What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-08-13 09:37:04 | Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows (lien direct) | A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10.
The vulnerability resides in the way MSCTF clients and server communicate with each other, allowing even a low privileged or a sandboxed application to read and write data to a higher |
Vulnerability | ||
|
2019-08-07 00:26:05 | KDE Linux Desktops Could Get Hacked Without Even Opening Malicious Files (lien direct) | If you are running a KDE desktop environment on your Linux operating system, you need to be extra careful and avoid downloading any ".desktop" or ".directory" file for a while.
A cybersecurity researcher has disclosed an unpatched zero-day vulnerability in the KDE software framework that could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a user's |
Vulnerability | ||
|
2019-08-06 13:23:01 | SWAPGS Attack - New Speculative Execution Flaw Affects All Modern Intel CPUs (lien direct) | A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects modern Intel CPUs which leverage speculative-execution, and some AMD processors as well, Microsoft and Red Hat warn.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, |
Vulnerability | ||
|
2019-07-31 03:37:01 | DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks (lien direct) | What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?
Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with |
Vulnerability | ||
|
2019-07-26 07:31:01 | Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched) (lien direct) | Are you using LibreOffice?
You should be extra careful about what document files you open using the LibreOffice software over the next few days.
That's because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file.
LibreOffice is one of the most popular and open source |
Malware Hack Vulnerability | ||
|
2019-07-25 11:43:04 | Your Android Phone Can Get Hacked Just By Playing This Video (lien direct) | Are you using an Android device?
Beware! You should be more careful while playing a video on your smartphone-downloaded anywhere from the Internet or received through email.
That's because, a specially crafted innocuous-looking video file can compromise your Android smartphone-thanks to a critical remote code execution vulnerability that affects over 1 billion devices running Android OS |
Vulnerability | ||
|
2019-07-25 02:38:03 | Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List (lien direct) | Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
BlueKeep is a highly-critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Services that could allow an unauthenticated remote |
Malware Vulnerability | ||
|
2019-07-23 11:31:05 | A New \'Arbitrary File Copy\' Flaw Affects ProFTPD Powered FTP Servers (lien direct) | A German security researcher has publicly disclosed details of a serious vulnerability in one of the most popular FTP server applications, which is currently being used by more than one million servers worldwide.
The vulnerable software in question is ProFTPD, an open source FTP server used by a large number of popular businesses and websites including SourceForge, Samba and Slackware, and |
Vulnerability | ||
|
2019-07-15 01:50:02 | This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes (lien direct) | Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users.
Instagram is growing quickly-and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it comes to user |
Hack Vulnerability | ||
|
2019-07-13 04:20:00 | Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw (lien direct) | The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet.
As suspected, it turns out that the core issue-a locally installed web server by the software-was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control |
Vulnerability | ★★★ | |
|
2019-07-09 09:08:05 | Unpatched Prototype Pollution Flaw Affects All Versions of Popular Lodash Library (lien direct) | Lodash, a popular npm library used by more than 4 million projects on GitHub alone, is affected by a high severity security vulnerability that could allow attackers to compromise the security of affected services using the library and their respective user base.
Lodash is a JavaScript library that contains tools to simplify programming with strings, numbers, arrays, functions, and objects, |
Vulnerability | ||
|
2019-06-26 10:59:05 | Account Takeover Vulnerability Found in Popular EA Games Origin Platform (lien direct) | A popular gaming platform used by hundreds of millions of people worldwide has been found vulnerable to multiple security flaws that could have allowed remote hackers to takeover players' accounts and steal sensitive data.
The vulnerabilities in question reside in the "Origin" digital distribution platform developed by Electronic Arts (EA)-the world's second-largest gaming company with over |
Vulnerability | ||
|
2019-06-25 05:30:00 | New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched (lien direct) | Cybersecurity researchers are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month.
Joshua Long, a security researcher at Intego, last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to |
Malware Vulnerability | ||
|
2019-06-22 01:28:05 | PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery (lien direct) | As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.
However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a cross-site |
Vulnerability | ★★★★★ | |
|
2019-06-21 02:11:04 | Firefox 67.0.4 Released - Mozilla Patches Second 0-Day Flaw This Week (lien direct) | Okay, folks, it's time to update your Firefox web browser once again-yes, for the second time this week.
After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild.
The newly patched issue (CVE-2019-11708) is a "sandbox |
Vulnerability Patching | ||
|
2019-06-21 02:11:03 | Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers (lien direct) | Dell's SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information.
Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a |
Vulnerability | ||
|
2019-06-20 12:39:04 | Important Flaw in Outlook App for Android Affects Over 100 Millions Users (lien direct) | Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million users.
According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app parses incoming email |
Vulnerability | ||
|
2019-06-20 02:57:03 | Tor Browser 8.5.2 Released - Update to Fix Critical Firefox Vulnerability (lien direct) | Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle.
Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely take full |
Vulnerability | ||
|
2019-06-19 11:55:01 | New Critical Oracle WebLogic Flaw Under Active Attack - Patch Now (lien direct) | Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server.
According to Oracle, the vulnerability-which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10-is already being exploited in the wild by an unnamed group of attackers.
Oracle WebLogic is a Java-based multi-tier enterprise application |
Vulnerability | ||
|
2019-06-18 19:59:05 | Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks (lien direct) | If you use the Firefox web browser, you need to update it right now.
Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild.
Discovered and reported by Samuel Groß, a cybersecurity researcher at Google Project Zero, the vulnerability could allow |
Vulnerability | ||
|
2019-06-11 03:41:02 | New Flaw in WordPress Live Chat Plugin Lets Hackers Steal and Hijack Sessions (lien direct) | Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions.
