What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-06-11 10:01:00 | Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks (lien direct) | A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected. Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products. | Vulnerability | ||
|
2019-06-10 17:19:04 | Critical Oracle WebLogic Vulnerability Exploited in Attacks (lien direct) | A recently patched vulnerability in Oracle WebLogic is being exploited in attacks aimed at installing crypto-miners on vulnerable machines, Trend Micro reports. | Vulnerability | ||
|
2019-06-05 15:29:00 | (Déjà vu) Unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day (lien direct) | An unofficial patch has been released for a recently disclosed zero-day vulnerability in Windows 10's Task Scheduler. | Vulnerability | ||
|
2019-06-05 12:54:05 | NSA Urges Windows Users to Patch \'BlueKeep\' Vulnerability (lien direct) | The U.S. National Security Agency (NSA) on Tuesday urged Windows users and administrators to immediately address the vulnerability tracked as BlueKeep and CVE-2019-0708. | Vulnerability | ||
|
2019-05-31 14:13:02 | Microsoft Reminds Users to Patch Wormable \'BlueKeep\' Vulnerability (lien direct) | Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation. | Vulnerability | ||
|
2019-05-29 18:10:03 | Docker Vulnerability Gives Arbitrary File Access to Host (lien direct) | A newly disclosed vulnerability in Docker could be exploited by a malicious attacker to escape the container and gain arbitrary read/write file access on the host with root privileges. | Vulnerability | ||
|
2019-05-29 14:16:05 | Google Researcher Finds Code Execution Vulnerability in Notepad (lien direct) | Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft's Notepad text editor. | Vulnerability | ||
|
2019-05-28 14:39:00 | One Million Devices Vulnerable to BlueKeep as Hackers Scan for Targets (lien direct) | Nearly one million devices are vulnerable to attacks involving the Windows vulnerability dubbed BlueKeep and it appears that hackers have already started scanning the web in search of potential targets. | Vulnerability | ||
|
2019-05-28 05:40:04 | Siemens Medical Products Affected by Wormable Windows Flaw (lien direct) | Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep. | Vulnerability | ||
|
2019-05-24 02:02:03 | Researcher Drops 3 Separate 0-Day Windows Exploits in 24 Hours (lien direct) | SandboxEscaper, the security researcher who posted a claimed zero-day Windows 10 vulnerability on GitHub Tuesday, has now posted the remaining four exploits (two yesterday and the final two today) that he or she (we'll say 'she') said she possessed. | Vulnerability | ||
|
2019-05-23 12:52:04 | PoC Exploits Created for Wormable Windows RDS Flaw (lien direct) | Several proof-of-concept (PoC) exploits, including ones that can be used for remote code execution, have been developed for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep. | Vulnerability | ||
|
2019-05-20 16:42:05 | Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP (lien direct) | A memory corruption vulnerability recently found in Linux Kernel's implementation of RDS over TCP could lead to privilege escalation. Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module. | Vulnerability Guideline | ||
|
2019-05-17 14:47:03 | Slack Flaw Allows Hackers to Steal, Manipulate Downloads (lien direct) | A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user's downloaded files. | Vulnerability | ||
|
2019-05-17 13:29:01 | Tenable Updates Free Vulnerability Assessment Solution (lien direct) | Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home. | Vulnerability | ||
|
2019-05-17 12:34:03 | Wormable Windows RDS Vulnerability Poses Serious Risk to ICS (lien direct) | A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned. | Vulnerability | ||
|
2019-05-15 06:06:05 | Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks (lien direct) | Microsoft's Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a zero-day and a flaw that can be exploited by malware to spread similar to the way the notorious WannaCry did back in 2017. | Malware Vulnerability | Wannacry | |
|
2019-05-14 15:47:02 | (Déjà vu) Adobe Patches Over 80 Vulnerabilities in Acrobat Products (lien direct) | Adobe's Patch Tuesday updates for May 2019 fix a critical vulnerability in Flash Player and more than 80 flaws in the company's Acrobat products. | Vulnerability | ||
|
