What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-13 21:51:58 | Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild (lien direct) | A week after VMware released patches to remediate eight security vulnerabilities in VMware Workspace ONE Access, threat actors have begun to actively exploit one of the critical flaws in the wild. Tracked as CVE-2022-22954, the critical issue relates to a remote code execution vulnerability that stems from server-side template injection in VMware Workspace ONE Access and Identity Manager. The | Vulnerability Threat | ||
|
2022-04-12 06:08:56 | Critical LFI Vulnerability Reported in Hashnode Blogging Platform (lien direct) | Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download | Vulnerability | ||
|
2022-04-08 22:18:21 | Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware (lien direct) | The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers Deep Patel, Nitesh | Malware Vulnerability Threat | ||
|
2022-04-05 00:31:37 | CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring | Vulnerability | ★★★★★ | |
|
2022-04-01 22:49:06 | 15-Year-Old Bug in PEAR PHP Repository Could\'ve Enabled Supply Chain Attacks (lien direct) | A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would allow the attacker | Vulnerability | ||
|
2022-04-01 21:03:58 | GitLab Releases Patch for Critical Vulnerability That Could Let Attackers Hijack Accounts (lien direct) | DevOps platform GitLab has released software updates to address a critical security vulnerability that, if potentially exploited, could permit an adversary to seize control of accounts. Tracked as CVE-2022-1162, the issue has a CVSS score of 9.1 and is said to have been discovered internally by the GitLab team. "A hardcoded password was set for accounts registered using an | Vulnerability | ||
|
2022-03-31 23:02:26 | Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices (lien direct) | Networking equipment maker Zyxel has pushed security updates for a critical vulnerability affecting some of its business firewall and VPN products that could enable an attacker to take control of the devices. "An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," the company said in an advisory | Vulnerability | ★★★ | |
|
2022-03-30 22:59:46 | Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security (lien direct) | A zero-day remote code execution (RCE) vulnerability has come to light in the Spring framework shortly after a Chinese security researcher briefly leaked a proof-of-concept (PoC) exploit on GitHub before deleting their account. According to cybersecurity firm Praetorian, the unpatched flaw impacts Spring Core on Java Development Kit (JDK) versions 9 and later and is a bypass for another | Vulnerability | ||
|
2022-03-30 20:30:52 | QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices (lien direct) | Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022. "If exploited, the vulnerability allows | Vulnerability | ||
|
2022-03-30 04:45:53 | Honda\'s Keyless Access Bug Could Let Thieves Remotely Unlock and Start Vehicles (lien direct) | A duo of researchers has released a proof-of-concept (PoC) demonstrating the ability for a malicious actor to remote lock, unlock, and even start Honda and Acura vehicles by means of what's called a replay attack. The attack is made possible, thanks to a vulnerability in its remote keyless system (CVE-2022-27254) that affects Honda Civic LX, EX, EX-L, Touring, Si, and Type R models manufactured | Vulnerability | ||
|
2022-03-29 20:44:22 | (Déjà vu) Critical SonicOS Vulnerability Affects SonicWall Firewall Appliances (lien direct) | SonicWall has released security updates to contain a critical flaw across multiple firewall appliances that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and cause a denial-of-service (DoS) condition. Tracked as CVE-2022-22274 (CVSS score: 9.4), the issue has been described as a stack-based buffer overflow in the web management interface of SonicOS that | Vulnerability | ||
|
2022-03-29 03:32:16 | Critical Sophos Firewall RCE Vulnerability Under Active Exploitation (lien direct) | Cybersecurity firm Sophos on Monday warned that a recently patched critical security vulnerability in its firewall product is being actively exploited in real-world attacks. The flaw, tracked as CVE-2022-1040, is rated 9.8 out of 10 on the CVSS scoring system and impacts Sophos Firewall versions 18.5 MR3 (18.5.3) and older. It relates to an authentication bypass vulnerability in the User Portal | Vulnerability | ||
|
2022-03-27 23:59:18 | Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability (lien direct) | Muhstik, a botnet infamous for propagating via web application exploits, has been observed targeting Redis servers using a recently disclosed vulnerability in the database system. The vulnerability relates to CVE-2022-0543, a Lua sandbox escape flaw in the open-source, in-memory, key-value data store that could be abused to achieve remote code execution on the underlying machine. The | Vulnerability | ||
|
2022-03-25 19:11:38 | Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability (lien direct) | Google on Friday shipped an out-of-band security update to address a high severity vulnerability in its Chrome browser that it said is being actively exploited in the wild. Tracked as CVE-2022-1096, the zero-day flaw relates to a type confusion vulnerability in the V8 JavaScript engine. An anonymous researcher has been credited with reporting the bug on March 23, 2022. Type confusion errors, | Vulnerability | ★★ | |
|
