What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-07 11:46:41 | Jenkins project\'s Confluence server hacked to mine Monero (lien direct) | Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project. [...] | Vulnerability | ||
|
2021-09-03 11:23:17 | US govt warns orgs to patch massively exploited Confluence bug (lien direct) | US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately. [...] | Vulnerability | ||
|
2021-09-03 09:21:32 | Conti ransomware now hacking Exchange servers with ProxyShell exploits (lien direct) | The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. [...] | Ransomware Vulnerability | ||
|
2021-09-02 16:54:43 | Atlassian Confluence flaw actively exploited to install cryptominers (lien direct) | Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. [...] | Vulnerability | ||
|
2021-08-30 12:28:32 | Microsoft Exchange ProxyToken bug can let hackers steal user email (lien direct) | Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. [...] | Vulnerability | ||
|
2021-08-27 08:52:03 | Microsoft warns Azure customers of critical Cosmos DB vulnerability (lien direct) | Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. [...] | Vulnerability | ||
|
2021-08-26 15:42:17 | Synology: Multiple products impacted by OpenSSL RCE vulnerability (lien direct) | Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. [...] | Vulnerability | ||
|
2021-08-26 11:10:48 | Kaseya patches Unitrends server zero-days, issues client mitigations (lien direct) | American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [...] | Vulnerability | ||
|
2021-08-25 11:02:59 | Ethereum urges Go devs to fix severe chain-split vulnerability (lien direct) | Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. [...] | Vulnerability | ||
|
2021-08-23 17:17:23 | Phishing campaign uses UPS.com XSS vuln to distribute malware (lien direct) | A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [...] | Malware Vulnerability | ||
|
2021-08-22 12:40:59 | Razer bug lets you become a Windows 10 admin by plugging in a mouse (lien direct) | A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. [...] | Vulnerability | ||
|
2021-08-19 03:08:19 | Cisco won\'t fix zero-day RCE vulnerability in end-of-life VPN routers (lien direct) | In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [...] | Vulnerability | ||
|
2021-08-17 09:23:13 | Critical bug impacting millions of IoT devices lets hackers spy on you (lien direct) | Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform. [...] | Vulnerability | ||
|
2021-08-17 09:00:00 | Fortinet delays patching zero-day allowing remote server takeover (lien direct) | Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August. [...] | Vulnerability Patching | ||
|
2021-08-17 09:00:00 | Fortinet patches bug letting attackers takeover servers remotely (lien direct) | Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. [...] | Vulnerability | ||
|
2021-08-13 05:42:22 | Vice Society ransomware joins ongoing PrintNightmare attacks (lien direct) | The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. [...] | Ransomware Vulnerability | ||
|
2021-08-12 17:24:22 | (Déjà vu) Microsoft Exchange servers are getting hacked via ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-12 17:24:22 | Hackers now backdoor Microsoft Exchange using ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-11 18:10:25 | Microsoft confirms another Windows print spooler zero-day bug (lien direct) | Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. [...] | Vulnerability | ||
|
2021-08-10 13:00:00 | Microsoft fixes Windows Print Spooler PrintNightmare vulnerability (lien direct) | Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers. [...] | Vulnerability | ||
|
2021-08-07 10:10:05 | Actively exploited bug bypasses authentication on millions of routers (lien direct) | Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...] | Vulnerability Threat | ||
|
2021-08-07 04:25:00 | Go, Rust "net" library affected by critical IP address validation vulnerability (lien direct) | The commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI. [...] | Vulnerability | ||
|
2021-08-06 14:13:09 | Windows PetitPotam vulnerability gets an unofficial free patch (lien direct) | A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. [...] | Vulnerability | ||
|
2021-08-06 13:16:33 | Cisco: Firewall manager RCE bug is a zero-day, patch incoming (lien direct) | In a Thursday security advisory update, Cisco revealed that a remote code execution (RCE) vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update. [...] | Vulnerability | ||
|
