What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-07-20 12:27:13 | New Windows 10 vulnerability allows anyone to get admin privileges (lien direct) | Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files. [...] | Vulnerability | ||
|
2021-07-20 12:21:46 | New Linux kernel bug lets you get root on most modern distros (lien direct) | Unprivileged attackers can gain root privileges by exploiting a local privilege escalation (LPE) vulnerability in default configurations of the Linux Kernel's filesystem layer on vulnerable devices. [...] | Vulnerability | ||
|
2021-07-20 07:00:00 | 16-year-old bug in printer software gives hackers admin rights (lien direct) | A 16-year-old security vulnerability found in HP, Xerox, and Samsung printers drivers allows attackers to gain admin rights on systems using the vulnerable driver software. [...] | Vulnerability | ||
|
2021-07-20 06:47:16 | Fortinet fixes bug letting unauthenticated hackers run code as root (lien direct) | Fortinet has released updates for its FortiManager and FortiAnalyzer network management solutions to fix a serious vulnerability that could be exploited to execute arbitrary code with the highest privileges. [...] | Vulnerability | ||
|
2021-07-18 16:02:20 | New Windows print spooler zero day exploitable via remote print servers (lien direct) | Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. [...] | Vulnerability Threat | ||
|
2021-07-16 06:29:27 | (Déjà vu) Critical Cloudflare CDN flaw allowed compromise of 12% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 06:29:27 | Cloudflare fixes CDN code execution bug affecting 12.7% of all sites (lien direct) | Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. [...] | Vulnerability | ||
|
2021-07-16 03:31:22 | (Déjà vu) Google patches 8th Chrome zero-day exploited in the wild this year (lien direct) | Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. [...] | Vulnerability | ||
|
2021-07-15 20:49:51 | Microsoft shares guidance on new Windows Print Spooler vulnerability (lien direct) | Microsoft is sharing mitigation guidance on a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed tonight. [...] | Vulnerability | ||
|
2021-07-15 12:08:41 | WooCommerce fixes vulnerability exposing 5 million sites to data theft (lien direct) | WooCommerce, the popular e-commerce plugin for the WordPress content management system has been updated to patch a serious vulnerability that could be exploited without authentication. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | (Déjà vu) Chinese hackers use new SolarWinds zero-day in targeted attacks (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | (Déjà vu) Hackers use new SolarWinds zero-day to target US Defense orgs (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability | ||
|
2021-07-13 19:54:00 | Hackers used SolarWinds zero-day bug to target US Defense orgs (lien direct) | China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. [...] | Vulnerability | ||
|
2021-07-13 15:32:23 | Microsoft fixes Windows Hello authentication bypass vulnerability (lien direct) | Microsoft has addressed a security feature bypass vulnerability in the Windows Hello authentication biometrics-based tech, letting threat actors spoof a target's identity and trick the face recognition mechanism into giving them access to the system. [...] | Vulnerability Threat | ||
|
2021-07-13 12:23:04 | (Déjà vu) CISA orders federal agencies to patch Windows PrintNightmare bug (lien direct) | A new emergency directive ordered by the Cybersecurity and Infrastructure Security Agency (CISA) orders federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...] | Vulnerability | ||
|
2021-07-12 10:17:12 | SolarWinds patches critical Serv-U vulnerability exploited in the wild (lien direct) | SolarWinds is urging customers to patch a remote code execution vulnerability that was exploited in the wild by "a single threat actor" in attacks targeting a limited number of customers. [...] | Vulnerability Threat | ||
|
2021-07-09 02:26:26 | Microsoft: PrintNightmare security updates work, start patching! (lien direct) | Microsoft says the emergency security updates released at the start of the week correctly patch the PrintNightmare Print Spooler vulnerability for all supported Windows versions and urges users to start applying the updates as soon as possible. [...] | Vulnerability | ||
|
