What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-08 14:10:42 | Cyberpunk 2077 bug fixed that let malicious mods take over PCs (lien direct) | CD Projekt Red has released a hotfix for Cyberpunk 2077 to fix a remote code execution vulnerability that could be exploited by third-party data file modifications and save games files. [...] | Vulnerability | ||
|
2021-02-04 15:10:47 | Google fixes Chrome zero-day actively exploited in the wild (lien direct) | Google has addressed an actively exploited zero-day security vulnerability in the Chrome 88.0.4324.150 version released today, February 4th, 2020, to the Stable desktop channel for Windows, Mac, and Linux users. [...] | Vulnerability | ||
|
2021-02-04 12:07:46 | Hacking group also used an IE zero-day against security researchers (lien direct) | An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. [...] | Vulnerability | ||
|
2021-02-03 15:28:42 | SonicWall fixes actively exploited SMA 100 zero-day vulnerability (lien direct) | SonicWall has released a patch for the zero-day vulnerability used in attacks against the SMA 100 series of remote access appliances. [...] | Vulnerability | ★★★ | |
|
2021-02-01 12:37:18 | SonicWall SMA 100 zero-day exploit actively used in the wild (lien direct) | A SonicWall SMA 100 zero-day vulnerability is being actively exploited in the wild, according to a tweet by cybersecurity firm NCC Group. [...] | Vulnerability | ||
|
2021-01-29 03:33:33 | Windows Installer zero-day vulnerability gets free micropatch (lien direct) | A vulnerability in the Windows Installer component, which Microsoft attempted to fix several times to no avail, today received a micropatch to deny hackers the option of gaining the highest privileges on a compromised system. [...] | Vulnerability | ||
|
2021-01-28 14:47:45 | Microsoft: DPRK hackers \'likely\' hit researchers with Chrome exploit (lien direct) | Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...] | Vulnerability Medical | APT 38 | |
|
2021-01-27 05:05:05 | Here\'s how a researcher broke into Microsoft VS Code\'s GitHub (lien direct) | This month a researcher was awarded a bug bounty award of an undisclosed amount after he broke into the official GitHub repository of Microsoft Visual Studio Code. A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository. [...] | Vulnerability | ||
|
2021-01-25 22:01:20 | North Korean hackers are targeting security researchers with malware, 0-days (lien direct) | A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. [...] | Vulnerability | ||
|
2021-01-23 12:14:25 | SonicWall firewall maker hacked using zero-day in its VPN device (lien direct) | Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. [...] | Vulnerability Threat | ||
|
2021-01-22 09:07:12 | Drupal releases fix for critical vulnerability with known exploits (lien direct) | Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild. [...] | Vulnerability | ||
|
2021-01-20 02:00:00 | List of DNSpooq vulnerability advisories, patches, and updates (lien direct) | Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities. [...] | Vulnerability | ||
|
2021-01-15 05:05:05 | Undisclosed Apache Velocity XSS vulnerability impacts GOV sites (lien direct) | An undisclosed XSS vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA. [...] | Vulnerability | ||
|
2021-01-13 11:24:33 | Microsoft fixes Secure Boot bug allowing Windows rootkit installation (lien direct) | Microsoft has fixed a security feature bypass vulnerability in Secure Boot that allows attackers to compromise the operating system's booting process even when Secure Boot is enabled. [...] | Vulnerability | ★★★ | |
|
2021-01-12 13:38:05 | Microsoft patches Defender antivirus zero-day exploited in the wild (lien direct) | Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released. [...] | Vulnerability Threat | ||
|
2021-01-12 12:28:43 | New Zealand Reserve Bank breached using bug patched on Xmas Eve (lien direct) | A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. [...] | Data Breach Vulnerability | ||
|
2021-01-11 10:46:29 | Typeform fixes Zendesk Sell form data hijacking vulnerability (lien direct) | Online survey and form creator Typeform has quietly patched a data hijacking vulnerability in its Zendesk Sell integration. If exploited, the vulnerability could let attacks redirect the form submissions containing potentially sensitive information to themselves. [...] | Vulnerability | ||
