Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-05-13 10:31:19 |
Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code (lien direct) |
Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. [...] |
Vulnerability
|
|
★★★★
|
|
2021-05-11 12:28:38 |
Adobe fixes Reader zero-day vulnerability exploited in the wild (lien direct) |
Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader. [...] |
Vulnerability
|
|
|
|
2021-05-07 13:46:12 |
Foxit Reader bug lets attackers run malicious code via PDFs (lien direct) |
Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. [...] |
Vulnerability
|
|
|
|
2021-05-06 13:40:07 |
New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers (lien direct) |
Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers. [...] |
Vulnerability
|
|
|
|
2021-05-06 06:00:00 |
Qualcomm vulnerability impacts nearly 40% of all mobile phones (lien direct) |
A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations. [...] |
Vulnerability
|
|
|
|
2021-05-04 16:20:03 |
DOD expands bug disclosure program to all publicly accessible systems (lien direct) |
US Department of Defense (DOD) officials today announced that the department's Vulnerability Disclosure Program (VDP) has been expanded to include all publicly accessible DOD websites and applications. [...] |
Vulnerability
|
|
|
|
2021-05-03 13:24:33 |
PoC exploit released for Microsoft Exchange bug dicovered by NSA (lien direct) |
Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. [...] |
Vulnerability
|
|
|
|
2021-05-03 11:42:05 |
Pulse Secure fixes VPN zero-day used to hack high-value targets (lien direct) |
Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. [...] |
Hack
Vulnerability
|
|
|
|
2021-05-01 09:16:54 |
Python also impacted by critical IP address validation vulnerability (lien direct) |
Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year. [...] |
Vulnerability
|
|
|
|
2021-04-26 15:26:25 |
Accellion data breaches drive up average ransom price (lien direct) |
The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. [...] |
Ransomware
Vulnerability
|
|
|
|
2021-04-26 15:21:46 |
Apple fixes macOS zero-day bug exploited by Shlayer malware (lien direct) |
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. [...] |
Malware
Vulnerability
|
|
|
|
2021-04-22 11:08:01 |
QNAP removes backdoor account in NAS backup, disaster recovery app (lien direct) |
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...] |
Vulnerability
|
|
|
|
2021-04-21 11:53:59 |
CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...] |
Vulnerability
|
|
|
|
2021-04-20 12:09:39 |
Microsoft partially fixes Windows 7, Server 2008 vulnerability (lien direct) |
Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...] |
Vulnerability
|
|
|
|
2021-04-12 21:20:56 |
Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter (lien direct) |
A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. [...] |
Vulnerability
|
|
|
|
2021-04-07 15:38:18 |
Cisco fixes bug allowing remote code execution with root privileges (lien direct) |
Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. [...] |
Vulnerability
|
|
|
|
2021-04-07 13:12:19 |
New Cring ransomware hits unpatched Fortinet VPN devices (lien direct) |
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [...] |
Ransomware
Vulnerability
|
|
|
|
2021-04-01 12:58:28 |
VMware fixes authentication bypass in data center security software (lien direct) |
VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. [...] |
Vulnerability
|
|
|
|
2021-03-26 13:58:23 |
(Déjà vu) Apple fixes a iOS zero-day vulnerability actively used in attacks (lien direct) |
Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] |
Vulnerability
|
|
|
|
2021-03-26 13:58:23 |
Apple fixes iOS zero-day vulnerability exploited in the wild (lien direct) |
Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] |
Vulnerability
|
|
|
|
2021-03-25 12:44:46 |
OpenSSL fixes severe DoS, certificate validation vulnerabilities (lien direct) |
OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450). [...] |
Vulnerability
|
|
|
|
2021-03-24 15:52:48 |
Microsoft fixes Windows PSExec privilege elevation vulnerability (lien direct) |
Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. [...] |
Vulnerability
|
|
|
|
2021-03-24 14:08:49 |
Cisco addresses critical bug in Windows, macOS Jabber clients (lien direct) |
Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [...] |
Vulnerability
|
|
|
|
2021-03-22 12:05:13 |
Critical code execution vulnerability fixed in Adobe ColdFusion (lien direct) |
Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. [...] |
Vulnerability
|
|
|
|
2021-03-19 13:09:52 |
Critical F5 BIG-IP vulnerability now targeted in ongoing attacks (lien direct) |
