What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-13 10:31:19 | Cisco fixes 6-month-old AnyConnect VPN zero-day with exploit code (lien direct) | Cisco has fixed a six-month-old zero-day vulnerability found in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. [...] | Vulnerability | ★★★★ | |
|
2021-05-11 12:28:38 | Adobe fixes Reader zero-day vulnerability exploited in the wild (lien direct) | Adobe has released a massive Patch Tuesday security update release that fixes vulnerabilities in twelve different applications, including one actively exploited vulnerability Adobe Reader. [...] | Vulnerability | ||
|
2021-05-07 13:46:12 | Foxit Reader bug lets attackers run malicious code via PDFs (lien direct) | Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution (RCE) vulnerability affecting the PDF reader. [...] | Vulnerability | ||
|
2021-05-06 13:40:07 | New TsuNAME DNS bug allows attackers to DDoS authoritative DNS servers (lien direct) | Attackers can use a newly disclosed domain name server (DNS) vulnerability publicly known as TsuNAME as an amplification vector in large-scale reflection-based distributed denial of service (DDoS) attacks targeting authoritative DNS servers. [...] | Vulnerability | ||
|
2021-05-06 06:00:00 | Qualcomm vulnerability impacts nearly 40% of all mobile phones (lien direct) | A high severity security vulnerability found in Qualcomm's Mobile Station Modem (MSM) chips (including the latest 5G-capable versions) could enable attackers to access mobile phone users' text messages, call history, and listen in on their conversations. [...] | Vulnerability | ||
|
2021-05-04 16:20:03 | DOD expands bug disclosure program to all publicly accessible systems (lien direct) | US Department of Defense (DOD) officials today announced that the department's Vulnerability Disclosure Program (VDP) has been expanded to include all publicly accessible DOD websites and applications. [...] | Vulnerability | ||
|
2021-05-03 13:24:33 | PoC exploit released for Microsoft Exchange bug dicovered by NSA (lien direct) | Technical documentation and proof-of-concept exploit (PoC) code has been released for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. [...] | Vulnerability | ||
|
2021-05-03 11:42:05 | Pulse Secure fixes VPN zero-day used to hack high-value targets (lien direct) | Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. [...] | Hack Vulnerability | ||
|
2021-05-01 09:16:54 | Python also impacted by critical IP address validation vulnerability (lien direct) | Python 3.3 standard library 'ipaddress' suffers from a critical IP address vulnerability (CVE-2021-29921) identical to the flaw that was reported in the "netmask" library earlier this year. [...] | Vulnerability | ||
|
2021-04-26 15:26:25 | Accellion data breaches drive up average ransom price (lien direct) | The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. [...] | Ransomware Vulnerability | ||
|
2021-04-26 15:21:46 | Apple fixes macOS zero-day bug exploited by Shlayer malware (lien direct) | Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. [...] | Malware Vulnerability | ||
|
2021-04-22 11:08:01 | QNAP removes backdoor account in NAS backup, disaster recovery app (lien direct) | QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...] | Vulnerability | ||
|
2021-04-21 11:53:59 | CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...] | Vulnerability | ||
|
2021-04-20 12:09:39 | Microsoft partially fixes Windows 7, Server 2008 vulnerability (lien direct) | Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...] | Vulnerability | ||
|
2021-04-12 21:20:56 | Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter (lien direct) | A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. [...] | Vulnerability | ||
|
2021-04-07 15:38:18 | Cisco fixes bug allowing remote code execution with root privileges (lien direct) | Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. [...] | Vulnerability | ||
|
2021-04-07 13:12:19 | New Cring ransomware hits unpatched Fortinet VPN devices (lien direct) | A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. [...] | Ransomware Vulnerability | ||
|
2021-04-01 12:58:28 | VMware fixes authentication bypass in data center security software (lien direct) | VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. [...] | Vulnerability | ||
|
2021-03-26 13:58:23 | (Déjà vu) Apple fixes a iOS zero-day vulnerability actively used in attacks (lien direct) | Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] | Vulnerability | ||
|
2021-03-26 13:58:23 | Apple fixes iOS zero-day vulnerability exploited in the wild (lien direct) | Apple has released security updates today to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. [...] | Vulnerability | ||
|
2021-03-25 12:44:46 | OpenSSL fixes severe DoS, certificate validation vulnerabilities (lien direct) | OpenSSL has patched two high severity vulnerabilities. These include a Denial of Service (DoS) vulnerability (CVE-2021-3449) and an improper CA certificate validation issue (CVE-2021-3450). [...] | Vulnerability | ||
|
2021-03-24 15:52:48 | Microsoft fixes Windows PSExec privilege elevation vulnerability (lien direct) | Microsoft has fixed a vulnerability in the PsExec utility that allows local users to gain elevated privileges on Windows devices. [...] | Vulnerability | ||
|
2021-03-24 14:08:49 | Cisco addresses critical bug in Windows, macOS Jabber clients (lien direct) | Cisco has addressed a critical arbitrary program execution vulnerability impacting several Cisco Jabber client software for Windows, macOS, Android, and iOS. [...] | Vulnerability | ||
|
2021-03-22 12:05:13 | Critical code execution vulnerability fixed in Adobe ColdFusion (lien direct) | Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018. [...] | Vulnerability | ||
|
