What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-20 12:09:39 | Microsoft partially fixes Windows 7, Server 2008 vulnerability (lien direct) | Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...] | Vulnerability | ||
|
2021-04-12 21:20:56 | Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter (lien direct) | A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. [...] | Vulnerability | ||
|
2021-04-07 15:38:18 | Cisco fixes bug allowing remote code execution with root privileges (lien direct) | Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. [...] | Vulnerability | ||
|
2021-04-07 13:12:19 | New Cring ransomware hits unpatched Fortinet VPN devices (lien direct) | A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [...] | Ransomware Vulnerability | ||
|
2021-04-01 12:58:28 | VMware fixes authentication bypass in data center security software (lien direct) | VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. [...] | Vulnerability | ||
|
2021-03-26 13:58:23 | (Déjà vu) Apple fixes a iOS zero-day vulnerability actively used in attacks (lien direct) | Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] | Vulnerability | ||
|
2021-03-26 13:58:23 | Apple fixes iOS zero-day vulnerability exploited in the wild (lien direct) | Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] | Vulnerability | ||
|
2021-03-25 12:44:46 | OpenSSL fixes severe DoS, certificate validation vulnerabilities (lien direct) | OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450). [...] | Vulnerability | ||
|
2021-03-24 15:52:48 | Microsoft fixes Windows PSExec privilege elevation vulnerability (lien direct) | Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. [...] | Vulnerability | ||
|
2021-03-24 14:08:49 | Cisco addresses critical bug in Windows, macOS Jabber clients (lien direct) | Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [...] | Vulnerability | ||
|
2021-03-22 12:05:13 | Critical code execution vulnerability fixed in Adobe ColdFusion (lien direct) | Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. [...] | Vulnerability | ||
|
2021-03-19 13:09:52 | Critical F5 BIG-IP vulnerability now targeted in ongoing attacks (lien direct) | Cybersecurity firm NCC Group said on Thursday that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. [...] | Vulnerability | ||
|
2021-03-09 19:05:30 | iPhone Call Recorder bug gave acess to other people\'s conversations (lien direct) | An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...] | Vulnerability | ||
|
2021-03-09 09:36:45 | Security bug hunters focus on misconfigured services, earn big rewards (lien direct) | An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...] | Vulnerability | ||
|
2021-03-04 12:09:34 | VMware releases fix for severe View Planner RCE vulnerability (lien direct) | VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...] | Vulnerability | ||
|
2021-03-03 11:39:56 | (Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-03 11:39:56 | Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-02 16:47:08 | Google fixes second actively exploited Chrome zero-day bug this year (lien direct) | Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...] | Vulnerability | ||
|
2021-03-02 00:14:00 | Malicious NPM packages target Amazon, Slack with new dependency attacks (lien direct) | Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [...] | Vulnerability Threat | ||
|
2021-03-01 18:05:05 | Working Windows and Linux Spectre exploits found on VirusTotal (lien direct) | Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [...] | Vulnerability | ||
|
2021-03-01 11:43:07 | NSW Transport agency extorted by ransomware gang after Accellion attack (lien direct) | The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. [...] | Ransomware Data Breach Vulnerability | ||
|
2021-02-24 16:03:58 | Cisco fixes maximum severity MSO auth bypass vulnerability (lien direct) | Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. [...] | Vulnerability | ||
|
2021-02-24 09:01:09 | Ransomware gang extorts jet maker Bombardier after Accellion breach (lien direct) | Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. [...] | Ransomware Data Breach Vulnerability | ||
|
2021-02-24 06:37:08 | Heavily used Node.js package has a code injection vulnerability (lien direct) | The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315. [...] | Vulnerability | ||
|
2021-02-23 14:26:12 | VMware fixes critical RCE bug in all default vCenter installs (lien direct) | VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. [...] | Vulnerability | ||
