What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-16 11:08:01 | Bug in WordPress Live Chat Plugin Lets Hackers Inject Scripts (lien direct) | Site admins using WP Live Chat Support for Wordpress are advised to update the plugin to the latest version to close a persistent cross-site scripting (XSS) vulnerability that can be abused without authentication. [...] | Vulnerability | ||
|
2019-05-15 14:32:04 | Google Discloses Bluetooth Flaw in Titan Security Key, Issues Recall (lien direct) | Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys' Bluetooth pairing protocols." [...] | Vulnerability | ||
|
2019-05-14 20:57:01 | List of MDS Speculative Execution Vulnerability Advisories & Updates (lien direct) | Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad. These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers. [...] | Vulnerability | ||
|
2019-05-13 15:20:02 | Linksys Smart Wi-Fi Routers Leak Info of Connected Devices (lien direct) | More than 25,000 Linksys Smart Wi-Fi routers are currently impacted by an information disclosure vulnerability which allows remote and unauthenticated access to a vast array of sensitive device information. [...] | Vulnerability | ||
|
2019-05-13 08:58:03 | Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution (lien direct) | Linux machines running distributions powered by kernels prior to 5.0.8 are affected by a race condition vulnerability leading to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks. [...] | Vulnerability Guideline | ||
|
2019-05-08 19:59:01 | Bug in Alpine Linux Docker Image Leaves Root Account Unlocked (lien direct) | A security vulnerability in the Official Docker images based on the Alpine Linux distribution allowed for more than three years logging into the root account using a blank password. [...] | Vulnerability | ||
|
2019-05-07 17:10:01 | Cisco Fixes Critical Vulnerability in Elastic Services Controller (lien direct) | Cisco today released security updates for a critical vulnerability affecting its Elastic Services Controller (ESC). An unauthenticated, remote attacker could exploit the flaw on deployments that have REST API enabled. [...] | Vulnerability | ||
|
2019-04-26 18:07:04 | The Week in Ransomware - April 26th 2019 - Targeting the Enterprise (lien direct) | This week the biggest news is that MalwareHunterTeam was able to get a sample of the RobbinHood ransomware that targets the enterprise so that it could be analyzed. The other big news is that attackers are hacking into Confluence servers using a recently released vulnerability to install the GandCrab ransomware, miners, and Trojans. [...] | Ransomware Vulnerability | ||
|
2019-04-26 17:06:00 | Old Vulnerabilities Are Still Good Tricks for Today\'s Attacks (lien direct) | The value of a security vulnerability drops significantly the moment it gets patched but the bad guys will keep exploiting it for as long as they can find victims that are worth the effort. [...] | Vulnerability | ||
|
2019-04-10 17:31:03 | Popular Yuzo WordPress Plugin Exploited to Redirect Users to Scams (lien direct) | A vulnerability in the popular WordPress plugin called Yuzo Related Posts is being targeted by attackers to inject JavaScript into the pages of the site. This JavaScript will cause visitors to be redirected to sites displaying scams, including tech support scams, and sites promoting unwanted software such as browser extensions. [...] | Vulnerability | ||
|
2019-04-10 03:35:00 | Demo Exploit Code Available for Privilege Escalation Bug in Windows (lien direct) | Proof-of-concept exploit code for a privilege escalation vulnerability affecting Windows operating system has been published today, soon after Microsoft rolled out its monthly batch of security patches. [...] | Vulnerability | ||
|
2019-04-05 14:23:05 | Year-Old DoS Vulnerability Allows Attacks on Some MikroTik Routers (lien direct) | MikroTik on Thursday published details about an issue that is easy to exploit remotely to cause a denial-of-service (DoS) condition on devices running RouterOS, which is most products from the maker. [...] | Vulnerability | ★★★★★ | |
|
2019-04-04 13:28:05 | Xiaomi Pre-Installed Security App Vulnerable to MiTM Attacks (lien direct) | A vulnerability exposing users to Man-in-the-Middle (MiTM) attacks was patched by Xiaomi in the pre-installed security app Guard Provider after a disclosure report from Check Point Research. [...] | Vulnerability | ||
|
2019-04-03 09:00:03 | Georgia Tech Data Breach Exposes Info for 1.3 Million People (lien direct) | Georgia Tech announced yesterday that a vulnerability in a web application allowed an attacker to gain access to the personal information of up to 1.3 million students, college applications, staff, and faculty members. [...] | Data Breach Vulnerability | ||