2021-03-19 13:09:52 | Critical F5 BIG-IP vulnerability now targeted in ongoing attacks (lien direct) | Cybersecurity firm NCC Group said on Thursday that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. [...] | Vulnerability | ||
|
2021-03-09 19:05:30 | iPhone Call Recorder bug gave acess to other people\'s conversations (lien direct) | An iOS call recording app patched a security vulnerability that gave anyone access to the conversations of thousands of users by simply providing the correct phone numbers. [...] | Vulnerability | ||
|
2021-03-09 09:36:45 | Security bug hunters focus on misconfigured services, earn big rewards (lien direct) | An overview of the hacking activity on the HackerOne vulnerability coordination and bug bounty platform shows that misconfiguration of cloud resources is quickly becoming a hot target for ethical hackers. [...] | Vulnerability | ||
|
2021-03-04 12:09:34 | VMware releases fix for severe View Planner RCE vulnerability (lien direct) | VMware has addressed a high severity unauth RCE vulnerability in VMware View Planner, allowing attackers to abuse servers running unpatched software for remote code execution. [...] | Vulnerability | ||
|
2021-03-03 11:39:56 | (Déjà vu) Cybersecurity firm Qualys is the latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-03 11:39:56 | Cybersecurity firm Qualys likely latest victim of Accellion hacks (lien direct) | Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...] | Data Breach Vulnerability | ||
|
2021-03-02 16:47:08 | Google fixes second actively exploited Chrome zero-day bug this year (lien direct) | Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...] | Vulnerability | ||
|
2021-03-02 00:14:00 | Malicious NPM packages target Amazon, Slack with new dependency attacks (lien direct) | Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [...] | Vulnerability Threat | ||
|
2021-03-01 18:05:05 | Working Windows and Linux Spectre exploits found on VirusTotal (lien direct) | Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [...] | Vulnerability | ||
|
2021-03-01 11:43:07 | NSW Transport agency extorted by ransomware gang after Accellion attack (lien direct) | The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. [...] | Ransomware Data Breach Vulnerability | ||
|
2021-02-24 16:03:58 | Cisco fixes maximum severity MSO auth bypass vulnerability (lien direct) | Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. [...] | Vulnerability | ||
|
2021-02-24 09:01:09 | Ransomware gang extorts jet maker Bombardier after Accellion breach (lien direct) | Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. [...] | Ransomware Data Breach Vulnerability | ||
|
2021-02-24 06:37:08 | Heavily used Node.js package has a code injection vulnerability (lien direct) | The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315. [...] | Vulnerability | ||
|
2021-02-23 14:26:12 | VMware fixes critical RCE bug in all default vCenter installs (lien direct) | VMware has addressed a critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform that may allow attackers to potentially take control of affected systems. [...] | Vulnerability | ||
|
2021-02-20 03:03:03 | SonicWall releases additional update for SMA 100 vulnerability (lien direct) | SonicWall has released a second firmware update for an SMA-100 zero-day vulnerability known to be used in attacks and is warning to install it immediately. [...] | Vulnerability | ||
|
2021-02-17 08:58:12 | QNAP patches critical vulnerability in Surveillance Station NAS app (lien direct) | QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. [...] | Vulnerability | ||
|
2021-02-16 12:38:14 | Windows 10 Secure Boot update triggers BitLocker key recovery (lien direct) | Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot. [...] | Vulnerability | ||
|
2021-02-16 09:39:22 | Malvertisers exploited browser zero-day to redirect users to scams (lien direct) | The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams. [...] | Vulnerability | ||
|
2021-02-11 14:34:14 | (Déjà vu) Internet Explorer 11 zero-day vulnerability gets unofficial micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 14:34:14 | Internet Explorer 11 zero-day vulnerability gets a free micropatch (lien direct) | An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. [...] | Vulnerability | ||
|
2021-02-11 12:55:35 | Singtel, QIMR Berghofer report Accellion-related data breaches (lien direct) | Singtel and the QIMR Berghofer Medical Research Institute are the latest companies to disclose data breaches caused by a vulnerability in the Accellion FTA secure file transfer software. [...] | Vulnerability | ||
|
2021-02-11 09:00:00 | 12-year-old Windows Defender bug gives hackers admin rights (lien direct) | Microsoft has fixed a privilege escalation vulnerability in Microsoft Defender Antivirus (formerly Windows Defender) that could allow attackers to gain admin rights on unpatched Windows systems. [...] | Vulnerability | ||
|
2021-02-10 12:56:34 | Microsoft now forces secure RPC to block Windows ZeroLogon attacks (lien direct) | Microsoft has enabled enforcement mode for updates addressing the Windows Zerologon vulnerability on all devices that installed this month's Patch Tuesday security updates. [...] | Vulnerability | ||
|
2021-02-09 19:07:10 | Apple fixes SUDO root privilege escalation flaw in macOS (lien direct) | Apple has fixed a sudo vulnerability in macOS Big Sur, Catalina, and Mojave, allowing any local user to gain root-level privileges. [...] | Vulnerability | ||
|
2021-02-09 12:30:24 | Adobe fixes critical Reader vulnerability exploited in the wild (lien direct) | Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. [...] | Vulnerability | ||
|
2021-02-08 15:05:54 | Critical vulnerability fixed in WordPress plugin with 800K installs (lien direct) | The NextGen Gallery development team has addressed two severe CSRF vulnerabilities to protect sites from potential takeover attacks. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