|
2021-01-11 01:52:09 | United Nations data breach exposed over 100k UNEP staff records (lien direct) | This week, researchers have responsibly disclosed a vulnerability by exploiting which they could access over 100K private records of United Nations Environmental Programme (UNEP). The data breach stemmed from exposed Git directories which let researchers clone Git repositories and gather PII of a large number of employees. [...] | Data Breach Vulnerability | ||
|
2021-01-07 15:41:12 | Windows PsExec zero-day vulnerability gets a free micropatch (lien direct) | A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. [...] | Tool Vulnerability | ||
|
2021-01-04 11:05:07 | Zend Framework remote code execution vulnerability revealed (lien direct) | An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007. [...] | Vulnerability | ||
|
2020-12-24 08:20:00 | Hacker earns $2 million in bug bounties on HackerOne (lien direct) | Cosmin Iordache is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. [...] | Vulnerability | ||
|
2020-12-23 14:57:27 | Windows zero-day with bad patch gets new public exploit code (lien direct) | Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. The patch did not stick. [...] | Vulnerability | ||
|
2020-12-19 13:01:01 | Gitpaste-12 worm botnet returns with 30+ vulnerability exploits (lien direct) | Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | (Déjà vu) Bouncy Castle crypto authentication bypass vulnerability revealed (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | (Déjà vu) Bouncy Castle fixes crypto API authentication bypass flaw (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 15:26:26 | Bouncy Castle fixes cryptography API authentication bypass flaw (lien direct) | A severe authentication bypass vulnerability has been reported in Bouncy Castle, a popular open-source cryptography library. When exploited, the vulnerability (CVE-2020-28052) can allow an attacker to gain access to user and administrator accounts due to a cryptographic weakness in the manner passwords are checked. [...] | Vulnerability | ||
|
2020-12-17 10:52:41 | WordPress plugin with 5 million installs has a critical vulnerability (lien direct) | The team behind a popular WordPress plugin has disclosed a critical file upload vulnerability and issued a patch. The vulnerable plugin, Contact Form 7, has over 5 million active installations making this upgrade a necessity for WordPress site owners out there. [...] | Vulnerability | ||
|
2020-12-15 11:18:48 | Pandemic year increases bug bounties and report submissions (lien direct) | Vulnerability submissions have increased over the past 12 months on at least one crowdsourced security platform, with critical issue reports recording a 65% jump. [...] | Vulnerability | ||
|
2020-12-10 16:17:18 | Sophos fixes SQL injection vulnerability in their Cyberoam OS (lien direct) | Sophos has deployed a hotfix for their line of Cyberoam firewalls and routers to fix a SQL injection vulnerability. [...] | Vulnerability | ||
|
2020-12-10 12:08:50 | Windows Kerberos Bronze Bit attack gets public exploit, patch now (lien direct) | Proof-of-concept exploit code and full details on a Windows Kerberos security bypass vulnerability have been published earlier this week by Jake Karnes, the NetSPI security consultant and penetration tester who reported the security bug to Microsoft. [...] | Vulnerability | ||
|
2020-12-10 11:00:00 | Cisco fixes new Jabber for Windows critical code execution bug (lien direct) | Cisco has addressed a new critical severity remote code execution (RCE) vulnerability affecting several versions of Cisco Jabber for Windows, macOS, and mobile platforms after patching a related security bug in September. [...] | Vulnerability Patching | ||
|
2020-12-09 12:25:53 | DHS-CISA urges admins to patch OpenSSL DoS vulnerability (lien direct) | This week OpenSSL has released fixes for a high severity Denial of Service (DoS) vulnerability, CVE-2020-1971. U.S. DHS Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to upgrade their vulnerable OpenSSL instances immediately. [...] | Vulnerability | ||
|
2020-12-09 08:25:38 | Microsoft fixes new Windows Kerberos security bug in staged rollout (lien direct) | Microsoft has issued security updates to address a Kerberos security feature bypass vulnerability impacting multiple Windows Server versions in a two-phase staged rollout. [...] | Vulnerability | ||
