Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2020-02-27 09:59:42 |
(Déjà vu) Cisco Working on Patches for New Kr00k WiFi Vulnerability (lien direct) |
Cisco today announced that it is working to patch multiple products that are affected by the recently disclosed Kr00k vulnerability in WiFi chips from Broadcom and Cypress. [...] |
Vulnerability
|
|
|
|
2020-02-27 09:59:42 |
Cisco Working on Patches for New Kr00k WiFi Vulnerabilities (lien direct) |
Cisco today announced that it is working to patch multiple products that are affected by the recently disclosed Kr00k vulnerability in WiFi chips from Broadcom and Cypress. [...] |
Vulnerability
|
|
|
|
2020-02-26 15:00:31 |
Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now! (lien direct) |
Attackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable to the CVE-2020-0688 remote code execution vulnerability patched by Microsoft two weeks ago. [...] |
Vulnerability
|
|
|
|
2020-02-26 10:00:00 |
Kr00k Bug in Broadcom, Cypress WiFi Chips Leaks Sensitive Info (lien direct) |
A vulnerability in some popular WiFi chips present in client devices, routers, and access points, can be leveraged to partially decrypt user communication and expose data in wireless network packets. [...] |
Vulnerability
|
|
|
|
2020-02-25 05:49:23 |
New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros (lien direct) |
Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. [...] |
Vulnerability
|
|
|
|
2020-02-21 21:55:57 |
(Déjà vu) Windows 10 Gets Temp Fix for Critical Security Vulnerability (lien direct) |
Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it. [...] |
Vulnerability
|
|
|
|
2020-02-20 07:00:00 |
Tesla Pays $10K for Microsoft SQL Server Reporting Services Bug (lien direct) |
Tesla paid a $10,000 bounty for a vulnerability in Microsoft SQL Server Reporting Services (SSRS) that had received a patch five days before getting the bug submission. [...] |
Vulnerability
|
|
|
|
2020-02-19 17:24:12 |
Microsoft Adds Enterprise Windows 10 Tamper Protection Controls (lien direct) |
Microsoft announced today that support for the Windows 10 Tamper Protection feature has been added to Microsoft Defender ATP Threat & Vulnerability Management for additional info on exposed machines in their organization. [...] |
Vulnerability
Threat
|
|
|
|
2020-02-19 12:01:05 |
Zero-Day in WordPress Plugin Exploited to Create Admin Accounts (lien direct) |
A zero-day vulnerability in the ThemeREX Addons, a WordPress plugin installed on thousands of sites, is actively exploited by attackers to create user accounts with admin permissions and potentially fully taking over the vulnerable website. [...] |
Vulnerability
|
|
|
|
2020-02-11 14:01:16 |
Microsoft Patches Actively Exploited Internet Explorer Zero-Day (lien direct) |
Microsoft released security updates to patch an actively exploited zero-day remote code execution (RCE) vulnerability impacting multiple versions of Internet Explorer. [...] |
Vulnerability
|
|
|
|
2020-02-06 19:44:10 |
Critical Android Bluetooth Flaw Exploitable without User Interaction (lien direct) |
Android users are urged to apply the latest security patches released for the operating system on Monday that address a critical vulnerability in the Bluetooth subsystem. [...] |
Vulnerability
|
|
|
|
2020-02-04 18:48:51 |
Realtek Fixes DLL Hijacking Flaw in HD Audio Driver for Windows (lien direct) |
Realtek fixed a security vulnerability discovered in the Realtek HD Audio Driver Package that could allow potential attackers to gain persistence, plant malware, and evade detection on unpatched Windows systems. [...] |
Vulnerability
|
|
|
|
2020-02-04 12:57:00 |
WhatsApp Bug Allowed Attackers to Access the Local File System (lien direct) |
Facebook patched a critical WhatsApp vulnerability that would have allowed potential attackers to read files from a user's local file system, on both macOS and Windows platforms. [...] |
Vulnerability
|
|
|
|
2020-01-29 10:51:36 |
Critical Remote Code Execution Bug Fixed in OpenBSD SMTP Server (lien direct) |
A critical vulnerability in the free OpenSMTPD email server present in many Unix-based systems can be exploited to run shell commands with root privileges. [...] |
Vulnerability
|
|
|
|
2020-01-28 15:45:02 |
(Déjà vu) Google Pays $6.5 Million to Hackers for Reporting Security Bugs (lien direct) |
More than $6.5 million were paid to researchers for reporting security bugs through Google's Vulnerability Reward Program (VRP) in 2019, the company said in an announcement published today. [...] |
Vulnerability
|
|
|
|
2020-01-28 15:45:02 |
Goole Pays $6.5 Million to Hackers for Reporting Security Bugs (lien direct) |
More than $6.5 million were paid to researchers for reporting security bugs through Google's Vulnerability Reward Program (VRP) in 2019, the company said in an announcement published today. [...] |
