Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-04-13 12:32:24 |
(Déjà vu) PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers (lien direct) |
A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.
|
Vulnerability
|
|
|
|
2021-04-08 13:47:10 |
Cring Ransomware Targets Industrial Organizations (lien direct) |
Cring ransomware operators are exploiting an old path traversal vulnerability in the FortiOS SSL VPN web portal to gain access to enterprise networks, Kaspersky warns.
|
Ransomware
Vulnerability
|
|
|
|
2021-04-08 10:50:21 |
Vulnerability in \'Domain Time II\' Could Lead to Server, Network Compromise (lien direct) |
A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.
|
Vulnerability
|
|
|
|
2021-04-07 11:33:06 |
Google Patches Critical Code Execution Vulnerability in Android (lien direct) |
The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
|
Vulnerability
|
|
|
|
2021-04-06 14:23:10 |
US DoD Launches Vuln Disclosure Program for Contractor Networks (lien direct) |
The United States Department of Defense (DoD) this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base (DIB) contractor networks.
|
Vulnerability
|
|
|
|
2021-04-05 15:51:20 |
VMware Patches Critical Flaw in Carbon Black Cloud Workload (lien direct) |
A critical vulnerability recently addressed in the VMware Carbon Black Cloud Workload could be abused to execute code on a vulnerable server, according to a warning from a security researcher who discovered the bug.
|
Vulnerability
|
|
|
|
2021-03-31 12:00:08 |
Chinese Researchers Earn Another $20,000 for Chrome Sandbox Escape (lien direct) |
Researchers from Chinese cybersecurity company Qihoo 360 have earned another $20,000 from Google for a sandbox escape vulnerability affecting the Chrome web browser.
|
Vulnerability
|
|
|
|
2021-03-29 18:30:38 |
Vulnerability in \'netmask\' npm Package Affects 280,000 Projects (lien direct) |
A vulnerability in the netmask npm package could expose private networks and lead to a variety of attacks, including malware delivery.
|
Malware
Vulnerability
Guideline
|
|
|
|
2021-03-26 21:56:05 |
Apple Patches Under-Attack iOS Zero-Day (lien direct) |
Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild.
|
Vulnerability
|
|
|
|
2021-03-26 15:05:29 |
(Déjà vu) Severe Flaws in Official \'Facebook for WordPress\' Plugin (lien direct) |
A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence.
|
Vulnerability
Guideline
|
|
|
|
2021-03-26 15:05:29 |
Severe Flaws in Facebook for WordPress Plugin (lien direct) |
A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence.
|
Vulnerability
Guideline
|
|
|
|
2021-03-23 13:07:30 |
Recently Patched Android Vulnerability Exploited in Attacks (lien direct) |
Google has warned Android users that a recently patched vulnerability has been exploited in attacks.
The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021.
|
Vulnerability
|
|
|
|
2021-03-23 04:52:53 |
Remote Code Execution Vulnerability Patched in Apache OFBiz (lien direct) |
One of the vulnerabilities addressed by the latest update for Apache OFBiz is an unsafe Java deserialization issue that could be exploited to execute code remotely, without authentication.
|
Vulnerability
|
|
|
|
2021-03-15 11:37:12 |
Google Releases PoC Exploit for Browser-Based Spectre Attack (lien direct) |
Google last week announced the release of proof-of-concept (PoC) code designed to exploit the notorious Spectre vulnerability and leak information from web browsers.
|
Vulnerability
|
|
|
|
2021-03-09 17:35:33 |
Apple Patches Remote Code Execution Bug in WebKit (lien direct) |
Apple on Monday released patches for a vulnerability in WebKit that could allow attackers to execute code remotely on affected devices.
|
Vulnerability
|
|
|
|
2021-03-09 15:31:11 |
Vulnerability That Allows Complete WordPress Site Takeover Exploited in the Wild (lien direct) |
A critical vulnerability identified in The Plus Addons for Elementor WordPress plugin could be exploited to gain administrative privileges to a website. The zero-day has been exploited in the wild, the Wordfence team at WordPress security company Defiant warns.
|
Vulnerability
|
|
|
|
2021-03-04 13:46:44 |
Several Cisco Products Exposed to DoS Attacks Due to Snort Vulnerability (lien direct) |
Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service (DoS) attacks due to a vulnerability in the Snort detection engine.
