What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-21 14:00:06 | Qu'est-ce que l'ingénierie sociale? What is Social Engineering? (lien direct) |
> 
Dans le domaine de la cybersécurité, il y a une vulnérabilité qui est souvent négligée & # 8211;l'élément humain.Pendant les pare-feu, le cryptage, ...
> 
In the realm of cybersecurity, there is one vulnerability that is often overlooked – the human element. While firewalls, encryption,...
|
Vulnerability | ★★ | |
|
2023-09-19 18:43:31 | Exploration de la vulnérabilité Winrar (CVE-2023-38831) Exploring Winrar Vulnerability (CVE-2023-38831) (lien direct) |
> 
Rédigé par Neil Tyagi le 23 août 2023, NIST a révélé une vulnérabilité critique RCE CVE-2023-38831.Il est lié à un ...
> 
Authored by Neil Tyagi On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. It is related to an...
|
Vulnerability | ★★ | |
|
2022-02-16 22:09:34 | Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence (lien direct) | 
Cryptocurrency has boomed in the last several years, with beginners and experts alike jumping into the industry. It's proven now...
|
Vulnerability | ||
|
2022-01-05 20:47:12 | Technical Analysis of CVE-2021-1732 (lien direct) | 
Introduction In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows...
|
Vulnerability | ||
|
2021-12-22 18:03:44 | Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 (lien direct) | 
Threat Summary Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote...
|
Vulnerability | ||
|
2021-12-11 00:37:30 | Log4Shell Vulnerability is the Coal in our Stocking for 2021 (lien direct) | Overview: On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache... | Vulnerability | ||
|
2021-11-29 19:12:04 | McAfee Enterprise Defender Blog | Windows Zero-Day – CVE-2021-41379 (lien direct) | 
Threat Summary This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in...
|
Vulnerability | ||
|
2021-09-22 16:15:12 | McAfee Enterprise Defender Blog | OMIGOD Vulnerability Opening the Door to Mirai Botnet (lien direct) | 
This month Microsoft released patches for 86 vulnerabilities. While many of these vulnerabilities are important and should be patched as...
|
Vulnerability | ||
|
2021-09-20 15:48:54 | McAfee Enterprise Defender Blog | MSHTML CVE-2021-40444 (lien direct) | 
Threat Summary Microsoft is warning its users of a zero-day vulnerability in Windows 10 and versions of Windows Server that...
|
Vulnerability | ||
|
2021-07-08 20:35:33 | Microsoft Urges Customers to Update Windows as Soon as Possible (lien direct) | 
What happened Microsoft has shipped an emergency security update affecting most Windows users. This update partially addresses a security vulnerability known as PrintNightmare that could allow remote hackers to take over your system. How does this affect you? PrintNightmare could allow hackers to gain control of your computer. This means hackers could perform malicious activities like installing their own apps, stealing your data, and creating new user accounts. How to fix the issue Microsoft recommends Windows […]
|
Vulnerability | ||
|
2021-06-28 19:44:00 | Analyzing CVE-2021-1665 – Remote Code Execution Vulnerability in Windows GDI+ (lien direct) | 
Introduction Microsoft Windows Graphics Device Interface+, also known as GDI+, allows various applications to use different graphics functionality on video displays as well as printers. Windows applications don't directly access graphics hardware such as device drivers, but they interact with GDI, which in turn then interacts with device drivers. In this way, there is an […]
|
Vulnerability | ||
|
2021-05-12 15:48:13 | Major HTTP Vulnerability in Windows Could Lead to Wormable Exploit (lien direct) | 
Today, Microsoft released a highly critical vulnerability (CVE-2021-31166) in its web server http.sys. This product is a Windows-only HTTP server which can be run standalone or in conjunction with IIS (Internet Information Services) and is used to broker internet traffic via HTTP network requests. The vulnerability is very similar to CVE-2015-1635, another Microsoft vulnerability in […]
|
Vulnerability | ||
|
2021-03-09 18:13:49 | Seven Windows Wonders – Critical Vulnerabilities in DNS Dynamic Updates (lien direct) | 
Overview For the March 2021 Patch Tuesday, Microsoft released a set of seven DNS vulnerabilities. Five of the vulnerabilities are remote code execution (RCE) with critical CVSS (Common Vulnerability Scoring Standard) scores of 9.8, while the remaining two are denial of service (DoS). Microsoft shared detection guidance and proofs of concept with MAPP members for […]
