What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-08-21 15:28:05 | (Déjà vu) Second Steam Zero-Day Impacts Over 96 Million Windows Users (lien direct) | A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets. [...] | Vulnerability | ||
|
2019-08-20 12:51:05 | Microsoft Patches Vulnerable Android Remote Desktop App (lien direct) | Microsoft updated the security advisory for an information disclosure vulnerability that previously impacted only Windows Remote Desktop Protocol clients to also include the Microsoft Remote Desktop for Android app. [...] | Vulnerability | ||
|
2019-08-19 14:16:04 | iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug (lien direct) | iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2. [...] | Vulnerability | ||
|
2019-08-16 17:37:02 | Steam Security Saga Continues with Vulnerability Fix Bypass (lien direct) | A bypass for a recent Steam vulnerability that could allow malware or a local attacker to gain admin privileges has been disclosed on Twitter. This new method allows an attacker to bypass the fix created by Steam and exploit the vulnerability again. [...] | Malware Vulnerability | ||
|
2019-08-16 16:08:02 | Mozilla Firefox Bug Let Third-Parties Access Saved Passwords (lien direct) | Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser's built-in Save Logins database even when protected with a master password. [...] | Vulnerability | ||
|
2019-08-15 05:10:03 | Trend Micro Fixes Privilege Escalation Bug in Password Manager (lien direct) | A vulnerability in Trend Micro's Password Manager could be exploited to run programs with the permissions of the most privileged account on a Windows system. [...] | Vulnerability | ||
|
2019-08-13 17:18:02 | (Déjà vu) New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic (lien direct) | A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. [...] | Vulnerability | ||
|
2019-08-13 17:18:02 | New Bluetooth KNOB Flaw Lets Attackers Manipulate Connections (lien direct) | A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. [...] | Vulnerability | ||
|
2019-08-13 04:33:03 | HVACking: Remotely Exploiting Bugs in Building Control Systems (lien direct) | Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments. [...] | Vulnerability | ||
|
2019-08-12 15:48:00 | (Déjà vu) Steam Security Vulnerability Fixed, Researchers Don\'t Agree (lien direct) | Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored. [...] | Vulnerability | ||
|
2019-08-09 17:39:04 | KDE Vulnerability Fixed By Removing Shell Command Support (lien direct) | A code execution vulnerability in the KDE desktop manager has been resolved by removing support for shell commands in the KConfig configuration system. [...] | Vulnerability | ||
|
2019-08-08 17:13:01 | Steam Zero-Day Vulnerability Affects Over 100 Million Users (lien direct) | [...] | Vulnerability | ||
|
2019-08-08 16:13:01 | Avaya VoIP Phones Harbored 10-year Old Vulnerability (lien direct) | A vulnerability leading to remote code execution survived for 10 years in some Avaya VoIP phones, used by 90% of the Fortune 100 companies. [...] | Vulnerability Guideline | ||
|
2019-08-07 19:00:00 | Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V (lien direct) | A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be used to escape virtual machines running on Hyper-V, the virtualization technology in Azure and Windows 10. [...] | Vulnerability | ||
|
2019-08-06 14:15:04 | SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS (lien direct) | Both Microsoft and Redhat have released advisories about a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system. [...] | Vulnerability | ||
|
2019-08-06 14:15:04 | Microsoft Secretly Fixed a New Speculative Vulnerability in Intel CPUs (lien direct) | During the July 2019 Patch Tuesday security updates, Microsoft secretly patched a new variant of the Spectre 1 speculative execution side channel vulnerabilities that allowed information disclosure in Windows. [...] | Vulnerability | ||
|
2019-08-06 12:29:00 | Zero-Day Bug in KDE 4/5 Executes Commands by Opening a Folder (lien direct) | An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder. [...] | Vulnerability | ||
|
2019-07-30 12:41:02 | OXID eShop Used by Mercedes Fixes Remote Takeover Security Bug (lien direct) | OXID e-commerce platform today released an update for its software fixing a remote takeover vulnerability that can be exploited without authentication. [...] | Vulnerability | ||
