What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-03 13:42:37 | F5 patches critical BIG-IP ADC remote code execution vulnerability (lien direct) | F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). [...] | Vulnerability | ||
|
2020-06-29 12:16:15 | Palo Alto Networks patches critical vulnerability in firewall OS (lien direct) | Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. [...] | Vulnerability | ||
|
2020-06-25 06:45:00 | List of Ripple20 vulnerability advisories, patches, and updates (lien direct) | The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. [...] | Vulnerability | ||
|
2020-06-24 13:30:00 | VMware fixes critical vulnerability in Workstation and Fusion (lien direct) | VMware released security updates to fix multiple vulnerabilities in VMware ESXi, Workstation, and Fusion, with one of them being a critical bug in default configurations of Workstation and Fusion having 3D graphics enabled. [...] | Vulnerability | ||
|
2020-06-10 10:56:13 | New Windows 10 SMBv3 flaw can be used for data theft, RCE attacks (lien direct) | A new security vulnerability was found in the compression mechanism of the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol used by multiple versions of Windows 10 and Windows Server. [...] | Vulnerability | ||
|
2020-06-09 16:18:37 | Windows Group Policy flaw lets attackers gain admin privileges (lien direct) | Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008. [...] | Vulnerability | ||
|
2020-06-08 18:47:18 | CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans (lien direct) | A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks. [...] | Vulnerability | ||
|
2020-06-05 13:47:00 | Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit (lien direct) | Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1). [...] | Vulnerability | ||
|
2020-06-01 10:36:40 | "Sign in with Apple" vulnerability earns researcher $100,000 (lien direct) | Remember seeing that slick "Sign in with Apple" button across many websites and apps? It turns out that a vulnerability allowed attackers to log in to sites using any Apple ID. [...] | Vulnerability | ||
|
2020-05-28 13:13:04 | Microsoft IIS servers hacked by Blue Mockingbird to mine Monero (lien direct) | This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines. [...] | Vulnerability | ||
|
2020-05-26 13:47:41 | Critical Android bug lets malicious apps hide in plain sight (lien direct) | A critical Android security vulnerability disclosed today and dubbed StrandHogg 2.0 can allow malicious apps to camouflage as most legitimate applications and steal sensitive information from Android users. [...] | Vulnerability | ||
|
2020-05-22 13:10:32 | Docker fixes Windows client bug letting programs run as SYSTEM (lien direct) | Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. [...] | Vulnerability | ||
|
2020-05-20 12:20:00 | Microsoft issues mitigation for the NXNSAttack DNS DDoS attack (lien direct) | Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers. [...] | Vulnerability | ||
|
2020-04-30 15:53:46 | Ninja Forms WordPress plugin patch prevents takeover of 1M sites (lien direct) | The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin. [...] | Vulnerability | ||
|
2020-04-26 15:43:44 | Hackers exploit zero-day in Sophos XG Firewall, fix released (lien direct) | Sophos has fixed a zero-day SQL injection vulnerability in their XG Firewall after receiving reports that hackers actively exploited it in attacks. [...] | Vulnerability | ||
|
2020-04-22 11:01:44 | Window 10 update weakened Google Chrome\'s security (lien direct) | A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019. [...] | Vulnerability | ||
|
2020-04-21 13:31:20 | Researcher discloses four IBM zero-days after refusal to fix (lien direct) | Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. [...] | Vulnerability | ||
|
2020-04-20 14:04:42 | Windows 10 SMBGhost RCE exploit demoed by researchers (lien direct) | A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. [...] | Vulnerability | ||
|
2020-04-18 10:00:00 | US govt: Hacker used stolen AD credentials to ransom hospitals (lien direct) | Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers. [...] | Ransomware Vulnerability | ||
|
2020-04-15 16:15:18 | Exploit for Zoom Windows zero-day being sold for $500,000 (lien direct) | An exploit for a zero-day remote code execution vulnerability affecting the Zoom Windows client is currently being sold for $500,000, together with one designed to abused a bug in the video conferencing platform's macOS client. [...] | Vulnerability | ||
|
2020-04-15 13:40:08 | Microsoft Office security updates may break VBA programs, how to fix (lien direct) | Microsoft says that some VBA programs might break after installing the security updates for the CVE-2020-0760 Microsoft Office remote code execution vulnerability released as part of the April 2020 Patch Tuesday. [...] | Vulnerability | ||
|
2020-04-14 14:06:00 | (Déjà vu) Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws (lien direct) | With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low. Three of these vulnerability are classified as zero-days as they were publicly disclosed or exploited. [...] | Vulnerability | ||
|
2020-04-14 14:06:00 | Microsoft April 2020 Patch Tuesday fixes 4 zero-days, 15 critical flaws (lien direct) | With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low. Four of these vulnerability are classified as zero-days as they were publicly disclosed or exploited. [...] | Vulnerability | ||
|
2020-04-10 14:09:50 | VMWare releases fix for critical vCenter Server vulnerability (lien direct) | VMware released a security update that fixes a critical vulnerability in the vCenter Server virtual infrastructure management platform that could allow attackers to gain access to sensitive information and potentially take control of affected virtual appliances or Windows systems. [...] | Vulnerability | ||
|
2020-04-06 17:36:09 | 80% of all exposed Exchange servers still unpatched for critical flaw (lien direct) | More than 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven't yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions. [...] | Vulnerability | ||
|
2020-03-31 12:27:24 | Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins (lien direct) | A critical privilege escalation vulnerability found in the Rank Math WordPress SEO plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched. [...] | Vulnerability | ||
|
