What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-09-23 14:15:11 | Microsoft Issues Windows Security Update for 0Day Vulnerability (lien direct) | Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively. [...] | Vulnerability | ||
|
2019-09-20 09:50:00 | Forcepoint Fixes Privilege Escalation Bug in Windows VPN Client (lien direct) | A vulnerability affecting all versions of Forcepoint VPN Client for Windows, save the latest release, can be used to achieve persistence and evade detection. [...] | Vulnerability | ||
|
2019-09-19 03:28:26 | Critical Bug In Harbor Container Registry Gives Admin Access (lien direct) | Attackers can exploit a critical security vulnerability in Harbor cloud native registry for container images to obtain admin privileges on a vulnerable hosting system. [...] | Vulnerability | ||
|
2019-09-16 08:24:36 | Password-Revealing Bug Quickly Fixed in LastPass Extensions (lien direct) | A security vulnerability in the extension of LastPass password manager could have allowed stealing the credentials last used for logging into a website. [...] | Vulnerability | LastPass | |
|
2019-09-06 13:40:03 | Public BlueKeep Exploit Module Released by MetaSploit (lien direct) | A public exploit module for the BlueKeep Windows vulnerability has been added today to the open-source Metasploit penetration testing framework, developed by Rapid7 in collaboration with the open-source community. [...] | Vulnerability | ||
|
2019-09-06 07:12:05 | Critical Exim TLS Flaw Lets Attackers Remotely Execute Commands as Root (lien direct) | The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability present in all versions up to and including 4.92.1, and allowing remote attackers to execute programs with root privileges on all servers that accept TLS connections. [...] | Vulnerability | ||
|
2019-09-04 15:19:02 | Year-Old Samba Bug Allows Access to Forbidden Root Share Paths (lien direct) | For almost a year, threat actors could exploit a vulnerability in Samba software that allowed them to bypass file-sharing permissions and escape outside the share root directory. [...] | Vulnerability Threat | ||
|
2019-08-29 09:03:01 | (Déjà vu) Five More Hackers Become Millionaires on HackerOne (lien direct) | HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. [...] | Vulnerability | ||
|
2019-08-29 09:03:01 | Six More Hackers Become Millionaires on HackerOne (lien direct) | HackerOne says that five more hackers have become millionaires after reporting security vulnerabilities through the vulnerability coordination and bug bounty platform. [...] | Vulnerability | ||
|
2019-08-28 20:01:01 | Cisco Fixes Critical Bug in Virtual Service Container for IOS XE (lien direct) | Cisco today published an update for its IOS XE operating system to patch a critical vulnerability that could allow a remote attacker to bypass authentication on devices running an outdated version of the software. [...] | Vulnerability | ||
|
2019-08-27 14:53:01 | Check Point Patches Privilege Escalation Flaw in Endpoint Client (lien direct) | Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. [...] | Vulnerability | ||
|
2019-08-22 17:56:03 | Steam Patches LPE Vulnerabilities in Beta Version Update (lien direct) | Almost 48 hours after security researcher Vasily Kravets (PsiDragon) released his proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation, Valve released a beta update that allegedly fixes the bugs. [...] | Vulnerability Guideline | ||
|
2019-08-22 00:53:02 | Bitdefender Fixes Privilege Escalation Bug in Free Antivirus 2020 (lien direct) | A vulnerability in the free version of Bitdefender Antivirus could be exploited by an attacker to get SYSTEM-level permissions, reserved for the most privileged account on a Windows machine. [...] | Vulnerability | ||
|
2019-08-21 15:28:05 | (Déjà vu) Second Steam Zero-Day Impacts Over 96 Million Windows Users (lien direct) | A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets. [...] | Vulnerability | ||
|
2019-08-20 12:51:05 | Microsoft Patches Vulnerable Android Remote Desktop App (lien direct) | Microsoft updated the security advisory for an information disclosure vulnerability that previously impacted only Windows Remote Desktop Protocol clients to also include the Microsoft Remote Desktop for Android app. [...] | Vulnerability | ||
|
2019-08-19 14:16:04 | iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug (lien direct) | iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2. [...] | Vulnerability | ||
|
2019-08-16 17:37:02 | Steam Security Saga Continues with Vulnerability Fix Bypass (lien direct) | A bypass for a recent Steam vulnerability that could allow malware or a local attacker to gain admin privileges has been disclosed on Twitter. This new method allows an attacker to bypass the fix created by Steam and exploit the vulnerability again. [...] | Malware Vulnerability | ||
