What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-12 00:59:02 | RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts (lien direct) | A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system.
The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly
|
Vulnerability | ||
|
2019-02-06 01:32:00 | Critical Zcash Bug Could Have Allowed \'Infinite Counterfeit\' Cryptocurrency (lien direct) | The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC).
Yes, infinite… like a never-ending source of money.
Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to be more anonymous
|
Vulnerability | ||
|
2019-02-05 03:28:03 | Severe RCE Flaw Disclosed in Popular LibreOffice and OpenOffice Software (lien direct) | It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer.
No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives-LibreOffice and Apache OpenOffice-free, open source office software used by millions of Windows, MacOS and Linux users.
Security researcher
|
Vulnerability | ||
|
2019-02-01 06:56:05 | Hacker who reported flaw in Hungarian Telekom faces up to 8-years in prison (lien direct) | Many of you might have this question in your mind:
"Is it illegal to test a website for vulnerability without permission from the owner?"
Or… "Is it illegal to disclose a vulnerability publicly?"
Well, the answer is YES, it's illegal most of the times and doing so could backfire even when you have good intentions.
Last year, Hungarian police arrested a 20-year-old ethical hacker accused of
|
Vulnerability | ||
|
2019-01-16 04:56:03 | Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide (lien direct) | Almost half of the fight travelers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.
Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline
|
Vulnerability | ★★★★★ | |
|
2019-01-15 01:57:01 | Unpatched vCard Flaw Could Let Hackers Compromise Your Windows PCs (lien direct) | A zero-day vulnerability has been discovered and reported in the Microsoft's Windows operating system that, under a certain scenario, could allow a remote attacker to execute arbitrary code on Windows machine.
Discovered by security researcher John Page (@hyp3rlinx), the vulnerability was reported to the Microsoft security team through Trend Micro's Zero Day Initiative (ZDI) Program over 6
|
Vulnerability | ★★★ | |
|
2019-01-08 04:00:00 | Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever (lien direct) | Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers!
Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications.
Zerodium-a startup by the infamous French-based company Vupen that buys and sells
|
Vulnerability | ||
|
2019-01-03 04:37:04 | Google Partially Patches Flaw in Chrome for Android 3 Years After Disclosure (lien direct) | Google has finally patched a privacy vulnerability in its Chrome web browser for Android that exposes users' device model and firmware version, eventually enabling remote attackers to identify unpatched devices and exploit known vulnerabilities.
The vulnerability, which has not yet given any CVE number, is an information disclosure bug that resides in the way the Google Chrome for Android
|
Vulnerability | ★★★ | |
|
2018-12-20 07:49:02 | Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft's Windows operating system.
SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them.
The
|
Vulnerability | ||
|
2018-12-19 23:35:00 | (Déjà vu) Microsoft Issues Emergency Patch For Under-Attack IE Zero Day (lien direct) | Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers.
Discovered by security researcher Clement Lecigne of Google's Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE
|
Hack Vulnerability Threat | ★★★★★ | |
|
2018-12-18 03:35:03 | Twitter Discloses Suspected State-Sponsored Attack After Minor Data Breach (lien direct) | Twitter has been hit with a minor data breach incident that the social networking site believes linked to a suspected state-sponsored attack.
In a blog post published on Monday, Twitter revealed that while investigating a vulnerability affecting one of its support forms, the company discovered evidence of the bug being misused to access and steal users' exposed information.
The impacted
|
Data Breach Vulnerability | ||
|
2018-12-14 22:05:01 | Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers (lien direct) | Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications.
SQLite is a
|
Vulnerability | ||
|
2018-12-10 13:02:02 | Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users (lien direct) | Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.
Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private
|
Vulnerability | ||
|
2018-12-06 08:17:03 | Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command (lien direct) | Hold tight, this may blow your mind…
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly-thanks to a newly discovered vulnerability.
The reported vulnerability actually resides in PolicyKit (also known as polkit)-an application-level toolkit for Unix-like operating systems that defines
|
Vulnerability | ||
|
2018-12-06 03:22:02 | New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs (lien direct) | Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution.
The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to execute
|
Vulnerability | ||
|
2018-12-05 03:39:01 | WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers (lien direct) | Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications.
Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations
|
Vulnerability | ||
|
2018-11-22 03:19:04 | US Postal Service Left 60 Million Users Data Exposed For Over a Year (lien direct) | The United States Postal Service has patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone who has an account at the USPS.com website.
The U.S.P.S. is an independent agency of the American federal government responsible for providing postal service in the United States and is one of the few government agencies explicitly authorized by the
|
Vulnerability | ||
|
2018-11-15 06:57:03 | Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now (lien direct) | A security researcher has discovered a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.
The vulnerable WordPress plugin in question is "AMP for WP – Accelerated Mobile Pages" that lets websites automatically generate valid accelerated mobile pages for
|
Vulnerability | ||
|
2018-11-13 10:45:04 | Another Facebook Bug Could Have Exposed Your Private Information (lien direct) | Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world's most popular social network at risk.
Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for
|
Vulnerability | ||
|
2018-11-08 10:47:05 | DJI Flaws Could Have Allowed Hackers to Hijack Users\' Drone Accounts (lien direct) | Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight.
Thought the vulnerability was discovered and responsibly reported by the
|
Vulnerability | ||
|
2018-11-08 01:25:03 | Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online (lien direct) | An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox-a popular open source virtualization software developed by Oracle-that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects
|
Vulnerability | ||
|
2018-11-07 01:01:00 | Popular WooCommerce WordPress Plugin Patches Critical Vulnerability (lien direct) | If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store.
Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the
|
Vulnerability | ||
|
2018-11-04 01:24:00 | New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data (lien direct) | A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.
The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other
|
Vulnerability | ||
|
2018-10-24 01:53:04 | Hacker Discloses New Windows Zero-Day Exploit On Twitter (lien direct) | A security researcher with Twitter alias SandboxEscaper-who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler-has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege
|
Vulnerability | ||
|
2018-10-19 07:12:00 | Critical Flaw Found in Streaming Library Used by VLC and Other Media Players (lien direct) | Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library-which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media.
LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to
|
Vulnerability | ||
|
2018-10-17 11:16:00 | Tumblr Patches A Flaw That Could Have Exposed Users\' Account Info (lien direct) | Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts.
The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email
|
Vulnerability | ||
|
2018-10-17 03:39:03 | LibSSH Flaw Allows Hackers to Take Over Servers Without Password (lien direct) | A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in
|
Vulnerability | ||
|
2018-10-16 00:54:05 | New iPhone Bug Gives Anyone Access to Your Private Photos (lien direct) | A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.
Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts
|
Vulnerability | ★★★★★ | |
|
2018-10-10 00:43:04 | Just Answering A Video Call Could Compromise Your WhatsApp Account (lien direct) | What if just receiving a video call on WhatsApp could hack your smartphone?
This sounds filmy, but Google Project Zero security researcher Natalie Silvanovich found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.
The vulnerability is a memory heap overflow issue
|
Hack Vulnerability | ||
|
2018-10-08 12:31:00 | Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users\' Data (lien direct) | Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers.
According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their
|
Data Breach Vulnerability | ||
|
2018-10-08 08:34:05 | New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access (lien direct) | A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year.
The vulnerability, identified as CVE-2018-14847, was initially rated
|
Vulnerability | ||
|
2018-10-02 02:36:05 | New iPhone Passcode Bypass Hack Exposes Photos and Contacts (lien direct) | Looking for a hack to bypass the passcode or screen lock on iPhones?
Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models.
Rodriguez, who also discovered iPhone lock screen
|
Hack Vulnerability | ||
|
2018-09-29 02:41:03 | Hackers Stole 50 Million Facebook Users\' Access Tokens Using Zero-Day Flaw (lien direct) | Logged out from your Facebook account automatically? Well you're not alone…
Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts.
UPDATE: 10 Important Updates You Need To Know About the Latest Facebook Hacking Incident.
In a brief
|
Vulnerability | ||
|
2018-09-28 01:35:00 | Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit (lien direct) | A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.
Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to
|
Vulnerability Guideline | ★★★★ | |
|
2018-09-27 00:26:02 | ex-NSA Hacker Discloses macOS Mojave 10.14 Zero-Day Vulnerability (lien direct) | The same day Apple released its latest macOS Mojave operating system, a security researcher demonstrated a potential way to bypass new privacy implementations in macOS using just a few lines of code and access sensitive user data.
