What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-08-30 16:50:57 | A new Google bug bounty program now covers Open Source projects (lien direct) | >Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 […] | Vulnerability | ||
|
2022-08-26 23:08:15 | Critical flaw impacts Atlassian Bitbucket Server and Data Center (lien direct) | >Atlassian addressed a critical vulnerability in Bitbucket Server and Data Center that could lead to malicious code execution on vulnerable instances. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS score 9.9), that could be explored to execute malicious code on vulnerable installs The flaw is a command injection vulnerability that can be exploited via […] | Vulnerability Guideline | ||
|
2022-08-26 17:19:35 | Iran-linked Mercury APT exploited Log4Shell in SysAid Apps for initial access (lien direct) | >An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited […] | Vulnerability | ||
|
2022-08-24 07:56:58 | VMware fixed a privilege escalation issue in VMware Tools (lien direct) | >VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which impacts the VMware Tools suite of utilities. VMware Tools is a set of services and modules that enable several features in company […] | Vulnerability | ||
|
2022-08-23 23:25:15 | Microsoft publicly discloses details on critical ChromeOS flaw (lien direct) | >Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger […] | Vulnerability | ||
|
2022-08-23 16:50:11 | Over 80,000 Hikvision cameras can be easily hacked (lien direct) | >Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. […] | Vulnerability | ||
|
2022-08-22 17:50:43 | 8-year-old Linux Kernel flaw DirtyCred is nasty as Dirty Pipe (lien direct) | >Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin | PhD Student,Yuhang Wu | PhD Student, Xinyu Xing | Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked […] | Vulnerability | ||
|
2022-08-21 17:40:20 | Threat actors are stealing funds from General Bytes Bitcoin ATM (lien direct) | >Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] | Vulnerability Threat | ||
|
2022-08-20 16:56:39 | CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog (lien direct) | >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday […] | Vulnerability | ||
|
2022-08-19 11:56:41 | A flaw in Amazon Ring could expose user\'s camera recordings (lien direct) | Amazon addressed a high-severity flaw in its Ring app for Android that could have exposed sensitive information and camera recordings. In May, Amazon fixed a high-severity vulnerability in its Ring app for Android that could have allowed a malicious app installed on a user’s device to access sensitive information and camera recordings. The Ring app […] | Vulnerability | ||
|
2022-08-19 09:04:18 | Cisco fixes High-Severity bug in Secure Web Appliance (lien direct) | >Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] | Malware Vulnerability | ||
|
2022-08-18 22:37:20 | Safari 15.6.1 addresses a zero-day flaw actively exploited in the wild (lien direct) | >Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds […] | Vulnerability | ||
|
2022-08-18 07:10:57 | PoC exploit code for critical Realtek RCE flaw released online (lien direct) | >Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek's RTL819x system on a chip was released online. The issue resides in the Realtek's SDK for […] | Vulnerability | ||
|
2022-08-13 09:39:35 | Three flaws allow attackers to bypass UEFI Secure Boot feature (lien direct) | >Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is […] | Vulnerability | ||
|
2022-08-11 05:47:24 | Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key (lien direct) | >Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] | Vulnerability Threat | ||
|
2022-08-09 21:25:56 | Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day (lien direct) | >Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA […] | Vulnerability | ||
|
2022-08-05 22:08:30 | Twitter confirms zero-day used to access data of 5.4 million accounts (lien direct) | >Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] | Data Breach Vulnerability Threat | ||
|
2022-08-03 15:45:18 | Google fixed Critical Remote Code Execution flaw in Android (lien direct) | >Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android System component. The IT giant has fixed the flaw with the release of Android 12 and 12L updates. Google did […] | Vulnerability | ||
|
2022-08-02 17:29:31 | VMware fixed critical authentication bypass vulnerability (lien direct) | >VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges. “A malicious actor with network access to the […] | Vulnerability | ||
|
2022-08-01 06:43:37 | A flaw in Dahua IP Cameras allows full take over of the devices (lien direct) | >A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). ONVIF provides and promotes standardized interfaces for effective […] | Vulnerability | ||
|
2022-07-29 11:27:26 | (Déjà vu) Exploitation is underway for a critical flaw in Atlassian Confluence Server and Data Center (lien direct) | >Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […] | Vulnerability | ||
|
2022-07-26 06:22:58 | Zero Day attacks target online stores using PrestaShop (lien direct) | >Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] | Vulnerability Threat | ||
|
2022-07-24 08:29:58 | A database containing data of 5.4 million Twitter accounts available for sale (lien direct) | >Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] | Vulnerability Threat | ||
|
2022-07-21 13:49:01 | Atlassian patched a critical Confluence vulnerability (lien direct) | >Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions for Confluence […] | Vulnerability | ||
