What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-12 14:13:52 | Zyxel fixes firewall flaws that could lead to hacked networks (lien direct) | Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...] | Vulnerability Threat | ||
|
2022-02-14 18:34:11 | Google Chrome emergency update fixes zero-day exploited in attacks (lien direct) | Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. [...] | Vulnerability Threat | ||
|
2022-02-14 09:45:44 | Emergency Magento update fixes zero-day bug exploited in attacks (lien direct) | Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. [...] | Vulnerability | ||
|
2022-02-09 11:55:32 | CISA warns admins to patch maximum severity SAP vulnerability (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). [...] | Vulnerability | ||
|
2022-02-08 13:27:31 | Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day (lien direct) | Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws. [...] | Vulnerability | ||
|
2022-02-07 17:30:15 | DPD Group parcel tracking flaw may have exposed customer data (lien direct) | An unauthenticated API call vulnerability in DPD Group's package tracking system could have been exploited to access the personally identifiable details of its clients. [...] | Vulnerability | ||
|
2022-02-04 10:43:31 | Argo CD vulnerability leaks sensitive info from Kubernetes apps (lien direct) | A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. [...] | Vulnerability | Uber | |
|
2022-02-03 16:44:25 | Zimbra zero-day vulnerability actively exploited to steal emails (lien direct) | A cross-site scripting (XSS) vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. [...] | Vulnerability | ||
|
2022-02-02 18:58:24 | (Déjà vu) Wormhole cryptocurrency platform hacked to steal $326 million (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 18:58:24 | Wormhole platform hacked to steal $326 million in crypto (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 17:00:38 | ESET antivirus bug let attackers gain Windows SYSTEM privileges (lien direct) | Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. [...] | Vulnerability | ||
|
2022-02-01 14:21:47 | Microsoft Defender now detects Android and iOS vulnerabilities (lien direct) | Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...] | Vulnerability Threat | ★★★★ | |
|
2022-01-31 16:15:12 | Samba bug can let remote attackers execute code as root (lien direct) | Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. [...] | Vulnerability | ||
|
2022-01-31 15:35:52 | 600K WordPress sites impacted by critical plugin RCE vulnerability (lien direct) | Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. [...] | Vulnerability | ||
|
2022-01-29 14:06:50 | (Déjà vu) Windows vulnerability with new public exploits lets you become admin (lien direct) | A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. [...] | Vulnerability | ||
|
2022-01-25 19:28:37 | New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key (lien direct) | A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. [...] | Ransomware Vulnerability | ||
|
2022-01-25 15:44:06 | (Déjà vu) Linux system service bug gives root on all major distros, exploit released (lien direct) | A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today. [...] | Vulnerability | ||
|
2022-01-25 15:44:06 | Linux system service bug gives you root on every major distro (lien direct) | A vulnerability in the pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today. [...] | Vulnerability | ||
|
2022-01-25 11:56:28 | Linux kernel bug can let hackers escape Kubernetes containers (lien direct) | A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system. [...] | Vulnerability | Uber | |
|
2022-01-24 16:48:56 | Attackers now actively targeting critical SonicWall RCE bug (lien direct) | A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts. [...] | Vulnerability | ||
|
2022-01-21 08:22:24 | McAfee Agent bug lets hackers run code with Windows SYSTEM privileges (lien direct) | McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2022-01-19 17:32:23 | Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks (lien direct) | SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. [...] | Vulnerability Threat | ||
|
2022-01-17 13:04:18 | (Déjà vu) Zoho plugs another critical security hole in Desktop Central (lien direct) | Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. [...] | Vulnerability | ||
|
2022-01-17 13:04:18 | Zoho patches new critical authentication bypass in Desktop Central (lien direct) | Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. [...] | Vulnerability | ||
|
2022-01-13 12:31:13 | Windows \'RemotePotato0\' zero-day gets an unofficial patch (lien direct) | A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix." [...] | Vulnerability | ||
|
2022-01-11 17:02:44 | (Déjà vu) Microsoft: New critical Windows HTTP vulnerability is wormable (lien direct) | Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [...] | Vulnerability | ||
|
2022-01-11 17:02:44 | Microsoft: Critical Windows HTTP vulnerability is wormable (lien direct) | Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [...] | Vulnerability | ||
|
2022-01-11 14:33:19 | Microsoft fixes critical Office bug, delays macOS security updates (lien direct) | During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems. [...] | Vulnerability | ||