The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to |
Vulnerability | ||
|
2019-06-10 11:26:04 | Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor (lien direct) | Linux users, beware!
If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim.
Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim-two most popular and powerful command-line |
Vulnerability | ★★★★ | |
|
2019-06-07 03:52:01 | Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw (lien direct) | An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.
SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half |
Vulnerability | ||
|
2019-06-04 12:36:03 | Unpatched Bug Let Attackers Bypass Windows Lock Screen On RDP Sessions (lien direct) | A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).
Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.
Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists |
Vulnerability | ||
|
2019-05-28 05:08:00 | Nearly 1 Million Computers Still Vulnerable to "Wormable" BlueKeep RDP Flaw (lien direct) | Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)-two weeks after Microsoft releases the security patch.
If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what |
Vulnerability | ||
|
2019-05-23 00:00:01 | Hacker Disclosed 3 Unpatched Microsoft Zero-Day Exploits In Less Than 24 Hours (lien direct) | Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities.
The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11.
Just yesterday, while releasing a |
Vulnerability | ||
|
2019-05-21 23:46:04 | PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online (lien direct) | An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system-that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.
Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local |
Vulnerability | ||
|
2019-05-16 03:55:05 | Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement (lien direct) | A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update.
However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles.
In a security advisory published Wednesday, Google |
Vulnerability | ||
|
2019-05-13 23:10:02 | Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones (lien direct) | Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call.
Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs |
Malware Vulnerability | ||
|
2019-05-08 04:19:01 | Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks (lien direct) | A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide. |
Vulnerability | ||
|
2019-05-02 03:13:00 | Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking (lien direct) | If you use a Dell computer, then beware - hackers could compromise your system remotely.
Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.
Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer |
Vulnerability | ||
|
2019-05-01 00:31:02 | Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware (lien direct) | Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware.
As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a |
Ransomware Vulnerability | ||
|
2019-04-26 04:37:03 | Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company-called "Plugin Vulnerabilities"-that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once |
Vulnerability | ★★★★★ | |
|
2019-04-25 08:00:00 | \'Highly Critical\' Unpatched Zero-Day Flaw Discovered In Oracle WebLogic (lien direct) | A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild.
Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services |
Vulnerability | ★★★ | |
|
2019-04-05 03:44:03 | Unpatched Flaw in Xiaomi\'s Built-in Browser App Lets Hackers Spoof URLs (lien direct) | EXCLUSIVE - Beware, if you are using a Xiaomi's Mi or Redmi smartphone, you should immediately stop using its built-in MI browser or the Mint browser available on Google Play Store for non-Xiaomi Android devices.
That's because both web browser apps created by Xiaomi are vulnerable to a critical vulnerability which has not yet been patched even after being privately reported to the company, a |
Vulnerability | ||
|
2019-04-03 07:54:01 | WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites (lien direct) | If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.
WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using |
Vulnerability | ||
|
2019-03-29 01:48:00 | Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites (lien direct) | If your online e-commerce business is running over the Magento platform, you must pay attention to this information.
Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.
Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of |
Vulnerability | ||
|
2019-03-14 02:41:02 | New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites (lien direct) | If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website.
Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once |
Hack Vulnerability | ||
|
2019-03-12 09:22:01 | Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition (lien direct) | Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update.
The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities-one in Adobe Photoshop CC and another in Adobe Digital Editions.
Upon successful exploitation, both critical vulnerabilities could |
Vulnerability | ||
|
2019-03-11 02:32:03 | Severe Flaw Disclosed In StackStorm DevOps Automation Software (lien direct) | A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.
StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows |
Tool Vulnerability | ||
|
2019-03-06 01:52:05 | New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild (lien direct) | You must update your Google Chrome immediately to the latest version of the web browsing application.
Security researcher Clement Lecigne of Google's Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
The vulnerability, assigned as |
Vulnerability Threat | ||
|
2019-03-04 05:52:02 | Google Discloses Unpatched \'High-Severity\' Flaw in Apple macOS Kernel (lien direct) | Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified.
Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS XNU kernel |
Vulnerability | ||
|
2019-02-26 05:45:04 | Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers (lien direct) | It's not just the critical Drupal vulnerability that is being exploited by in the wild cybercriminals to attack vulnerable websites that have not yet applied patches already available by its developers, but hackers are also exploiting a critical WinRAR vulnerability that was also revealed last week.
A few days ago, The Hacker News reported about a 19-year-old remote code execution vulnerability |
Hack Vulnerability | ||
|
2019-02-26 04:52:04 | Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week (lien direct) | Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.
Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal |
Vulnerability | ||
|
2019-02-21 02:18:01 | Another Critical Flaw in Drupal Discovered - Update Your Site ASAP! (lien direct) | Developers of Drupal-a popular open-source content management system software that powers millions of websites-have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site.
The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites |
Hack Vulnerability | ||
|
2019-02-20 21:35:01 | Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years (lien direct) | Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR-a popular Windows file compression application with 500 million users worldwide-that affects all versions of the |
Vulnerability | ||
|
2019-02-19 11:45:04 | Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years (lien direct) | Exclusive - If you have not updated your website to the latest WordPress version 5.0.3, it's a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately.
Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that |
Vulnerability | ||
|
2019-02-18 01:37:01 | How to Hack Facebook Accounts? Just Ask Your Targets to Open a Link (lien direct) | It's 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction.
A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking the targeted users into |
Hack Vulnerability | ||
|
2019-02-13 07:32:01 | Snapd Flaw Lets Attackers Gain Root Access On Linux Systems (lien direct) | Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system.
Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the |
Vulnerability | ||
|
2019-02-12 10:52:00 | New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History (lien direct) | A new security vulnerability has been discovered in the latest version of Apple's macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app.
Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave, |
Vulnerability |
To see everything:
Our RSS (filtrered)
