What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-11 13:00:00 | Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home (lien direct) | A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...] | Vulnerability | ||
|
2019-01-31 14:31:03 | Ethical Hacker Exposes Magyar Telekom Vulnerabilities, Faces 8 Years in Jail (lien direct) | An ethical hacker who discovered a security vulnerability in Magyar Telekom's IT systems during April 2018 is currently being investigated by the Hungarian Prosecution Service after the company filed a complaint and faces 8 years in prison, local Hungarian media reports. [...] | Vulnerability | ||
|
2019-01-22 09:54:01 | Windows Contacts Remote Code Execution Zero-Day Gets Micropatch (lien direct) | Another zero-day vulnerability in Windows receives a temporary fix today, as the 0patch platform added code for a bug in Windows Contacts app that allows remote execution of arbitrary code. [...] | Vulnerability | ||
|
2019-01-21 13:01:01 | Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch (lien direct) | A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system. [...] | Vulnerability | ||
|
2019-01-18 02:47:03 | Windows Zero-Day Bug that Overwrites Files Gets Interim Fix (lien direct) | A micropatch has been released today for a vulnerability in Windows that allows overwriting files, even system one, with arbitrary data. [...] | Vulnerability | ||
|
2019-01-17 15:20:05 | ES File Explorer Flaws Put 100 Million Users\' Data at Risk, Fix Promised (lien direct) | ES File Explorer users now have to wait to see what issue will be fixed in the next update: the always-on web server giving access to all their files to anyone on the same Wi-Fi network or the MitM attack vulnerability [...] | Vulnerability | ||
|
2019-01-10 03:00:00 | Microsoft Patches Remote Code Execution Vulnerability in Exchange Server (lien direct) | The security update applies to Microsoft Exchange Server 2019, 2016, and 2013 [...] | Vulnerability | ||
|
2018-12-30 11:58:00 | Windows Zero-Day Bug Allows Overwriting Files with Arbitrary Data (lien direct) | A security researcher has disclosed exploit code for a fourth zero-day vulnerability in Windows operating system in just as many months. The bug enables overwriting a target file with arbitrary data. [...] | Vulnerability | ||
|
2018-12-27 18:38:02 | Demo Exploit Code Published for Remote Code Execution via Microsoft Edge (lien direct) | Exploit code demonstrating a memory corruption bug in Microsoft's Edge web browser has been published today by the researcher that discovered and reported the vulnerability in the first place. The code can lead to remote code execution on unpatched machines. [...] | Vulnerability Guideline | ||
|
2018-12-24 11:37:03 | Orange LiveBox Modems Targeted for SSID and WiFi Info (lien direct) | A vulnerability in LiveBox ADSL modems from Orange allows an attacker to retrieve their SSID and WiFi password in plaintext by simply sending a request over the internet. [...] | Vulnerability | ||
|
2018-12-20 11:46:03 | Windows Zero-Day PoC Lets You Read Any File with System Level Access (lien direct) | For a third time in four months, a security researcher announces a zero-day vulnerability in Microsoft Windows and provides exploit code that allows reading into unauthorized locations. [...] | Vulnerability | ||
|
2018-12-19 14:06:02 | Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day (lien direct) | Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in targeted attacks. [...] | Vulnerability Threat | ||
|
2018-12-18 10:59:03 | File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code (lien direct) | Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to upload a malicious script and potentially get remote code execution. [...] | Tool Vulnerability | ||
|
2018-12-11 16:39:03 | Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability (lien direct) | Today is Microsoft's December 2018 Patch Tuesday, which means it is time to update your computer so that you are protected from the latest threats to Windows and Microsoft products. Two of the patched critical vulnerabilities are known to have been used in the wild, so it is important that these updates are installed immediately. [...] | Vulnerability | ||
|
2018-12-08 12:08:05 | WebKit Vulnerability Affects Latest Versions of Apple Safari (lien direct) | A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple's Safari, along with other apps on macOS, iOS, and Linux. [...] | Vulnerability | ||
|
2018-12-05 11:11:01 | Adobe Fixes Zero-Day Flash Player Vulnerability Used in APT Attack on Russia (lien direct) | Adobe has released an update for Flash Player that fixes a zero-day user after free vulnerability that was used as part of an APT attack against Russia. This attack is being named "Operation Poison Needle" and targeted the Russian FSBI "Polyclinic #2" medical clinic. [...] | Vulnerability | ||