|
2019-03-28 17:31:02 | Zero-Day TP-Link SR20 Router Vulnerability Disclosed by Google Dev (lien direct) | TP-Link's SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands as disclosed on Twitter by Google security developer Matthew Garrett. [...] | Vulnerability | ||
|
2019-03-26 16:01:00 | NVIDIA Patches High Severity GeForce Experience Vulnerability (lien direct) | NVIDIA released a security update for the NVIDIA GeForce Experience software for Windows to patch a vulnerability that could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform denial-of-service (DoS) attacks. [...] | Vulnerability | ||
|
2019-03-22 14:12:00 | Zero-Day WordPress Plugin Vulnerability Used to Add Malicious Redirects (lien direct) | WordPress websites using unpatched Social Warfare installations (v3.5.1 and v3.5.2) are exposed to attacks abusing a zero-day stored Cross-Site Scripting (XSS) vulnerability fixed in the 3.5.3 version of the plugin. [...] | Vulnerability | ||
|
2019-03-20 09:43:00 | Google Photos Bug Exposed the Location & Time of Your Pictures (lien direct) | A vulnerability in the web version of Google Photos allowed websites to learn a user's location history based on the images they stored in the account. [...] | Vulnerability | ||
|
2019-03-15 12:13:02 | Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug (lien direct) | A code execution vulnerability in WinRAR generated over a hundred distinct exploits in the first week since its disclosure, and the number of exploits keeps on swelling. [...] | Vulnerability | ||
|
2019-03-13 11:18:04 | Wordpress 5.1.1 Fixes XSS Vulnerability Leading to Website Takeovers (lien direct) | The WordPress team fixed a software flaw introduced in the 5.1 release that could allow potential attackers to perform stored cross-site scripting (XSS) attacks with the help of maliciously crafted comments on WordPress websites with the comments module enabled. [...] | Vulnerability | ||
|
2019-03-07 19:01:03 | Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug (lien direct) | Google recommends users of Windows 7 to give it up and move to Microsoft's latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild. [...] | Vulnerability | ||
|
2019-03-06 08:00:00 | Hackers Revive Microsoft Office Equation Editor Exploit (lien direct) | Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago. [...] | Vulnerability | ||
|
2019-03-04 20:37:05 | Vulnerable Docker Hosts Actively Abused in Cryptojacking Campaigns (lien direct) | Hundreds of vulnerable and exposed Docker hosts are being abused in cryptojacking campaigns after being compromised with the help of exploits designed to take advantage of the CVE-2019-5736 runc vulnerability discovered last month. [...] | Vulnerability | ||
|
2019-03-01 18:30:04 | Update ColdFusion Now, Critical Zero-Day Bug Exploited in the Wild (lien direct) | Adobe today released emergency updates that fix a critical vulnerability for the ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild. [...] | Vulnerability Guideline | ||
|
2019-03-01 11:28:01 | First Hacker Millionaire on HackerOne (lien direct) | At 19, Santiago Lopez is already counting earnings totaling over USD 1 million from reporting security vulnerabilities through vulnerability coordination and bug bounty program HackerOne. He's the first to make this kind of money on the platform. [...] | Vulnerability | ||
|
2019-02-28 16:04:01 | App Security Improvement Alerts Android Devs of 6 New Vulnerabilities (lien direct) | Google announced the addition of six extra vulnerability warnings to the Application Security Improvement (ASI) program after previously announcing updates for the Google Play Protect, the built-in malware protection for Android. [...] | Malware Vulnerability | ||
|
2019-02-28 12:57:05 | Cisco Fixes Critical RCE Vulnerability in RV110W, RV130W, and RV215W Routers (lien direct) | Cisco fixed a critical remote code execution vulnerability present in the web-based management interface of the RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router. [...] | Vulnerability | ||
|
2019-02-27 08:00:00 | New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings (lien direct) | A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...] | Vulnerability | ||
|
2019-02-25 16:08:02 | Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor (lien direct) | Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...] | Malware Vulnerability | ★★ | |
|
2019-02-22 14:12:00 | 19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support (lien direct) | A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app's devs removed it when they patched the security issue. [...] | Tool Vulnerability | ||
