What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-09-29 14:17:43 | CISA releases tool to help orgs fend off insider threat risks (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. [...] | Tool Vulnerability Threat | ||
|
2021-09-28 07:03:15 | Working exploit released for VMware vCenter CVE-2021-22005 bug (lien direct) | A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it. [...] | Vulnerability Threat | ★★★ | |
|
2021-09-22 17:44:24 | Hackers are scanning for VMware CVE-2021-22005 targets, patch now! (lien direct) | Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...] | Vulnerability Threat Guideline | ||
|
2021-09-21 16:01:41 | (Déjà vu) New macOS zero-day bug lets attackers run commands remotely (lien direct) | Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [...] | Vulnerability | ||
|
2021-09-21 16:01:41 | New zero-day bug lets attackers run arbitrary commands on Macs (lien direct) | Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [...] | Vulnerability | ||
|
2021-09-21 13:40:19 | VMware warns of critical bug in default vCenter Server installs (lien direct) | VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments. [...] | Vulnerability | ||
|
2021-09-21 11:24:30 | Netgear fixes dangerous code execution bug in multiple routers (lien direct) | Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. [...] | Vulnerability | ||
|
2021-09-14 16:20:05 | Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug (lien direct) | Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. [...] | Vulnerability | ||
|
2021-09-14 07:00:00 | Millions of HP OMEN gaming PCs impacted by driver vulnerability (lien direct) | Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. [...] | Vulnerability Threat | ||
|
2021-09-12 13:07:46 | Windows MSHTML zero-day exploits shared on hacking forums (lien direct) | Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. [...] | Vulnerability Threat | ||
|
2021-09-09 11:08:22 | Microsoft fixes bug letting hackers take over Azure containers (lien direct) | Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform. [...] | Vulnerability | ★★★★ | |
|
2021-09-08 15:36:00 | Zoho patches actively exploited critical ADSelfService Plus bug (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution that allows them to take control of the system. [...] | Vulnerability | ||
|
2021-09-07 15:36:51 | Microsoft shares temp fix for ongoing Office 365 zero-day attacks (lien direct) | Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. [...] | Vulnerability | ||
|
2021-09-07 11:46:41 | Jenkins project\'s Confluence server hacked to mine Monero (lien direct) | Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project. [...] | Vulnerability | ||
|
2021-09-03 11:23:17 | US govt warns orgs to patch massively exploited Confluence bug (lien direct) | US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately. [...] | Vulnerability | ||
|
2021-09-03 09:21:32 | Conti ransomware now hacking Exchange servers with ProxyShell exploits (lien direct) | The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. [...] | Ransomware Vulnerability | ||
|
2021-09-02 16:54:43 | Atlassian Confluence flaw actively exploited to install cryptominers (lien direct) | Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. [...] | Vulnerability | ||
|
2021-08-30 12:28:32 | Microsoft Exchange ProxyToken bug can let hackers steal user email (lien direct) | Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. [...] | Vulnerability | ||
|
2021-08-27 08:52:03 | Microsoft warns Azure customers of critical Cosmos DB vulnerability (lien direct) | Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. [...] | Vulnerability | ||
|
2021-08-26 15:42:17 | Synology: Multiple products impacted by OpenSSL RCE vulnerability (lien direct) | Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. [...] | Vulnerability | ||
|
2021-08-26 11:10:48 | Kaseya patches Unitrends server zero-days, issues client mitigations (lien direct) | American software company Kaseya has issued a security updates to patch server side Kaseya Unitrends vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). [...] | Vulnerability | ||
|
2021-08-25 11:02:59 | Ethereum urges Go devs to fix severe chain-split vulnerability (lien direct) | Ethreum project is urging developers to apply a hotfix to squash a high-severity vulnerability. The chain-split vulnerability tracked as CVE-2021-39137, impacts "Geth," the official Golang implementation of the Ethereum protocol. [...] | Vulnerability | ||
|
2021-08-23 17:17:23 | Phishing campaign uses UPS.com XSS vuln to distribute malware (lien direct) | A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [...] | Malware Vulnerability | ||
|
2021-08-22 12:40:59 | Razer bug lets you become a Windows 10 admin by plugging in a mouse (lien direct) | A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. [...] | Vulnerability | ||
|
2021-08-19 03:08:19 | Cisco won\'t fix zero-day RCE vulnerability in end-of-life VPN routers (lien direct) | In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [...] | Vulnerability | ||
|
2021-08-17 09:23:13 | Critical bug impacting millions of IoT devices lets hackers spy on you (lien direct) | Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform. [...] | Vulnerability | ||
|
2021-08-17 09:00:00 | Fortinet delays patching zero-day allowing remote server takeover (lien direct) | Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August. [...] | Vulnerability Patching | ||
|
2021-08-17 09:00:00 | Fortinet patches bug letting attackers takeover servers remotely (lien direct) | Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. [...] | Vulnerability | ||
|
2021-08-13 05:42:22 | Vice Society ransomware joins ongoing PrintNightmare attacks (lien direct) | The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. [...] | Ransomware Vulnerability | ||
