What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-02-28 10:37:33 | GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat (lien direct) | If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug' |
Vulnerability | ||
|
2020-02-26 10:15:25 | New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices (lien direct) | Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress-apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
Dubbed 'Kr00k' and tracked as CVE-2019-15126, the flaw could let nearby remote attackers intercept and decrypt some |
Vulnerability | ||
|
2020-02-25 02:54:39 | New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers (lien direct) | OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. |
Vulnerability | ||
|
2020-02-17 13:15:53 | Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers (lien direct) | A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs.
The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development |
Vulnerability | ||
|
2020-02-11 09:43:34 | Adobe Releases Patches for Dozens of Critical Flaws in 5 Software (lien direct) | Here comes the second 'Patch Tuesday' of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could |
Vulnerability | ★★★★ | |
|
2020-02-05 12:46:06 | 5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras (lien direct) | Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a |
Vulnerability | ||
|
2020-02-04 02:43:30 | Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users (lien direct) | Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts.
According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved |
Vulnerability | ||
|
2020-02-03 10:10:48 | Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root (lien direct) | Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on |
Vulnerability | ★★★★ | |
|
2020-01-30 01:07:11 | Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers (lien direct) | Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers.
OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many |
Vulnerability | ||
|
2020-01-20 06:24:27 | Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack (lien direct) | Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit |
Vulnerability | ||
|
2020-01-18 07:56:53 | Microsoft Warns of Unpatched IE Browser Zero-Day That\'s Under Active Attacks (lien direct) | Internet Explorer is dead, but not the mess it left behind.
Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild - and there is no patch yet available for it.
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote |
Vulnerability | ||
|
2020-01-11 02:22:37 | PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability (lien direct) | It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC |
Vulnerability | ||
|
2020-01-09 02:34:19 | Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now! (lien direct) | Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems?
If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website.
Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing |
Vulnerability | ||
|
2020-01-07 07:02:17 | Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020? (lien direct) | January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.
From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.
Cynet 360 autonomous breach protection is a |
Vulnerability | ||
|
2019-12-13 02:53:40 | Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites (lien direct) | Attention WordPress users!
Your website could easily get hacked if you are using "Ultimate Addons for Beaver Builder," or "Ultimate Addons for Elementor" and haven't recently updated them to the latest available versions.
Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow |
Hack Vulnerability | ★★ | |
|
2019-12-10 22:19:18 | Latest Microsoft Update Patches New Windows 0-Day Under Active Attack (lien direct) | With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 |
Vulnerability | ★★★★ | |
|
2019-12-05 04:02:57 | Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD (lien direct) | OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework.
The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, |
Vulnerability | ||
|
2019-12-02 23:28:16 | Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild (lien direct) | Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities.
Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a |
Vulnerability | ||
|
2019-11-22 22:52:54 | OnePlus Suffers New Data Breach Impacting Its Online Store Customers (lien direct) | Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.
The breach came to light after OnePlus started informing affected customers via email and published a brief FAQ page to disclose information about the security incident.
According |
Data Breach Vulnerability | ||
|
2019-11-19 21:48:38 | New Flaw Lets Rogue Android Apps Access Camera Without Permission (lien direct) | An alarming security vulnerability has been discovered in several models of Android smartphones manufactured by Google, Samsung, and others that could allow malicious apps to secretly take pictures and record videos - even when they don't have specific device permissions to do so.
You must already know that the security model of the Android mobile operating system is primarily based on device |
Vulnerability | ||
|
2019-11-16 02:46:46 | New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices (lien direct) | The recent controversies surrounding the WhatsApp hacking haven't yet settled, and the world's most popular messaging platform is in choppy waters once again.
The Hacker News has learned that WhatsApp has recently patched yet another critical vulnerability that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on |
Vulnerability | ||
|
2019-11-13 07:46:20 | New ZombieLoad v2 Attack Affects Intel\'s Latest Cascade Lake CPUs (lien direct) | Zombieload is back.
This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout).
Initially discovered in May this year, ZombieLoad is one of the three novel types of microarchitectural data |
Vulnerability | ||
|
2019-11-07 06:58:43 | Amazon\'s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password (lien direct) | Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network.
In case you don't own one of these, Amazon's Ring Video Doorbell is a smart wireless home |
Vulnerability | ||
|
2019-11-05 02:11:04 | Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light (lien direct) | A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices - all just by shining a laser at the targeted device instead of using spoken words.
Dubbed 'Light Commands,' the hack relies on a vulnerability in MEMS microphones embedded in widely-used popular voice-controllable systems that unintentionally |
Hack Vulnerability | ||
|
2019-11-03 03:34:41 | First Cyber Attack \'Mass Exploiting\' BlueKeep RDP Flaw Spotted in the Wild (lien direct) | Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.
In May this year, Microsoft released a patch for a highly-critical remote code execution flaw, dubbed BlueKeep, in its Windows Remote Desktop Services |
Vulnerability | ||
|
2019-10-26 12:53:02 | New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers (lien direct) | If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.