|
2019-02-21 08:42:01 | Drupal Fixes Highly Critical Vulnerability (lien direct) | Administrators of websites running the Drupal content management software (CMS) are urged to take immediate action to mitigate a newly discovered a vulnerability that can lead to remote execution of PHP code under specific circumstances. [...] | Vulnerability Guideline | ||
|
2019-02-20 03:00:00 | Flaw in mIRC App Allows Attackers to Execute Commands Remotely (lien direct) | A vulnerability was discovered in the mIRC application that could allow attackers to execute commands, such as the downloading and installation of malware, on a vulnerable computer. [...] | Vulnerability | ||
|
2019-02-13 11:07:01 | OpenOffice Zero-Day Code Execution Flaw Gets Free Micropatch (lien direct) | A micropatch is now available for a zero-day OpenOffice code execution vulnerability which can be triggered via automated macro execution following a mouseover event when viewing a maliciously crafted ODT document. [...] | Vulnerability | ||
|
2019-02-13 04:15:00 | Canonical Snapd Vulnerability Gives Root Access in Linux (lien direct) | A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges. [...] | Vulnerability | ||
|
2019-02-12 15:18:01 | Microsoft February 2019 Patch Tuesday Includes Fixes for 70 Vulnerabilities (lien direct) | Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP. [...] | Vulnerability | ||
|
2019-02-12 14:48:03 | Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates (lien direct) | Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled. [...] | Vulnerability | ||
|
2019-02-11 14:10:01 | RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts (lien direct) | A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine. [...] | Vulnerability | Uber | |
|
2019-02-11 13:00:00 | Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home (lien direct) | A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...] | Vulnerability | ||
|
2019-01-31 14:31:03 | Ethical Hacker Exposes Magyar Telekom Vulnerabilities, Faces 8 Years in Jail (lien direct) | An ethical hacker who discovered a security vulnerability in Magyar Telekom's IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports. [...] | Vulnerability | ||
|
2019-01-22 09:54:01 | Windows Contacts Remote Code Execution Zero-Day Gets Micropatch (lien direct) | Another zero-day vulnerability in Windows receives a temporary fix today, as the 0patch platform added code for a bug in Windows Contacts app that allows remote execution of arbitrary code. [...] | Vulnerability | ||
|
2019-01-21 13:01:01 | Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch (lien direct) | A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system. [...] | Vulnerability | ||
|
2019-01-18 02:47:03 | Windows Zero-Day Bug that Overwrites Files Gets Interim Fix (lien direct) | A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. [...] | Vulnerability | ||
|
2019-01-17 15:20:05 | ES File Explorer Flaws Put 100 Million Users\' Data at Risk, Fix Promised (lien direct) | ES File Explorer users now have to wait to see what issue will be fixed in the next update: the always-on web server giving access to all their files to anyone on the same Wi-Fi network or the MitM attack vulnerability [...] | Vulnerability | ||
|
2019-01-10 03:00:00 | Microsoft Patches Remote Code Execution Vulnerability in Exchange Server (lien direct) | The security update applies to Microsoft Exchange Server 2019, 2016, and 2013 [...] | Vulnerability | ||
|
2018-12-30 11:58:00 | Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data (lien direct) | A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. [...] | Vulnerability | ||
|
2018-12-27 18:38:02 | Demo Exploit Code Published for Remote Code Execution via Microsoft Edge (lien direct) | Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. [...] | Vulnerability Guideline | ||
|
2018-12-24 11:37:03 | Orange LiveBox Modems Targeted for SSID and WiFi Info (lien direct) | A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. [...] | Vulnerability | ||
|
2018-12-20 11:46:03 | Windows Zero-Day PoC Lets You Read Any File with System Level Access (lien direct) | For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations. [...] | Vulnerability | ||
|
2018-12-19 14:06:02 | Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day (lien direct) | Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in targeted attacks. [...] | Vulnerability Threat | ||
|
2018-12-18 10:59:03 | File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code (lien direct) | Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to upload a malicious script and potentially get remote code execution. [...] | Tool Vulnerability |
To see everything:
Our RSS (filtrered)
