What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-09-12 14:20:48 | Apple fixes eighth zero-day used to hack iPhones and Macs this year (lien direct) | Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year. [...] | Hack Vulnerability | ||
|
2022-09-12 12:00:00 | Lorenz ransomware breaches corporate network via phone systems (lien direct) | The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises using their phone systems for initial access to their corporate networks. [...] | Ransomware Vulnerability | ||
|
2022-08-29 14:16:46 | Nelnet Servicing breach exposes data of 2.5M student loan accounts (lien direct) | Nelnet Serving, a Nebraska-based student loan technology services provider, has been breached by unauthorized network intruders who exploited a vulnerability in its systems. [...] | Vulnerability | ||
|
2022-08-18 15:49:45 | Apple releases Safari 15.6.1 to fix zero-day bug used in attacks (lien direct) | Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. [...] | Hack Vulnerability | ||
|
2022-08-18 06:00:00 | Amazon fixes Ring Android app flaw exposing camera recordings (lien direct) | Amazon has fixed a high-severity vulnerability in the Amazon Ring app for Android that could have allowed hackers to download customers' saved camera recordings. [...] | Vulnerability | ||
|
2022-08-11 15:32:34 | Zimbra auth bypass bug exploited to breach over 1,000 servers (lien direct) | An authentication bypass Zimbra security vulnerability is being exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. [...] | Vulnerability | ||
|
2022-08-05 12:00:00 | Twitter confirms zero-day used to expose data of 5.4 million accounts (lien direct) | Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [...] | Data Breach Vulnerability Threat | ||
|
2022-07-25 12:16:04 | Hackers exploited PrestaShop zero-day to breach online stores (lien direct) | Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. [...] | Vulnerability | ||
|
2022-07-22 18:00:35 | Hacker selling Twitter account data of 5.4 million users for $30k (lien direct) | Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. [...] | Data Breach Vulnerability Threat | ||
|
2022-07-22 11:05:22 | Atlassian: Confluence hardcoded password was leaked, patch now! (lien direct) | Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. [...] | Vulnerability | ||
|
2022-07-21 12:44:18 | Chrome zero-day used to infect journalists with Candiru spyware (lien direct) | The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. [...] | Vulnerability | ||
|
2022-07-12 17:10:17 | CISA orders agencies to patch new Windows zero-day used in attacks (lien direct) | CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. [...] | Vulnerability | ||
|
2022-07-04 13:56:49 | Google patches new Chrome zero-day flaw exploited in attacks (lien direct) | Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022. [...] | Vulnerability | ||
|
2022-07-02 11:36:48 | Rogue HackerOne employee steals bug reports to sell on the side (lien direct) | A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. [...] | Vulnerability | ||
|
2022-06-29 12:30:00 | CISA warns of hackers exploiting PwnKit Linux vulnerability (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. [...] | Vulnerability | ||
|
2022-06-29 07:00:00 | Amazon fixes high-severity vulnerability in Android Photos app (lien direct) | Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. [...] | Vulnerability | ||
|
2022-06-29 06:48:22 | Microsoft fixes bug that let hackers hijack Azure Linux clusters (lien direct) | Microsoft has fixed a container escape vulnerability in the Service Fabric (SF) application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. [...] | Vulnerability Threat | ||
|
2022-06-21 15:34:44 | Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware (lien direct) | The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. [...] | Malware Vulnerability | ||
|
2022-06-17 13:13:08 | Cisco says it won\'t fix zero-day RCE in end-of-life VPN routers (lien direct) | Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. [...] | Vulnerability | ||
|
2022-06-16 18:23:46 | Sophos Firewall zero-day bug exploited weeks before fix (lien direct) | Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...] | Vulnerability | ||
|
2022-06-16 14:58:32 | 730K WordPress sites force-updated to patch critical plugin bug (lien direct) | WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. [...] | Vulnerability | ||
|
2022-06-16 10:19:12 | MetaMask, Phantom warn of flaw that could steal your crypto wallets (lien direct) | MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. [...] | Vulnerability | ★★★ | |
|
2022-06-15 14:24:33 | Cisco Secure Email bug can let attackers bypass authentication (lien direct) | Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [...] | Vulnerability | ||
|