The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could |
Hack Vulnerability | ||
|
2019-10-22 05:06:08 | Cynet\'s Vulnerability Assessment Enables Organizations to Dramatically Reduce their Risk Exposure (lien direct) | Protection from cyberattacks begins way before attackers launch their weapons on an organization. Continuously monitoring the environment for security weaknesses and addressing such, if found, is a proven way to provide organizations with immunity to a large portion of attacks.
Among the common weaknesses that expose organizations to cyberattacks, the most prominent are software |
Vulnerability | ||
|
2019-10-14 11:46:58 | Sudo Flaw Lets Linux Users Run Commands As Root Even When They\'re Restricted (lien direct) | Attention Linux Users!
A vulnerability has been discovered in Sudo-one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.
The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted |
Vulnerability | ||
|
2019-10-12 03:02:51 | SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks (lien direct) | Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS.
If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and |
Hack Vulnerability | ||
|
2019-10-10 10:11:29 | Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks (lien direct) | Watch out Windows users!
The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.
The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network |
Ransomware Vulnerability | ||
|
2019-10-09 11:38:18 | 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App (lien direct) | A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app-one of the most popular open source replacements for Mac's built-in terminal app.
Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity |
Vulnerability | ★★★★ | |
|
2019-10-08 04:54:33 | vBulletin Releases Patch Update for New RCE and SQLi Vulnerabilities (lien direct) | After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software.
If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take |
Vulnerability | ★★★★★ | |
|
2019-10-04 02:03:57 | New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild (lien direct) | Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.
What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group-infamous for selling zero-day exploits to governments-or one of its customers, to gain control of |
Vulnerability | ||
|
2019-09-30 05:14:12 | New Critical Exim Flaw Exposes Email Servers to Remote Attacks - Patch Released (lien direct) | A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.
Exim maintainers today released an urgent security update-Exim version 4.92.3-after publishing an early warning two days ago, giving system administrators an early |
Vulnerability | ||
|
2019-09-27 12:54:42 | More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed (lien direct) | Remember the Simjacker vulnerability?
Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers.
If you can recall, the Simjacker vulnerability resides in a dynamic |
Vulnerability | ★★★★ | |
|
2019-09-24 11:58:28 | [Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly (lien direct) | An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin-one of the widely used internet forum software.
One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't require authentication.
Written in |
Vulnerability | ||
|
2019-09-24 00:48:06 | Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw (lien direct) | It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer zero-day that cyber criminals are actively exploiting in the wild.
Discovered by Clément Lecigne of Google's Threat Analysis Group and tracked as CVE-2019-1367, the IE zero-day is a remote code execution vulnerability in the |
Vulnerability Threat | ||
|
2019-09-18 02:21:57 | Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions (lien direct) | A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin-one of the most popular applications for managing the MySQL and MariaDB databases.
phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and many other |
Tool Vulnerability | ||
|
2019-09-13 11:06:09 | Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug (lien direct) | Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.
Yes, we're excited about, but here comes the bad news...
iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.
Jose Rodriguez, a Spanish security researcher, contacted The Hacker |
Vulnerability | ||
|
2019-09-12 04:56:01 | New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS (lien direct) | Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.
Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit that is widely being used by |
Vulnerability | ||
|
2019-09-12 04:44:00 | WebARX - A Defensive Core For Your Website (lien direct) | Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web.
It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or |
Vulnerability | ||
|
2019-09-11 06:09:04 | NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs (lien direct) | Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer.
Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff |
Malware Vulnerability | ||
|
2019-09-06 05:48:02 | Exim TLS Flaw Opens Email Servers to Remote \'Root\' Code Execution Attacks (lien direct) | A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.
Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that affect all |
Vulnerability | ||
|
2019-09-04 01:37:02 | Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells 'full chain, zero-click, with persistence' Android zero-days. | Vulnerability | ||
|
2019-08-29 11:38:00 | Google Will Now Pay Anyone Who Reports Apps Abusing Users\' Data (lien direct) | In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
The expansion in Google's vulnerability reward program majorly includes two main announcements.
First, a new program, dubbed 'Developer Data |
Malware Vulnerability | ||
|
2019-08-20 01:40:03 | Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers (lien direct) | Following the public disclosure of a critical zero-day vulnerability in Webmin last week, the project's maintainers today revealed that the flaw was not actually the result of a coding mistake made by the programmers.
Instead, it was secretly planted by an unknown hacker who successfully managed to inject a backdoor at some point in its build infrastructure-that surprisingly persisted into |
Vulnerability | ||
|
2019-08-14 09:47:01 | New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections (lien direct) | Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices.
The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices |
Vulnerability | ||
|
2019-08-13 09:37:04 | Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows (lien direct) | A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.
The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher |
Vulnerability | ||
|
2019-08-07 00:26:05 | KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files (lien direct) | If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's |
Vulnerability | ||
|
2019-08-06 13:23:01 | SWAPGS Attack - New Speculative Execution Flaw Affects All Modern Intel CPUs (lien direct) | A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, |
Vulnerability |
To see everything:
Our RSS (filtrered)
