What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-06-17 12:10:49 | NinjaForms WordPress plugin, actively exploited in wild, receives forced security update (lien direct) | A critical vulnerability in a WordPress plugin used on over one million websites has been patched, after evidence emerged that malicious hackers were actively exploited in the wild. | Vulnerability | ||
|
2022-06-10 12:37:16 | DogWalk zero-day Windows bug receives patch – but not from Microsoft (lien direct) | A Windows zero-day vulnerability dubbed "DogWalk" has not received an official patch yet from Microsoft, but that hasn't stopped others from offering free fixes to protect users. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2022-05-30 14:13:35 | Follina. Unpatched Microsoft Office zero-day vulnerability exploited in the wild (lien direct) | The world is waiting for a patch from Microsoft, after a zero-day vulnerability in Microsoft Office was found to be being exploited in boobytrapped Word documents to remotely execute code on victims' PCs. | Vulnerability | ||
|
2021-12-16 00:08:09 | Smashing Security podcast #256: Virgin Media just won\'t take no for an answer, NFT apes, and bad optics (lien direct) | After a brief discussion of the Log4Shell vulnerability panic, we discuss how Virgin Media has got itself into hot water, a fat-fingered fumble at the Bored Ape Yacht Club, and how to hack around your girlfriend's facial recognition. All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley. | Hack Vulnerability | ||
|
2021-11-03 19:30:38 | Google warns Android users of zero-day vulnerability being actively attacked (lien direct) | Google's latest monthly security patches for the Android operating system contains fixes for 39 flaws, including one security vulnerability that the tech giant says is being actively exploited in the wild. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2021-09-09 14:16:23 | Microsoft warns of a Windows zero-day security hole that is being actively exploited (lien direct) | In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organisations. Read more in my article on the Tripwire State of Security blog. | Vulnerability | ||
|
2021-09-02 09:58:49 | How a Bumble dating app vulnerability revealed any user\'s exact location (lien direct) | Hundreds of millions of people around the world use dating apps in their attempt to find that special someone, but they would be shocked to hear just how easy one security researcher found it to pinpoint a user's precise location with Bumble. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2021-08-19 10:39:50 | Smashing Security podcast #239: TikTok vigilantes, sloppy IoT, and Wikipedia woe (lien direct) | The Great Londini has gathered a two million strong army to out TikTok trolls, there's a bad supply chain vulnerability in many IoT devices, and how did Wikipedia pages end up covered in Nazi swastikas? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes. | Vulnerability | ||
|
2021-07-07 10:45:51 | Malware campaign targets companies waiting for Kaseya security patch (lien direct) | While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security researchers spotted a malware campaign which is taking advantage of the vacuum. | Ransomware Malware Vulnerability | ||
|
2021-07-01 13:04:36 | PrintNightmare zero day exploit for Windows is in the wild – what you need to know (lien direct) | Proof-of-concept code has been accidentally released for a zero-day vulnerability in WIndows Print Spooler, in the mistaken belief that Microsoft had patched it. D'oh! | Vulnerability | ||
|
2021-04-28 10:09:29 | Update your Macs! Malware attacks can exploit critical flaws in Apple\'s built-in defences (lien direct) | Apple has released a brand new update for its macOS Big Sur operating system, and you really should install it. Amongst other fixes, Big Sur 11.3 patches a zero-day vulnerability that could allow an attacker to craft malicious payloads that will not be checked by Gatekeeper, the security check built into Apple's operating system that is supposed to block the execution of software from untrusted sources. | Malware Vulnerability | ||
|
2021-02-08 17:00:52 | Thanks for finding a critical bug. Have a $1.5 million bounty, and our CTO will get a tattoo of anything you like (lien direct) | It's not that unusual for a company to reward you handsomely if you find a vulnerability that could have lost them millions of dollars, but it's not often you also get the CTO offering to get a tattoo in your honour... | Vulnerability | ||
|
2021-01-13 20:17:59 | Microsoft patches anti-virus bug that allowed boobytrapped files to run malicious code when scanned (lien direct) | Microsoft has patched a security vulnerability that was - ironically - exploiting usage of the company's own Windows security product, Microsoft Defender Antivirus. | Vulnerability | ||
|
2020-11-11 12:20:36 | Windows users told to patch now after active zero-day attacks disclosed by Google (lien direct) | A zero-day vulnerability that has been exploited in active attacks against users of Windows 7 and Windows 10 has been patched by Microsoft. | Vulnerability | ||
|
2020-11-06 16:25:52 | Business VOIP phone systems are being hacked for profit worldwide. Is yours secure? (lien direct) | Security researchers have uncovered an organised gang of cybercriminals who are compromising the VOIP phone systems of over 1000 organisations worldwide. Check Point has identified a malicious campaign that has targeted a critical vulnerability in the Sangoma PBX open-source GUI, used to manage installations of Asterisk - the world's most popular VOIP phone system for businesses. Read more in my article on the Bitdefender Business Insights blog. | Vulnerability | ||
