What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-12-11 16:39:03 | Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability (lien direct) | Today is Microsoft's December 2018 Patch Tuesday, which means it is time to update your computer so that you are protected from the latest threats to Windows and Microsoft products. Two of the patched critical vulnerabilities are known to have been used in the wild, so it is important that these updates are installed immediately. [...] | Vulnerability | ||
|
2018-12-08 12:08:05 | WebKit Vulnerability Affects Latest Versions of Apple Safari (lien direct) | A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple's Safari, along with other apps on macOS, iOS, and Linux. [...] | Vulnerability | ||
|
2018-12-05 11:11:01 | Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia (lien direct) | Adobe has released an update for Flash Player that fixes a zero-day user after free vulnerability that was used as part of an APT attack against Russia. This attack is being named "Operation Poison Needle" and targeted the Russian FSBI "Polyclinic #2" medical clinic. [...] | Vulnerability | ||
|
2018-12-04 11:12:03 | Kubernetes Updates Patch Critical Privilege Escalation Bug (lien direct) | A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes. [...] | Vulnerability | Uber | |
|
2018-11-28 11:34:02 | The One Planet York Data Breach That Was a Data Leak (lien direct) | A data breach notification from the City of York has gone awry as new details shed light over the incident, revealing a completely inappropriate response to a responsible disclosure of a vulnerability potentially affecting thousands of users. [...] | Data Breach Vulnerability | ||
|
2018-11-21 06:32:04 | (Déjà vu) Adobe Flash Player Update Released for Remote Code Execution Vulnerability (lien direct) | [...] | Vulnerability | ||
|
2018-11-19 11:14:02 | Vulnerability in AMP for WP Plugin Allowed Admin Access to WordPress (lien direct) | A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site. [...] | Vulnerability | ||
|
2018-11-14 07:50:03 | Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks (lien direct) | A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates. [...] | Vulnerability Threat | ||
|
2018-11-13 18:12:00 | Adobe Releases Security Update for Acrobat Vulnerability with Public PoC (lien direct) | Adobe has published their monthly Patch Tuesday updates for the month of November 2018. These updates are for Flash Player, Adobe Acrobat and Reader, and Photoshop CC. [...] | Vulnerability | ||
|
2018-11-06 22:19:00 | VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available (lien direct) | A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug. [...] | Vulnerability | ||
|
2018-11-06 16:22:05 | WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover (lien direct) | A design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site. [...] | Vulnerability | ||
|
2018-11-05 04:13:01 | (Déjà vu) Security Bug in Icecast Puts Online Radio Stations At Risk (lien direct) | A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. [...] | Vulnerability | ★★★ | |
|
2018-11-05 04:13:01 | (Déjà vu) Security Bug Puts Online Radio Stations At Risk (lien direct) | A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. [...] | Vulnerability | ||
|
2018-11-04 11:14:04 | New Microsoft Edge Browser Zero-Day RCE Exploit in the Works (lien direct) | Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] | Vulnerability | ||
|
2018-11-03 14:24:05 | New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys (lien direct) | A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running on the same SMT/hyper-threading enabled CPU core. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core. [...] | Vulnerability | ||
|
2018-11-01 21:50:04 | Attackers Use Zero-Day That Can Restart Cisco Security Appliances (lien direct) | Unknown attackers have exploited a vulnerability in software running on security hardware products from Cisco that could trigger a restart of the affected devices, the equivalent of a denial-of-service (DoS) condition. [...] | Vulnerability | ||
|
2018-10-26 12:11:04 | Trivial Bug in X..Org Gives Root Permission on Linux and BSD Systems (lien direct) | A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...] | Vulnerability | ||
|
2018-10-24 12:25:01 | New Windows Zero-Day Bug Helps Delete Any File, Exploit Available (lien direct) | Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. [...] | Vulnerability | ||
|
2018-10-22 18:31:01 | Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now (lien direct) | Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...] | Vulnerability | ||
|
2018-10-11 18:50:03 | PoC Code Available for Microsoft Edge Remote Code Execution Bug (lien direct) | The flurry of security bugs Microsoft addressed with its latest rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters. [...] | Vulnerability | ||
|
2018-10-10 18:16:05 | WhatsApp Fixes Vulnerability That\'s Triggered by Answering a Call. (lien direct) | A critical vulnerability in the WhatsApp messaging app for Android and iOS was fixed today that could have been activated simply by a user answering a video call. [...] | Vulnerability | ||
|
2018-10-08 11:42:02 | Spectre and Meltdown Hardware Protection Added to Intel\'s 9th Gen CPUs (lien direct) | As part of today's Intel's Fall Desktop Launch event, new 9th generation CPUs were announced that include hardware protection for two of the Spectre and Meltdown vulnerability variants. [...] | Vulnerability | ||
|
2018-10-06 13:22:03 | Git Project Patches Remote Code Execution Vulnerability in Git (lien direct) | The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine. [...] | Vulnerability | ||
|
2018-10-04 22:07:02 | Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1 (lien direct) | Mozilla has released Thunderbird version 60.2.1 to resolve numerous security updates in the mail program. One of these vulnerabilities is labeled as Critical as it could potentially lead to remote code execution. [...] | Vulnerability Guideline | ||
|
2018-09-28 13:43:03 | Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover (lien direct) | Today, Facebook disclosed a security vulnerability that affected 50 million people on the social media network and allowed malicious third parties to potentially access the affected users account. [...] | Vulnerability | ||
