What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-01 18:06:52 | New Windows Search zero-day added to Microsoft protocol nightmare (lien direct) | A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [...] | Vulnerability | ||
|
2022-06-01 11:31:38 | Windows MSDT zero-day vulnerability gets free unofficial patch (lien direct) | A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.' [...] | Vulnerability | ||
|
2022-05-31 18:00:17 | Windows MSDT zero-day now exploited by Chinese APT hackers (lien direct) | Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...] | Vulnerability Threat | ||
|
2022-05-30 10:23:43 | New Microsoft Office zero-day used in attacks to execute PowerShell (lien direct) | Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [...] | Vulnerability | ||
|
2022-05-26 14:21:33 | Exploit released for critical VMware auth bypass bug, patch now (lien direct) | Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. [...] | Vulnerability | ||
|
2022-05-25 07:21:30 | BPFDoor malware uses Solaris vulnerability to get root privileges (lien direct) | New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...] | Malware Vulnerability Threat | ||
|
2022-05-24 12:45:41 | Screencastify Chrome extension flaws allow webcam hijacks (lien direct) | The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...] | Vulnerability | ||
|
2022-05-24 10:16:24 | Researchers to release exploit for new VMware auth bypass, patch now (lien direct) | Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [...] | Vulnerability | ||
|
2022-05-20 16:39:13 | Cisco urges admins to patch IOS XR zero-day exploited in attacks (lien direct) | Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers. [...] | Vulnerability | ||
|
2022-05-19 11:24:04 | Lazarus hackers target VMware servers with Log4Shell exploits (lien direct) | The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. [...] | Vulnerability | APT 38 | |
|
2022-05-18 12:01:42 | VMware patches critical auth bypass flaw in multiple products (lien direct) | VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges. [...] | Vulnerability | ||
|
2022-05-18 11:20:56 | CISA shares guidance to block ongoing F5 BIG-IP attacks (lien direct) | In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388). [...] | Vulnerability | ||
|
2022-05-16 14:33:32 | Apple emergency update fixes zero-day used to hack Macs, Watches (lien direct) | Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...] | Hack Vulnerability Threat | ||
|
2022-05-12 14:13:52 | Zyxel fixes firewall flaws that could lead to hacked networks (lien direct) | Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...] | Vulnerability Threat | ||
|
2022-02-14 18:34:11 | Google Chrome emergency update fixes zero-day exploited in attacks (lien direct) | Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. [...] | Vulnerability Threat | ||
|
2022-02-14 09:45:44 | Emergency Magento update fixes zero-day bug exploited in attacks (lien direct) | Adobe rolled out emergency updates for Adobe Commerce and Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. [...] | Vulnerability | ||
|
2022-02-09 11:55:32 | CISA warns admins to patch maximum severity SAP vulnerability (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM). [...] | Vulnerability | ||
|
2022-02-08 13:27:31 | Microsoft February 2022 Patch Tuesday fixes 48 flaws, 1 zero-day (lien direct) | Today is Microsoft's February 2022 Patch Tuesday, and with it comes fixes for one zero-day vulnerability and a total of 48 flaws. [...] | Vulnerability | ||
|
2022-02-07 17:30:15 | DPD Group parcel tracking flaw may have exposed customer data (lien direct) | An unauthenticated API call vulnerability in DPD Group's package tracking system could have been exploited to access the personally identifiable details of its clients. [...] | Vulnerability | ||
|
2022-02-04 10:43:31 | Argo CD vulnerability leaks sensitive info from Kubernetes apps (lien direct) | A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. [...] | Vulnerability | Uber | |
|
2022-02-03 16:44:25 | Zimbra zero-day vulnerability actively exploited to steal emails (lien direct) | A cross-site scripting (XSS) vulnerability in the Zimbra email platform is currently actively exploited in attacks targeting European media and government organizations. [...] | Vulnerability | ||
|
2022-02-02 18:58:24 | (Déjà vu) Wormhole cryptocurrency platform hacked to steal $326 million (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal approximately $326 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 18:58:24 | Wormhole platform hacked to steal $326 million in crypto (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $320 million in cryptocurrency. [...] | Vulnerability | ||
|
2022-02-02 17:00:38 | ESET antivirus bug let attackers gain Windows SYSTEM privileges (lien direct) | Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above. [...] | Vulnerability | ||
|
2022-02-01 14:21:47 | Microsoft Defender now detects Android and iOS vulnerabilities (lien direct) | Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...] | Vulnerability Threat | ★★★★ | |
|
2022-01-31 16:15:12 | Samba bug can let remote attackers execute code as root (lien direct) | Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. [...] | Vulnerability | ||
|
2022-01-31 15:35:52 | 600K WordPress sites impacted by critical plugin RCE vulnerability (lien direct) | Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. [...] | Vulnerability | ||
|
2022-01-29 14:06:50 | (Déjà vu) Windows vulnerability with new public exploits lets you become admin (lien direct) | A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. [...] | Vulnerability | ||
|
