What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-25 15:50:16 | (Déjà vu) Google discloses technical details of Windows CVE-2021-24093 RCE flaw (lien direct) | Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […] | Vulnerability | ||
|
2021-02-25 12:56:41 | Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw (lien direct) | A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […] | Vulnerability | ||
|
2021-02-23 22:39:22 | VMware addresses a critical RCE issue in vCenter Server (lien direct) | VMware addressed a critical remote code execution flaw, tracked as CVE-2021-21972, in vCenter Server virtual infrastructure management platform. VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform, tracked as CVE-2021-21972, that could be exploited by attackers to potentially take control of affected systems. vCenter Server is the centralized […] | Vulnerability | ||
|
2021-02-21 17:13:53 | (Déjà vu) Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com (lien direct) | A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […] | Vulnerability | ||
|
2021-02-20 16:42:40 | SonicWall releases second firmware updates for SMA 100 vulnerability (lien direct) | Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat actors for the intrusion. On January, 29 […] | Vulnerability Threat | ||
|
2021-02-17 18:24:04 | ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams (lien direct) | Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift card scams. The Malvertising gang ScamClub has abused an unpatched zero-day vulnerability in WebKit-based browsers to bypass security measures and redirect users from legitimate sites to websites hosting online gift card scams. The malvertising campaign […] | Vulnerability | ||
|
2021-02-15 22:43:01 | VMware fixes command injection issue in vSphere Replication (lien direct) | VMware released security patches for a potentially serious vulnerability affecting the vSphere Replication product. VMware has recently released security patches to address a serious command injection vulnerability, tracked as CVE-2021-21976, in its vSphere Replication product. VMware vSphere Replication is an extension to VMware vCenter Server that provides hypervisor-based virtual machine replication and recovery. vSphere Replication […] | Vulnerability | ||
|
2021-02-14 13:55:26 | PayPal addresses reflected XSS bug in user wallet currency converter (lien direct) | PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets. PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported […] | Vulnerability | ||
|
2021-02-12 15:41:11 | TIM\'s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server (lien direct) | Researchers at TIM's Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM's Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM's Red Team Research led […] | Vulnerability | ||
|
2021-02-08 21:23:57 | Google launches Open Source Vulnerabilities (OSV) database (lien direct) | Google announced the launch of OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. The database aims at helping both open source maintainers and consumers of open source projects. The archive […] | Vulnerability | ||
|
2021-02-04 13:57:32 | (Déjà vu) SonicWall released patch for actively exploited SMA 100 zero-day (lien direct) | SonicWall has released a security patch to address the zero-day flaw actively exploited in attacks against the SMA 100 series appliances. SonicWall this week released firmware updates (version 10.2.0.5-29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances. The vulnerability, tracked as CVE-2021-20016, has been rated as critical and received a […] | Vulnerability | ||
|
2021-02-01 07:32:45 | Exploiting a bug in Azure Functions to escape Docker (lien direct) | Expert disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited to escape the Docker container hosting them. Cybersecurity researcher Paul Litvak from Intezer Lab disclosed an unpatched vulnerability in Microsoft Azure Functions that could be exploited by an attacker to escalate privileges and escape the Docker container that hosts them. The experts […] | Vulnerability | ||
|
2021-01-29 14:49:07 | Microsoft: North Korea-linked Zinc APT targets security experts (lien direct) | Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an […] | Vulnerability Medical | APT 38 | |
|
2021-01-27 09:13:03 | Heap-based buffer overflow in Linux Sudo allows local users to gain root privileges (lien direct) | CVE-2021-3156 Sudo vulnerability has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. sudo is a program for Unix-like computer operating systems that allows […] | Vulnerability | ||
|