|
2018-12-04 11:12:03 | Kubernetes Updates Patch Critical Privilege Escalation Bug (lien direct) | A critical vulnerability in Kubernetes open-source system for handling containerized applications can enable an attacker to gain full administrator privileges on Kubernetes compute nodes. [...] | Vulnerability | Uber | |
|
2018-11-28 11:34:02 | The One Planet York Data Breach That Was a Data Leak (lien direct) | A data breach notification from the City of York has gone awry as new details shed light over the incident, revealing a completely inappropriate response to a responsible disclosure of a vulnerability potentially affecting thousands of users. [...] | Data Breach Vulnerability | ||
|
2018-11-21 06:32:04 | (Déjà vu) Adobe Flash Player Update Released for Remote Code Execution Vulnerability (lien direct) | [...] | Vulnerability | ||
|
2018-11-19 11:14:02 | Vulnerability in AMP for WP Plugin Allowed Admin Access to WordPress (lien direct) | A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site. [...] | Vulnerability | ||
|
2018-11-14 07:50:03 | Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks (lien direct) | A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates. [...] | Vulnerability Threat | ||
|
2018-11-13 18:12:00 | Adobe Releases Security Update for Acrobat Vulnerability with Public PoC (lien direct) | Adobe has published their monthly Patch Tuesday updates for the month of November 2018. These updates are for Flash Player, Adobe Acrobat and Reader, and Photoshop CC. [...] | Vulnerability | ||
|
2018-11-06 22:19:00 | VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available (lien direct) | A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug. [...] | Vulnerability | ||
|
2018-11-06 16:22:05 | WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover (lien direct) | A design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site. [...] | Vulnerability | ||
|
2018-11-05 04:13:01 | (Déjà vu) Security Bug in Icecast Puts Online Radio Stations At Risk (lien direct) | A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. [...] | Vulnerability | ★★★ | |
|
2018-11-05 04:13:01 | (Déjà vu) Security Bug Puts Online Radio Stations At Risk (lien direct) | A vulnerability discovered in Icecast streaming media server could be leveraged by an attacker to kill the broadcast of online radio stations that rely on it to reach their audience. [...] | Vulnerability | ||
|
2018-11-04 11:14:04 | New Microsoft Edge Browser Zero-Day RCE Exploit in the Works (lien direct) | Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability. [...] | Vulnerability | ||
|
2018-11-03 14:24:05 | New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys (lien direct) | A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running on the same SMT/hyper-threading enabled CPU core. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core. [...] | Vulnerability | ||
|
2018-11-01 21:50:04 | Attackers Use Zero-Day That Can Restart Cisco Security Appliances (lien direct) | Unknown attackers have exploited a vulnerability in software running on security hardware products from Cisco that could trigger a restart of the affected devices, the equivalent of a denial-of-service (DoS) condition. [...] | Vulnerability | ||
|
2018-10-26 12:11:04 | Trivial Bug in X..Org Gives Root Permission on Linux and BSD Systems (lien direct) | A vulnerability that is trivial to exploit allows privilege escalation to root level on Linux and BSD distributions using X.Org server, the open source implementation of the X Window System that offers the graphical environment. [...] | Vulnerability | ||
|
2018-10-24 12:25:01 | New Windows Zero-Day Bug Helps Delete Any File, Exploit Available (lien direct) | Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. [...] | Vulnerability | ||
|
2018-10-22 18:31:01 | Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now (lien direct) | Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices. [...] | Vulnerability | ||
|
2018-10-11 18:50:03 | PoC Code Available for Microsoft Edge Remote Code Execution Bug (lien direct) | The flurry of security bugs Microsoft addressed with its latest rollout of updates includes a remote code execution vulnerability in Edge web browser. The glitch relies on abusing URI schemes and scripts in Windows that can run with user-defined parameters. [...] | Vulnerability | ||
|
2018-10-10 18:16:05 | WhatsApp Fixes Vulnerability That\'s Triggered by Answering a Call. (lien direct) | A critical vulnerability in the WhatsApp messaging app for Android and iOS was fixed today that could have been activated simply by a user answering a video call. [...] | Vulnerability | ||
|