2019-05-14 14:10:05 | Remote Code Execution Vulnerability Impacts SQLite (lien direct) | A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. | Vulnerability | ||
|
2019-05-13 13:43:01 | Remote Code Execution Flaw Found in Kaspersky Products (lien direct) | Researchers have discovered a serious remote code execution vulnerability affecting products from Kaspersky Lab. The cybersecurity firm pushed out a patch to customers in early April. | Vulnerability | ||
|
2019-05-13 06:32:04 | Microsoft SharePoint Vulnerability Exploited in the Wild (lien direct) | A critical vulnerability in Microsoft's SharePoint collaboration platform has been exploited in the wild to deliver malware. | Vulnerability | ||
|
2019-05-08 14:40:00 | Jenkins Vulnerability Exploited to Deliver \'Kerberods\' Malware (lien direct) | A vulnerability disclosed late last year has been exploited by malicious actors to deliver a piece of malware that deploys a Monero cryptocurrency miner and looks for new victims on the internet and the local network. | Malware Vulnerability | ||
|
2019-04-04 18:00:02 | NVIDIA Patches High Severity Flaws in Tegra Drivers (lien direct) | NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating. The most important of the bugs is CVE‑2018‑6269, a vulnerability residing in the Tegra kernel driver (the issue features a CVSS score of 8.8). | Vulnerability | ||
|
2019-03-28 17:42:04 | Critical Flaw Allows Hackers to Take Control of PowerFlex AC Drives (lien direct) | Rockwell Automation's Allen Bradley PowerFlex 525 AC drives are affected by a critical denial-of-service (DoS) vulnerability that allows hackers to take control of devices. | Vulnerability | ||
|
2019-03-28 13:36:01 | WinRAR Vulnerability Exploited to Deliver New Malware (lien direct) | A recently patched vulnerability affecting the popular archiver utility WinRAR has been increasingly exploited by malicious actors, including to deliver new malware to targeted users. | Malware Vulnerability | ||
|
2019-03-27 17:43:00 | (Déjà vu) NVIDIA Patches Serious Flaw in GeForce Experience Software (lien direct) | A security update released recently by NVIDIA for its GeForce Experience software patches a potentially serious vulnerability that could lead to arbitrary code execution, a denial-of-service (DoS) condition, or privilege escalation. | Vulnerability Guideline | ||
|
2019-03-21 12:58:02 | Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator (lien direct) | A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric's Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not pose a risk to operating safety controllers. | Vulnerability | ||
|
2019-03-20 19:48:02 | Authentication Bypass Vulnerability Found in SoftNAS Cloud (lien direct) | A security firm's Vulnerability Research Team (VRT) found and reported a vulnerability in SoftNAS Cloud data storage. SoftNAS fixed the vulnerability last week, and details of the vulnerability are now being made public. | Vulnerability | ||
|
2019-03-20 19:23:02 | Vulnerability in NSA\'s Reverse Engineering Tool Allows Remote Code Execution (lien direct) | A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. | Tool Vulnerability | ||
|
2019-03-20 16:34:02 | Google Photos Flaw Allowed Hackers to Track Users (lien direct) | Google recently patched a vulnerability in its Photos service that could have been exploited via browser-based timing attacks to track users, Imperva revealed on Wednesday. | Vulnerability | ||
|
2019-03-19 16:26:00 | Microsoft Dominates 2018\'s Most Exploited Vulnerabilities (lien direct) | Eight of the top ten most exploited vulnerabilities in 2018 affected Microsoft products. Only one -- but the second most exploited -- was an Adobe vulnerability. The last one, ranking at the ninth most exploited vulnerability of 2018, was an Android vulnerability. | Vulnerability | ||
|
2019-03-15 07:05:05 | Details of Actively Exploited Windows Flaw Made Public (lien direct) | Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks. | Vulnerability | ||
|
2019-03-14 16:49:04 | WordPress 5.1.1 Patches Remote Code Execution Vulnerability (lien direct) | WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites. | Vulnerability | ||
|
2019-03-14 16:41:05 | Code Execution Flaw Found in Sonatype Nexus Repository Manager (lien direct) | A critical remote code execution vulnerability has been found and patched in Sonatype's Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. | Tool Vulnerability | ||
|
