What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-07 11:44:43 | Android \\'s juin 2023 Patchs de mise à jour de sécurité Android\\'s June 2023 Security Update Patches Exploited Arm GPU Vulnerability (lien direct) |
Mise à jour de la sécurité de Google \\ en juin 2023 pour les correctifs Android Plus de 50 vulnérabilités, y compris un défaut de GPU Mali ARM exploité par les vendeurs de logiciels espions.
Google\'s June 2023 security update for Android patches more than 50 vulnerabilities, including an Arm Mali GPU flaw exploited by spyware vendors. |
Vulnerability | ★★ | |
|
2023-06-06 14:01:00 | Vulnérabilité des correctifs de mise à jour Keepass exposant le mot de passe maître KeePass Update Patches Vulnerability Exposing Master Password (lien direct) |
> Keepass 2.54 Patche une vulnérabilité permettant aux attaquants de récupérer le mot de passe maître ClearText à partir d'un vidage de mémoire
>KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump. |
Vulnerability | ★★ | |
|
2023-06-02 09:04:59 | Zero-day in Moveit File Transfer Software exploité pour voler des données aux organisations Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations (lien direct) |
> Une vulnérabilité zéro-jour dans le produit du logiciel de progression \\ Moveit Transfer a été exploitée pour pirater des organisations et voler leurs données.
>A zero-day vulnerability in Progress Software\'s MOVEit Transfer product has been exploited to hack organizations and steal their data. |
Hack Vulnerability | ★★★ | |
|
2023-05-31 08:30:00 | Barracuda Zero-Day exploite pour livrer des logiciels malveillants pendant des mois avant la découverte Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery (lien direct) |
> La vulnérabilité Barracuda zéro-jour récemment découverte CVE-2023-2868 a été exploitée pour fournir des logiciels malveillants et voler des données depuis au moins octobre 2022.
>The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022. |
Malware Vulnerability | ★★ | |
|
2023-05-26 10:31:56 | Pare-feu zyxel piraté par Mirai Botnet Zyxel Firewalls Hacked by Mirai Botnet (lien direct) |
> Un botnet Mirai a exploité une vulnérabilité récemment corrigée suivie sous le nom de CVE-2023-28771 pour pirater de nombreux pare-feu zyxel.
>A Mirai botnet has been exploiting a recently patched vulnerability tracked as CVE-2023-28771 to hack many Zyxel firewalls. |
Hack Vulnerability | ★★ | |
|
2023-05-25 09:56:37 | Vulnérabilité zéro-jour exploitée pour pirater les appareils de passerelle de sécurité par e-mail Barracuda Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances (lien direct) |
> Barracuda Networks avertit les clients du CVE-2023-2868, un jour nul exploité pour pirater certains appareils électroménagers (ESG). .
>Barracuda Networks is warning customers about CVE-2023-2868, a zero-day exploited to hack some Email Security Gateway (ESG) appliances. |
Hack Vulnerability | ★★ | |
|
2023-05-22 09:07:09 | Les utilisateurs de smartphones de Samsung ont mis en garde contre la vulnérabilité activement exploitée Samsung Smartphone Users Warned of Actively Exploited Vulnerability (lien direct) |
> Les utilisateurs de smartphones de Samsung ont mis en garde contre le CVE-2023-21492, une vulnérabilité de contournement ASLR exploitée dans la nature, probablement par un fournisseur de logiciel espion.
>Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor. |
Vulnerability | ★★★ | |
|
2023-05-18 12:42:05 | Google annonce un nouveau système de notation pour les rapports de vulnérabilité Android et des appareils Google Announces New Rating System for Android and Device Vulnerability Reports (lien direct) |
> Google met à jour son système de notation des rapports de vulnérabilité pour encourager les chercheurs à fournir plus de détails sur les bogues signalés.
>Google is updating its vulnerability reports rating system to encourage researchers to provide more details on the reported bugs. |
Vulnerability | ★★★ | |
|
2023-05-18 11:44:32 | L'outil POC exploite la vulnérabilité Keepass non corrigée pour récupérer les mots de passe maîtres PoC Tool Exploits Unpatched KeePass Vulnerability to Retrieve Master Passwords (lien direct) |
Le chercheur publie un outil POC qui exploite la vulnérabilité Keepass non corrigée pour récupérer le mot de passe maître à partir de la mémoire.
Researcher publishes PoC tool that exploits unpatched KeePass vulnerability to retrieve the master password from memory. |
Tool Vulnerability | ★★★ | |
|
2023-05-05 08:33:00 | Android Security Update Patchs Vulnérabilité du noyau exploité par le fournisseur de logiciels espions Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor (lien direct) |
> Les dernières mises à jour de la sécurité Android de Google \\ sont sur 40 vulnérabilités, y compris CVE-2023-0266, un défaut de noyau exploité comme un jour zéro par un fournisseur de logiciels espions.
