bug in version 7 of Tor Browser (lien direct) | Zero-day broker Zerodium has disclosed a NoScript vulnerability that could be exploited by attackers to execute arbitrary JavaScript code in the Tor Browser. Zero-day broker Zerodium has disclosed a NoScript vulnerability that could be exploited by attackers to execute arbitrary JavaScript code in the Tor Browser. NoScript is a popular Firefox extension that protects users against malicious scripts, it only allows […] | Vulnerability | ||
|
2018-09-10 11:23:02 | Mirai and Gafgyt target Apache Struts and SonicWall to hit enterprises (lien direct) | Security experts with Unit 42 at Palo Alto Networks have discovered new variants of the Mirai and Gafgyt IoT malware targeting enterprises. Both botnets appear very interesting for two main reasons: The new Mirai variant targets the same Apache Struts vulnerability exploited in the 2017 Equifax data breach. The vulnerability affects the Jakarta Multipart parser upload […] | Malware Vulnerability | Equifax | |
|
2018-09-07 11:31:04 | Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server (lien direct) | A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. “Using the vulnerabilities we discovered, it […] | Malware Vulnerability | ||
|
2018-09-06 20:01:02 | Recently uncovered PowerPool Group used recent Windows Zero-Day exploit (lien direct) | Security experts from ESET observed a treat actor, tracked as PowerPool, exploiting the recently disclosed Windows zero-day flaw in targeted attacks. The vulnerability was publicly disclosed on August 27 by the security expert “@SandboxEscaper,” the researcher also published the exploit code for the vulnerability. The vulnerability affects Microsoft's Windows operating systems that could be exploited by a […] | Vulnerability | ||
|
2018-09-05 14:21:04 | An untold story of a memory corruption bug in Skype (lien direct) | Security expert discovered that Skype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS) Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb)Steps to reproduce this issue: 1. Open […] | Vulnerability | ||
|
2018-09-01 11:31:01 | Third-Party researchers released micropatch for recently disclosed Windows Zero-Day (lien direct) | Security researchers from the opatch community released a micropatch for the recently disclosed Windows zero-day vulnerability. A few days ago, the security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft's Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges […] | Vulnerability | ||
|
2018-08-30 12:51:03 | 4-year old Misfortune Cookie vulnerability threatens Capsule Technologies medical gateway device (lien direct) | The Misfortune Cookie flaw is threatening medical equipment that connects bedside devices to the hospital’s network infrastructure. In December 2104, researchers at Check Point Software Technologies discovered the Misfortune Cookie vulnerability, a flaw that was affecting millions of devices running an embedded web server called RomPager, the vulnerability could be exploited by an attacker to run a man-in-the-middle attack on […] | Vulnerability | ||
|
2018-08-29 07:59:03 | Experts published a PoC code for Intel Management Engine JTAG flaw (lien direct) | A group of security researchers has published a proof-of-concept exploit code for a vulnerability in the Intel Management Engine JTAG. A team of security researchers has published a proof-of-concept exploit code for a vulnerability in the Intel Management Engine JTAG. Last year the same group of experts at Positive Technologies discovered an undocumented configuration setting that disabled […] | Vulnerability | ||
|
2018-08-28 16:07:02 | Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild (lien direct) | According to the threat intelligence firm Volexity, the CVE-2018-11776 vulnerability is already being abused in malicious attacks in the wild. Just yesterday I wrote about the availability online of the exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2. The PoC code was published on GitHub and experts were warning of […] | Vulnerability Threat | ||
|
2018-08-28 15:18:00 | Expert publicly disclosed exploit code for Windows Task Scheduler Zero-Day (lien direct) | A security researcher has publicly disclosed the details of zero-day privilege escalation vulnerability affecting all Microsoft’s Windows operating systems A security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on […] | Vulnerability | ||
|
2018-08-27 15:12:03 | Experts warn of possible attacks after PoC code for CVE-2018-11776 Struts flaw was published (lien direct) | The Exploit code for the recently discovered Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2 was published on GitHub, experts fear massive attacks. The CVE-2018-11776 vulnerability affects Struts 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and potentially unsupported versions of the popular Java framework. “Possible Remote Code Execution when using results with no namespace and […] | Vulnerability | ||
|
2018-08-27 06:50:01 | Google researcher found Fortnite Android App vulnerable to Man-in-the-Disk attacks (lien direct) | A Google security researcher disclosed a vulnerability in the newcome Fortnite Android App that exposes it to Man-in-the-Disk attacks. After a long wait, Fortnite Android app has finally arrived but it hides an ugly surprise, it is vulnerable to Man-in-the-Disk (MitD) attacks that can allow a third-party application to crash it or run malicious code. The […] | Vulnerability | ||
|
2018-08-20 16:55:04 | Flaw in SOLEO IP Relay Service potentially exposed over 30 million Canadian records (lien direct) | Major Internet service providers (ISPs) in Canada were impacted by a local file disclosure flaw in the SOLEO IP Relay service that was recently addressed. Almost all major Internet service providers (ISPs) in Canada were impacted by a local file disclosure vulnerability in the SOLEO IP Relay service that was recently addressed. Telecommunications relay services (TRSs) developed by Soleo […] | Vulnerability | ||
|
2018-08-19 15:58:02 | North Korea-linked Dark Hotel APT leverages CVE-2018-8373 exploit (lien direct) | The North Korea-linked Dark Hotel APT group is leveraging the recently patched CVE-2018-8373 vulnerability in the VBScript engine in attacks in the wild. The vulnerability affects Internet Explorer 9, 10 and 11, it was first disclosed last month by Trend Micro and affected all supported versions of Windows. The flaw could be exploited by remote attackers […] | Vulnerability | ||
|
2018-08-09 12:30:04 | BIND DNS software includes a security feature that could be abused to cause DoS condition (lien direct) | The Internet Systems Consortium (ISC) announced the presence of a serious flaw in the BIND DNS software that can be exploited by remote attackers to cause a denial-of-service (DoS) condition. The vulnerability tracked as CVE-2018-5740 was discovered by Tony Finch of the University of Cambridge. The flaw has been assigned a CVSS score of 7.5, the […] | Vulnerability | ||
|
2018-08-03 14:05:04 | CVE-2018-14773 Symfony Flaw expose Drupal websites to hack (lien direct) | A vulnerability in the Symfony HttpFoundation component tracked as CVE-2018-14773, could be exploited by attackers to take full control of the affected Drupal websites. Maintainers at Drupal addressed the security bypass vulnerability by releasing a new version of the popular content management system, the version 8.5.6. “The Drupal project uses the Symfony library. The Symfony […] | Hack Vulnerability |
To see everything:
Our RSS (filtrered)