|
2019-08-16 16:08:02 | Mozilla Firefox Bug Let Third-Parties Access Saved Passwords (lien direct) | Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser's built-in Save Logins database even when protected with a master password. [...] | Vulnerability | ||
|
2019-08-15 05:10:03 | Trend Micro Fixes Privilege Escalation Bug in Password Manager (lien direct) | A vulnerability in Trend Micro's Password Manager could be exploited to run programs with the permissions of the most privileged account on a Windows system. [...] | Vulnerability | ||
|
2019-08-13 17:18:02 | (Déjà vu) New Bluetooth KNOB Flaw Lets Attackers Manipulate Traffic (lien direct) | A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. [...] | Vulnerability | ||
|
2019-08-13 17:18:02 | New Bluetooth KNOB Flaw Lets Attackers Manipulate Connections (lien direct) | A new Bluetooth vulnerability named "KNOB" has been disclosed that allow attackers to more easily brute force the encryption key used during pairing to monitor or manipulate the data transferred between two paired devices. [...] | Vulnerability | ||
|
2019-08-13 04:33:03 | HVACking: Remotely Exploiting Bugs in Building Control Systems (lien direct) | Security researchers have found a zero-day vulnerability in a popular building controller used for managing various systems, including HVAC (heating, ventilation, and air conditioning), alarms, or pressure level in controlled environments. [...] | Vulnerability | ||
|
2019-08-12 15:48:00 | (Déjà vu) Steam Security Vulnerability Fixed, Researchers Don\'t Agree (lien direct) | Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored. [...] | Vulnerability | ||
|
2019-08-09 17:39:04 | KDE Vulnerability Fixed By Removing Shell Command Support (lien direct) | A code execution vulnerability in the KDE desktop manager has been resolved by removing support for shell commands in the KConfig configuration system. [...] | Vulnerability | ||
|
2019-08-08 17:13:01 | Steam Zero-Day Vulnerability Affects Over 100 Million Users (lien direct) | [...] | Vulnerability | ||
|
2019-08-08 16:13:01 | Avaya VoIP Phones Harbored 10-year Old Vulnerability (lien direct) | A vulnerability leading to remote code execution survived for 10 years in some Avaya VoIP phones, used by 90% of the Fortune 100 companies. [...] | Vulnerability Guideline | ||
|
2019-08-07 19:00:00 | Microsoft Ignored RDP Vulnerability Until it Affected Hyper-V (lien direct) | A vulnerability in Microsoft's Remote Desktop Protocol (RDP) can also be used to escape virtual machines running on Hyper-V, the virtualization technology in Azure and Windows 10. [...] | Vulnerability | ||
|
2019-08-06 14:15:04 | SWAPGS Vulnerability in Modern CPUs Fixed in Windows, Linux, ChromeOS (lien direct) | Both Microsoft and Redhat have released advisories about a new variant of the Spectre 1 speculative execution side channel vulnerabilities that could allow a malicious program to access and read the contents of privileged memory in an operating system. [...] | Vulnerability | ||
|
2019-08-06 14:15:04 | Microsoft Secretly Fixed a New Speculative Vulnerability in Intel CPUs (lien direct) | During the July 2019 Patch Tuesday security updates, Microsoft secretly patched a new variant of the Spectre 1 speculative execution side channel vulnerabilities that allowed information disclosure in Windows. [...] | Vulnerability | ||
|
2019-08-06 12:29:00 | Zero-Day Bug in KDE 4/5 Executes Commands by Opening a Folder (lien direct) | An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder. [...] | Vulnerability | ||
|
2019-07-30 12:41:02 | OXID eShop Used by Mercedes Fixes Remote Takeover Security Bug (lien direct) | OXID e-commerce platform today released an update for its software fixing a remote takeover vulnerability that can be exploited without authentication. [...] | Vulnerability | ||
|
2019-07-24 20:13:03 | Keep Calm, Carry On. VLC Not Affected by Critical Vulnerability (lien direct) | A recent security alert caused a panic where people thought the VLC Media Player was affected by a critical vulnerability that had no patch. The problem is that the vulnerability was not in VLC, but rather a module that was replaced over 16 months ago. [...] | Vulnerability | ||
|
2019-07-22 18:31:05 | Hackers Exploit Recent WordPress Plugin Bugs for Malvertising (lien direct) | An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & Maintenance Mode WordPress plugin according to Wordfence's Defiant Threat Intelligence team. [...] | Vulnerability Threat | ||
|
2019-07-22 15:45:03 | ProFTPD Vulnerability Lets Users Copy Files Without Permission (lien direct) | Under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks after successful exploitation of an arbitrary file copy vulnerability in the mod_copy module. [...] | Vulnerability | ||