2021-01-26 15:35:10 | TikTok privacy issue could have allowed stealing users\' private details (lien direct) | A vulnerability in the video-sharing social networking service TikTok could have allowed hackers to steal users’ private personal information. Developers at ByteDance, the company that owns TikTok, have fixed a security vulnerability in the popular video-sharing social networking service that could have allowed attackers to steal users’ private personal information. Check Point researchers found a vulnerability in Find Friends […] | Vulnerability | ||
|
2021-01-22 08:25:23 | Drupal fixed a new flaw related PEAR Archive_Tar library (lien direct) | Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. The PEAR Archive_Tar class provides handling of tar files in PHP. It supports creating, listing, extracting, and adding […] | Vulnerability | ||
|
2021-01-17 13:46:26 | (Déjà vu) Critical flaws in Orbit Fox WordPress plugin allows site takeover (lien direct) | Two vulnerabilities in the Orbit Fox WordPress plugin, a privilege-escalation issue and a stored XSS bug, can allow site takeover. Security experts from Wordfence have discovered two security vulnerabilities in the Orbit Fox WordPress plugin. The flaws are a privilege-escalation vulnerability and a stored XSS bug that impacts over 40,000 installs. The Orbit Fox plugin […] | Vulnerability | ||
|
2021-01-16 22:52:19 | Two kids found a screensaver bypass in Linux Mint (lien direct) | The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its […] | Vulnerability | ||
|
2021-01-14 21:55:17 | Expert discovered a DoS vulnerability in F5 BIG-IP systems (lien direct) | A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, […] | Vulnerability | ||
|
2021-01-11 11:06:07 | Experts found gained access to the Git Repositories of the United Nations (lien direct) | Researchers obtained gained access to the Git Repositories belonging to the United Nations, exposing staff records and credentials. The research group Sakura Samurai was able to access the repositories of the United Nations as part of the Vulnerability Disclosure Program and a Hall of Fame operated by the organization. The group, composed of Jackson Henry, […] | Vulnerability | ||
|
2021-01-06 18:24:20 | Google fixed a critical Remote Code Execution flaw in Android (lien direct) | Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with the release of Security patch levels […] | Vulnerability | ||
|
2021-01-06 12:15:31 | (Déjà vu) Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack (lien direct) | Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited by […] | Hack Vulnerability | ||
|
2021-01-01 17:58:23 | Expert found a secret backdoor in Zyxel firewall and VPN (lien direct) | Zyxel addressed a critical flaw in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The Taiwanese vendor Zyxel has addressed a critical vulnerability in its firmware related to the presence of a hardcoded undocumented secret account. The vulnerability, tracked as CVE-2020-29583 received a CVSS score of 7.8, it could be exploited […] | Vulnerability | ||
|
2020-12-27 11:08:10 | (Déjà vu) HackerOne announces first bug hunter to earn more than $2M in bug bounties (lien direct) | White hat hacker could be a profitable profession, Cosmin Iordache earned more than $2M reporting flaws through the bug bounty program HackerOne. Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. HackerOne announced that the bug bounty hunter Cosmin Iordache (@inhibitor181) […] | Vulnerability | ||
|
2020-12-24 13:08:03 | Google reported that Microsoft failed to fix a Windows zero-day flaw (lien direct) | Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat […] | Vulnerability Threat | ||
|
2020-12-21 11:05:23 | Zero-day exploit used to hack iPhones of Al Jazeera employees (lien direct) | Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an […] | Hack Vulnerability | ||
|
2020-12-17 20:44:29 | 5 million WordPress sites potentially impacted by a Contact Form 7 flaw (lien direct) | The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability. The WordPress plugin allows users to add multiple contact forms on their site. “By exploiting this vulnerability, attackers could simply upload files of […] | Vulnerability | ||
|
2020-12-16 21:32:27 | (Déjà vu) HPE discloses critical zero-day in Systems Insight Manager (lien direct) | HPE has disclosed a zero-day vulnerability in the latest versions of its HPE Systems Insight Manager (SIM) software for both Windows and Linux. Hewlett Packard Enterprise (HPE) has disclosed a zero-day remote code execution flaw that affects the latest versions of its HPE Systems Insight Manager (SIM) software for Windows and Linux. HPE SIM is a […] | Vulnerability | ||