|
2022-01-11 06:24:43 | Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (lien direct) | The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...] | Ransomware Hack Vulnerability | ||
|
2022-01-10 12:39:58 | Microsoft: powerdir bug gives access to protected macOS user data (lien direct) | Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data. [...] | Vulnerability Threat | ||
|
2022-01-03 10:39:58 | Apple iOS vulnerable to HomeKit \'doorLock\' denial of service bug (lien direct) | A novel persistent denial of service vulnerability named 'doorLock' was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2. [...] | Vulnerability | ||
|
2022-01-02 09:48:35 | (Déjà vu) Uber ignores vulnerability that lets you send any email from Uber.com (lien direct) | A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it for now. [...] | Vulnerability | Uber Uber | |
|
2022-01-02 09:48:35 | Uber dismisses vulnerability that lets you email anyone as Uber! (lien direct) | A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it. [...] | Vulnerability | Uber Uber | |
|
2021-12-28 15:12:01 | Log4j 2.17.1 out now, fixes new remote code execution bug (lien direct) | Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [...] | Vulnerability | ||
|
2021-12-23 17:09:32 | Apple fixes macOS security flaw behind Gatekeeper bypass (lien direct) | Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. [...] | Vulnerability | ★★★ | |
|
2021-12-22 10:42:21 | NVIDIA discloses applications impacted by Log4j vulnerability (lien direct) | NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [...] | Vulnerability | ||
|
2021-12-20 13:06:53 | FBI: State hackers exploiting new Zoho zero-day since October (lien direct) | The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. [...] | Vulnerability | ||
|
2021-12-20 11:33:11 | Log4j vulnerability now used to install Dridex banking malware (lien direct) | Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. [...] | Malware Vulnerability Threat | ||
|
2021-12-17 18:37:23 | The Week in Ransomware - December 17th 2021 - Enter Log4j (lien direct) | A critical Apache Log4j vulnerability took the world by storm this week, and now it is being used by threat actors as part of their ransomware attacks. [...] | Ransomware Vulnerability Threat | ||
|
2021-12-17 13:32:30 | CISA urges VMware admins to patch critical flaw in Workspace ONE UEM (lien direct) | CISA has asked VMware admins and users today to patch a critical security vulnerability found in the Workspace ONE UEM console that threat actors could abuse to gain access to sensitive information. [...] | Vulnerability Threat | ||
|
2021-12-17 12:35:43 | (Déjà vu) US orders federal govt agencies to patch critical Log4j bug (lien direct) | US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. [...] | Vulnerability | ||
|
2021-12-17 12:35:43 | US emergency directive orders govt agencies to patch Log4j bug (lien direct) | US Federal Civilian Executive Branch agencies have been ordered to patch the critical and actively exploited Log4Shell security vulnerability in the Apache Log4j library within the next six days. [...] | Vulnerability | ||
|
2021-12-16 16:12:45 | Log4j attackers switch to injecting Monero miners via RMI (lien direct) | Some threat actors exploiting the Apache Log4j vulnerability have switched from LDAP callback URLs to RMI or even used both in a single request for maximum chances of success. [...] | Vulnerability Threat | ||
|
2021-12-15 11:09:21 | Log4j vulnerability now used by state-backed hackers, access brokers (lien direct) | As expected, nation-state hackers of all kinds have jumped at the opportunity to exploit the recently disclosed critical vulnerability (CVE-2021-44228) in the Log4j Java-based logging library. [...] | Vulnerability | ||
|
2021-12-14 17:02:25 | New ransomware now being deployed in Log4Shell attacks (lien direct) | The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers. [...] | Ransomware Vulnerability | ||
|
2021-12-14 14:09:44 | Microsoft fixes Windows AppX Installer zero-day used by Emotet (lien direct) | Microsoft has patched a high severity Windows zero-day vulnerability exploited in the wild to deliver Emotet malware payloads. [...] | Malware Vulnerability | ||
|
2021-12-14 13:41:43 | (Déjà vu) Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws (lien direct) | Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. These updates include a fix for an actively exploited Windows Installer vulnerability used in malware distribution campaigns. [...] | Malware Vulnerability | ||
|
2021-12-14 02:46:48 | Log4j: List of vulnerable products and vendor advisories (lien direct) | News about a critical vulnerability in the Apache Log4j logging library broke last week when proof-of-concept exploits started to emerge on Thursday. [...] | Vulnerability | ||
|
2021-12-13 15:21:59 | Dell driver fix still allows Windows Kernel-level attacks (lien direct) | Dell's driver fix of the CVE-2021-21551 vulnerability leaves margin for catastrophic BYOVD attacks resulting in Windows kernel driver code execution. [...] | Vulnerability | ||
|
2021-12-13 12:05:13 | Attackers can get root by crashing Ubuntu\'s AccountsService (lien direct) | A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