|
2021-02-20 03:03:03 | SonicWall releases additional update for SMA 100 vulnerability (lien direct) | SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. [...] | Vulnerability | ||
|
2021-02-17 08:58:12 | QNAP patches critical vulnerability in Surveillance Station NAS app (lien direct) | QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. [...] | Vulnerability | ||
|
2021-02-16 12:38:14 | Windows 10 Secure Boot update triggers BitLocker key recovery (lien direct) | Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot. [...] | Vulnerability | ||
|
2021-02-16 09:39:22 | Malvertisers exploited browser zero-day to redirect users to scams (lien direct) | The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. [...] | Vulnerability | ||
|
2021-02-11 14:34:14 | (Déjà vu) Internet Explorer 11 zero-day vulnerability gets unofficial micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 14:34:14 | Internet Explorer 11 zero-day vulnerability gets a free micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 12:55:35 | Singtel, QIMR Berghofer report Accellion-related data breaches (lien direct) | Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...] | Vulnerability | ||
|
2021-02-11 09:00:00 | 12-year-old Windows Defender bug gives hackers admin rights (lien direct) | Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...] | Vulnerability | ||
|
2021-02-10 12:56:34 | Microsoft now forces secure RPC to block Windows ZeroLogon attacks (lien direct) | Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...] | Vulnerability | ||
|
2021-02-09 19:07:10 | Apple fixes SUDO root privilege escalation flaw in macOS (lien direct) | Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...] | Vulnerability | ||
|
2021-02-09 12:30:24 | Adobe fixes critical Reader vulnerability exploited in the wild (lien direct) | Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...] | Vulnerability | ||
|
2021-02-08 15:05:54 | Critical vulnerability fixed in WordPress plugin with 800K installs (lien direct) | The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...] | Vulnerability | ||
|
2021-02-08 14:10:42 | Cyberpunk 2077 bug fixed that let malicious mods take over PCs (lien direct) | CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. [...] | Vulnerability | ||
|
2021-02-04 15:10:47 | Google fixes Chrome zero-day actively exploited in the wild (lien direct) | Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. [...] | Vulnerability | ||
|
2021-02-04 12:07:46 | Hacking group also used an IE zero-day against security researchers (lien direct) | An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. [...] | Vulnerability | ||
|
2021-02-03 15:28:42 | SonicWall fixes actively exploited SMA 100 zero-day vulnerability (lien direct) | SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances. [...] | Vulnerability | ★★★ | |
|
2021-02-01 12:37:18 | SonicWall SMA 100 zero-day exploit actively used in the wild (lien direct) | A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. [...] | Vulnerability | ||
|
2021-01-29 03:33:33 | Windows Installer zero-day vulnerability gets free micropatch (lien direct) | A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. [...] | Vulnerability | ||
|
2021-01-28 14:47:45 | Microsoft: DPRK hackers \'likely\' hit researchers with Chrome exploit (lien direct) | Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...] | Vulnerability Medical | APT 38 | |
|
2021-01-27 05:05:05 | Here\'s how a researcher broke into Microsoft VS Code\'s GitHub (lien direct) | This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository. [...] | Vulnerability | ||
|
2021-01-25 22:01:20 | North Korean hackers are targeting security researchers with malware, 0-days (lien direct) | A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. [...] | Vulnerability | ||
|
2021-01-23 12:14:25 | SonicWall firewall maker hacked using zero-day in its VPN device (lien direct) | Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. [...] | Vulnerability Threat | ||
|
2021-01-22 09:07:12 | Drupal releases fix for critical vulnerability with known exploits (lien direct) | Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. [...] | Vulnerability | ||
|
2021-01-20 02:00:00 | List of DNSpooq vulnerability advisories, patches, and updates (lien direct) | Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities. [...] | Vulnerability | ||
|
2021-01-15 05:05:05 | Undisclosed Apache Velocity XSS vulnerability impacts GOV sites (lien direct) | An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