On Monday, Apple started rolling out its new macOS Mojave 10.14 operating system update to its users, which includes a number of new privacy and security controls,
|
Vulnerability | ||
|
2018-09-26 05:14:02 | New Linux Kernel Bug Affects Red Hat, CentOS, and Debian Distributions (lien direct) | Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system.
The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed "Mutagen Astronomy," affects the kernel versions
|
Vulnerability | ||
|
2018-09-21 10:36:02 | Researcher Discloses New Zero-Day Affecting All Versions of Windows (lien direct) | A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline.
Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database
|
Vulnerability | ||
|
2018-09-21 01:45:02 | Flaw in 4GEE WiFi Modem Could Leave Your Computer Vulnerable (lien direct) | A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system.
The vulnerability-discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab-can be exploited by a low privileged user
|
Vulnerability | ||
|
2018-09-19 02:23:05 | Western Digital\'s My Cloud NAS Devices Turn Out to Be Easily Hacked (lien direct) | Security researchers have discovered an authentication bypass vulnerability in Western Digital's My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.
Western Digital's My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their
|
Vulnerability | ||
|
2018-09-12 04:50:03 | Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs (lien direct) | A security researcher has discovered a serious vulnerability that could allow attackers to spoof website addresses in the Microsoft Edge web browser for Windows and Apple Safari for iOS.
While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks.
|
Hack Vulnerability | ||
|
2018-09-10 12:07:02 | Tor Browser Zero-Day Exploit Revealed Online – Patch Now (lien direct) | Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit.
In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript browser plugin comes pre-installed with
|
Vulnerability | ||
|
2018-09-06 01:53:01 | Cisco Issues Security Patch Updates for 32 Flaws in its Products (lien direct) | Cisco today released thirty security patch advisory to address a total of 32 security vulnerabilities in its products, three of which are rated critical, including the recently disclosed Apache Struts remote code execution vulnerability that is being exploited in the wild.
Out of the rest 29 vulnerabilities, fourteen are rated high and 15 medium in severity, addressing security flaws in Cisco
|
Vulnerability | ||
|
2018-09-04 02:53:01 | Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic (lien direct) | Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks.
Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy
|
Malware Vulnerability | ||
|
2018-08-28 03:30:02 | Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC) (lien direct) | A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine.
And guess what? The zero-day flaw has been confirmed working on a "fully-patched 64-bit Windows 10 system."
The vulnerability is a privilege
|
Vulnerability | ||
|
2018-08-23 11:30:05 | New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers (lien direct) | Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers.
Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including
|
Vulnerability | ★★★★★ | |
|
2018-08-22 01:27:01 | Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking (lien direct) | Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript-an open source interpreter for Adobe Systems' PostScript and PDF page description languages.
Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the
|
Vulnerability | ||
|
2018-08-16 07:35:03 | Chrome Bug Allowed Hackers to Find Out Everything Facebook Knows About You (lien direct) | With the release of Chrome 68, Google prominently marks all non-HTTPS websites as 'Not Secure' on its browser to make the web a more secure place for Internet users.
If you haven't yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser.
Ron Masas, a security researcher from Imperva, has discovered a vulnerability in web browsers that
|
Vulnerability | ||
|
2018-08-13 22:11:00 | ex-NSA Hacker Discloses macOS High Sierra Zero-Day Vulnerability (lien direct) | Your Mac computer running the Apple's latest High Sierra operating system can be hacked by tweaking just two lines of code, a researcher demonstrated at the Def Con security conference on Sunday.
Patrick Wardle, an ex-NSA hacker and now Chief Research Officer of Digita Security, uncovered a critical zero-day vulnerability in the macOS operating system that could allow a malicious application
|
Vulnerability | ||
|
2018-08-03 04:13:00 | Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers-Patch Now (lien direct) | It's time to update your Drupal websites.
Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites.
The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation
|
Vulnerability | ||
|
2018-07-24 01:39:05 | New Bluetooth Hack Affects Millions of Devices from Major Vendors (lien direct) | Yet another bluetooth hacking technique has been uncovered.
A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange.
The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects
|
Hack Vulnerability |
To see everything:
Our RSS (filtrered)