|
2019-07-19 00:01:00 | Over 8,500 Google Chrome Bug Reports, Larger Rewards in Store (lien direct) | Nine years and more than 8,500 security bug reports later, Google decided to increase the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program. [...] | Vulnerability | ||
|
2019-07-17 17:56:04 | Drupal Patches Critical Bug That Lets Hackers Take Over Sites (lien direct) | The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS' core component that could allow attackers to take control of impacted sites. [...] | Vulnerability | ||
|
2019-07-17 03:33:03 | Cracked Tesla 3 Windshield Leads to $10,000 Bug Bounty (lien direct) | Tesla paid a large bug bounty for a cross-site scripting (XSS) vulnerability in one of its backend apps that allowed gleaning vital statistics about a vehicle. [...] | Vulnerability | Tesla | |
|
2019-07-16 16:47:04 | Microsoft Patches PowerShell Core Security Bug to Fix WDAC Bypass (lien direct) | Microsoft has released new versions of PowerShell Core to fix a vulnerability that allows a local attacker to bypass Windows Defender Application Control (WDAC) enforcements. This could allow the attacker to execute untrusted programs even with WDAC enabled. [...] | Vulnerability | ||
|
2019-07-11 03:04:00 | Jira Server and Data Center Update Patches Critical Vulnerability (lien direct) | Atlassian has patched a critical vulnerability affecting Jira Server and Data Center since version 4.4.0, launched in the summer of 2011. [...] | Vulnerability | ||
|
2019-07-10 04:56:04 | Intel Fixes Priv Escalation Vulnerability in Enterprise SSD (lien direct) | Intel today released security updates for two of its products, to fix vulnerabilities that could lead to privilege escalation, denial of service, and information disclosure. [...] | Vulnerability Guideline | ||
|
2019-07-09 16:45:00 | Bug in Anesthesia Machines Allows Changing Gas Mix Levels (lien direct) | A vulnerability in the firmware of some anesthesia machines used in hospitals could be abused to change normal functionality up to the point of adjusting the level of inhalational substances. [...] | Vulnerability | ||
|
2019-07-04 03:04:00 | Sodinokibi Ransomware Exploits Windows Bug to Elevate Privileges (lien direct) | Sodinokibi ransomware is looking to increase its privileges on a victim machine by exploiting a vulnerability in the Win32k component present on Windows 7 through 10 and Server editions. [...] | Ransomware Vulnerability | ||
|
2019-07-03 15:31:02 | Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) | US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] | Malware Vulnerability | APT33 APT 33 | |
|
2019-06-22 10:45:02 | Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox (lien direct) | Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version. [...] | Vulnerability | ||
|
2019-06-21 12:34:05 | BlueKeep Warnings Pay Off, Boost Patching in Enterprise Networks (lien direct) | The multiple warnings about patching Windows systems against the BlueKeep vulnerability (CVE-2019-0708) have not gone unheeded. Administrators of enterprise networks listened and updated most of the machines affected by the issue. [...] | Vulnerability Patching | ||
|
2019-06-20 14:05:03 | Mozilla Firefox 67.0.4 Fixes Second Actively Exploited Zero-Day (lien direct) | Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update. [...] | Vulnerability | ||
|
2019-06-20 05:36:04 | Samba Vulnerability Can Crash Active Directory Components (lien direct) | A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of accessing directory, application, and server services. [...] | Vulnerability | ||
|
2019-06-20 00:30:01 | Tor Browser 8.5.2 Released to Fix Critical Vulnerability (lien direct) | Tor Browser 8.5.2 has been released to fix a critical vulnerability in Firefox that was fixed by Mozilla this week. It is strongly advised that all Tor users install this update as soon as possible. [...] | Vulnerability | ||
|
2019-06-19 07:46:02 | Oracle Fixes Critical Bug in WebLogic Server Web Services (lien direct) | Oracle on Tuesday announced a patch for a remote code execution vulnerability affecting specific versions of the WebLogic Server. The bug bypasses a previously fixed flaw and researchers say it is actively used in attacks. [...] | Vulnerability | ||
|
2019-06-18 15:58:02 | Mozilla Firefox 67.0.3 Patches Actively Exploited Zero-Day (lien direct) | Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 to patch an actively exploited and critical severity vulnerability which could allow attackers to remotely execute arbitrary code on machines running vulnerable Firefox versions. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
