What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-01-29 10:51:36 | Critical Remote Code Execution Bug Fixed in OpenBSD SMTP Server (lien direct) | A critical vulnerability in the free OpenSMTPD email server present in many Unix-based systems can be exploited to run shell commands with root privileges. [...] | Vulnerability | ||
|
2020-01-28 15:45:02 | (Déjà vu) Google Pays $6.5 Million to Hackers for Reporting Security Bugs (lien direct) | More than $6.5 million were paid to researchers for reporting security bugs through Google's Vulnerability Reward Program (VRP) in 2019, the company said in an announcement published today. [...] | Vulnerability | ||
|
2020-01-28 15:45:02 | Goole Pays $6.5 Million to Hackers for Reporting Security Bugs (lien direct) | More than $6.5 million were paid to researchers for reporting security bugs through Google's Vulnerability Reward Program (VRP) in 2019, the company said in an announcement published today. [...] | Vulnerability | ||
|
2020-01-26 12:35:12 | Microsoft\'s IE Zero-day Fix is Breaking Windows Printing (lien direct) | Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users. [...] | Vulnerability | ||
|
2020-01-26 10:31:32 | Patching the Citrix ADC Bug Doesn\'t Mean You Weren\'t Hacked (lien direct) | Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised [...] | Vulnerability Patching | ||
|
2020-01-21 12:12:23 | Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch (lien direct) | A micropatch implementing Microsoft's workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released. [...] | Vulnerability | ||
|
2020-01-17 18:31:17 | Microsoft Issues Mitigation for Actively Exploited IE Zero-Day (lien direct) | Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer. [...] | Vulnerability | ||
|
2020-01-17 15:14:39 | How Malware Gains Trust by Abusing the Windows CryptoAPI Flaw (lien direct) | The new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This creates trust in the program, which may cause a user to be more willing to execute them. [...] | Malware Vulnerability | ||
|
2020-01-17 13:26:01 | FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw (lien direct) | FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. [...] | Vulnerability | ||
|
2020-01-16 12:59:37 | PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks (lien direct) | Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. [...] | Vulnerability | ||
|
2020-01-11 03:01:00 | Citrix ADC CVE-2019-19781 Exploits Released, Fix Now! (lien direct) | Numerous working exploits for the Citrix ADC (NetScaler) CVE-2019-1978 vulnerability are finally here and have been publicly posted in numerous locations. There is no patch available for this vulnerability, but Citrix has provided mitigations, which should be applied now! [...] | Vulnerability | ||
|
2020-01-08 13:35:16 | Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day (lien direct) | Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical and actively exploited severity vulnerability that could potentially allow attackers to execute code or trigger crashes on machines running vulnerable Firefox versions. [...] | Vulnerability | ||
|
2019-12-16 23:00:00 | Update Intel\'s Rapid Storage App to Fix Bug Letting Malware Evade AV (lien direct) | A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...] | Malware Vulnerability | ||
|
2019-11-21 14:12:44 | Microsoft Outlook for Android Gets Spoofing Vulnerability Fix (lien direct) | Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. [...] | Vulnerability | ||
|
2019-11-20 14:52:51 | Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin (lien direct) | Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1. [...] | Vulnerability | ||
|
2019-11-19 07:30:00 | Android Camera App Bug Lets Apps Record Video Without Permission (lien direct) | A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions. [...] | Vulnerability | ||
|
2019-11-14 11:52:25 | (Déjà vu) Qualcomm Bug Exposes Critical Data on Samsung, LG Phones (lien direct) | Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. [...] | Vulnerability | ||
|
2019-11-14 11:52:25 | Researchers Find Bug in Qualcomm Code for Trusted App (lien direct) | Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. [...] | Vulnerability | ||
|
2019-11-13 03:15:04 | Latest Intel CPUs Affected by New TSX Speculative Attack (lien direct) | A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. [...] | Vulnerability | ||
|
2019-11-12 11:00:00 | McAfee Patches Privilege Escalation Flaw in Antivirus Software (lien direct) | McAfee patched a security vulnerability discovered in all editions of its Antivirus software for Windows and enabling potential attackers to escalate privileges and execute code using SYSTEM privileges. [...] | Vulnerability | ||
|
2019-11-06 03:00:00 | Microsoft Defender ATP Gets Advanced Hunting Capabilities, More (lien direct) | Microsoft announced today that several new Threat & Vulnerability Management (TVM) capabilities will go into public preview for Microsoft Defender ATP customers including vulnerability Assessment (VA) support for Windows Servers, advanced hunting with vulnerability data, and automated analysis of remediation on user impact. [...] | Vulnerability | ||
|
2019-11-02 22:26:55 | (Déjà vu) Windows BlueKeep RDP Attacks Are Here, Infecting with Miners (lien direct) | The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. [...] | Vulnerability | ||
|
2019-11-02 22:26:55 | BlueKeep Remote Code Execution Bug in RDP Exploited En Masse (lien direct) | The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. [...] | Vulnerability | ||
|
2019-10-17 05:30:00 | Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug (lien direct) | Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. [...] | Vulnerability | ||
|
2019-10-14 19:34:46 | (Déjà vu) Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected (lien direct) | A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...] | Vulnerability | ||
|
2019-10-14 19:34:46 | Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected (lien direct) | A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...] | Vulnerability | ||
|