>Google\'s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor. |
Vulnerability | ★★ | |
|
2023-04-28 13:26:34 | Cisco travaillant sur le patch pour la vulnérabilité signalé par l'OTAN Penter Cisco Working on Patch for Vulnerability Reported by NATO Pentester (lien direct) |
> Cisco travaille sur un patch pour une vulnérabilité XSS trouvée dans le déploiement de collaboration Prime par un penter du Cyber Security Center (NCSC) de l'OTAN \\.
>Cisco is working on a patch for an XSS vulnerability found in Prime Collaboration Deployment by a pentester from NATO\'s Cyber Security Centre (NCSC). |
Vulnerability | ★★ | |
|
2023-04-26 13:09:36 | La vulnérabilité SLP permet des attaques DOS avec un facteur d'amplification de 2 200 SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 (lien direct) |
> Une vulnérabilité de haute sévérité dans le protocole de localisation du service peut être exploitée pour lancer des attaques d'amplification DOS massives.
>A high-severity vulnerability in the Service Location Protocol can be exploited to launch massive DoS amplification attacks. |
Vulnerability | ★★ | |
|
2023-04-24 16:08:10 | HUNENTS: La plupart des installations de papier non corrigées contre une faille de sécurité déjà exploitée Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw (lien direct) |
> Les chercheurs avertissent que la majorité des installations de Papercut Windows et MacOS sont toujours vulnérables à la vulnérabilité critique déjà exploitée dans les attaques de logiciels malveillants.
>Researchers warn that majority of Windows and macOS PaperCut installations still vulnerable to critical vulnerability already exploited in malware attacks. |
Malware Vulnerability | ★★ | |
|
2023-04-24 11:42:12 | Un défaut critique dans le produit INEA ICS expose les organisations industrielles aux attaques à distance Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks (lien direct) |
> La vulnérabilité critique trouvée dans INEA RTU peut être exploitée pour pirater à distance les appareils et provoquer des perturbations dans les organisations industrielles.
>Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations. |
Hack Vulnerability Industrial | ★★★★ | |
|
2023-04-19 09:03:31 | États-Unis, Royaume-Uni: la Russie exploitant la vieille vulnérabilité pour pirater les routeurs Cisco US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers (lien direct) |
> Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.
>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. |
Hack Vulnerability | APT 28 | ★★ |
|
2023-04-14 12:18:01 | Google, CISA avertit de la faille Android après des rapports sur l'exploitation chinoise de l'application zéro-jour Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation (lien direct) |
> La vulnérabilité Android CVE-2023-20963, qui aurait été exploitée comme un jour zéro par une application chinoise contre des millions d'appareils, a été ajoutée au catalogue KEV de CISA \\. .
>The Android vulnerability CVE-2023-20963, reportedly exploited as a zero-day by a Chinese app against millions of devices, was added to CISA\'s KEV catalog. |
Vulnerability | ★★ | |
|
2023-04-03 13:47:40 | Vulnérabilité du plugin Elementor Pro exploité pour pirater les sites Web WordPress Elementor Pro Plugin Vulnerability Exploited to Hack WordPress Websites (lien direct) |
> Une vulnérabilité sévère dans le plugin Elementor Pro WordPress est exploitée pour injecter des logiciels malveillants en sites Web vulnérables.
>A severe vulnerability in the Elementor Pro WordPress plugin is being exploited to inject malware into vulnerable websites. |
Malware Hack Vulnerability | ★★ | |
|
2023-03-30 11:42:24 | La vulnérabilité du cloud Microsoft a conduit à un détournement de recherche Bing, à l'exposition des données Office 365 [Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data] (lien direct) | > Une erreur de configuration Azure Active Directory (AAD) menant à Bing.com a obtenu les chercheurs WIZ a gagné une récompense de prime de bogue de 40 000 $.
>An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. |
Vulnerability Cloud | ★★★★ | |
|
2023-03-30 11:05:12 | 3CX confirme l'attaque de la chaîne d'approvisionnement alors que les chercheurs découvrent le composant Mac [3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component] (lien direct) | > 3CX confirme enquêter sur une violation de sécurité, car la communauté de la cybersécurité partage plus d'informations sur ce qui semble être une attaque sophistiquée en chaîne d'approvisionnement.