2022-03-23 20:38:05 | VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control (lien direct) | VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-22952, both the flaws are rated 9.1 out of a maximum of 10 on the CVSS vulnerability scoring system. | Vulnerability | ||
|
2022-03-17 00:37:22 | New Vulnerability in CRI-O Engine Lets Attackers Escape Kubernetes Containers (lien direct) | A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. "Invocation of CVE-2022-0811 can allow an attacker to perform a variety of actions on objectives, including execution of malware, exfiltration of data, and lateral movement across pods," CrowdStrike | Vulnerability | Uber | |
|
2022-03-16 06:14:32 | Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters (lien direct) | Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it | Vulnerability Guideline | ||
|
2022-03-14 20:44:11 | \'Dirty Pipe\' Linux Flaw Affects a Wide Range of QNAP NAS Devices (lien direct) | Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company | Vulnerability | ||
|
2022-03-14 04:05:29 | New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access (lien direct) | A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter | Vulnerability | ||
|
2022-03-09 02:04:37 | Chinese APT41 Hackers Broke into at Least 6 U.S. State Governments: Mandiant (lien direct) | APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications. The exploited vulnerabilities included "a zero-day vulnerability in the USAHERDS application (CVE-2021-44207) as well as the now infamous zero-day in | Vulnerability Threat Guideline | APT 41 | |
|
2022-03-07 23:43:22 | Researchers Warn of Linux Kernel \'Dirty Pipe\' Arbitrary File Overwrite Vulnerability (lien direct) | Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the flaw "leads to privilege escalation | Vulnerability Guideline | ||
|
2022-03-07 22:44:24 | Microsoft Azure \'AutoWarp\' Bug Could Have Let Attackers Access Customers\' Accounts (lien direct) | Details have been disclosed about a now-addressed critical vulnerability in Microsoft's Azure Automation service that could have permitted unauthorized access to other Azure customer accounts and take over control. "This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer," Orca Security researcher Yanir | Vulnerability | ||
|
2022-03-05 00:43:21 | New Linux Kernel Cgroups Vulnerability Could Let Attackers Escape Container (lien direct) | Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, | Vulnerability | ||
|
2022-03-03 22:31:31 | New Security Vulnerability Affects Thousands of GitLab Instances (lien direct) | Researchers have disclosed details of a now-patched security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all versions | Vulnerability | ||
|
2022-03-01 22:41:59 | Critical Security Bugs Uncovered in VoIPmonitor Monitoring Software (lien direct) | Critical security vulnerabilities have been uncovered in VoIPmonitor software that, if successfully exploited, could allow unauthenticated attackers to escalate privileges to the administrator level and execute arbitrary commands. Following responsible disclosure by researchers from Kerbit, an Ethiopia-based penetration-testing and vulnerability research firm, on December 15, 2021, the issues | Vulnerability | ||
|
2022-02-28 20:37:57 | CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682 (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra | Vulnerability | ||
|
2022-02-22 23:06:23 | 9-Year-Old Unpatched Email Hacking Bug Uncovered in Horde Webmail Software (lien direct) | Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further | Vulnerability | ||
|
2022-02-21 23:22:21 | Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike (lien direct) | Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts. "Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers," South Korean | Tool Vulnerability Threat | ||
|
2022-02-19 22:12:01 | Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm (lien direct) | Researchers have detailed what they call the "first successful attempt" at decrypting data infected with Hive ransomware without relying on the private key used to lock access to the content. "We were able to recover the master key for generating the file encryption key without the attacker's private key, by using a cryptographic vulnerability identified through analysis," a group of academics | Ransomware Vulnerability | ||
|
2022-02-18 22:25:08 | Critical Flaw Uncovered in WordPress Backup Plugin Used by Over 3 Million Sites (lien direct) | Patches have been issued to contain a "severe" security vulnerability in UpdraftPlus, a WordPress plugin with over three million installations, that can be weaponized to download the site's private data using an account on the vulnerable sites. "All versions of UpdraftPlus from March 2019 onwards have contained a vulnerability caused by a missing permissions-level check, allowing untrusted users | Vulnerability | ★★ | |
|
2022-02-17 19:38:08 | Another Critical RCE Discovered in Adobe Commerce and Magento Platforms (lien direct) | Adobe on Thursday updated its advisory for an actively exploited zero-day affecting Adobe Commerce and Magento Open Source to patch a newly discovered flaw that could be weaponized to achieve arbitrary code execution. Tracked as CVE-2022-24087, the issue – like CVE-2022-24086 – is rated 9.8 on the CVSS vulnerability scoring system and relates to an "Improper Input Validation" bug | Vulnerability | ||
|
2022-02-15 21:25:21 | High-Severity RCE Security Bug Reported in Apache Cassandra Database Software (lien direct) | Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, | Vulnerability | ||
|
