What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-07-24 11:16:44 | Cisco patches actively exploited ASA/FTD firewall vulnerability (lien direct) | Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. [...] | Vulnerability | ||
|
2020-07-22 11:33:21 | Critical SharePoint flaw dissected, RCE details now available (lien direct) | Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. [...] | Vulnerability | ||
|
2020-07-19 16:43:33 | Critical SIGred Windows DNS bug gets micropatch after PoCs released (lien direct) | The critical remote code execution security vulnerability in Windows DNS known as SIGRed has received a micropatch for servers without an Extended Security Updates (ESU) license. [...] | Vulnerability | ||
|
2020-07-16 16:14:50 | Federal agencies told to patch wormable Windows DNS bug in 24 hours (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) today asked all U.S. federal executive branch departments and agencies to mitigate the critical SIGRed Windows DNS Server wormable remote code execution (RCE) vulnerability within 24 hours. [...] | Vulnerability | ||
|
2020-07-14 14:14:32 | Microsoft July 2020 Patch Tuesday: 123 vulnerabilities, 18 Critical! (lien direct) | Today is Microsoft's July 2020 Patch Tuesday, and if you see Windows administrators cursing for no reason, now you know why! With the July 2020 Patch Tuesday security updates release, Microsoft has released one advisory for a tampering vulnerability in IIS and fixes for 123 vulnerabilities in Microsoft products. [...] | Vulnerability | ||
|
2020-07-14 14:10:42 | Microsoft patches critical wormable SigRed bug in Windows DNS Server (lien direct) | A critical vulnerability that's been sitting in Microsoft's Windows DNS Server for almost two decades could be exploited to gain Domain Administrator privileges and compromise the entire corporate infrastructure behind it. [...] | Vulnerability | ||
|
2020-07-13 22:21:10 | (Déjà vu) Critical SAP Recon flaw exposes thousands of customers to attacks (lien direct) | SAP patched a critical vulnerability affecting over 40,000 customers and found in the SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] | Vulnerability | ||
|
2020-07-13 22:21:10 | Critical SAP Recon flaw exposes thousands of systems to attacks (lien direct) | SAP patched a critical vulnerability affecting over 40,000 systems and found in the SAP NetWeaver Java versions 7.30 to 7.50, a core component of several solutions and products deployed in most SAP environments. [...] | Vulnerability | ||
|
2020-07-08 17:18:03 | Palo Alto Networks fixes another severe flaw in PAN-OS devices (lien direct) | Palo Alto Networks (PAN) today addressed another severe vulnerability found in the PAN-OS GlobalProtect portal and affecting unpatched PAN next-generation firewalls. [...] | Vulnerability | ||
|
2020-07-08 11:35:46 | NVIDIA fixes code execution bug in GeForce Experience software (lien direct) | NVIDIA has addressed a vulnerability in the Windows NVIDIA GeForce Experience (GFE) software that could allow local attackers to execute arbitrary code, trigger a denial of service (DoS) state, or access privileged information on unpatched systems. [...] | Vulnerability | ||
|
2020-07-05 16:44:43 | PoC exploits released for F5 BIG-IP vulnerabilities, patch now! (lien direct) | Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices. [...] | Vulnerability | ||
|
2020-07-05 12:30:50 | .NET Core vulnerability lets attackers evade malware detection (lien direct) | A vulnerability in the .NET Core library allows malicious programs to be launched while evading detection by security software. [...] | Malware Vulnerability | ||
|
2020-07-03 13:42:37 | (Déjà vu) US Cyber Command urges F5 customers to patch critical BIG-IP flaw (lien direct) | F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). [...] | Vulnerability | ||
|
2020-07-03 13:42:37 | F5 patches critical BIG-IP ADC remote code execution vulnerability (lien direct) | F5 Networks (F5) patched a critical remote code execution (RCE) vulnerability found in undisclosed pages of Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). [...] | Vulnerability | ||
|
2020-06-29 12:16:15 | Palo Alto Networks patches critical vulnerability in firewall OS (lien direct) | Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. [...] | Vulnerability | ||
|
2020-06-25 06:45:00 | List of Ripple20 vulnerability advisories, patches, and updates (lien direct) | The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. [...] | Vulnerability | ||
|
2020-06-24 13:30:00 | VMware fixes critical vulnerability in Workstation and Fusion (lien direct) | VMware released security updates to fix multiple vulnerabilities in VMware ESXi, Workstation, and Fusion, with one of them being a critical bug in default configurations of Workstation and Fusion having 3D graphics enabled. [...] | Vulnerability | ||
|