|
2021-08-12 17:24:22 | (Déjà vu) Microsoft Exchange servers are getting hacked via ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-12 17:24:22 | Hackers now backdoor Microsoft Exchange using ProxyShell exploits (lien direct) | Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. [...] | Vulnerability Threat | ||
|
2021-08-11 18:10:25 | Microsoft confirms another Windows print spooler zero-day bug (lien direct) | Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. [...] | Vulnerability | ||
|
2021-08-10 13:00:00 | Microsoft fixes Windows Print Spooler PrintNightmare vulnerability (lien direct) | Microsoft has fixed the PrintNightmare vulnerability in the Windows Print Spooler by requiring users to have administrative privileges when using the Point and Print feature to install printer drivers. [...] | Vulnerability | ||
|
2021-08-07 10:10:05 | Actively exploited bug bypasses authentication on millions of routers (lien direct) | Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. [...] | Vulnerability Threat | ||
|
2021-08-07 04:25:00 | Go, Rust "net" library affected by critical IP address validation vulnerability (lien direct) | The commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI. [...] | Vulnerability | ||
|
2021-08-06 14:13:09 | Windows PetitPotam vulnerability gets an unofficial free patch (lien direct) | A free unofficial patch is now available to block attackers from taking over domain controllers and compromising entire Windows domains via PetitPotam NTLM relay attacks. [...] | Vulnerability | ||
|
2021-08-06 13:16:33 | Cisco: Firewall manager RCE bug is a zero-day, patch incoming (lien direct) | In a Thursday security advisory update, Cisco revealed that a remote code execution (RCE) vulnerability in the Adaptive Security Device Manager (ADSM) Launcher disclosed last month is a zero-day bug that has yet to receive a security update. [...] | Vulnerability | ||
|
2021-08-05 15:31:20 | New DNS vulnerability allows \'nation-state level spying\' on companies (lien direct) | Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks. [...] | Vulnerability | ||
|
2021-08-05 06:38:40 | Microsoft Edge just got a \'Super Duper Secure Mode\' upgrade (lien direct) | Microsoft has announced that the Edge Vulnerability Research team is experimenting with a new feature dubbed "Super Duper Secure Mode" and designed to bring security improvements without significant performance losses. [...] | Vulnerability | ||
|
2021-07-30 17:44:48 | Node.js fixes severe HTTP bug that could let attackers crash apps (lien direct) | Node.js has released updates for a high severity vulnerability that could be exploited by attackers to crash the process and cause unexpected behaviors. The use-after-free vulnerability, tracked as CVE-2021-22930 is to do with how HTTP2 streams are handled in the language. [...] | Vulnerability | ||
|
2021-07-30 16:08:57 | CISA launches vulnerability disclosure platform for federal agencies (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) today launched a new vulnerability disclosure policy (VDP) platform for US federal civilian agencies. [...] | Vulnerability | ||
|
2021-07-30 12:26:24 | Linux eBPF bug gets root privileges on Ubuntu - Exploit released (lien direct) | A security researcher released exploit code for a high-severity vulnerability in Linux kernel eBPF (Extended Berkeley Packet Filter) that can give an attacker increased privileges on Ubuntu machines. [...] | Vulnerability | ||
|
2021-07-29 17:13:47 | Estonia arrests hacker who stole 286K ID scans from govt database (lien direct) | A Tallinn man was arrested a week ago in Estonia under suspicion that he has exploited a government photo transfer service vulnerability to download ID scans of 286,438 Estonians from the Identity Documents Database (KMAIS). [...] | Vulnerability | ||
|
2021-07-28 09:30:06 | Critical Microsoft Hyper-V bug could haunt orgs for a long time (lien direct) | Technical details are now available for a vulnerability that affects Hyper-V, Microsoft's native hypervisor for creating virtual machines on Windows systems and in Azure cloud computing environment. [...] | Vulnerability | ||
|
2021-07-27 09:31:47 | Google launches new Bug Hunters vulnerability rewards platform (lien direct) | Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. [...] | Vulnerability | ||
|
2021-07-26 15:41:30 | Apple fixes zero-day affecting iPhones and Macs, exploited in the wild (lien direct) | Apple has released security updates to address a zero-day vulnerability exploited in the wild and impacting iPhones, iPads, and Macs. [...] | Vulnerability | ||
|
2021-07-23 14:33:18 | The Week in Ransomware - July 23rd 2021 - Kaseya decrypted (lien direct) | This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key. [...] | Ransomware Vulnerability | ||
|
2021-07-22 03:47:13 | Atlassian asks customers to patch critical Jira vulnerability (lien direct) | Atlassian is prompting its enterprise customers to patch a critical vulnerability in multiple versions of its Jira Data Center and Jira Service Management Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers code execution abilities, due to a missing authentication flaw in Ehcache RMI. [...] | Vulnerability | ||
|
2021-07-21 04:32:04 | (Déjà vu) Microsoft shares workaround for Windows 10 SeriousSAM vulnerability (lien direct) | Microsoft has shared a workaround for a Windows 10 zero-day vulnerability dubbed SeriousSAM that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability | ||
|
2021-07-21 04:32:04 | Microsoft shares workarounds for new Windows 10 zero-day bug (lien direct) | Microsoft has shared workarounds for a Windows 10 zero-day vulnerability that can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