|
2020-12-08 13:58:20 | Microsoft issues guidance for DNS cache poisoning vulnerability (lien direct) | Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University. [...] | Vulnerability | ||
|
2020-12-08 13:37:31 | Microsoft December 2020 Patch Tuesday fixes 58 vulnerabilities (lien direct) | Today is Microsoft's December 2020 Patch Tuesday, and Windows administrators will be scrambling to put out fires, so be kind to them. As part of this Patch Tuesday, Microsoft fixed 58 security vulnerabilities and release a DNS cache poisoning vulnerability advisory. [...] | Vulnerability | ||
|
2020-12-08 12:00:00 | Severe MDHexRay bug affects 100+ GE Healthcare imaging systems (lien direct) | A vulnerability in GE Healthcare's proprietary management software used for medical imaging devices could put patients' health privacy at risk, potentially their lives. [...] | Vulnerability | ||
|
2020-12-08 09:20:00 | All Kubernetes versions affected by unpatched MiTM vulnerability (lien direct) | The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks. [...] | Vulnerability | Uber | |
|
2020-12-08 09:02:55 | D-Link VPN routers get patch for remote command injection bugs (lien direct) | An vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. [...] | Vulnerability | ||
|
2020-12-07 10:03:52 | NSA: Russian state hackers exploit new VMware vulnerability to steal data (lien direct) | The National Security Agency (NSA) warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers. [...] | Vulnerability Threat | ||
|
2020-12-04 07:45:13 | VMware fixes zero-day vulnerability reported by the NSA (lien direct) | VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. [...] | Vulnerability | ||
|
2020-12-03 06:00:00 | (Déjà vu) Android apps with 200 million installs vulnerable to security bug (lien direct) | Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. [...] | Vulnerability | ||
|
2020-12-03 06:00:00 | Android apps with 250M downloads still vulnerable to patched bug (lien direct) | Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. [...] | Vulnerability | ||
|
2020-12-01 11:30:24 | Critical Oracle WebLogic flaw actively exploited by DarkIRC malware (lien direct) | A botnet known as DarkIRC is actively targeting thousands of exposed Oracle WebLogic servers in attacks designed to exploit the CVE-2020-14882 remote code execution (RCE) vulnerability fixed by Oracle two months ago. [...] | Malware Vulnerability | ||
|
2020-11-27 12:31:16 | Drupal issues emergency fix for critical bug with known exploits (lien direct) | Drupal has released emergency security updates to address a critical vulnerability with known exploits that could allow for arbitrary PHP code execution on some CMS versions. [...] | Vulnerability | ||
|
2020-08-05 11:13:26 | Twitter for Android vulnerability gave access to direct messages (lien direct) | Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. [...] | Vulnerability | ||
|
2020-08-03 15:36:28 | Newsletter plugin bugs let hackers inject backdoors on 300K sites (lien direct) | Owners of WordPress sites who use the Newsletter plugin are advised to update their installations to block attacks that could use a fixed vulnerability allowing hackers to inject backdoors, create rogue admins, and potentially take over their websites. [...] | Vulnerability | ||
|
2020-07-30 19:01:56 | KDE archive tool flaw let hackers take over Linux accounts (lien direct) | A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...] | Tool Vulnerability | ||
|
2020-07-29 13:00:00 | BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows (lien direct) | A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...] | Malware Vulnerability Threat | ||
|
2020-07-24 15:29:03 | US govt confirms active exploitation of F5 BIG-IP RCE flaw (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today published a warning regarding the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. [...] | Vulnerability | ||
|
2020-07-24 11:16:44 | (Déjà vu) Cisco patches ASA/FTD firewall flaw actively exploited by hackers (lien direct) | Cisco fixed a high severity and actively exploited read-only path traversal vulnerability affecting the web services interface of two of its firewall products. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