|
2019-07-24 20:13:03 | Keep Calm, Carry On. VLC Not Affected by Critical Vulnerability (lien direct) | A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago. [...] | Vulnerability | ||
|
2019-07-22 18:31:05 | Hackers Exploit Recent WordPress Plugin Bugs for Malvertising (lien direct) | An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's Defiant Threat Intelligence team. [...] | Vulnerability Threat | ||
|
2019-07-22 15:45:03 | ProFTPD Vulnerability Lets Users Copy Files Without Permission (lien direct) | Under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks after successful exploitation of an arbitrary file copy vulnerability in the mod_copy module. [...] | Vulnerability | ||
|
2019-07-19 00:01:00 | Over 8,500 Google Chrome Bug Reports, Larger Rewards in Store (lien direct) | Nine years and more than 8,500 security bug reports later, Google decided to increase the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program. [...] | Vulnerability | ||
|
2019-07-17 17:56:04 | Drupal Patches Critical Bug That Lets Hackers Take Over Sites (lien direct) | The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS' core component that could allow attackers to take control of impacted sites. [...] | Vulnerability | ||
|
2019-07-17 03:33:03 | Cracked Tesla 3 Windshield Leads to $10,000 Bug Bounty (lien direct) | Tesla paid a large bug bounty for a cross-site scripting (XSS) vulnerability in one of its backend apps that allowed gleaning vital statistics about a vehicle. [...] | Vulnerability | Tesla | |
|
2019-07-16 16:47:04 | Microsoft Patches PowerShell Core Security Bug to Fix WDAC Bypass (lien direct) | Microsoft has released new versions of PowerShell Core to fix a vulnerability that allows a local attacker to bypass Windows Defender Application Control (WDAC) enforcements. This could allow the attacker to execute untrusted programs even with WDAC enabled. [...] | Vulnerability | ||
|
2019-07-11 03:04:00 | Jira Server and Data Center Update Patches Critical Vulnerability (lien direct) | Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011. [...] | Vulnerability | ||
|
2019-07-10 04:56:04 | Intel Fixes Priv Escalation Vulnerability in Enterprise SSD (lien direct) | Intel today released security updates for two of its products, to fix vulnerabilities that could lead to privilege escalation, denial of service, and information disclosure. [...] | Vulnerability Guideline | ||
|
2019-07-09 16:45:00 | Bug in Anesthesia Machines Allows Changing Gas Mix Levels (lien direct) | A vulnerability in the firmware of some anesthesia machines used in hospitals could be abused to change normal functionality up to the point of adjusting the level of inhalational substances. [...] | Vulnerability | ||
|
2019-07-04 03:04:00 | Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges (lien direct) | Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions. [...] | Ransomware Vulnerability | ||
|
2019-07-03 15:31:02 | Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) | US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] | Malware Vulnerability | APT33 APT 33 | |
|
2019-06-22 10:45:02 | Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox (lien direct) | Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. [...] | Vulnerability | ||
|
2019-06-21 12:34:05 | BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks (lien direct) | The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue. [...] | Vulnerability Patching | ||
|
2019-06-20 14:05:03 | Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day (lien direct) | Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. [...] | Vulnerability | ||
|
2019-06-20 05:36:04 | Samba Vulnerability Can Crash Active Directory Components (lien direct) | A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of accessing directory, application, and server services. [...] | Vulnerability | ||
|
2019-06-20 00:30:01 | Tor Browser 8.5.2 Released to Fix Critical Vulnerability (lien direct) | Tor Browser 8.5.2 has been released to fix a critical vulnerability in Firefox that was fixed by Mozilla this week. It is strongly advised that all Tor users install this update as soon as possible. [...] | Vulnerability | ||
|
2019-06-19 07:46:02 | Oracle Fixes Critical Bug in WebLogic Server Web Services (lien direct) | Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. [...] | Vulnerability | ||