|
2020-10-22 11:51:20 | Over one million WordPress sites receive forced update to security plugin after severe vulnerability discovered (lien direct) | Loginizer, a popular plugin for protecting WordPress blogs from brute force attacks, has been found to contain its own severe vulnerabilities that could be exploited by hackers. The flaw opened up opportunities for cybercriminals to completely compromise WordPress sites. Read more in my article on the Tripwire State of Security blog. | Vulnerability | ||
|
2020-10-04 17:01:00 | Grindr security hole made it easy to hijack accounts (lien direct) | Gay dating app Grindr had a serious security vulnerability that could have allowed anyone to hijack control of a Grindr user's account. All you would need to seize control of a user's account would be their email address. | Vulnerability | ||
|
2020-09-02 16:27:08 | WordPress websites attacked via File Manager plugin vulnerability (lien direct) | Hackers are exploiting a critical vulnerability that may be affecting hundreds of thousands of websites running WordPress. The vulnerability lies in versions of the popular third-party plugin WordPress File Manager, which has been installed on over 700,000 websites. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2020-07-29 13:26:05 | Thousands of websites at risk from critical WordPress commenting plugin vulnerability (lien direct) | A critical vulnerability in a third-party comments plugin installed on over 70,000 websites running WordPress could allow hackers to execute malicious code remotely. If you’re using the wpDIscuz commenting plugin, make sure you’ve kept it up to date – or your website might be hijacked… or wiped. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2020-06-25 14:25:44 | Find a Playstation 4 vulnerability and earn over $50,000 (lien direct) | Do you think you have found a vulnerability in the Sony PlayStation 4 or the PlayStation Network? You could be heading towards a sizeable sum of money, after Sony announced details of its new bug bounty program. Just be sure to play by the rules… Read more in my article on the Tripwire State of Security blog. | Vulnerability | ★★★★★ | |
|
2020-05-03 13:39:46 | Ghost blogging platform suffers security breach (lien direct) | Scary stuff as hackers exploit Salt vulnerability in attempt to mine cryptocurrency on breached blogging platform’s servers. | Vulnerability | ||
|
2020-04-27 19:11:36 | A GIF image could have let hackers hijack Microsoft Teams at your firm (lien direct) | A critical vulnerability has been patched in the Microsoft Teams work collaboration platform after security researchers discovered a way in which hackers could compromise accounts and steal data with a seemingly harmless .GIF image. Read more in my article on the Bitdefender Business Insights blog. | Vulnerability | ||
|
2020-04-20 13:06:58 | Prioritize alerts and jump-start your investigations with Recorded Future\'s free browser extension. Sign up now. (lien direct) | Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! Access real-time security intelligence from any web-based SIEM, vulnerability solution, or webpage. Stop opening multiple browser tabs and pivoting between them to collect all of your data manually. Recorded Future Express does […] | Vulnerability | ||
|
2020-04-03 17:12:10 | Hacking the iOS/macOS webcam – Apple pays out $75,000 to bug hunter (lien direct) | A vulnerability researcher has received a bug bounty after discovering security holes in Apple’s software that could allow malicious parties to hijack an iPhone or Mac user’s camera and spy upon them. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2020-01-27 12:56:58 | Microsoft\'s Internet Explorer zero-day workaround is breaking printers (lien direct) | Microsoft’s workaround for an unpatched vulnerability that is being exploited in targeted attacks by hackers appears to be breaking printers. | Vulnerability | ||
|
2020-01-26 13:13:09 | Webex flaw allowed anyone to join private online meetings – no password required (lien direct) | Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password. | Vulnerability | ★★★★★ | |
|
2020-01-23 15:56:27 | Traffic jams could be worse than normal, because of the Shitrix vulnerability (lien direct) | Your trip into work today might be delayed by slippery roads, dense fog, and a Citrix vulnerability. | Vulnerability | ||
|
2020-01-19 09:39:08 | Microsoft issues Internet Explorer zero-day warning, but there\'s no patch yet (lien direct) | Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks. | Vulnerability | ||
|
2020-01-15 00:09:18 | Critical Windows 10 security fix pushed out after NSA warns Microsoft of spying vulnerability (lien direct) | Hundreds of millions of Windows 10 users are having an important patch rolled out to their computers today after Microsoft was warned by the NSA of a serious security hole in the operating system. | Vulnerability | ★★★★ | |
|
2020-01-13 14:39:44 | Cable Haunt: Hundreds of millions of cable modems may be vulnerable to hijacking attack (lien direct) | Researchers warn that your cable modem might be vulnerable to hijacking, due to a critical security vulnerability in its Broadcom firmware. Learn more now. | Vulnerability | ||
|
