What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-13 11:24:33 | Microsoft fixes Secure Boot bug allowing Windows rootkit installation (lien direct) | Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. [...] | Vulnerability | ★★★ | |
|
2021-01-12 13:38:05 | Microsoft patches Defender antivirus zero-day exploited in the wild (lien direct) | Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released. [...] | Vulnerability Threat | ||
|
2021-01-12 12:28:43 | New Zealand Reserve Bank breached using bug patched on Xmas Eve (lien direct) | A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. [...] | Data Breach Vulnerability | ||
|
2021-01-11 10:46:29 | Typeform fixes Zendesk Sell form data hijacking vulnerability (lien direct) | Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves. [...] | Vulnerability | ||
|
2021-01-11 01:52:09 | United Nations data breach exposed over 100k UNEP staff records (lien direct) | This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. [...] | Data Breach Vulnerability | ||
|
2021-01-07 15:41:12 | Windows PsExec zero-day vulnerability gets a free micropatch (lien direct) | A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. [...] | Tool Vulnerability | ||
|
2021-01-04 11:05:07 | Zend Framework remote code execution vulnerability revealed (lien direct) | An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007. [...] | Vulnerability | ||
|
2020-12-24 08:20:00 | Hacker earns $2 million in bug bounties on HackerOne (lien direct) | Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. [...] | Vulnerability | ||
|
2020-12-23 14:57:27 | Windows zero-day with bad patch gets new public exploit code (lien direct) | Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick. [...] | Vulnerability | ||
|
2020-12-19 13:01:01 | Gitpaste-12 worm botnet returns with 30+ vulnerability exploits (lien direct) | Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | (Déjà vu) Bouncy Castle crypto authentication bypass vulnerability revealed (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | (Déjà vu) Bouncy Castle fixes crypto API authentication bypass flaw (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | Bouncy Castle fixes cryptography API authentication bypass flaw (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 10:52:41 | WordPress plugin with 5 million installs has a critical vulnerability (lien direct) | The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there. [...] | Vulnerability | ||
|
2020-12-15 11:18:48 | Pandemic year increases bug bounties and report submissions (lien direct) | Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump. [...] | Vulnerability | ||
|
2020-12-10 16:17:18 | Sophos fixes SQL injection vulnerability in their Cyberoam OS (lien direct) | Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. [...] | Vulnerability | ||
|
2020-12-10 12:08:50 | Windows Kerberos Bronze Bit attack gets public exploit, patch now (lien direct) | Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft. [...] | Vulnerability | ||
|
2020-12-10 11:00:00 | Cisco fixes new Jabber for Windows critical code execution bug (lien direct) | Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. [...] | Vulnerability Patching | ||
|
2020-12-09 12:25:53 | DHS-CISA urges admins to patch OpenSSL DoS vulnerability (lien direct) | This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately. [...] | Vulnerability | ||
|
2020-12-09 08:25:38 | Microsoft fixes new Windows Kerberos security bug in staged rollout (lien direct) | Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. [...] | Vulnerability | ||
|
2020-12-08 13:58:20 | Microsoft issues guidance for DNS cache poisoning vulnerability (lien direct) | Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. [...] | Vulnerability | ||
|
2020-12-08 13:37:31 | Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities (lien direct) | Today is Microsoft's December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them. As part of this Patch Tuesday, Microsoft fixed 58 security vulnerabilities and release a DNS cache poisoning vulnerability advisory. [...] | Vulnerability | ||
|
2020-12-08 12:00:00 | Severe MDHexRay bug affects 100+ GE Healthcare imaging systems (lien direct) | A vulnerability in GE Healthcare's proprietary management software used for medical imaging devices could put patients' health privacy at risk, potentially their lives. [...] | Vulnerability | ||
|
2020-12-08 09:20:00 | All Kubernetes versions affected by unpatched MiTM vulnerability (lien direct) | The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. [...] | Vulnerability | Uber | |
|
2020-12-08 09:02:55 | D-Link VPN routers get patch for remote command injection bugs (lien direct) | An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. [...] | Vulnerability | ||
|
2020-12-07 10:03:52 | NSA: Russian state hackers exploit new VMware vulnerability to steal data (lien direct) | The National Security Agency (NSA) warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. [...] | Vulnerability Threat | ||
|