|
2020-12-12 17:09:24 | NI CompactRIO controller flaw could allow disrupting production (lien direct) | A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization. A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. The National Instruments CompactRIO product, a rugged, real-time controller that provides high-performance […] | Vulnerability | ||
|
2020-12-12 12:05:02 | WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack (lien direct) | Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but […] | Hack Vulnerability | ||
|
2020-12-10 19:46:49 | Cisco addresses critical RCE vulnerability in Jabber (lien direct) | Cisco addressed a new critical RCE vulnerability that affects several versions of Cisco Jabber for Windows, macOS, and mobile platforms. Cisco has released security updates to address a critical remote code execution (RCE) flaw affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms. Cisco Jabber is an instant messaging and web conferencing desktop app that […] | Vulnerability | ||
|
2020-12-08 19:14:57 | OpenSSL is affected by a \'High Severity\' security flaw, update it now (lien direct) | The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions. The vulnerability was reported […] | Vulnerability | ||
|
2020-12-08 17:58:14 | Unauthenticated Command Injection bug opens D-Link VPN routers to hack (lien direct) | An unauthenticated command injection vulnerability could be exploited by threat actors to compromise D-Link VPN routers. Security researchers at Digital Defense discovered three vulnerabilities in D-Link VPN routers, including command injection flaws, and an authenticated crontab injection flaw. The experts initially discovered the flaws in DSR-250 router family running firmware version 3.17, further investigation allowed […] | Hack Vulnerability Threat | ||
|
2020-12-08 12:24:00 | Expert discloses zero-click, wormable flaw in Microsoft Teams (lien direct) | Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher Oskars Vegeris from Evolution Gaming has published technical details on a wormable, cross-platform vulnerability in the business communication platform Microsoft Teams. The flaw is a cross-site scripting (XSS) issue that impacts the 'teams.microsoft.com' domain, it […] | Vulnerability | ||
|
2020-12-04 12:39:59 | Hundreds of millions of Android users exposed to hack due to CVE-2020-8913 (lien direct) | Hundreds of millions of Android users are potentially exposed to the risk of hack due to the use of Android Play Core Library versions vulnerable to CVE-2020-8913 The CVE-2020-8913 flaw is a local, arbitrary code execution vulnerability that resides exists in the SplitCompat.install endpoint in Android’s Play Core Library. The vulnerability is rated 8.8 out […] | Hack Vulnerability | ||
|
2020-12-01 18:41:39 | DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882 (lien direct) | The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet. Experts reported that the DarkIRC botnet is actively targeting thousands of exposed Oracle WebLogic servers in the attempt of exploiting the CVE-2020-14882. The CVE-2020-14882 can be exploited by unauthenticated attackers to take over the system […] | Vulnerability | ||
|
2020-11-29 15:41:12 | A critical flaw in industrial automation systems opens to remote hack (lien direct) | Experts found a critical flaw in Real-Time Automation’s (RTA) 499ES EtherNet/IP stack that could allow hacking industrial control systems. Tracked as CVE-2020-25159, the flaw is rated 9.8 out of 10 in severity by the industry-standard Common Vulnerability Scoring System (CVSS) and impacts all versions of EtherNet/IP Adapter Source Code Stack prior to 2.28, which was released on November […] | Hack Vulnerability | ||
|
2020-11-27 22:55:20 | (Déjà vu) Drupal emergency updates fix critical arbitrary PHP code execution (lien direct) | Drupal has released emergency security updates to fix a critical flaw with known exploits that could allow for arbitrary PHP code execution. Drupal has released emergency security updates to address a critical vulnerability with known exploits that could be exploited to achieve arbitrary PHP code execution on some CMS versions. The Drupal project uses the PEAR […] | Vulnerability | ||
|
2020-11-26 11:53:10 | (Déjà vu) A zero-day in Windows 7 and Windows Server 2008 has yet to be fixed (lien direct) | Researcher discovers a zero-day vulnerability in Windows 7 and Windows Server 2008 while he was working on a Windows security tool. The French security researcher Clément Labro discovered a zero-day vulnerability was discovered while the security researcher was working on an update Windows security tool. The researcher was developing his own Windows privilege escalation enumeration […] | Vulnerability | ||