|
2019-06-18 15:58:02 | Mozilla Firefox 67.0.3 Patches Actively Exploited Zero-Day (lien direct) | Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to patch an actively exploited and critical severity vulnerability which could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions. [...] | Vulnerability | ||
|
2019-06-11 20:10:03 | Bad Cert Vulnerability Can Bring Down Any Windows Server (lien direct) | A Google security expert today revealed that an unpatched issue in the main cryptographic library in Microsoft's operating system can cause a denial-of-service (DoS) condition on Windows 8 servers and above. [...] | Vulnerability | ||
|
2019-06-11 05:30:00 | Finding Windows Systems Affected by BlueKeep Remote Desktop Bug (lien direct) | Researchers have created tools and scripts that can be used to find Windows machines vulnerable to the BlueKeep vulnerability so that they can be patched. In this article we discuss two of these tools. [...] | Vulnerability | ||
|
2019-06-07 12:08:03 | New Windows 10 Zero-Day Bug Emerges From Bypassing Patched Flaw (lien direct) | Demo exploit code and details are now available about a new zero-day vulnerability in Windows 10 that allows elevating the privileges of a normal user to those of an administrator. An attacker can use it to install programs, view, change or delete data. [...] | Vulnerability | ||
|
2019-06-05 00:04:00 | MetaSploit Module Created for BlueKeep Flaw, Private for Now (lien direct) | A researcher has created a module for the Metasploit Framework for penetration testing that exploits the critical BlueKeep vulnerability on vulnerable Windows XP, 7, and Server 2008 machines to achieve remote code execution. [...] | Vulnerability | ||
|
2019-06-04 13:06:03 | Remote Desktop Zero-Day Bug Allows Attackers to Hijack Sessions (lien direct) | A new zero-day vulnerability has been disclosed that could allow attackers to hijack existing Remote Desktop Services sessions in order to gain access to a computer. [...] | Vulnerability | ||
|
2019-05-31 12:23:03 | Zero-Day Flaw in Windows 10 Task Scheduler Gets Micropatch (lien direct) | An unpatched local privilege escalation zero-day vulnerability in Windows 10 received a temporary patch today. The fix is delivered through the 0patch platform and can be applied on systems without rebooting them.. [...] | Vulnerability | ||
|
2019-05-31 09:00:00 | Microsoft Warns Users Again to Patch Wormable BlueKeep Flaw (lien direct) | Microsoft issued a second warning for users of older Windows releases to patch their systems to block potential attackers from abusing the critical Remote Desktop Services (RDS) remote code execution vulnerability dubbed BlueKeep. [...] | Vulnerability | ||
|
2019-05-30 03:16:00 | Convert Plus Plugin Flaw Lets Attackers Become a Wordpress Admin (lien direct) | A critical vulnerability in Convert Plus, a commercial plugin for WordPress websites estimated to have 100,000 active installations, allows an unauthenticated attacker to create accounts with administrator privileges. [...] | Vulnerability | ||
|
2019-05-25 04:30:05 | New unpatched macOS Gatekeeper Bypass Published Online (lien direct) | Details have been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) and below that allows a hacker to execute arbitrary code without user interaction. [...] | Vulnerability | ||
|
2019-05-25 04:30:05 | macOS Unpatched for Executing Untrusted Code off the Network (lien direct) | Proof-of-concept code has been released for an unpatched vulnerability in macOS 10.14.5 (Mojave) that allows a hacker to execute arbitrary code without user interaction. [...] | Vulnerability | ||
|
2019-05-23 03:30:00 | PoC Exploits Released for Two More Windows Vulnerabilities (lien direct) | Right on the heels of a privilege escalation zero-day vulnerability for Windows 10 released yesterday, the same researcher has released two more zero-day vulnerabilities [...] | Vulnerability | ||
|
2019-05-22 10:14:04 | Researchers Demo PoC For Remote Desktop BlueKeep RCE Exploit (lien direct) | A proof-of-concept remote code execution (RCE) exploit for the wormable BlueKeep vulnerability tracked as CVE-2019-0708 has been demoed by security researchers from McAfee Labs. [...] | Vulnerability | ||
|
2019-05-20 21:44:00 | BlueKeep Remote Desktop Exploits Are Coming, Patch Now! (lien direct) | Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