Vulnerability
|
|
|
|
2020-01-26 12:35:12 |
Microsoft\'s IE Zero-day Fix is Breaking Windows Printing (lien direct) |
Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users. [...] |
Vulnerability
|
|
|
|
2020-01-26 10:31:32 |
Patching the Citrix ADC Bug Doesn\'t Mean You Weren\'t Hacked (lien direct) |
Citrix on Friday released the final patch for the critical vulnerability tracked as CVE-2019-19781 in its affected appliances. Many organizations are still at risk, though, as they continue to run Citrix servers without a fix or the advised [...] |
Vulnerability
Patching
|
|
|
|
2020-01-21 12:12:23 |
Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch (lien direct) |
A micropatch implementing Microsoft's workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released. [...] |
Vulnerability
|
|
|
|
2020-01-17 18:31:17 |
Microsoft Issues Mitigation for Actively Exploited IE Zero-Day (lien direct) |
Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer. [...] |
Vulnerability
|
|
|
|
2020-01-17 15:14:39 |
How Malware Gains Trust by Abusing the Windows CryptoAPI Flaw (lien direct) |
The new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This creates trust in the program, which may cause a user to be more willing to execute them. [...] |
Malware
Vulnerability
|
|
|
|
2020-01-17 13:26:01 |
FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw (lien direct) |
FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers. [...] |
Vulnerability
|
|
|
|
2020-01-16 12:59:37 |
PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks (lien direct) |
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. [...] |
Vulnerability
|
|
|
|
2020-01-11 03:01:00 |
Citrix ADC CVE-2019-19781 Exploits Released, Fix Now! (lien direct) |
Numerous working exploits for the Citrix ADC (NetScaler) CVE-2019-1978 vulnerability are finally here and have been publicly posted in numerous locations. There is no patch available for this vulnerability, but Citrix has provided mitigations, which should be applied now! [...] |
Vulnerability
|
|
|
|
2020-01-08 13:35:16 |
Mozilla Firefox 72.0.1 Patches Actively Exploited Zero-Day (lien direct) |
Mozilla released Firefox 72.0.1 and Firefox ESR 68.4.1 to patch a critical and actively exploited severity vulnerability that could potentially allow attackers to execute code or trigger crashes on machines running vulnerable Firefox versions. [...] |
Vulnerability
|
|
|
|
2019-12-16 23:00:00 |
Update Intel\'s Rapid Storage App to Fix Bug Letting Malware Evade AV (lien direct) |
A DLL hijacking vulnerability exists in an older version of the Intel Rapid Storage Technology (Intel RST) software that could allow attackers to execute malware at elevated privileges in Windows. [...] |
Malware
Vulnerability
|
|
|
|
2019-11-21 14:12:44 |
Microsoft Outlook for Android Gets Spoofing Vulnerability Fix (lien direct) |
Microsoft has released an update for Microsoft Outlook for Android that fixes a spoofing vulnerability in the application that could allow an attacker to compromise the device. [...] |
Vulnerability
|
|
|
|
2019-11-20 14:52:51 |
Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin (lien direct) |
Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability present since Jetpack 5.1. [...] |
Vulnerability
|
|
|
|
2019-11-19 07:30:00 |
Android Camera App Bug Lets Apps Record Video Without Permission (lien direct) |
A new vulnerability has been found in the Camera apps for millions, if not hundreds of millions, of Android devices that could allow other apps to record video, take pictures, and extract GPS data from media without having the required permissions. [...] |
Vulnerability
|
|
|
|
2019-11-14 11:52:25 |
(Déjà vu) Qualcomm Bug Exposes Critical Data on Samsung, LG Phones (lien direct) |
Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. [...] |
Vulnerability
|
|
|
|
2019-11-14 11:52:25 |
Researchers Find Bug in Qualcomm Code for Trusted App (lien direct) |
Researchers stressing the code related to Qualcomm's implementation of the secure execution area on mobile devices found a new vulnerability that could allow access to critical data. [...] |
Vulnerability
|
|
|
|
2019-11-13 03:15:04 |
Latest Intel CPUs Affected by New TSX Speculative Attack (lien direct) |
A new speculative vulnerability called ZombieLoad 2, or TSX Asynchronous Abort, has been disclosed today that targets the Transactional Synchronization Extensions (TSX) feature in Intel processors. [...] |
Vulnerability
|
|
|
|
2019-11-12 11:00:00 |
McAfee Patches Privilege Escalation Flaw in Antivirus Software (lien direct) |
McAfee patched a security vulnerability discovered in all editions of its Antivirus software for Windows and enabling potential attackers to escalate privileges and execute code using SYSTEM privileges. [...] |
Vulnerability
|
|
|
|
2019-11-06 03:00:00 |