2018-10-08 11:42:02 | Spectre and Meltdown Hardware Protection Added to Intel\'s 9th Gen CPUs (lien direct) | As part of today's Intel's Fall Desktop Launch event, new 9th generation CPUs were announced that include hardware protection for two of the Spectre and Meltdown vulnerability variants. [...] | Vulnerability | ||
|
2018-10-06 13:22:03 | Git Project Patches Remote Code Execution Vulnerability in Git (lien direct) | The Git Project announced yesterday a critical arbitrary code execution vulnerability in the Git command line client, Git Desktop, and Atom that could allow malicious repositories to remotely execute commands on a vulnerable machine. [...] | Vulnerability | ||
|
2018-10-04 22:07:02 | Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1 (lien direct) | Mozilla has released Thunderbird version 60.2.1 to resolve numerous security updates in the mail program. One of these vulnerabilities is labeled as Critical as it could potentially lead to remote code execution. [...] | Vulnerability Guideline | ||
|
2018-09-28 13:43:03 | Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover (lien direct) | Today, Facebook disclosed a security vulnerability that affected 50 million people on the social media network and allowed malicious third parties to potentially access the affected users account. [...] | Vulnerability | ||
|
2018-09-26 03:05:00 | GandCrab v5 Ransomware Utilizing the ALPC Task Scheduler Exploit (lien direct) | The GandCrab v5 ransomware has started to use the recently disclosed Task Scheduler ALPC vulnerability to gain System privileges on an infected computer. This vulnerability was recently patched by Microsoft in the September 2018 Patch Tuesday, but many companies may not have installed the patch. [...] | Ransomware Vulnerability | ||
|
2018-09-21 19:39:01 | Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability (lien direct) | Western Digital has just released an hotfix firmware update to resolve the authentication bypass vulnerability (CVE-2018-17153) that had remained unpatched for over a year. This vulnerability allowed anyone to bypass authentication and get administrative access to the router. [...] | Vulnerability | ||
|
2018-09-21 12:06:03 | 0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative (lien direct) | A zero day vulnerability in the Microsoft Windows Jet Database Engine has been disclosed by TrendMicro's Zero Day Initiative even though a security update is not currently available from Microsoft. [...] | Vulnerability | ||
|
2018-09-19 12:02:03 | My Cloud NAS Devices Vulnerable to Auth Bypass for over a Year (lien direct) | A vulnerability in Western Digital My Cloud network-attached storage (NAS) that allows an attacker to bypass authentication and take control of the device with administrator permissions remains unpatched almost a year and a half after being reported initially. [...] | Vulnerability | ||
|
2018-09-18 11:26:01 | Critical RCE Peekaboo Bug in NVR Surveillance System, PoC Available (lien direct) | A critical vulnerability in software from a global vendor of video surveillance equipment puts at risk the security of video feeds from over 100 camera brands and more than 2,500 camera models. [...] | Vulnerability | ||
|
2018-09-15 14:00:00 | (Déjà vu) Windows Systems Vulnerable to FragmentSmack, 90s-Like DoS Bug (lien direct) | Microsoft released a security advisory about a denial-of-service vulnerability that could render multiple versions of Windows completely unresponsive and has no mitigation factors, the company says. [...] | Vulnerability | ||
|
2018-09-14 21:09:05 | Windows Systems Vulnerable to FragmentSmack DoS Bug (lien direct) | Microsoft released a security advisory on a denial-of-service vulnerability that renders multiple versions of Windows completely unresponsive and has no mitigation factors. [...] | Vulnerability | ||
|
2018-09-11 10:17:02 | Apple\'s Safari Falls For New Address Bar Spoofing Trick (lien direct) | An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer. [...] | Vulnerability | ||
|
2018-09-05 11:45:00 | Windows Task Scheduler Zero Day Exploited by Malware (lien direct) | Malware developers have started to use the zero-day exploit for Windows Task Scheduler component, two days after proof-of-concept code for the vulnerability appeared online. [...] | Malware Vulnerability | ||
|
2018-08-29 19:01:00 | 4-Year Old Misfortune Cookie Rears Its Head In Medical Gateway Device (lien direct) | Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure. [...] | Vulnerability | ||
|
2018-08-29 05:07:02 | Critical Flaw Fixed in Packagist, PHP\'s Largest Package Repository (lien direct) | The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service. [...] | Vulnerability | ||
|
2018-08-28 12:39:00 | Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776 (lien direct) | After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