Cybersecurity firm NCC Group said on Thursday that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. [...] |
Vulnerability
|
|
|
|
2021-03-09 19:05:30 |
iPhone Call Recorder bug gave acess to other people\'s conversations (lien direct) |
An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...] |
Vulnerability
|
|
|
|
2021-03-09 09:36:45 |
Security bug hunters focus on misconfigured services, earn big rewards (lien direct) |
An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...] |
Vulnerability
|
|
|
|
2021-03-04 12:09:34 |
VMware releases fix for severe View Planner RCE vulnerability (lien direct) |
VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...] |
Vulnerability
|
|
|
|
2021-03-03 11:39:56 |
(Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) |
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] |
Data Breach
Vulnerability
|
|
|
|
2021-03-03 11:39:56 |
Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) |
Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] |
Data Breach
Vulnerability
|
|
|
|
2021-03-02 16:47:08 |
Google fixes second actively exploited Chrome zero-day bug this year (lien direct) |
Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...] |
Vulnerability
|
|
|
|
2021-03-02 00:14:00 |
Malicious NPM packages target Amazon, Slack with new dependency attacks (lien direct) |
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [...] |
Vulnerability
Threat
|
|
|
|
2021-03-01 18:05:05 |
Working Windows and Linux Spectre exploits found on VirusTotal (lien direct) |
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [...] |
Vulnerability
|
|
|
|
2021-03-01 11:43:07 |
NSW Transport agency extorted by ransomware gang after Accellion attack (lien direct) |
The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. [...] |
Ransomware
Data Breach
Vulnerability
|
|
|
|
2021-02-24 16:03:58 |
Cisco fixes maximum severity MSO auth bypass vulnerability (lien direct) |
Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. [...] |
Vulnerability
|
|
|
|
2021-02-24 09:01:09 |
Ransomware gang extorts jet maker Bombardier after Accellion breach (lien direct) |
Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. [...] |
Ransomware
Data Breach
Vulnerability
|
|
|
|
2021-02-24 06:37:08 |
Heavily used Node.js package has a code injection vulnerability (lien direct) |
The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315. [...] |
Vulnerability
|
|
|
|
2021-02-23 14:26:12 |
VMware fixes critical RCE bug in all default vCenter installs (lien direct) |
VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. [...] |
Vulnerability
|
|
|
|
2021-02-20 03:03:03 |
SonicWall releases additional update for SMA 100 vulnerability (lien direct) |
SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. [...] |
Vulnerability
|
|
|
|
2021-02-17 08:58:12 |
QNAP patches critical vulnerability in Surveillance Station NAS app (lien direct) |
QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. [...] |
Vulnerability
|
|
|
|
2021-02-16 12:38:14 |
Windows 10 Secure Boot update triggers BitLocker key recovery (lien direct) |
Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot. [...] |
Vulnerability
|
|
|
|
2021-02-16 09:39:22 |
Malvertisers exploited browser zero-day to redirect users to scams (lien direct) |
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. [...] |
Vulnerability
|
|
|
|
2021-02-11 14:34:14 |
(Déjà vu) Internet Explorer 11 zero-day vulnerability gets unofficial micropatch (lien direct) |
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] |
Vulnerability
|
|
|
|
2021-02-11 14:34:14 |
Internet Explorer 11 zero-day vulnerability gets a free micropatch (lien direct) |
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] |
Vulnerability
|
|
|
|
2021-02-11 12:55:35 |
Singtel, QIMR Berghofer report Accellion-related data breaches (lien direct) |
Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...] |
Vulnerability
|
|
|
|
2021-02-11 09:00:00 |
12-year-old Windows Defender bug gives hackers admin rights (lien direct) |
Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...] |
Vulnerability
|
|
|
|
2021-02-10 12:56:34 |
Microsoft now forces secure RPC to block Windows ZeroLogon attacks (lien direct) |
Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...] |
Vulnerability
|
|
|
|
2021-02-09 19:07:10 |
Apple fixes SUDO root privilege escalation flaw in macOS (lien direct) |
Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...] |
Vulnerability
|
|
|
|
2021-02-09 12:30:24 |
Adobe fixes critical Reader vulnerability exploited in the wild (lien direct) |
Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...] |
Vulnerability
|
|
|
|
2021-02-08 15:05:54 |
Critical vulnerability fixed in WordPress plugin with 800K installs (lien direct) |
The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...] |
Vulnerability
|
|
|