What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-16 10:17:00 | CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion | Vulnerability Threat | ★★ | |
|
2023-03-09 19:31:00 | IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks (lien direct) | A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to | Ransomware Vulnerability | ★★★ | |
|
2023-03-09 10:53:00 | New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access (lien direct) | Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability in | Vulnerability Threat | ★★★ | |
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-03-08 12:00:00 | CISA\'s KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability | Vulnerability | ★★ | |
|
2023-03-06 14:00:00 | Experts Discover Flaw in U.S. Govt\'s Chosen Quantum-Resistant Encryption Algorithm (lien direct) | A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH | Vulnerability | ★ | |
|
2023-02-28 12:12:00 | CISA Issues Warning on Active Exploitation of ZK Java Web Framework Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw affecting the ZK Framework to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. Tracked as CVE-2022-36537 (CVSS score: 7.5), the issue impacts ZK Framework versions 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2, and 8.6.4.1, and allows threat actors to retrieve sensitive | Vulnerability Threat | ★★★ | |
|
2023-02-24 18:52:00 | How to Use AI in Cybersecurity and Avoid Being Trapped (lien direct) | The use of AI in cybersecurity is growing rapidly and is having a significant impact on threat detection, incident response, fraud detection, and vulnerability management. According to a report by Juniper Research, the use of AI for fraud detection and prevention is expected to save businesses $11 billion annually by 2023. But how to integrate AI into business cybersecurity infrastructure | Vulnerability Threat | ★★★ | |
|
2023-02-23 20:32:00 | Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products (lien direct) | Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as 24 different products, including Access | Vulnerability Threat | ★★ | |
|
2023-02-23 18:02:00 | The Secret Vulnerability Finance Execs are Missing (lien direct) | The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal. The odd part, he told a reporter, was that if he changed a single digit in the URL, suddenly, he could see | Vulnerability | ★★ | |
|
2023-02-22 10:25:00 | VMware Patches Critical Vulnerability in Carbon Black App Control Product (lien direct) | VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari | Vulnerability | ★★★ | |
|
2023-02-17 11:16:00 | Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software (lien direct) | Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and | Vulnerability Guideline | ★★★★ | |
|
2023-02-06 15:25:00 | OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability (lien direct) | The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd). Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1. "This is not believed to be exploitable, and it occurs in the unprivileged pre-auth | Vulnerability | ★★ | |
|
2023-02-04 10:11:00 | Warning: Hackers Actively Exploiting Zero-Day in Fortra\'s GoAnywhere MFT (lien direct) | A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is a case of remote code injection that requires access to the administrative console of the application | Vulnerability | ★★★ | |
|
2023-02-03 13:25:00 | Atlassian\'s Jira Software Found Vulnerable to Critical Authentication Vulnerability (lien direct) | Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An | Vulnerability | ★★★ | |
|
2023-02-03 12:56:00 | New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products (lien direct) | F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP | Vulnerability Guideline | ★★ | |
|
2023-01-31 09:36:00 | QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates (lien direct) | Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects QTS 5.0.1 and QuTS hero h5.0.1. "If exploited, this vulnerability allows remote attackers to inject | Vulnerability Guideline | ★★ | |
|
2023-01-30 15:00:00 | Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices (lien direct) | Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks | Hack Vulnerability | ★★★ | |
|
2023-01-26 20:22:00 | Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA (lien direct) | Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year. Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in | Vulnerability | ★★ | |
|
2023-01-24 17:03:00 | Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium (lien direct) | Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an Asset, and when a given finding | Vulnerability | ★★ | |
|
2023-01-24 14:51:00 | Apple Issues Updates for Older Devices to Fix Actively Exploited Vulnerability (lien direct) | Apple has backported fixes for a recently disclosed critical security flaw affecting older devices, citing evidence of active exploitation. The issue, tracked as CVE-2022-42856, is a type confusion vulnerability in the WebKit browser engine that could result in arbitrary code execution when processing maliciously crafted web content. While it was originally addressed by the company on November | Vulnerability | ★★★★ | |
|
2023-01-20 12:29:00 | New Chinese Malware Spotted Exploiting Recent Fortinet Firewall Vulnerability (lien direct) | A suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates that the exploitation occurred as early as October 2022, at least nearly two months before fixes were | Malware Vulnerability Threat | ★★ | |
|
2023-01-19 19:50:00 | New Microsoft Azure Vulnerability Uncovered - Experts Warn of RCE Attacks (lien direct) | A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By | Vulnerability | ★★★★★ | |
|
2023-01-17 16:08:00 | Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It\'s Too Late! (lien direct) | Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept (PoC) exploit code. The issue in question is CVE-2022-47966, an unauthenticated remote code execution vulnerability affecting several products due to the use of an outdated third-party dependency, Apache Santuario. "This vulnerability allows an | Vulnerability | ★★ | |
|
2023-01-14 13:41:00 | Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability (lien direct) | A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti (1.2.23 and 1.3.0). The issue in question relates to | Vulnerability | ★★★ | |
|
2023-01-13 15:11:00 | FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations (lien direct) | A zero-day vulnerability in FortiOS SSL-VPN that Fortinet addressed last month was exploited by unknown actors in attacks targeting the government and other large organizations. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or government-related targets," Fortinet researchers said in a post-mortem analysis published this week. The | Vulnerability | ★★★ | |
|