2020-06-10 10:56:13 | New Windows 10 SMBv3 flaw can be used for data theft, RCE attacks (lien direct) | A new security vulnerability was found in the compression mechanism of the Microsoft Server Message Block 3.1.1 (SMBv3) network communication protocol used by multiple versions of Windows 10 and Windows Server. [...] | Vulnerability | ||
|
2020-06-09 16:18:37 | Windows Group Policy flaw lets attackers gain admin privileges (lien direct) | Microsoft has fixed a vulnerability in all current Windows versions that allow an attacker to exploit the Windows Group Policy feature to take full control over a computer. This vulnerability affects all Windows versions since Windows Server 2008. [...] | Vulnerability | ||
|
2020-06-08 18:47:18 | CallStranger UPnP bug allows data theft, DDoS attacks, LAN scans (lien direct) | A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks. [...] | Vulnerability | ||
|
2020-06-05 13:47:00 | Windows 10 SMBGhost bug gets public proof-of-concept RCE exploit (lien direct) | Working exploit code that achieves remote code execution on Windows 10 machines is now publicly available for CVE-2020-0796, a critical vulnerability in Microsoft Server Message Block (SMB 3.1.1). [...] | Vulnerability | ||
|
2020-06-01 10:36:40 | "Sign in with Apple" vulnerability earns researcher $100,000 (lien direct) | Remember seeing that slick "Sign in with Apple" button across many websites and apps? It turns out that a vulnerability allowed attackers to log in to sites using any Apple ID. [...] | Vulnerability | ||
|
2020-05-28 13:13:04 | Microsoft IIS servers hacked by Blue Mockingbird to mine Monero (lien direct) | This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines. [...] | Vulnerability | ||
|
2020-05-26 13:47:41 | Critical Android bug lets malicious apps hide in plain sight (lien direct) | A critical Android security vulnerability disclosed today and dubbed StrandHogg 2.0 can allow malicious apps to camouflage as most legitimate applications and steal sensitive information from Android users. [...] | Vulnerability | ||
|
2020-05-22 13:10:32 | Docker fixes Windows client bug letting programs run as SYSTEM (lien direct) | Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges. [...] | Vulnerability | ||
|
2020-05-20 12:20:00 | Microsoft issues mitigation for the NXNSAttack DNS DDoS attack (lien direct) | Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers. [...] | Vulnerability | ||
|
2020-04-30 15:53:46 | Ninja Forms WordPress plugin patch prevents takeover of 1M sites (lien direct) | The developers of Ninja Forms, a WordPress plugin with more than 1 million installations, have fixed a high severity security vulnerability that can let attackers inject malicious code and take over websites using an unpatched version of the plugin. [...] | Vulnerability | ||
|
2020-04-26 15:43:44 | Hackers exploit zero-day in Sophos XG Firewall, fix released (lien direct) | Sophos has fixed a zero-day SQL injection vulnerability in their XG Firewall after receiving reports that hackers actively exploited it in attacks. [...] | Vulnerability | ||
|
2020-04-22 11:01:44 | Window 10 update weakened Google Chrome\'s security (lien direct) | A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019. [...] | Vulnerability | ||
|
2020-04-21 13:31:20 | Researcher discloses four IBM zero-days after refusal to fix (lien direct) | Four zero-day vulnerabilities found in an IBM enterprise security software were disclosed today by a security researcher after IBM refused to fix them and to accept the vulnerability report sent via CERT/CC. [...] | Vulnerability | ||
|
2020-04-20 14:04:42 | Windows 10 SMBGhost RCE exploit demoed by researchers (lien direct) | A proof-of-concept remote code execution (RCE) exploit for the Windows 10 CVE-2020-0796 'wormable' pre-auth remote code execution vulnerability was developed and demoed today by researchers at Ricerca Security. [...] | Vulnerability | ||
|
2020-04-18 10:00:00 | US govt: Hacker used stolen AD credentials to ransom hospitals (lien direct) | Hackers have deployed ransomware on the systems of U.S. hospitals and government entities using Active Directory credentials stolen months after exploiting a known remote code execution (RCE) vulnerability in their Pulse Secure VPN servers. [...] | Ransomware Vulnerability | ||
|
2020-04-15 16:15:18 | Exploit for Zoom Windows zero-day being sold for $500,000 (lien direct) | An exploit for a zero-day remote code execution vulnerability affecting the Zoom Windows client is currently being sold for $500,000, together with one designed to abused a bug in the video conferencing platform's macOS client. [...] | Vulnerability | ||
|
2020-04-15 13:40:08 | Microsoft Office security updates may break VBA programs, how to fix (lien direct) | Microsoft says that some VBA programs might break after installing the security updates for the CVE-2020-0760 Microsoft Office remote code execution vulnerability released as part of the April 2020 Patch Tuesday. [...] | Vulnerability | ||
|
2020-04-14 14:06:00 | (Déjà vu) Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws (lien direct) | With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low. Three of these vulnerability are classified as zero-days as they were publicly disclosed or exploited. [...] | Vulnerability | ||