Microsoft Defender ATP Gets Advanced Hunting Capabilities, More (lien direct) |
Microsoft announced today that several new Threat & Vulnerability Management (TVM) capabilities will go into public preview for Microsoft Defender ATP customers including vulnerability Assessment (VA) support for Windows Servers, advanced hunting with vulnerability data, and automated analysis of remediation on user impact. [...] |
Vulnerability
|
|
|
|
2019-11-02 22:26:55 |
(Déjà vu) Windows BlueKeep RDP Attacks Are Here, Infecting with Miners (lien direct) |
The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. [...] |
Vulnerability
|
|
|
|
2019-11-02 22:26:55 |
BlueKeep Remote Code Execution Bug in RDP Exploited En Masse (lien direct) |
The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes. [...] |
Vulnerability
|
|
|
|
2019-10-17 05:30:00 |
Millions of Amazon Echo and Kindle Devices Affected by WiFi Bug (lien direct) |
Millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. [...] |
Vulnerability
|
|
|
|
2019-10-14 19:34:46 |
(Déjà vu) Linux SUDO Bug Lets You Run Commands as Root, Most Installs Unaffected (lien direct) |
A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...] |
Vulnerability
|
|
|
|
2019-10-14 19:34:46 |
Linux SUDO Bug Lets You Run Commands as Root, Most are Unaffected (lien direct) |
A vulnerability has been discovered in the Linux sudo command that could allow unprivileged users to execute commands as root. Thankfully, this vulnerability only works in non-standard configurations and most Linux servers are unaffected. [...] |
Vulnerability
|
|
|
|
2019-10-12 14:05:06 |
Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs (lien direct) |
The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.. [...] |
Vulnerability
|
|
|
|
2019-10-11 12:11:33 |
Windows 10 Update Assistant Vulnerability Needs Manual Fix, Here\'s How (lien direct) |
Microsoft has released a new version of the Windows 10 Update Assistant in order to fix a local privilege escalation vulnerability. While there is no imminent threat, the only way to fix this vulnerability is to uninstall the program or download the latest version. [...] |
Vulnerability
|
|
★★★
|
|
2019-10-10 13:34:16 |
Apple Software Update Zero-Day Used by BitPaymer Ransomware (lien direct) |
Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows. [...] |
Ransomware
Vulnerability
|
|
|
|
2019-10-10 10:52:52 |
HP Touchpoint Analytics LPE Vulnerability Affects Most HP PCs (lien direct) |
HP patched a vulnerability discovered in the HP Touchpoint Analytics software installed by default on most of its Windows laptops and desktops, a flaw allowing attackers to escalate privileges and execute arbitrary code using SYSTEM privileges. [...] |
Vulnerability
|
|
|
|
2019-10-10 03:16:19 |
iTerm2 Patches Critical Vulnerability Active for 7 Years (lien direct) |
The most popular terminal emulator for macOS, iTerm2, has been updated to fix a critical security issue that survived undisclosed for at least seven years. [...] |
Vulnerability
|
|
|
|
2019-10-01 14:38:06 |
Singapore\'s GovTech Launches Vulnerability Disclosure Program (lien direct) |
Singapore's Government Technology Agency (GovTech) has launched a new vulnerability disclosure program on HackerOne so researchers can disclose vulnerabilities in government sites. [...] |
Vulnerability
|
|
|
|
2019-10-01 02:22:22 |
Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs (lien direct) |
Account data belonging to more than half of all Comodo Forums users has been stolen and is now traded online. The breach was possible by exploiting a vulnerability in the software that powers the forum. [...] |
Vulnerability
|
|
|
|
2019-09-30 12:45:55 |
New Exim Vulnerability Exposes Servers to DoS Attacks, RCE Risks (lien direct) |
A new critical vulnerability in the Exim mail transfer agent (MTA) software was patched to prevent denial of service (DoS) or possibly remote code execution attacks. [...] |
Vulnerability
|
|
|
|
2019-09-29 11:11:45 |
Cloudflare Now Blocks the vBulletin RCE CVE-2019-16759 Exploit (lien direct) |
This week a zero-day vBulletin remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare's service. [...] |
Vulnerability
|
|
|
|
2019-09-26 11:25:30 |
Cisco Fixes Critical IOx Flaw Allowing Root Access to Guest OS (lien direct) |
Cisco has released security updates to address a critical vulnerability in the IOx application environment for Cisco IOS Software that could enable authenticated remote attackers to access the Guest Operating System (Guest OS) as the root user. [...] |
Vulnerability
|
|
|
|
2019-09-25 03:34:35 |
Hackers Exploit Unpatched Bug in Rich Reviews WordPress Plugin (lien direct) |
Site administrators still using the Rich Reviews plugin for WordPress are easy targets as hackers are currently exploiting an unpatched vulnerability for malvertising campaigns. [...] |
Vulnerability
|
|
|