2023-01-12 15:12:00 | Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk (lien direct) | Details have emerged about a now-patched vulnerability in Google Chrome and Chromium-based browsers that, if successfully exploited, could have made it possible to siphon files containing confidential data. "The issue arose from the way the browser interacted with symlinks when processing files and directories," Imperva researcher Ron Masas said. "Specifically, the browser did not properly check | Vulnerability | ★★ | |
|
2023-01-12 15:10:00 | Patch where it Hurts: Effective Vulnerability Management in 2023 (lien direct) | A recently published Security Navigator report data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Good vulnerability management is not about being fast enough in patching all potential breaches. It's about focusing on the real risk using vulnerability prioritization to correct | Vulnerability Patching | ★★★ | |
|
2023-01-12 12:51:00 | Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System (lien direct) | Twitter on Wednesday said that its investigation found "no evidence" that users' data sold online was obtained by exploiting any security vulnerabilities in its systems. "Based on information and intel analyzed to investigate the issue, there is no evidence that the data being sold online was obtained by exploiting a vulnerability of Twitter systems," the company said in a statement. "The data | Vulnerability | ★★★ | |
|
2023-01-12 12:18:00 | Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability (lien direct) | Malicious actors are actively attempting to exploit a recently patched critical vulnerability in Control Web Panel (CWP) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. Tracked as CVE-2022-44877 (CVSS score: 9.8), the bug impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control | Vulnerability | ★★★ | |
|
2023-01-05 13:22:00 | Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities (lien direct) | Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP | Vulnerability Guideline | ★★★ | |
|
2023-01-04 09:58:00 | Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers (lien direct) | Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the | Vulnerability | ★★★ | |
|
2022-12-22 15:39:00 | Two New Security Flaws Reported in Ghost CMS Blogging Software (lien direct) | Cybersecurity researchers have detailed two security flaws in the JavaScript-based blogging platform known as Ghost, one of which could be abused to elevate privileges via specially crafted HTTP requests. Tracked as CVE-2022-41654 (CVSS score: 8.5), the authentication bypass vulnerability that allows unprivileged users (i.e., members) to make unauthorized modifications to newsletter settings. | Vulnerability | ★★★ | |
|
2022-12-20 11:22:00 | Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems (lien direct) | Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic | Vulnerability | ★★ | |
|
2022-12-15 19:12:00 | Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as \'Critical\' (lien direct) | Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO, | Vulnerability | ★★★ | |
|
2022-12-14 10:10:00 | Hackers Actively Exploiting Citrix ADC and Gateway Zero-Day Vulnerability (lien direct) | The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and | Vulnerability Threat | APT 5 | ★★★ |
|
2022-12-14 09:14:00 | New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products (lien direct) | Apple on Tuesday rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browser to address a new zero-day vulnerability that could result in the execution of malicious code. Tracked as CVE-2022-42856, the issue has been described by the tech giant as a type confusion issue in the WebKit browser engine that could be triggered when processing specially crafted content, leading to | Vulnerability Guideline | ★★ | |
|
2022-12-13 23:52:00 | Google Launches Largest Distributed Database of Open Source Vulnerabilities (lien direct) | Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared | Vulnerability | ★★★★ | |
|
2022-12-13 19:28:00 | Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability (lien direct) | A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit | Vulnerability | ★★ | |
|
2022-12-13 09:04:00 | Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability (lien direct) | Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The company said | Vulnerability | ★★★★ | |
|
2022-12-08 13:29:00 | Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers (lien direct) | An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is | Vulnerability Threat Cloud | APT 37 | ★★★ |
|
2022-12-05 16:38:00 | SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars (lien direct) | Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a | Vulnerability | ★★★ | |
|
2022-12-05 13:10:00 | Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems (lien direct) | The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. " | Vulnerability Vulnerability | ★★★ | |
|
2022-12-02 23:41:00 | Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability (lien direct) | Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion | Vulnerability Threat | ★★★ | |
|
2022-12-02 06:29:00 | Researchers Disclose Supply-Chain Flaw Affecting IBM Cloud Databases for PostgreSQL (lien direct) | IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "first-of-its-kind supply-chain attack vector impacting a | Vulnerability | ★★ | |
|
2022-12-02 06:09:00 | Hackers Exploiting Redis Vulnerability to Deploy New Redigo Malware on Servers (lien direct) | A previously undocumented Go-based malware is targeting Redis servers with the goal of taking control of the infected systems and likely building a botnet network. The attacks involve taking advantage of a critical security vulnerability in the open source, in-memory, key-value store that was disclosed earlier this year to deploy Redigo, according to cloud security firm Aqua. | Malware Vulnerability | ★★ | |
|
2022-12-01 17:14:00 | Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework (lien direct) | A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 (CVSS score: 9.8), the shortcoming could be trivially abused by a malicious actor without any privileges. "The vulnerability is found in the Dev UI Config Editor, which is vulnerable to drive-by | Vulnerability | ★★★ | |
|
2022-11-30 19:14:00 | Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection (lien direct) | New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool. npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for | Malware Vulnerability | ★★★ | |
|
2022-11-29 22:09:00 | New Flaw in Acer Laptops Could Let Attackers Disable Secure Boot Protection (lien direct) | Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines. Tracked as CVE-2022-4020, the high-severity vulnerability affects five different models that consist of Aspire A315-22, A115-21, and A315-22G, and Extensa EX215-21 and EX215-21G. The PC maker described the vulnerability as | Vulnerability | ★★★ | |
|
2022-11-29 09:50:00 | CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. | Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