|
2018-09-26 03:05:00 | GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit (lien direct) | The GandCrab v5 ransomware has started to use the recently disclosed Task Scheduler ALPC vulnerability to gain System privileges on an infected computer. This vulnerability was recently patched by Microsoft in the September 2018 Patch Tuesday, but many companies may not have installed the patch. [...] | Ransomware Vulnerability | ||
|
2018-09-21 19:39:01 | Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability (lien direct) | Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched for over a year. This vulnerability allowed anyone to bypass authentication and get administrative access to the router. [...] | Vulnerability | ||
|
2018-09-21 12:06:03 | 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative (lien direct) | A zero day vulnerability in the Microsoft Windows Jet Database Engine has been disclosed by TrendMicro's Zero Day Initiative even though a security update is not currently available from Microsoft. [...] | Vulnerability | ||
|
2018-09-19 12:02:03 | My Cloud NAS Devices Vulnerable to Auth Bypass for over a Year (lien direct) | A vulnerability in Western Digital My Cloud network-attached storage (NAS) that allows an attacker to bypass authentication and take control of the device with administrator permissions remains unpatched almost a year and a half after being reported initially. [...] | Vulnerability | ||
|
2018-09-18 11:26:01 | Critical RCE Peekaboo Bug in NVR Surveillance System, PoC Available (lien direct) | A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models. [...] | Vulnerability | ||
|
2018-09-15 14:00:00 | (Déjà vu) Windows Systems Vulnerable to FragmentSmack, 90s-Like DoS Bug (lien direct) | Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says. [...] | Vulnerability | ||
|
2018-09-14 21:09:05 | Windows Systems Vulnerable to FragmentSmack DoS Bug (lien direct) | Microsoft released a security advisory on a denial-of-service vulnerability that renders multiple versions of Windows completely unresponsive and has no mitigation factors. [...] | Vulnerability | ||
|
2018-09-11 10:17:02 | Apple\'s Safari Falls For New Address Bar Spoofing Trick (lien direct) | An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer. [...] | Vulnerability | ||
|
2018-09-05 11:45:00 | Windows Task Scheduler Zero Day Exploited by Malware (lien direct) | Malware developers have started to use the zero-day exploit for Windows Task Scheduler component, two days after proof-of-concept code for the vulnerability appeared online. [...] | Malware Vulnerability | ||
|
2018-08-29 19:01:00 | 4-Year Old Misfortune Cookie Rears Its Head In Medical Gateway Device (lien direct) | Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure. [...] | Vulnerability | ||
|
2018-08-29 05:07:02 | Critical Flaw Fixed in Packagist, PHP\'s Largest Package Repository (lien direct) | The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service. [...] | Vulnerability | ||
|
2018-08-28 12:39:00 | Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776 (lien direct) | After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. [...] | Vulnerability | ||
|
2018-08-19 17:35:05 | Canadian Telcos Patch Vulnerability in TRS Systems (lien direct) | All major Canadian internet service providers (ISPs) have patched a vulnerability this week in their telecommunications relay services (TRSs). [...] | Vulnerability | ||
|
2018-08-18 06:02:00 | Zero-Day In Microsoft\'s VBScript Engine Used By Darkhotel APT (lien direct) | A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation. [...] | Vulnerability | ||
|
2018-08-08 19:38:00 | WhatsApp Vulnerability Allows Attackers to Alter Messages in Chats (lien direct) | Researchers from CheckPoint have figured out a way to manipulate conversations in order to modify existing replies that were received, quoting a message so it appears that it came from another user who may not be part of the group, and sending private messages that can be seen by only one person in a group. [...] | Vulnerability | ||
|
2018-08-02 07:00:04 | Microsoft Edge Flaw Lets Hackers Steal Local Files (lien direct) | Microsoft has fixed a vulnerability in the Edge browser that could be abused against older versions to steal local files from a user's computer. [...] | Vulnerability | ||
|
2018-07-27 09:25:00 | 364 Idaho Inmates Hacked Their Prison Tablets for Free Credits (lien direct) | Idaho prison officials announced yesterday in a press release that they've identified 364 inmates who have exploited a vulnerability in their prison-issued tablets and have used it to assign nearly $225,000 worth of digital credits to their tablet accounts. [...] | Vulnerability | ||
|
2018-07-12 09:22:00 | Microsoft Rolls Out Patches for "Lazy FP State Restore" Bug Affecting Intel CPUs (lien direct) | A month after details about the "Lazy FP State Restore" Intel CPU bug surfaced online, Microsoft has rolled out patches to fix this vulnerability at the operating system's level. [...] | Vulnerability | ||
|
2018-07-06 06:51:04 | You Can Bypass Authentication on HPE iLO4 Servers With 29 "A" Characters (lien direct) | Details and public exploit code have been published online for a severe vulnerability affecting Hewlett Packard Integrated Lights-Out 4 (HP iLO 4) servers. [...] | Vulnerability | ||
|
2018-06-28 11:25:03 | Every Android Device Since 2012 Impacted by RAMpage Vulnerability (lien direct) | Almost all Android devices released since 2012 are vulnerable to a new vulnerability named RAMpage, an international team of academics has revealed today. The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. [...] | Vulnerability | ||
|
2018-06-28 06:56:02 | Some Spectre In-Browser Mitigations Can Be Defeated (lien direct) | Some of the protections against the Spectre CPU vulnerability introduced in modern browsers can be defeated, security researchers revealed this week. [...] | Vulnerability | ||
|
2018-06-27 11:57:02 | Cisco ASA Flaw Exploited in the Wild After Publication of Two PoCs (lien direct) | Hackers are exploiting a vulnerability in Cisco software to crash and/or retrieve information from affected devices. Cisco is aware of the issue and has warned customers last week, Friday, June 22. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