2019-10-12 14:05:06 | Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs (lien direct) | The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.. [...] | Vulnerability | ||
|
2019-10-11 12:11:33 | Windows 10 Update Assistant Vulnerability Needs Manual Fix, Here\'s How (lien direct) | Microsoft has released a new version of the Windows 10 Update Assistant in order to fix a local privilege escalation vulnerability. While there is no imminent threat, the only way to fix this vulnerability is to uninstall the program or download the latest version. [...] | Vulnerability | ★★★ | |
|
2019-10-10 13:34:16 | Apple Software Update Zero-Day Used by BitPaymer Ransomware (lien direct) | Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows. [...] | Ransomware Vulnerability | ||
|
2019-10-10 10:52:52 | HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs (lien direct) | HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges. [...] | Vulnerability | ||
|
2019-10-10 03:16:19 | iTerm2 Patches Critical Vulnerability Active for 7 Years (lien direct) | The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years. [...] | Vulnerability | ||
|
2019-10-01 14:38:06 | Singapore\'s GovTech Launches Vulnerability Disclosure Program (lien direct) | Singapore's Government Technology Agency (GovTech) has launched a new vulnerability disclosure program on HackerOne so researchers can disclose vulnerabilities in government sites. [...] | Vulnerability | ||
|
2019-10-01 02:22:22 | Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs (lien direct) | Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum. [...] | Vulnerability | ||
|
2019-09-30 12:45:55 | New Exim Vulnerability Exposes Servers to DoS Attacks, RCE Risks (lien direct) | A new critical vulnerability in the Exim mail transfer agent (MTA) software was patched to prevent denial of service (DoS) or possibly remote code execution attacks. [...] | Vulnerability | ||
|
2019-09-29 11:11:45 | Cloudflare Now Blocks the vBulletin RCE CVE-2019-16759 Exploit (lien direct) | This week a zero-day vBulletin remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare's service. [...] | Vulnerability | ||
|
2019-09-26 11:25:30 | Cisco Fixes Critical IOx Flaw Allowing Root Access to Guest OS (lien direct) | Cisco has released security updates to address a critical vulnerability in the IOx application environment for Cisco IOS Software that could enable authenticated remote attackers to access the Guest Operating System (Guest OS) as the root user. [...] | Vulnerability | ||
|
2019-09-25 03:34:35 | Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin (lien direct) | Site administrators still using the Rich Reviews plugin for WordPress are easy targets as hackers are currently exploiting an unpatched vulnerability for malvertising campaigns. [...] | Vulnerability | ||
|
2019-09-23 14:15:11 | Microsoft Issues Windows Security Update for 0Day Vulnerability (lien direct) | Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively. [...] | Vulnerability | ||
|
2019-09-20 09:50:00 | Forcepoint Fixes Privilege Escalation Bug in Windows VPN Client (lien direct) | A vulnerability affecting all versions of Forcepoint VPN Client for Windows, save the latest release, can be used to achieve persistence and evade detection. [...] | Vulnerability | ||
|
2019-09-19 03:28:26 | Critical Bug In Harbor Container Registry Gives Admin Access (lien direct) | Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system. [...] | Vulnerability | ||
|
2019-09-16 08:24:36 | Password-Revealing Bug Quickly Fixed in LastPass Extensions (lien direct) | A security vulnerability in the extension of LastPass password manager could have allowed stealing the credentials last used for logging into a website. [...] | Vulnerability | LastPass | |
|
2019-09-06 13:40:03 | Public BlueKeep Exploit Module Released by MetaSploit (lien direct) | A public exploit module for the BlueKeep Windows vulnerability has been added today to the open-source Metasploit penetration testing framework, developed by Rapid7 in collaboration with the open-source community. [...] | Vulnerability | ||
|
2019-09-06 07:12:05 | Critical Exim TLS Flaw Lets Attackers Remotely Execute Commands as Root (lien direct) | The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability present in all versions up to and including 4.92.1, and allowing remote attackers to execute programs with root privileges on all servers that accept TLS connections. [...] | Vulnerability | ||
|
2019-09-04 15:19:02 | Year-Old Samba Bug Allows Access to Forbidden Root Share Paths (lien direct) | For almost a year, threat actors could exploit a vulnerability in Samba software that allowed them to bypass file-sharing permissions and escape outside the share root directory. [...] | Vulnerability Threat | ||
|
2019-08-29 09:03:01 | (Déjà vu) Five More Hackers Become Millionaires on HackerOne (lien direct) | HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. [...] | Vulnerability | ||
|
2019-08-29 09:03:01 | Six More Hackers Become Millionaires on HackerOne (lien direct) | HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. [...] | Vulnerability | ||
|
2019-08-28 20:01:01 | Cisco Fixes Critical Bug in Virtual Service Container for IOS XE (lien direct) | Cisco today published an update for its IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of the software. [...] | Vulnerability | ||
|
2019-08-27 14:53:01 | Check Point Patches Privilege Escalation Flaw in Endpoint Client (lien direct) | Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. [...] | Vulnerability | ||
|
2019-08-22 17:56:03 | Steam Patches LPE Vulnerabilities in Beta Version Update (lien direct) | Almost 48 hours after security researcher Vasily Kravets (PsiDragon) released his proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation, Valve released a beta update that allegedly fixes the bugs. [...] | Vulnerability Guideline | ||
|
2019-08-22 00:53:02 | Bitdefender Fixes Privilege Escalation Bug in Free Antivirus 2020 (lien direct) | A vulnerability in the free version of Bitdefender Antivirus could be exploited by an attacker to get SYSTEM-level permissions, reserved for the most privileged account on a Windows machine. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