2022-02-14 21:06:51 | New Chrome 0-Day Bug Under Active Attack – Update Your Browser ASAP! (lien direct) | Google on Monday rolled out fixes for eight security issues in the Chrome web browser, including a high-severity vulnerability that's being actively exploited in real-world attacks, marking the first zero-day patched by the internet giant in 2022. The shortcoming, tracked CVE-2022-0609, is described as a use-after-free vulnerability in the Animation component that, if successfully exploited, | Vulnerability | ||
|
2022-02-13 19:26:30 | Critical Magento 0-Day Vulnerability Under Active Exploitation - Patch Released (lien direct) | Adobe on Sunday rolled out patches to contain a critical security vulnerability impacting its Commerce and Magento Open Source products that it said is being actively exploited in the wild. Tracked as CVE-2022-24086, the shortcoming has a CVSS score of 9.8 out of 10 on the vulnerability scoring system and has been characterized as an "improper input validation" issue that could be weaponized to | Vulnerability | ||
|
2022-02-10 19:30:50 | Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw (lien direct) | Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and | Vulnerability | ||
|
2022-02-07 19:37:09 | Microsoft Temporarily Disables MSIX App Installers to Prevent Malware Abuse (lien direct) | Microsoft last week announced that it's temporarily disabling the MSIX ms-appinstaller protocol handler in Windows following evidence that a security vulnerability in the installer component was exploited by threat actors to deliver malware such as Emotet, TrickBot, and Bazaloader. MSIX, based on a combination of .msi, .appx, App-V and ClickOnce installation technologies, is a universal Windows | Malware Vulnerability Threat | ||
|
2022-02-06 21:03:44 | CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 (CVSS score: 7.0) to the Known Exploited Vulnerabilities Catalog, necessitating that Federal | Vulnerability | ||
|
2022-02-05 21:48:25 | New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps (lien direct) | Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud security firm | Tool Vulnerability | Uber | |
|
2022-02-04 03:52:32 | Another Israeli Firm, QuaDream, Caught Weaponizing iPhone Bug for Spyware (lien direct) | A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The development was reported by Reuters, citing unnamed sources, noting that "the two rival businesses gained the same ability last year to remotely break into | Hack Vulnerability | ||
|
2022-02-04 00:34:02 | Cynet Log4Shell Webinar: A Thorough - And Clear - Explanation (lien direct) | Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful | Vulnerability | ||
|
2022-02-03 21:51:28 | Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users (lien direct) | A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation - codenamed "EmailThief" - was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful exploitation of the | Vulnerability Threat | ||
|
2022-02-01 21:24:29 | Critical Bug Found in WordPress Plugin for Elementor with Over a Million Installations (lien direct) | A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites. The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts. "This vulnerability allows | Vulnerability | ||
|
2022-01-31 20:16:00 | New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root (lien direct) | Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba before 4.13.17 and concerns an out-of-bounds heap read/write vulnerability in the VFS module "vfs_fruit" | Vulnerability | ||
|
2022-01-26 21:05:03 | Apple Releases iOS and iPadOS Updates to Patch Actively Exploited 0-Day Vulnerability (lien direct) | Apple on Wednesday released iOS 15.3 and macOS Monterey 12.2 with a fix for the privacy-defeating bug in Safari, as well as to contain a zero-day flaw, which it said has been exploited in the wild to break into its devices. Tracked as CVE-2022-22587, the vulnerability relates to a memory corruption issue in the IOMobileFrameBuffer component that could be abused by a malicious application to | Vulnerability | ||
|
2022-01-26 05:33:05 | Initial Access Broker Involved in Log4Shell Attacks Against VMware Horizon Servers (lien direct) | An initial access broker group tracked as Prophet Spider has been linked to a set of malicious activities that exploits the Log4Shell vulnerability in unpatched VMware Horizon Servers. According to new research published by BlackBerry Research & Intelligence and Incident Response (IR) teams today, the cybercrime actor has been opportunistically weaponizing the shortcoming to download a | Vulnerability | ||
|
2022-01-25 21:39:33 | 12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access (lien direct) | A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept (PoC) exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's | Vulnerability | ||
|
2022-01-23 22:53:04 | High-Severity Rust Programming Bug Could Lead to File, Directory Deletion (lien direct) | The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete, | Vulnerability | ||
|
2022-01-20 22:20:56 | Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software (lien direct) | Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled | Vulnerability | ||
|
2022-01-19 20:57:47 | Microsoft: Hackers Exploiting New SolarWinds Serv-U Bug Related to Log4j Attacks (lien direct) | Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an " input validation vulnerability that could allow attackers to build a query given some input and send that | Vulnerability Threat | ||
|
2022-01-17 21:13:47 | Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central (lien direct) | Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip | Vulnerability |
To see everything:
Our RSS (filtrered)