>3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack. |
Vulnerability | ★★★ | |
|
2023-03-20 11:53:33 | Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm (lien direct) | >Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra's GoAnywhere solution. | Ransomware Data Breach Vulnerability | ★★ | |
|
2023-03-14 11:24:28 | Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach (lien direct) | Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities. | Vulnerability | ★★★ | |
|
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
|
2023-03-09 14:45:12 | Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks (lien direct) | >Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers. | Vulnerability | ★★★ | |
|
2023-03-07 11:53:23 | Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia (lien direct) | >Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. | Vulnerability | ★★ | |
|
2023-02-28 11:41:25 | Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites (lien direct) | A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild. | Hack Vulnerability | ★★★ | |
|
2023-02-22 13:30:01 | R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor (lien direct) | Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. | Hack Vulnerability | ★★★ | |
|
2023-02-16 09:36:01 | Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability (lien direct) | >Hundreds of new servers were compromised in the past days as part of ESXiArgs ransomware attacks, but it's still unclear which vulnerability is being exploited. | Ransomware Vulnerability | ★★ | |
|
2023-02-14 11:42:35 | GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact (lien direct) | >Organizations hit by exploitation of the GoAnywhere MFT zero-day vulnerability CVE-2023-0669 have started coming forward. | Vulnerability | ★★ | |
|
2023-02-09 11:00:00 | ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware (lien direct) | >There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […] | Ransomware Malware Tool Vulnerability | ★★★ | |
|
2023-02-06 10:30:00 | Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability (lien direct) | >Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021. | Ransomware Vulnerability | ★★ | |
|
2023-02-02 15:10:19 | F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution (lien direct) | >A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code. | Vulnerability | ★★★ | |
|
2023-01-30 11:34:58 | Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability (lien direct) | >A researcher has disclosed the details of a 2FA bypass vulnerability affecting Instagram and Facebook. | Vulnerability | ★★★ | |
|
2023-01-20 14:29:45 | In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences (lien direct) | Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. | Vulnerability Threat | ★★ | |
|
2023-01-13 11:21:01 | Fortinet Says Recently Patched Vulnerability Exploited to Hack Governments (lien direct) | Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute arbitrary code or commands using specially crafted requests. | Hack Vulnerability | ★★★ | |
|
2023-01-12 11:16:48 | Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers (lien direct) | Exploitation of a critical vulnerability affecting the widely used SugarCRM customer relationship management system was seen just days after someone made public an exploit. | Hack Vulnerability | ★★ | |
|
2023-01-05 15:55:19 | Zoho Urges ManageEngine Users to Patch Serious SQL Injection Vulnerability (lien direct) | Zoho this week announced patches for a high-severity SQL injection vulnerability in ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. ManageEngine is an enterprise software solution offering management capabilities for endpoints, enterprise services, identity and access, IT operations, and security information and events. | Vulnerability | ★★ | |
|
2022-12-14 16:19:14 | Google Announces Vulnerability Scanner for Open Source Developers (lien direct) | Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects. The high number of dependencies that software projects rely on increases the risk of falling victim to a supply chain attack or to the exploitation of unknown vulnerabilities. | Vulnerability | ★ | |
|
2022-11-29 12:02:35 | Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability (lien direct) | Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products. | Vulnerability | ★★★ | |
|
2022-11-18 12:06:24 | Omron PLC Vulnerability Exploited by Sophisticated ICS Malware (lien direct) | A critical vulnerability has not received the attention it deserves | Malware Vulnerability | ||
|
2022-11-17 09:39:05 | Magento Vulnerability Increasingly Exploited to Hack Online Stores (lien direct) | E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores. | Malware Hack Vulnerability | ||
|
2022-11-16 10:54:15 | Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers (lien direct) | A team of researchers from the University of Michigan, University of Pennsylvania and NASA have identified a potentially serious vulnerability in networking technology used in spacecraft, aircraft, and industrial control systems. | Hack Vulnerability | ||
|
2022-11-15 15:07:54 | Zendesk Vulnerability Could Have Given Hackers Access to Customer Data (lien direct) | An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports. Zendesk Explore is the analytics and reporting service of Zendesk, a popular customer support software-as-a-service solution. | Vulnerability Threat | ||
|
2022-11-14 13:52:06 | Aiphone Intercom System Vulnerability Allows Hackers to Open Doors (lien direct) | A vulnerability in Aiphone intercom products allows attackers to breach the entry system and gain access to the building that uses it. Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. | Vulnerability | ||
|
2022-11-11 12:18:29 | Google Pays $70k for Android Lock Screen Bypass (lien direct) | Google recently handed out a $70,000 bug bounty reward for an Android vulnerability leading to lock screen bypass, security researcher David Schutz says. | Vulnerability Guideline | ||
|
2022-11-10 11:30:18 | ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (lien direct) | Oil and gas flow computers and remote controllers made by Swiss industrial technology firm ABB are affected by a serious vulnerability that could allow hackers to cause disruptions and prevent utilities from billing their customers, according to industrial cybersecurity firm Claroty. | Hack Vulnerability | ||
|
2022-10-21 10:28:32 | CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks. | Malware Vulnerability | ||
|
2022-10-11 10:36:13 | Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack (lien direct) | Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack. | Vulnerability | ||
|
2022-10-04 15:14:58 | Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack (lien direct) | Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community. | Vulnerability | ||
|
2022-09-12 11:34:17 | Vulnerability in BackupBuddy Plugin Exploited to Hack WordPress Sites (lien direct) | A recently resolved vulnerability in the BackupBuddy WordPress plugin has been exploited in malicious attacks since late August, Defiant's Wordfence team warns. | Hack Vulnerability | ||
|
2022-08-30 11:20:14 | Google Launches Bug Bounty Program for Open Source Projects (lien direct) | Google today introduced a new bug bounty program to reward security researchers who discover and report vulnerabilities in the company's open source projects. As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100. | Vulnerability |
To see everything:
Our RSS (filtrered)