2021-07-07 17:52:15 | Microsoft: PrintNightmare now patched on all Windows versions (lien direct) | Microsoft has released the KB5004948 emergency security update to address the Windows Print Spooler PrintNightmare vulnerability on all editions of Windows 10 1607 and Windows Server 2016. [...] | Vulnerability | ||
|
2021-07-07 17:47:40 | How to mitigate Print Spooler vulnerability on Windows 10 (lien direct) | Researchers have revealed that Microsoft's patch is incomplete and attackers can still abuse the vulnerability to gain access to the system. In this guide, we will highlight the steps to disable the Windows Print Spooler service and mitigate the PrintNightmare vulnerability. [...] | Vulnerability | ||
|
2021-07-07 13:56:37 | Microsoft\'s incomplete PrintNightmare patch fails to fix vulnerability (lien direct) | Researchers have bypassed Microsoft's emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. [...] | Vulnerability | ||
|
2021-07-06 17:31:28 | Microsoft pushes emergency update for Windows PrintNightmare zero-day (lien direct) | Microsoft has released the KB5004945 emergency security update to address the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service impacting all Windows versions. [...] | Vulnerability | ||
|
2021-07-05 14:48:25 | QNAP fixes critical bug in NAS backup, disaster recovery app (lien direct) | Taiwan-based network-attached storage (NAS) maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security. [...] | Vulnerability | ||
|
2021-07-04 11:31:52 | Kaseya was fixing zero-day just as REvil ransomware sprung their attack (lien direct) | The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform their massive Friday attack. [...] | Ransomware Vulnerability | ||
|
2021-07-03 12:40:28 | The Week in Ransomware - July 2nd 2021 - MSPs under attack (lien direct) | Friday afternoon, we saw the largest ransomware attack ever conducted after the REvil ransomware gang used a zero-day vulnerability in the Kaseya VSA management software to encrypt MSPs and their customers worldwide. [...] | Ransomware Vulnerability | ||
|
2021-07-02 13:50:31 | Actively exploited PrintNightmare zero-day gets unofficial patch (lien direct) | Free micropatches addressing the actively exploited PrintNightmare zero-day vulnerability in the Windows Print Spooler service are now available through the 0patch platform. [...] | Vulnerability | ||
|
2021-07-02 09:20:01 | Microsoft warns of critical PowerShell 7 code execution vulnerability (lien direct) | Microsoft warns of a critical .NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in in .NET 5 and .NET Core. [...] | Vulnerability | ||
|
2021-07-02 02:56:48 | Microsoft shares mitigations for Windows PrintNightmare zero-day bug (lien direct) | Microsoft says in a newly released security advisory that the Windows Print Spooler zero-day vulnerability known as PrintNightmare has already been exploited in the wild by threat actors. [...] | Vulnerability Threat | ||
|
2021-07-01 12:09:54 | CISA: Disable Windows Print Spooler on servers not used for printing (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. [...] | Vulnerability | ||
|
2021-06-30 13:20:38 | Public Windows PrintNightmare 0-day exploit allows domain takeover (lien direct) | Technical details and proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that allows remote code execution. [...] | Vulnerability | ||
|
2021-06-29 17:28:58 | Hackers use zero-day to mass-wipe My Book Live devices (lien direct) | A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. [...] | Vulnerability Threat Guideline | ★★★★ | |
|
2021-06-27 12:31:07 | Cisco ASA vulnerability actively exploited after exploit released (lien direct) | Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. [...] | Vulnerability | ||
|
2021-06-23 13:40:59 | VMware fixes authentication bypass in Carbon Black App Control (lien direct) | VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows access to the server without authentication. [...] | Vulnerability | ||
|
2021-06-22 14:59:53 | (Déjà vu) SonicWall bug affecting 800K firewalls was only partially fixed (lien direct) | New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [...] | Vulnerability | ||
|