|
Vulnerability
|
|
|
|
2021-03-04 04:45:42 |
Microsoft Pays $50,000 Bounty for Account Takeover Vulnerability (lien direct) |
A security researcher says Microsoft has awarded him a $50,000 bounty reward for reporting a vulnerability that could have potentially allowed for the takeover of any Microsoft account.
|
Vulnerability
|
|
|
|
2021-03-03 15:44:00 |
Jetty Flaw Can Be Exploited to Inflate Target\'s Cloud Bill, Cause Disruption (lien direct) |
A vulnerability affecting Eclipse Jetty web servers can be exploited by an attacker to inflate a targeted organization's cloud services bill or cause disruption, according to security researchers at tech company Synopsys.
|
Vulnerability
|
|
|
|
2021-03-03 15:23:03 |
VMware Patches Remote Code Execution Vulnerability in View Planner (lien direct) |
VMware this week announced the availability of a security patch for VMware View Planner, to address a vulnerability leading to remote code execution.
|
Vulnerability
Guideline
|
|
|
|
2021-03-03 13:22:12 |
Chrome 89 Patches Actively Exploited Vulnerability (lien direct) |
Google this week announced the availability of Chrome 89 in the stable channel, with patches for a total of 47 vulnerabilities, including one that has been exploited in the wild.
|
Vulnerability
|
|
|
|
2021-03-03 12:22:14 |
Should You Be Concerned About the Recently Leaked Spectre Exploits? (lien direct) |
A researcher revealed on Monday that some exploits for the notorious CPU vulnerability known as Spectre were uploaded recently to the VirusTotal malware analysis service. While some experts say this could increase the risk of exploitation for malicious purposes, others believe there is no reason for concern.
|
Malware
Vulnerability
|
|
|
|
2021-03-02 16:00:46 |
Google Patches Critical Remote Code Execution Vulnerability in Android (lien direct) |
Google this week announced the release of patches for 37 vulnerabilities as part of the Android security updates for March 2021, including a fix for a critical flaw in the System component.
|
Vulnerability
|
|
|
|
2021-03-02 15:47:00 |
New \'Unc0ver\' Jailbreak Uses Vulnerability That Apple Said Was Exploited (lien direct) |
The latest version of the Unc0ver jailbreak leverages a vulnerability that Apple said had been exploited before it released a patch in January.
|
Vulnerability
|
|
|
|
2021-03-01 11:24:11 |
Vendor Quickly Patches Serious Vulnerability in NATO-Approved Firewall (lien direct) |
A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult.
|
Vulnerability
Threat
|
|
|
|
2021-02-26 11:54:50 |
Unprotected Private Key Allows Remote Hacking of Rockwell Controllers (lien direct) |
Industrial organizations have been warned this week that a critical authentication bypass vulnerability can allow hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation.
|
Vulnerability
|
|
|
|
2021-02-25 11:47:07 |
Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability (lien direct) |
Just one day after VMware announced the availability of patches for a critical vulnerability affecting vCenter Server, hackers have started scanning the internet for vulnerable servers.
|
Vulnerability
|
|
|
|
2021-02-25 04:28:48 |
Google Discloses Details of Remote Code Execution Vulnerability in Windows (lien direct) |
Google's cybersecurity research unit Project Zero on Wednesday disclosed the details of a recently patched Windows vulnerability that can be exploited for remote code execution.
|
Vulnerability
|
|
|
|
2021-02-24 12:02:51 |
Critical VMware vCenter Server Flaw Can Expose Organizations to Remote Attacks (lien direct) |
VMware on Tuesday informed customers that its vCenter Server product is affected by a critical vulnerability that can be exploited by an attacker to execute commands with elevated privileges.
|
Vulnerability
|
|
|
|
2021-02-22 15:06:35 |
Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak (lien direct) |
A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' “Lost in Translation” leak, cybersecurity firm Check Point says in a new report.
|
Vulnerability
Threat
|
APT 31
|
|
|
2021-02-18 13:20:51 |
Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 (lien direct) |
A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.
|
Vulnerability
|
|
|
|
2021-02-16 18:40:55 |
WebKit Zero-Day Vulnerability Exploited in Malvertising Operation (lien direct) |
A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.
|
Vulnerability
|
|
|
|
2021-02-15 14:43:42 |
Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability (lien direct) |
Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.
|
Vulnerability
|
|
|
|
2021-02-15 11:59:05 |
Vulnerability in VMware vSphere Replication Can Facilitate Attacks on Enterprises (lien direct) |
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product.
vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.
|
Vulnerability
|
|
|
|
2021-02-10 15:07:13 |
Apple Patches Recent Sudo Vulnerability in macOS (lien direct) |
Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility.