2020-12-04 07:45:13 | VMware fixes zero-day vulnerability reported by the NSA (lien direct) | VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. [...] | Vulnerability | ||
|
2020-12-03 06:00:00 | (Déjà vu) Android apps with 200 million installs vulnerable to security bug (lien direct) | Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. [...] | Vulnerability | ||
|
2020-12-03 06:00:00 | Android apps with 250M downloads still vulnerable to patched bug (lien direct) | Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. [...] | Vulnerability | ||
|
2020-12-01 11:30:24 | Critical Oracle WebLogic flaw actively exploited by DarkIRC malware (lien direct) | A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. [...] | Malware Vulnerability | ||
|
2020-11-27 12:31:16 | Drupal issues emergency fix for critical bug with known exploits (lien direct) | Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions. [...] | Vulnerability | ||
|
2020-08-05 11:13:26 | Twitter for Android vulnerability gave access to direct messages (lien direct) | Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. [...] | Vulnerability | ||
|
2020-08-03 15:36:28 | Newsletter plugin bugs let hackers inject backdoors on 300K sites (lien direct) | Owners of WordPress sites who use the Newsletter plugin are advised to update their installations to block attacks that could use a fixed vulnerability allowing hackers to inject backdoors, create rogue admins, and potentially take over their websites. [...] | Vulnerability | ||
|
2020-07-30 19:01:56 | KDE archive tool flaw let hackers take over Linux accounts (lien direct) | A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...] | Tool Vulnerability | ||
|
2020-07-29 13:00:00 | BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows (lien direct) | A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...] | Malware Vulnerability Threat | ||
|
2020-07-24 15:29:03 | US govt confirms active exploitation of F5 BIG-IP RCE flaw (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today published a warning regarding the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. [...] | Vulnerability | ||
|
2020-07-24 11:16:44 | (Déjà vu) Cisco patches ASA/FTD firewall flaw actively exploited by hackers (lien direct) | Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. [...] | Vulnerability | ||
|
2020-07-24 11:16:44 | Cisco patches actively exploited ASA/FTD firewall vulnerability (lien direct) | Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. [...] | Vulnerability | ||
|
2020-07-22 11:33:21 | Critical SharePoint flaw dissected, RCE details now available (lien direct) | Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. [...] | Vulnerability | ||
|
2020-07-19 16:43:33 | Critical SIGred Windows DNS bug gets micropatch after PoCs released (lien direct) | The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. [...] | Vulnerability | ||
|
2020-07-16 16:14:50 | Federal agencies told to patch wormable Windows DNS bug in 24 hours (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) today asked all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours. [...] | Vulnerability | ||
|
2020-07-14 14:14:32 | Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical! (lien direct) | Today is Microsoft's July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why! With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products. [...] | Vulnerability | ||
|
2020-07-14 14:10:42 | Microsoft patches critical wormable SigRed bug in Windows DNS Server (lien direct) | A critical vulnerability that's been sitting in Microsoft's Windows DNS Server for almost two decades could be exploited to gain Domain Administrator privileges and compromise the entire corporate infrastructure behind it. [...] | Vulnerability | ||
|
2020-07-13 22:21:10 | (Déjà vu) Critical SAP Recon flaw exposes thousands of customers to attacks (lien direct) | SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] | Vulnerability | ||
|
2020-07-13 22:21:10 | Critical SAP Recon flaw exposes thousands of systems to attacks (lien direct) | SAP patched a critical vulnerability affecting over 40,000 systems and found in the SAP NetWeaver Java versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] | Vulnerability | ||
|
2020-07-08 17:18:03 | Palo Alto Networks fixes another severe flaw in PAN-OS devices (lien direct) | Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. [...] | Vulnerability | ||
|
2020-07-08 11:35:46 | NVIDIA fixes code execution bug in GeForce Experience software (lien direct) | NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems. [...] | Vulnerability | ||
|
2020-07-05 16:44:43 | PoC exploits released for F5 BIG-IP vulnerabilities, patch now! (lien direct) | Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices. [...] | Vulnerability | ||
|
2020-07-05 12:30:50 | .NET Core vulnerability lets attackers evade malware detection (lien direct) | A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software. [...] | Malware Vulnerability | ||
|
2020-07-03 13:42:37 | (Déjà vu) US Cyber Command urges F5 customers to patch critical BIG-IP flaw (lien direct) | F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