2021-06-22 14:59:53 | SonicWall bug that affected 800K firewalls was only partially fixed (lien direct) | New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which affected over 800,000 VPN firewalls and was initially thought to have been patched. Tracked as CVE-2020-5135, when exploited, the bug allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [...] | Vulnerability | ||
|
2021-06-21 17:24:36 | Tor Browser fixes vulnerability that tracks you using installed apps (lien direct) | The Tor Project has released Tor Browser 10.0.18 to fix numerous bugs, including a vulnerability that allows sites to track users by fingerprinting the applications installed on their devices. [...] | Vulnerability | ||
|
2021-06-17 15:50:22 | (Déjà vu) Google fixes seventh Chrome zero-day exploited in the wild this year (lien direct) | Google has released Chrome 91.0.4472.114 for Windows, Mac, and Linux to fix four security vulnerabilities, with one of them a high severity zero-day vulnerability exploited in the wild. [...] | Vulnerability | ||
|
2021-06-16 00:19:02 | Peloton Bike+ vulnerability allowed complete takeover of devices (lien direct) | A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. [...] | Vulnerability Threat | ||
|
2021-06-11 07:58:39 | Linux system service bug lets you get root on most modern distros (lien direct) | Unprivileged attackers can get a root shell by exploiting an authentication bypass vulnerability in the polkit auth system service installed by default on many modern Linux distributions. [...] | Vulnerability | ||
|
2021-06-09 16:06:00 | Google fixes sixth Chrome zero-day exploited in the wild this year (lien direct) | Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551. [...] | Vulnerability | ||
|
2021-06-08 11:15:44 | Microsoft Office MSGraph vulnerability could lead to code execution (lien direct) | Microsoft today will release a patch for a vulnerability affecting the Microsoft Office MSGraph component, responsible for displaying graphics and charts, that could be exploited to execute code on a target machine. [...] | Vulnerability | ||
|
2021-06-04 14:23:21 | (Déjà vu) Attackers are scanning for vulnerable VMware servers, patch now! (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-04 14:23:21 | Attackers scan for unpatched VMware vCenter servers, PoC exploit available (lien direct) | Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution (RCE) vulnerability impacting all vCenter deployments and patched by VMware ten days ago. [...] | Vulnerability Threat | ||
|
2021-06-04 12:41:57 | Google announces new experimental Abuse Research Grants Program (lien direct) | Google has announced a new experimental Abuse Research Grants Program for abuse-related issues and tactics outside the scope of existing Vulnerability Research Grants and the Vulnerability Reward Program (VRP). [...] | Vulnerability | ||
|
2021-05-28 09:46:38 | SonicWall urges customers to \'immediately\' patch NSM On-Prem bug (lien direct) | SonicWall urges customers to 'immediately' patch a post-authentication vulnerability impacting on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution. [...] | Vulnerability | ★★ | |
|
2021-05-27 09:15:51 | HPE fixes critical zero-day vulnerability disclosed in December (lien direct) | Hewlett Packard Enterprise (HPE) has released a security update to address a zero-day remote code execution vulnerability disclosed last year, in December. [...] | Vulnerability | ||
|
2021-05-25 14:21:39 | VMware warns of critical bug affecting all vCenter Server installs (lien direct) | VMware urges customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in and impacting all vCenter Server deployments. [...] | Vulnerability | ||
|
2021-05-22 10:00:00 | Wormable Windows HTTP vulnerability also affects WinRM servers (lien direct) | A wormable remote code execution (RCE) vulnerability in the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM (Windows Remote Management) service. [...] | Vulnerability | ||
|
2021-05-17 20:57:51 | Student health insurance carrier Guard.me suffers a data breach (lien direct) | Student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders' personal information. [...] | Data Breach Vulnerability Threat | ||
|
2021-05-17 10:46:54 | Exploit released for wormable Windows HTTP vulnerability (lien direct) | Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions. [...] | Vulnerability | ||
|
2021-05-14 03:30:11 | Cross-browser tracking vulnerability tracks you via installed apps (lien direct) | Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