2021-08-05 15:31:20 | New DNS vulnerability allows \'nation-state level spying\' on companies (lien direct) | Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. [...] | Vulnerability | ||
|
2021-08-05 06:38:40 | Microsoft Edge just got a \'Super Duper Secure Mode\' upgrade (lien direct) | Microsoft has announced that the Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" and designed to bring security improvements without significant performance losses. [...] | Vulnerability | ||
|
2021-07-30 17:44:48 | Node.js fixes severe HTTP bug that could let attackers crash apps (lien direct) | Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language. [...] | Vulnerability | ||
|
2021-07-30 16:08:57 | CISA launches vulnerability disclosure platform for federal agencies (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) today launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies. [...] | Vulnerability | ||
|
2021-07-30 12:26:24 | Linux eBPF bug gets root privileges on Ubuntu - Exploit released (lien direct) | A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. [...] | Vulnerability | ||
|
2021-07-29 17:13:47 | Estonia arrests hacker who stole 286K ID scans from govt database (lien direct) | A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS). [...] | Vulnerability | ||
|
2021-07-28 09:30:06 | Critical Microsoft Hyper-V bug could haunt orgs for a long time (lien direct) | Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [...] | Vulnerability | ||
|
2021-07-27 09:31:47 | Google launches new Bug Hunters vulnerability rewards platform (lien direct) | Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. [...] | Vulnerability | ||
|
2021-07-26 15:41:30 | Apple fixes zero-day affecting iPhones and Macs, exploited in the wild (lien direct) | Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. [...] | Vulnerability | ||
|
2021-07-23 14:33:18 | The Week in Ransomware - July 23rd 2021 - Kaseya decrypted (lien direct) | This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [...] | Ransomware Vulnerability | ||
|
2021-07-22 03:47:13 | Atlassian asks customers to patch critical Jira vulnerability (lien direct) | Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...] | Vulnerability | ||
|
2021-07-21 04:32:04 | (Déjà vu) Microsoft shares workaround for Windows 10 SeriousSAM vulnerability (lien direct) | Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2021-07-21 04:32:04 | Microsoft shares workarounds for new Windows 10 zero-day bug (lien direct) | Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2021-07-20 12:27:13 | New Windows 10 vulnerability allows anyone to get admin privileges (lien direct) | Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [...] | Vulnerability | ||
|
2021-07-20 12:21:46 | New Linux kernel bug lets you get root on most modern distros (lien direct) | Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [...] | Vulnerability | ||
|
2021-07-20 07:00:00 | 16-year-old bug in printer software gives hackers admin rights (lien direct) | A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software. [...] | Vulnerability | ||
|
2021-07-20 06:47:16 | Fortinet fixes bug letting unauthenticated hackers run code as root (lien direct) | Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. [...] | Vulnerability | ||
|
2021-07-18 16:02:20 | New Windows print spooler zero day exploitable via remote print servers (lien direct) | Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...] | Vulnerability Threat | ||
|
2021-07-16 06:29:27 | (Déjà vu) Critical Cloudflare CDN flaw allowed compromise of 12% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 06:29:27 | Cloudflare fixes CDN code execution bug affecting 12.7% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 03:31:22 | (Déjà vu) Google patches 8th Chrome zero-day exploited in the wild this year (lien direct) | Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. [...] | Vulnerability | ||
|
2021-07-15 20:49:51 | Microsoft shares guidance on new Windows Print Spooler vulnerability (lien direct) | Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. [...] | Vulnerability | ||
|
2021-07-15 12:08:41 | WooCommerce fixes vulnerability exposing 5 million sites to data theft (lien direct) | WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | (Déjà vu) Chinese hackers use new SolarWinds zero-day in targeted attacks (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | (Déjà vu) Hackers use new SolarWinds zero-day to target US Defense orgs (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | Hackers used SolarWinds zero-day bug to target US Defense orgs (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