2022-06-15 14:01:42 | Zimbra bug allows stealing email logins with no user interaction (lien direct) | Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [...] | Vulnerability | ||
|
2022-06-15 10:46:21 | Citrix warns critical bug can let attackers reset admin passwords (lien direct) | Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [...] | Vulnerability | ||
|
2022-06-14 14:00:06 | Microsoft patches actively exploited Follina Windows zero-day (lien direct) | Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [...] | Vulnerability | ||
|
2022-06-14 13:45:44 | Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (lien direct) | Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [...] | Vulnerability | ||
|
2022-06-13 10:28:07 | Russian hackers start targeting Ukraine with Follina exploits (lien direct) | Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...] | Tool Vulnerability | ||
|
2022-06-11 10:31:49 | Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (lien direct) | Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. [...] | Ransomware Vulnerability | ||
|
2022-06-08 14:22:49 | Linux botnets now exploit critical Atlassian Confluence bug (lien direct) | Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. [...] | Vulnerability | ||
|
2022-06-07 12:59:01 | (Déjà vu) New \'DogWalk\' Windows zero-day bug gets free unofficial patches (lien direct) | Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...] | Tool Vulnerability | ||
|
2022-06-07 12:59:01 | Two-year-old Windows DIAGCAB zero-day gets unofficial patches (lien direct) | Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...] | Tool Vulnerability | ||
|
2022-06-07 09:14:02 | Android June 2022 updates bring fix for critical RCE vulnerability (lien direct) | Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...] | Vulnerability | ||
|
2022-06-06 12:09:50 | Windows zero-day exploited in US local govt phishing attacks (lien direct) | European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...] | Vulnerability | ||
|
2022-06-05 12:41:19 | Exploit released for Atlassian Confluence RCE bug, patch now (lien direct) | Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...] | Vulnerability | ||
|
2022-06-03 13:47:53 | Atlassian fixes Confluence zero-day widely exploited in attacks (lien direct) | Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. [...] | Vulnerability | ||
|
2022-06-02 21:41:40 | Critical Atlassian Confluence zero-day actively used in attacks (lien direct) | Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. [...] | Vulnerability | ||
|
2022-06-01 18:06:52 | New Windows Search zero-day added to Microsoft protocol nightmare (lien direct) | A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [...] | Vulnerability | ||
|
2022-06-01 11:31:38 | Windows MSDT zero-day vulnerability gets free unofficial patch (lien direct) | A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.' [...] | Vulnerability | ||
|
2022-05-31 18:00:17 | Windows MSDT zero-day now exploited by Chinese APT hackers (lien direct) | Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...] | Vulnerability Threat | ||
|
2022-05-30 10:23:43 | New Microsoft Office zero-day used in attacks to execute PowerShell (lien direct) | Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [...] | Vulnerability | ||
|
2022-05-26 14:21:33 | Exploit released for critical VMware auth bypass bug, patch now (lien direct) | Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. [...] | Vulnerability | ||
|
2022-05-25 07:21:30 | BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) | New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] | Malware Vulnerability Threat | ||
|
2022-05-24 12:45:41 | Screencastify Chrome extension flaws allow webcam hijacks (lien direct) | The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...] | Vulnerability | ||
|
2022-05-24 10:16:24 | Researchers to release exploit for new VMware auth bypass, patch now (lien direct) | Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [...] | Vulnerability | ||
|
2022-05-20 16:39:13 | Cisco urges admins to patch IOS XR zero-day exploited in attacks (lien direct) | Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers. [...] | Vulnerability | ||
|
2022-05-19 11:24:04 | Lazarus hackers target VMware servers with Log4Shell exploits (lien direct) | The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. [...] | Vulnerability | APT 38 | |
|
2022-05-18 12:01:42 | VMware patches critical auth bypass flaw in multiple products (lien direct) | VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges. [...] | Vulnerability | ||
|
2022-05-18 11:20:56 | CISA shares guidance to block ongoing F5 BIG-IP attacks (lien direct) | In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388). [...] | Vulnerability | ||
|
2022-05-16 14:33:32 | Apple emergency update fixes zero-day used to hack Macs, Watches (lien direct) | Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] | Hack Vulnerability Threat |
To see everything:
Our RSS (filtrered)