2022-01-25 19:28:37 | New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key (lien direct) | A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software. [...] | Ransomware Vulnerability | ||
|
2022-01-25 15:44:06 | (Déjà vu) Linux system service bug gives root on all major distros, exploit released (lien direct) | A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today. [...] | Vulnerability | ||
|
2022-01-25 15:44:06 | Linux system service bug gives you root on every major distro (lien direct) | A vulnerability in the pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today. [...] | Vulnerability | ||
|
2022-01-25 11:56:28 | Linux kernel bug can let hackers escape Kubernetes containers (lien direct) | A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system. [...] | Vulnerability | Uber | |
|
2022-01-24 16:48:56 | Attackers now actively targeting critical SonicWall RCE bug (lien direct) | A critical severity vulnerability impacting SonicWall's Secure Mobile Access (SMA) gateways addressed last month is now targeted in ongoing exploitation attempts. [...] | Vulnerability | ||
|
2022-01-21 08:22:24 | McAfee Agent bug lets hackers run code with Windows SYSTEM privileges (lien direct) | McAfee has patched a security vulnerability discovered in the company's McAfee Agent software for Windows enabling attackers to escalate privileges and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2022-01-19 17:32:23 | Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks (lien direct) | SolarWinds has patched a Serv-U vulnerability discovered by Microsoft that threat actors actively used to propagate Log4j attacks to internal devices on a network. [...] | Vulnerability Threat | ||
|
2022-01-17 13:04:18 | (Déjà vu) Zoho plugs another critical security hole in Desktop Central (lien direct) | Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. [...] | Vulnerability | ||
|
2022-01-17 13:04:18 | Zoho patches new critical authentication bypass in Desktop Central (lien direct) | Zoho has addressed a new critical severity vulnerability found to affect the company's Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. [...] | Vulnerability | ||
|
2022-01-13 12:31:13 | Windows \'RemotePotato0\' zero-day gets an unofficial patch (lien direct) | A privilege escalation vulnerability impacting all Windows versions that can let threat actors gain domain admin privileges through an NTLM relay attack has received unofficial patches after Microsoft tagged it as "won't fix." [...] | Vulnerability | ||
|
2022-01-11 17:02:44 | (Déjà vu) Microsoft: New critical Windows HTTP vulnerability is wormable (lien direct) | Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [...] | Vulnerability | ||
|
2022-01-11 17:02:44 | Microsoft: Critical Windows HTTP vulnerability is wormable (lien direct) | Microsoft has patched a critical flaw tagged as wormable and found to impact the latest desktop and server Windows versions, including Windows 11 and Windows Server 2022. [...] | Vulnerability | ||
|
2022-01-11 14:33:19 | Microsoft fixes critical Office bug, delays macOS security updates (lien direct) | During this year's first Patch Tuesday, Microsoft has addressed a critical severity Office vulnerability that can let attackers execute malicious code remotely on vulnerable systems. [...] | Vulnerability | ||
|
2022-01-11 06:24:43 | Night Sky ransomware uses Log4j bug to hack VMware Horizon servers (lien direct) | The Night Sky ransomware gang has started to exploit the critical CVE-2021-4422 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. [...] | Ransomware Hack Vulnerability | ||
|
2022-01-10 12:39:58 | Microsoft: powerdir bug gives access to protected macOS user data (lien direct) | Microsoft says threat actors could use a macOS vulnerability to bypass Transparency, Consent, and Control (TCC) technology to access users' protected data. [...] | Vulnerability Threat | ||
|
2022-01-03 10:39:58 | Apple iOS vulnerable to HomeKit \'doorLock\' denial of service bug (lien direct) | A novel persistent denial of service vulnerability named 'doorLock' was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2. [...] | Vulnerability | ||
|
2022-01-02 09:48:35 | (Déjà vu) Uber ignores vulnerability that lets you send any email from Uber.com (lien direct) | A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it for now. [...] | Vulnerability | Uber Uber | |
|
2022-01-02 09:48:35 | Uber dismisses vulnerability that lets you email anyone as Uber! (lien direct) | A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. Uber is aware of the flaw but has decided not to fix it. [...] | Vulnerability | Uber Uber | |
|
2021-12-28 15:12:01 | Log4j 2.17.1 out now, fixes new remote code execution bug (lien direct) | Apache has released another Log4j version, 2.17.1 fixing a newly discovered remote code execution (RCE) vulnerability in 2.17.0, tracked as CVE-2021-44832. Prior to today, 2.17.0 was the most recent version of Log4j and deemed the safest release to upgrade to, but that advice has now evolved. [...] | Vulnerability | ||
|
2021-12-23 17:09:32 | Apple fixes macOS security flaw behind Gatekeeper bypass (lien direct) | Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. [...] | Vulnerability | ★★★ | |
|
2021-12-22 10:42:21 | NVIDIA discloses applications impacted by Log4j vulnerability (lien direct) | NVIDIA has released a security advisory detailing what products are affected by the Log4Shell vulnerability that is currently exploited in a wide range of attacks worldwide. [...] | Vulnerability | ||
|
2021-12-20 13:06:53 | FBI: State hackers exploiting new Zoho zero-day since October (lien direct) | The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