2020-03-26 13:54:53 | Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic (lien direct) | A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses. [...] | Vulnerability Guideline | ||
|
2020-03-24 12:50:12 | Adobe Fixes Critical Vulnerability in Creative Cloud Application (lien direct) | Adobe has released a security update for its Creative Cloud Desktop Application to fix a vulnerability that could allow attackers to delete files on a vulnerable computer. [...] | Vulnerability | ||
|
2020-03-19 10:32:40 | Critical RCE Bug in Windows 7 and Server 2008 Gets Micropatch (lien direct) | A micropatch fixing a remote code execution (RCE) vulnerability in the Windows Graphics Device Interface (GDI) is now available through the 0patch platform for Windows 7 and Server 2008 R2 users not enrolled in Microsoft's Extended Security Updates (ESU) service. [...] | Vulnerability | ||
|
2020-03-13 12:18:59 | VMWare Releases Fix for Critical Guest-to-Host Vulnerability (lien direct) | A security update has been released that fixes a Critical vulnerability in VMware Workstation Pro that could allow an application running in a guest environment to execute a command on the host. [...] | Vulnerability | ||
|
2020-03-12 11:43:00 | Microsoft Releases KB4551762 Security Update for SMBv3 Vulnerability (lien direct) | Microsoft released a Windows 10 security update to patch the pre-auth RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3), two days after details regarding the flaw were leaked as part of the March 2020 Patch Tuesday. [...] | Vulnerability | ★★★★★ | |
|
2020-03-10 17:18:00 | Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw (lien direct) | Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday. [...] | Vulnerability | ||
|
2020-03-10 13:00:00 | New LVI Intel CPU Data Theft Vulnerability Requires Hardware Fix (lien direct) | A novel class of attack techniques against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data according to researchers. [...] | Vulnerability Threat | ||
|
2020-03-09 17:08:39 | NSA Warns About Microsoft Exchange Flaw as Attacks Start (lien direct) | The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency's Twitter account. [...] | Vulnerability | ||
|
2020-03-06 18:03:56 | Zoho Fixes No-Auth RCE Zero-Day in ManageEngine Desktop Central (lien direct) | Web-based office suite and SaaS services provider Zoho released a security update to fix a remote code execution vulnerability found in its ManageEngine Desktop Central endpoint management solution. [...] | Vulnerability | ||
|
2020-03-04 09:00:00 | Zero-Day Bug Allowed Attackers to Register Malicious Domains (lien direct) | A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean could have allowed attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations. [...] | Vulnerability | APT 32 | |
|
2020-03-02 13:07:53 | Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now (lien direct) | Ongoing scans for Apache Tomcat servers unpatched against the Ghostcat vulnerability that allows potential attackers to take over servers have been detected over the weekend. [...] | Vulnerability | ||
|
2020-02-27 09:59:42 | (Déjà vu) Cisco Working on Patches for New Kr00k WiFi Vulnerability (lien direct) | Cisco today announced that it is working to patch multiple products that are affected by the recently disclosed Kr00k vulnerability in WiFi chips from Broadcom and Cypress. [...] | Vulnerability | ||
|
2020-02-27 09:59:42 | Cisco Working on Patches for New Kr00k WiFi Vulnerabilities (lien direct) | Cisco today announced that it is working to patch multiple products that are affected by the recently disclosed Kr00k vulnerability in WiFi chips from Broadcom and Cypress. [...] | Vulnerability | ||
|
2020-02-26 15:00:31 | Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now! (lien direct) | Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago. [...] | Vulnerability | ||
|
2020-02-26 10:00:00 | Kr00k Bug in Broadcom, Cypress WiFi Chips Leaks Sensitive Info (lien direct) | A vulnerability in some popular WiFi chips present in client devices, routers, and access points, can be leveraged to partially decrypt user communication and expose data in wireless network packets. [...] | Vulnerability | ||
|
2020-02-25 05:49:23 | New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros (lien direct) | Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. [...] | Vulnerability | ||
|
2020-02-21 21:55:57 | (Déjà vu) Windows 10 Gets Temp Fix for Critical Security Vulnerability (lien direct) | Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it. [...] | Vulnerability | ||
|
2020-02-20 07:00:00 | Tesla Pays $10K for Microsoft SQL Server Reporting Services Bug (lien direct) | Tesla paid a $10,000 bounty for a vulnerability in Microsoft SQL Server Reporting Services (SSRS) that had received a patch five days before getting the bug submission. [...] | Vulnerability | ||
|
2020-02-19 17:24:12 | Microsoft Adds Enterprise Windows 10 Tamper Protection Controls (lien direct) | Microsoft announced today that support for the Windows 10 Tamper Protection feature has been added to Microsoft Defender ATP Threat & Vulnerability Management for additional info on exposed machines in their organization. [...] | Vulnerability Threat | ||
|
2020-02-19 12:01:05 | Zero-Day in WordPress Plugin Exploited to Create Admin Accounts (lien direct) | A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website. [...] | Vulnerability | ||
|
2020-02-11 14:01:16 | Microsoft Patches Actively Exploited Internet Explorer Zero-Day (lien direct) | Microsoft released security updates to patch an actively exploited zero-day remote code execution (RCE) vulnerability impacting multiple versions of Internet Explorer. [...] | Vulnerability | ||
|
2020-02-06 19:44:10 | Critical Android Bluetooth Flaw Exploitable without User Interaction (lien direct) | Android users are urged to apply the latest security patches released for the operating system on Monday that address a critical vulnerability in the Bluetooth subsystem. [...] | Vulnerability | ||
|
2020-02-04 18:48:51 | Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows (lien direct) | Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems. [...] | Vulnerability | ||
|
2020-02-04 12:57:00 | WhatsApp Bug Allowed Attackers to Access the Local File System (lien direct) | Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user's local file system, on both macOS and Windows platforms. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