|
2020-11-25 09:13:12 | UK NCSC\'s alert urges orgs to fix MobileIron CVE-2020-15505 RCE (lien direct) | The UK NCSC issued an alert to urge organizations to patch the critical CVE-2020-15505 RCE vulnerability in MobileIron MDM systems. The UK National Cyber Security Centre (NCSC) issued an alert urging organizations to address the critical CVE-2020-15505 remote code execution (RCE) vulnerability in MobileIron mobile device management (MDM) systems. MDM platforms allow administrators to remotely manage a fleet of […] | Vulnerability | ||
|
2020-11-24 12:27:25 | Microsoft fixes Kerberos Authentication issues with an out-of-band Update (lien direct) | Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known […] | Vulnerability | ||
|
2020-11-23 22:00:07 | VMware discloses critical zero-day CVE-2020-4006 in Workspace One (lien direct) | VMware discloses a critical zero-day vulnerability (CVE-2020-4006) in multiple VMware Workspace One components and released a workaround to address it. VMware has released a workaround to address a critical zero-day vulnerability, tracked as CVE-2020-4006, that affects multiple VMware Workspace One components. The flaw could be exploited by attackers to execute commands on the host Linux […] | Vulnerability | ||
|
2020-11-20 11:23:40 | A flaw in Facebook Messenger could have allowed spying on users (lien direct) | Facebook has addressed a security vulnerability in its Messenger for Android app that could have allowed attackers to spy on users. Facebook has addressed a major security issue in its Messenger for Android app that could have allowed threat actors to spy on users by placing and connecting Messenger audio calls without their interaction. The […] | Vulnerability Threat | ||
|
2020-11-19 17:36:59 | Drupal addressed CVE-2020-13671 Remote Code Execution flaw (lien direct) | Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has been classified as critical […] | Vulnerability | ||
|
2020-11-18 22:32:39 | Cisco fixed flaws in WebEx that allow ghost participants in meetings (lien direct) | Cisco has addressed three flaws in Webex Meetings that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. Cisco has addressed three vulnerabilities in Webex Meetings (CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419) that would have allowed unauthenticated remote attackers to join ongoing meetings as ghost participants. “A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server […] | Vulnerability | ||
|
2020-11-11 19:04:39 | Google and Mozilla fixed issues exploited at 2020 Tianfu Cup hacking contest (lien direct) | Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome exploited […] | Vulnerability | ||
|
2020-11-07 17:27:56 | Ransomware operators target CVE-2020-14882 WebLogic flaw (lien direct) | At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. At the end of October, threat actors have started scanning the Internet for servers running vulnerable installs of Oracle WebLogic in the […] | Ransomware Vulnerability Threat | ||
|
2020-11-05 08:36:32 | VMware finally fixed the critical CVE-2020-3992 flaw in ESXi (lien direct) | VMware has released new patches for ESXi after learning that a fix released in October for the critical CVE-2020-3992 flaw was incomplete. The virtualization giant VMware has released new fixes for ESXi after learning that a patch released in October for the critical CVE-2020-3992 flaw was incomplete. The CVE-2020-3992 vulnerability is a use-after-free bug issue that affects […] | Vulnerability | ||
|
2020-11-04 19:25:45 | Zero-day in Cisco AnyConnect Secure Mobility Client yet to be fixed (lien direct) | Cisco disclosed a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software and the availability of PoC exploit code. Cisco has disclosed a zero-day vulnerability, tracked as CVE-2020-3556, in the Cisco AnyConnect Secure Mobility Client software with the public availability of a proof-of-concept exploit code. The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco AnyConnect […] | Vulnerability | ||
|
2020-11-01 09:29:59 | 103,000 machines are still vulnerable to SMBGhost attacks (lien direct) | Eight months after Microsoft issued a patch for the critical SMBGhost issues over 100,000 systems exposed online are still vulnerable to this attack. In March, Microsoft has addressed the critical SMBGhost vulnerability (CVE-2020-0796) in the Server Message Block (SMB) protocol. “A remote code execution vulnerability exists in the way that the Microsoft Server Message Block […] | Vulnerability |
To see everything:
Our RSS (filtrered)