Present in most Unix- and Linux-based operating systems out there, Sudo is a tool that allows users to execute programs with the privileges of another user, which by default is superuser.
|
Tool
Vulnerability
|
|
|
|
2021-02-10 14:18:06 |
Critical Vulnerability Patched in SAP Commerce Product (lien direct) |
SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. It also updated six previously released notes.
|
Vulnerability
|
|
|
|
2021-02-10 02:02:39 |
Hack Exposes Vulnerability of Cash-Strapped US Water Plants (lien direct) |
A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. Treatment plants are typically cash-strapped, and lack the cybersecurity depth of the power grid and nuclear plants.
|
Vulnerability
|
|
|
|
2021-02-09 18:29:39 |
Adobe Patches Reader Vulnerability Exploited in the Wild (lien direct) |
Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild.
|
Vulnerability
|
|
|
|
2021-02-09 14:09:54 |
Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs (lien direct) |
An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution.
|
Vulnerability
|
|
|
|
2021-02-08 14:52:16 |
Google Launches Database for Open Source Vulnerabilities (lien direct) |
Google last week announced the launch of OSV (Open Source Vulnerabilities), which the internet giant has described as a vulnerability database and triage infrastructure for open source projects.
|
Vulnerability
|
|
|
|
2021-02-05 20:00:38 |
Google Chrome, Microsoft IE Zero-Days in Crosshairs (lien direct) |
Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks.
|
Vulnerability
|
|
|
|
2021-02-04 12:15:53 |
SonicWall Patches SMA Zero-Day Vulnerability Exploited in Attacks (lien direct) |
SonicWall on Wednesday announced that it released firmware updates for its Secure Mobile Access (SMA) 100 series appliances to patch an actively exploited zero-day vulnerability.
|
Vulnerability
|
|
|
|
2021-02-04 04:32:50 |
Siemens Releases Patches to Prevent Remote Takeover of SIMATIC HMI Panels (lien direct) |
Siemens has released patches for some of its SIMATIC human-machine interface (HMI) panels to address a high-severity vulnerability that can be exploited remotely to take full control of a device.
|
Vulnerability
|
|
★★★
|
|
2021-02-03 18:42:05 |
Recent Sudo Vulnerability Affects Apple, Cisco Products (lien direct) |
Apple's macOS Big Sur operating system and multiple Cisco products are also affected by the recently disclosed major security flaw in the Sudo utility.
|
Vulnerability
|
|
|
|
2021-02-03 12:59:51 |
Weak ACLs in Adobe ColdFusion Allow Privilege Escalation (lien direct) |
A newly disclosed vulnerability in Adobe ColdFusion could be exploited by unprivileged users for the execution of arbitrary code with SYSTEM privileges.
The popular commercial web-application development platform uses the CFML scripting language and is mainly used for the creation of data-driven websites.
|
Vulnerability
|
|
|
|
2021-02-03 12:12:58 |
China-Linked Hackers Exploited SolarWinds Flaw in U.S. Government Attack: Report (lien direct) |
Hackers believed to be from China have exploited a vulnerability in a SolarWinds product as part of a campaign targeting at least one U.S. government agency, Reuters reported on Tuesday.
|
Vulnerability
|
|
|
|
2021-02-02 12:04:09 |
SonicWall Says \'a Few Thousand Devices\' Impacted by Zero-Day Vulnerability (lien direct) |
SonicWall on Monday confirmed that its Secure Mobile Access (SMA) 100 series appliances are affected by a zero-day vulnerability that has apparently already been exploited in attacks.
|
Vulnerability
|
|
★★
|
|
2021-01-27 20:30:18 |
Ten-Year Old Sudo Vulnerability Gives Root Privileges on Host (lien direct) |
A major security hole in the Sudo utility could be abused by unprivileged users to gain root privileges on the vulnerable host, Qualys reports.
|
Vulnerability
|
|
|
|
2021-01-25 15:11:38 |
CrowdStrike Discloses Details of Recently Patched Windows NTLM Vulnerability (lien direct) |
One of the vulnerabilities that Microsoft addressed on January 2021 Patch Tuesday could allow an attacker to relay NTLM authentication sessions and then execute code remotely, using a printer spooler MSRPC interface.
|
Vulnerability
|
|
|
|
2021-01-21 16:13:50 |
Drupal Updates Patch Another Vulnerability Related to Archive Files (lien direct) |
Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.
|
Vulnerability
|
|
|