|
2022-07-18 10:43:56 | Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw (lien direct) | >Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due […] | Vulnerability | ||
|
2022-07-16 19:49:50 | Critical flaw in Netwrix Auditor application allows arbitrary code execution (lien direct) | >A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected devices. Netwrix Auditor is a an auditing software that allows organizations to monitor their IT infrastructure, […] | Vulnerability | ||
|
2022-07-16 13:14:26 | Threat actors exploit a flaw in Digium Phone Software to target VoIP servers (lien direct) | >Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] | Vulnerability Threat | ||
|
2022-07-15 22:27:19 | Tainted password-cracking software for industrial systems used to spread P2P Sality bot (lien direct) | >Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] | Vulnerability Threat | ||
|
2022-07-15 14:33:04 | Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons (lien direct) | >Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] | Vulnerability Threat | ||
|
2022-07-14 09:24:51 | Microsoft published exploit code for a macOS App sandbox escape flaw (lien direct) | >Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […] | Vulnerability | ||
|
2022-07-14 07:42:48 | VMware fixed a flaw in vCenter Server discovered eight months ago (lien direct) | >VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […] | Vulnerability | ||
|
2022-07-10 17:40:13 | Experts demonstrate how to unlock several Honda models via Rolling-PWN attack (lien direct) | >Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles- A remote keyless entry system (RKE) […] | Vulnerability | ||
|
2022-07-09 12:36:19 | Previously undocumented Rozena backdoor delivered by exploiting the Follina bug (lien direct) | >Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the previously undocumented Rozena backdoor. Fortinet FortiGuard Labs researchers observed a phishing campaign that is leveraging the recently disclosed Follina security vulnerability (CVE-2022-30190, CVSS score 7.8) to distribute a previously undocumented backdoor on Windows systems. The Follina issue is a remote code execution vulnerability […] | Vulnerability | ||
|
2022-07-08 18:41:45 | Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions (lien direct) | >Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […] | Vulnerability | ||
|
2022-07-04 21:16:22 | (Déjà vu) Google fixes the fourth Chrome zero-day in 2022 (lien direct) | >Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […] | Vulnerability | ||
|
2022-07-04 09:44:23 | Unfaithful HackerOne employee steals bug reports to claim additional bounties (lien direct) | >Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […] | Vulnerability | ||
|
2022-07-04 07:16:39 | CISA orders federal agencies to patch CVE-2022-26925 by July 22 (lien direct) | >US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […] | Vulnerability | ||
|
2022-06-29 14:48:08 | Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers (lien direct) | >Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […] | Hack Vulnerability | ||
|
2022-06-28 11:02:10 | Latest OpenSSL version is affected by a remote memory corruption flaw (lien direct) | >Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to […] | Vulnerability | ||
|
2022-06-25 11:59:00 | Attackers exploited a zero-day in Mitel VOIP devices to compromise a network (lien direct) | >Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] | Ransomware Vulnerability Threat | ||
|
2022-06-23 10:48:05 | QNAP warns of a critical PHP flaw that could lead to remote code execution (lien direct) | >Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […] | Vulnerability | ||
|
2022-06-20 14:37:44 | Google expert detailed a 5-Year-Old flaw in Apple Safari exploited in the wild (lien direct) | >Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620, was fixed for the first time in 2013, but in […] | Vulnerability | ||
|
2022-06-19 22:31:24 | Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild (lien direct) | >A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] | Vulnerability Threat | ||
|
2022-06-17 23:00:30 | Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed (lien direct) | >China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] | Vulnerability Threat | ||
|
2022-06-16 10:14:49 | Researchers disclosed a remote code execution flaw in Fastjson Library (lien direct) | >Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. […] | Vulnerability | ||
|
2022-06-16 08:41:13 | (Déjà vu) Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager (lien direct) | >Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass […] | Vulnerability | ||
|
2022-06-15 22:59:44 | Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips (lien direct) | >Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel […] | Vulnerability | ||
|
2022-06-15 18:39:38 | A critical flaw in Citrix Application Delivery Management allows resetting admin passwords (lien direct) | >Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform […] | Vulnerability | ||
|
2022-06-14 23:11:08 | A flaw in Zimbra email suite allows stealing login credentials of the users (lien direct) | >A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user […] | Vulnerability | ||
|
2022-06-13 18:30:20 | Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability (lien direct) | >Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). Nation-state actors […] | Tool Vulnerability |
To see everything:
Our RSS (filtrered)