2019-03-11 16:21:00 | GIF Attack on Facebook Messenger Earned Hacker $10,000 (lien direct) | A white hat hacker earned $10,000 from Facebook last year for finding a Messenger vulnerability that apparently could have been exploited to randomly obtain other users' images. | Vulnerability | ||
|
2019-03-08 09:54:00 | Google Discloses Actively Exploited Windows Vulnerability (lien direct) | Google this week released information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw (CVE-2019-5786). | Vulnerability | ||
|
2019-03-06 18:09:02 | Google Patches Actively Exploited Chrome Vulnerability (lien direct) | A vulnerability Google patched last week in the Chrome browser had been already exploited in the wild. | Vulnerability | ||
|
2019-03-06 07:18:00 | Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software (lien direct) | Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution. | Vulnerability | ||
|
2019-03-01 19:46:03 | Adobe Patches ColdFusion Vulnerability Exploited in the Wild (lien direct) | Adobe has released out-of-band updates for its ColdFusion web application development platform to address a critical vulnerability that has been exploited in the wild. | Vulnerability | ||
|
2019-03-01 14:05:00 | Cobalt Strike Bug Exposes Attacker Servers (lien direct) | A recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers, Fox-IT security researchers reveal. | Vulnerability | ||
|
2019-03-01 13:48:02 | Cisco Patches Critical Vulnerability in Wireless Routers (lien direct) | Cisco released security patches this week to address a Critical vulnerability in several wireless routers that allows an attacker to remotely execute code on the impacted devices. | Vulnerability | ||
|
2019-02-27 15:37:05 | Chrome Zero-Day Exploited to Harvest User Data via PDF Files (lien direct) | Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google's web browser. | Vulnerability | ||
|
2019-02-26 15:31:00 | Hackers Exploit WinRAR Vulnerability to Deliver Malware (lien direct) | Malicious hackers have started exploiting a critical WinRAR vulnerability disclosed less than one week ago, just as RARLab has released the final version of the update that should patch the flaw. | Malware Vulnerability | ||
|
2019-02-26 08:00:00 | Drupal RCE Flaw Exploited in Attacks Days After Patch (lien direct) | A vulnerability patched recently in the Drupal content management system (CMS) has been exploited in the wild to deliver cryptocurrency miners and other payloads. The attacks started just three days after a fix was released. | Vulnerability | ||
|
2019-02-22 07:14:00 | Researcher Earns $10,000 for Another XSS Flaw in Yahoo Mail (lien direct) | A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user's emails and attach malicious code to their outgoing messages. | Vulnerability | Yahoo | |
|
2019-02-21 16:53:05 | Adobe Releases Second Patch for Data Leakage Flaw in Reader (lien direct) | Adobe on Thursday released a second fix for the Reader vulnerability tracked as CVE 2019-7089 after the researcher who discovered the flaw managed to bypass the first patch. The security hole, identified by Alex Inführ from Cure53, allows a specially crafted PDF document to send SMB requests to the attacker's server when the file is opened. | Vulnerability | ||
|
2019-02-21 13:47:04 | WinRAR Vulnerability Exposes Millions of Users to Attacks (lien direct) | WinRAR, the popular data compression tool utilized by over 500 million users worldwide, is affected by a serious vulnerability that can allow arbitrary code execution through specially crafted ACE archives. | Tool Vulnerability | ||
|
2019-02-21 06:26:00 | Critical Drupal Vulnerability Allows Remote Code Execution (lien direct) | Security updates released on Wednesday for the Drupal content management system (CMS) patch a “highly critical” vulnerability that can be exploited for remote code execution. | Vulnerability | ||
|
2019-02-18 18:24:02 | Privilege Escalation Vulnerability Found in LG Device Manager (lien direct) | A privilege escalation vulnerability that allows attackers to elevate permissions to SYSTEM has been found in the LG Device Manager application provided by the tech giant for its laptops. | Vulnerability | ||
|
2019-02-18 12:27:03 | Exploit Code Published for Recent Container Escape Vulnerability (lien direct) | Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. | Vulnerability | ||
|
2019-02-15 14:54:05 | CSRF Vulnerability in Facebook Earns Researcher $25,000 (lien direct) | 
|
Vulnerability |
To see everything:
Our RSS (filtrered)