2020-01-13 12:14:18 | Shitrix: Hackers target unpatched Citrix systems over weekend (lien direct) | Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide. Take action to protect your systems now before the exploit hits you in the face. | Vulnerability | ||
|
2020-01-09 15:56:11 | Stop everything. Update Firefox now (lien direct) | A Firefox browser vulnerability that could allow attackers to take control of computers is being exploited in the wild. Make sure you are running the very latest version of Firefox. | Vulnerability | ||
|
2019-11-20 14:42:08 | Millions of Android phones may be vulnerable to camera spying vulnerability (lien direct) | Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2019-11-04 11:47:37 | After months of worry, BlueKeep vulnerability is now being exploited in mass-hacking campaign (lien direct) | The BlueKeep vulnerability, discovered by the UK’s NCSC, is being exploited at scale in an attempt to install a cryptocurrency minder on unpatched Windows PCs. | Vulnerability | ||
|
2019-09-17 08:08:04 | LastPass users automatically updated to fix security vulnerability in browser extension (lien direct) | Popular password manager LastPass says that it has fixed a vulnerability in its Chrome and Opera browser extensions that could have potentially seen an attacker steal the username and password previously filled-in by the software. | Vulnerability | LastPass | |
|
2019-09-04 10:05:04 | Earn $2.5 million if you find a remote zero-day exploit for Android (lien direct) | A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to? | Vulnerability | ||
|
2019-08-26 23:01:00 | iOS 12.4.1 update fixes jailbreak vulnerability that Apple accidentally reintroduced (lien direct) | Apple has fixed the jailbreaking vulnerability in iOS that it previously unfixed. | Vulnerability | ||
|
2019-07-15 12:45:02 | How any Instagram account could be hacked in less than 10 minutes (lien direct) | A security researcher has been awarded $30,000 after discovering a serious vulnerability that could potentially have put any Instagram account at risk of being hacked. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2019-07-11 14:15:00 | Apple pushes out silent update to remove sketchy Zoom code from Macs (lien direct) | Zoom, the makers of a video conferencing app used by millions of people around the world, did not handle the discovery of a privacy vulnerability its software at all well. It’s a good thing, then, that Apple has nixed the software’s dodgy behaviour. | Vulnerability | ★★ | |
|
2019-07-11 12:00:05 | Apple says its Walkie-Talkie app could be exploited to spy on iPhones (lien direct) | Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. Read more in my article on the Tripwire State of Security blog. | Vulnerability | ||
|
2019-07-03 12:02:05 | US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you\'re patched! (lien direct) | US Cyber Command has issued an alert about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook, as concerns are raised of a rise in an Iranian-backed hacking group’s activities. Read more in my article on the Hot for Security blog. | Malware Vulnerability | ||
|
2019-06-10 11:31:00 | BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows (lien direct) | I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world. Prove me wrong. Patch now. | Vulnerability | ||
|
2019-05-15 08:57:05 | Microsoft worm warning: Windows users urged to patch now (lien direct) | Microsoft is urging computer users to patch their systems now against a critical vulnerability that could be exploited by a fast-moving worm. Read more in my article on the Hot for Security blog. | Vulnerability | ||
|
2019-04-17 13:12:04 | A third-party patch for Microsoft\'s Internet Explorer zero-day vulnerability (lien direct) |  Don't want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.
|
Vulnerability | ||
|
2019-04-17 12:22:03 | It doesn\'t matter if you don\'t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability (lien direct) |  Even if you don't use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.
Read more in my article on the Hot for Security blog.
|
Vulnerability | ||
|
2018-11-27 14:01:02 | More details on One Planet York app vulnerability don\'t paint council in a good light (lien direct) |  New information has come to light which makes it more difficult to defend York city council's actions and communications in response to being told about a vulnerability in its One Planet York app.
|
Vulnerability | ||
|
2018-11-26 23:41:00 | Did UK city council over-react to a vulnerability report in its recycling app or not? (lien direct) |  Some in the computer security community feel that the council over-reacted by reporting the incident to the police.
I'm not so sure.
|
Vulnerability | ||
|
2018-11-21 13:53:01 | Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts (lien direct) |  A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.
Read more in my article on the Hot for Security blog.
|
Vulnerability | ||
|
2018-11-08 14:09:04 | Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw (lien direct) |  Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.
Read more in my article on the Tripwire State of Security blog.
|
Vulnerability | ||
|
2018-09-19 12:12:04 | \'Peekaboo\' zero-day lets hackers view and alter surveillance camera footage (lien direct) |  Hundreds of thousands of security cameras are believed to be vulnerable to a zero-day vulnerability that could allow hackers to spy on feeds and even tamper with video surveillance recordings.
Read more in my article on the Bitdefender BOX blog.
|
Vulnerability |
To see everything:
Our RSS (filtrered)