|
Vulnerability | ||
|
2021-02-17 13:00:39 | Don\'t Call Us We\'ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK (lien direct) | 
The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. A byproduct of our robotic research was […]
|
Vulnerability Threat | ||
|
2020-10-13 17:06:35 | CVE-2020-16898: “Bad Neighbor” (lien direct) | 
CVE-2020-16898: “Bad Neighbor” CVSS Score: 8.8 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Overview Today, Microsoft announced a critical vulnerability in the Windows IPv6 stack, which allows an attacker to send maliciously crafted packets to potentially execute arbitrary code on a remote system. The proof-of-concept shared with MAPP (Microsoft Active Protection Program) members is both extremely simple and perfectly reliable. It results […]
|
Vulnerability | ||
|
2020-08-12 15:59:00 | Vulnerability Discovery in Open Source Libraries Part 1: Tools of the Trade (lien direct) | 
Executive Summary Open source has become the foundation for modern software development. Vendors use open source software to stay competitive and improve the speed, quality, and cost of the development process. At the same time, it is critical to maintain and audit open source libraries used in products as they can expose a significant volume […]
|
Vulnerability | ||
|
2019-08-08 20:00:02 | Avaya Deskphone: Decade-Old Vulnerability Found in Phone\'s Firmware (lien direct) | 
Avaya is the second largest VOIP solution provider (source) with an install base covering 90% of the Fortune 100 companies (source), with products targeting a wide spectrum of customers, from small business and midmarket, to large corporations. As part of the ongoing McAfee Advanced Threat Research effort into researching critical vulnerabilities in widely deployed software […]
|
Vulnerability Threat | ||
|
2019-08-02 14:21:02 | DHCP Client Remote Code Execution Vulnerability Demystified (lien direct) | 
CVE-2019-0547 CVE-2019-0547 was the first vulnerability patched by Microsoft this year. The dynamic link library, dhcpcore.dll, which is responsible for DHCP client services in a system, is vulnerable to malicious DHCP reply packets. This vulnerability allows remote code execution if the user tries to connect to a network with a rogue DHCP Server, hence making […]
|
Vulnerability | ||
|
2019-07-30 15:53:03 | Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423 (lien direct) | 
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft's Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported that to Microsoft, which resulted […]
|
Vulnerability | ||
|
2019-06-24 16:50:00 | RDP Security Explained (lien direct) | 
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly 'wormable' – […]
|
Vulnerability | ||
|
2019-05-30 16:50:03 | Mr. Coffee with WeMo: Double Roast (lien direct) | 
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […]
|
Vulnerability Threat | ||
|
2019-05-21 21:09:03 | RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708 (lien direct) |
During Microsoft's May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates in years. So why the […]
|
Vulnerability | ||
|
2019-04-18 20:14:02 | IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? (lien direct) |
Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]
|
Malware Vulnerability Threat | ||
|
2019-03-14 19:00:05 | Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) (lien direct) |
Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]
|
Vulnerability | ||
|
2019-01-10 23:27:02 | IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653 (lien direct) | 
Microsoft recently patched a critical flaw in Internet Explorer's scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google's Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […]
|
Vulnerability Threat Guideline | ||
|
2018-08-21 04:01:03 | \'Insight\' into Home Automation Reveals Vulnerability in Simple IoT Product (lien direct) | 
Eoin Carroll, Charles McFarland, Kevin McGrath, and Mark Bereza contributed to this report. The Internet of Things promises to make our lives easier. Want to remotely turn lights and appliances on and off and monitor them online? A “smart plug,” a Wi-Fi–connected electric outlet, is one simple method. But IoT devices can turn into attack …
|
Vulnerability |
1
We have: 26 articles.
We have: 26 articles.
To see everything:
Our RSS (filtrered)