|
2020-04-14 14:06:00 | Microsoft April 2020 Patch Tuesday fixes 4 zero-days, 15 critical flaws (lien direct) | With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low. Four of these vulnerability are classified as zero-days as they were publicly disclosed or exploited. [...] | Vulnerability | ||
|
2020-04-10 14:09:50 | VMWare releases fix for critical vCenter Server vulnerability (lien direct) | VMware released a security update that fixes a critical vulnerability in the vCenter Server virtual infrastructure management platform that could allow attackers to gain access to sensitive information and potentially take control of affected virtual appliances or Windows systems. [...] | Vulnerability | ||
|
2020-04-06 17:36:09 | 80% of all exposed Exchange servers still unpatched for critical flaw (lien direct) | More than 350,000 of all Microsoft Exchange servers currently exposed on the Internet haven't yet been patched against the CVE-2020-0688 post-auth remote code execution vulnerability affecting all supported Microsoft Exchange Server versions. [...] | Vulnerability | ||
|
2020-03-31 12:27:24 | Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins (lien direct) | A critical privilege escalation vulnerability found in the Rank Math WordPress SEO plugin can allow attackers to give administrator privileges to any registered user on one of the 200,000 sites with active installations if left unpatched. [...] | Vulnerability | ||
|
2020-03-26 13:54:53 | Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic (lien direct) | A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses. [...] | Vulnerability Guideline | ||
|
2020-03-24 12:50:12 | Adobe Fixes Critical Vulnerability in Creative Cloud Application (lien direct) | Adobe has released a security update for its Creative Cloud Desktop Application to fix a vulnerability that could allow attackers to delete files on a vulnerable computer. [...] | Vulnerability | ||
|
2020-03-19 10:32:40 | Critical RCE Bug in Windows 7 and Server 2008 Gets Micropatch (lien direct) | A micropatch fixing a remote code execution (RCE) vulnerability in the Windows Graphics Device Interface (GDI) is now available through the 0patch platform for Windows 7 and Server 2008 R2 users not enrolled in Microsoft's Extended Security Updates (ESU) service. [...] | Vulnerability | ||
|
2020-03-13 12:18:59 | VMWare Releases Fix for Critical Guest-to-Host Vulnerability (lien direct) | A security update has been released that fixes a Critical vulnerability in VMware Workstation Pro that could allow an application running in a guest environment to execute a command on the host. [...] | Vulnerability | ||
|
2020-03-12 11:43:00 | Microsoft Releases KB4551762 Security Update for SMBv3 Vulnerability (lien direct) | Microsoft released a Windows 10 security update to patch the pre-auth RCE vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3), two days after details regarding the flaw were leaked as part of the March 2020 Patch Tuesday. [...] | Vulnerability | ★★★★★ | |
|
2020-03-10 17:18:00 | Microsoft Leaks Info on Wormable Windows SMBv3 CVE-2020-0796 Flaw (lien direct) | Microsoft leaked info on a security update for a 'wormable' pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month's Patch Tuesday. [...] | Vulnerability | ||
|
2020-03-10 13:00:00 | New LVI Intel CPU Data Theft Vulnerability Requires Hardware Fix (lien direct) | A novel class of attack techniques against modern Intel processors can allow threat actors to inject malicious data into applications via transient-execution attacks and steal sensitive data according to researchers. [...] | Vulnerability Threat | ||
|
2020-03-09 17:08:39 | NSA Warns About Microsoft Exchange Flaw as Attacks Start (lien direct) | The U.S. National Security Agency (NSA) warned about a post-auth remote code execution vulnerability in all supported Microsoft Exchange Server servers via a tweet published on the agency's Twitter account. [...] | Vulnerability | ||
|
2020-03-06 18:03:56 | Zoho Fixes No-Auth RCE Zero-Day in ManageEngine Desktop Central (lien direct) | Web-based office suite and SaaS services provider Zoho released a security update to fix a remote code execution vulnerability found in its ManageEngine Desktop Central endpoint management solution. [...] | Vulnerability | ||
|
2020-03-04 09:00:00 | Zero-Day Bug Allowed Attackers to Register Malicious Domains (lien direct) | A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean could have allowed attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations. [...] | Vulnerability | APT 32 | |
|
2020-03-02 13:07:53 | Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now (lien direct) | Ongoing scans for Apache Tomcat servers unpatched against the Ghostcat vulnerability that allows potential attackers to take over servers have been detected over the weekend. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
