What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-21 04:52:12 | Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw (lien direct) | A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product in March 2020. | Vulnerability | ||
|
2021-01-20 14:12:10 | Chrome 88 Drops Flash, Patches Critical Vulnerability (lien direct) | Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash. | Vulnerability | ||
|
2021-01-15 14:57:40 | Microsoft Reminds Organizations of Upcoming Phase in Patching Zerologon Vulnerability (lien direct) | Microsoft this week published a reminder for organizations that a February 9 security update will kick off the second phase of patching for the Zerologon vulnerability. | Vulnerability Patching | ||
|
2021-01-14 18:50:25 | Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks (lien direct) | A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks. | Vulnerability | ||
|
2021-01-12 14:12:09 | Facebook Awards Big Bounties for Invisible Post and Account Takeover Vulnerabilities (lien direct) | One researcher said he earned $30,000 from Facebook for finding a vulnerability that could have been exploited to create invisible posts on any page. The same amount was paid out to a different researcher for an account hijacking flaw. | Vulnerability | ||
|
2021-01-05 13:56:53 | Hackers Exploiting Recently Disclosed Zyxel Vulnerability (lien direct) | Security researchers have observed the first attempts to compromise Zyxel devices using a recently disclosed vulnerability related to the existence of hardcoded credentials. | Vulnerability | ||
|
2021-01-04 15:12:42 | Hardcoded Credentials Expose Zyxel Firewalls and WLAN Controllers to Remote Attacks (lien direct) | Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges. Identified by EYE security researcher Niels Teusink, the vulnerability exists because the password for the “zyfwp” user account was stored in plaintext and was visible in one of the binaries on the system. | Vulnerability | ||
|
2019-10-09 16:48:57 | Audit Finds Critical Vulnerability in iTerm2 macOS Terminal Emulator (lien direct) | A security audit funded by Mozilla has led to the discovery of a critical remote command execution vulnerability in the popular iTerm2 macOS terminal emulator. | Vulnerability | ||
|
2019-10-09 07:23:10 | No Patch for Critical Code Execution Flaw Affecting D-Link Routers (lien direct) | A critical remote code execution (RCE) vulnerability affecting several D-Link routers that reached their end of life (EOL) remains unpatched. | Vulnerability | ||
|
2019-10-08 13:45:04 | Code Execution Vulnerability Impacts NSA Reverse Engineering Tool (lien direct) | Versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework are impacted by a code-execution vulnerability, the National Security Agency (NSA) has revealed. | Tool Vulnerability | ||
|
2019-10-07 15:58:21 | Patches for Internet Explorer Zero-Day Causing Problems for Many Users (lien direct) | Microsoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy. | Vulnerability | ||
|
2019-10-07 13:44:35 | New Campaign Targets Drupalgeddon2 Flaw to Install Malware (lien direct) | Hackers continue to target the Drupal vulnerability named Drupalgeddon2 to install malware onto unpatched systems, Akamai's security researchers have discovered. | Malware Vulnerability | ||
|
2019-10-07 09:44:24 | Signal Rushes to Patch Serious Eavesdropping Vulnerability (lien direct) | The developers of the popular privacy-focused messaging application Signal have rushed to patch a serious vulnerability in the Android version that can be exploited by an attacker to eavesdrop on users. | Vulnerability | ||
|
2019-10-04 12:41:51 | Zero-Day Used in the Wild Impacts Pixel 2, Other Android Phones (lien direct) | Fully patched Pixel 2 devices, even those running Android 10 preview, are impacted by a vulnerability that has already been abused in attacks, a Google Project Zero security researcher has discovered. | Vulnerability | ||
|
2019-10-04 09:25:09 | WhatsApp Flaw Allows Remote Code Execution via Malicious GIF File (lien direct) | 
Facebook recently patched a vulnerability in WhatsApp for Android that may have allowed hackers to execute arbitrary code and gain access to sensitive user data by sending specially crafted GIF files.
|
Vulnerability | ||
|
2019-10-01 12:36:10 | Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability (lien direct) | A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the forums of cybersecurity solutions provider Comodo. | Vulnerability | ||
|
2019-09-30 16:47:04 | Critical Remote Code Execution Vulnerability Patched in Exim Email Server (lien direct) | A Critical vulnerability recently addressed in the popular open-source email server Exim could lead to remote code execution. Exim is an open source mail transfer agent (MTA) widely used in systems running Linux and macOS. At the moment, Exim powers over half of email servers out there. | Vulnerability Guideline | ||
|
2019-09-30 15:39:03 | Vulnerability Management Firm Kenna Security Raises $48 Million (lien direct) | San Francisco-based vulnerability management solutions provider Kenna Security on Monday announced that it has raised $48 million in a Series D funding round, which brings the total raised by the company to $98 million. | Vulnerability | ||
|
2019-09-28 11:46:19 | Apple Patches iOS 13 Bug Allowing Third-Party Keyboards "Full Access" (lien direct) | Apple on Friday released security updates for iOS 13 and iPadOS to address a vulnerability that allowed third-party keyboard extensions to gain “full access” without being granted permission. | Vulnerability | ||
|
2019-09-26 11:38:46 | VMware Patches Critical Harbor Vulnerability (lien direct) | VMware this week released patches to address a critical vulnerability in Harbor, which was found to impact VMware Cloud Foundation and VMware Harbor Container Registry for PCF. | Vulnerability | ||
|
2019-09-26 07:14:27 | vBulletin Patches Vulnerability Exploited in the Wild (lien direct) | Developers of the vBulletin forum software have rushed to release a patch for a recently disclosed remote command execution vulnerability, but the flaw has already been exploited in the wild, with some claiming that its existence has been known for years. | Vulnerability | ||
|
2019-09-25 08:30:45 | Hacker Releases Exploit for vBulletin Zero-Day Vulnerability (lien direct) | A hacker has released an exploit for an unpatched remote command execution vulnerability affecting the vBulletin forum software. | Vulnerability | ||
|
2019-09-24 07:07:23 | Microsoft Patches Internet Explorer Vulnerability Exploited in Attacks (lien direct) | Microsoft on Monday released patches for two vulnerabilities, including an Internet Explorer zero-day and a denial-of-service (DoS) flaw affecting Microsoft Defender. | Vulnerability | ||
|
2019-09-23 18:32:55 | Critical Vulnerability Addressed in Jira Service Desk (lien direct) | Atlassian has released a security update for Jira Service Desk and Jira Service Desk Data Center to address a critical vulnerability resulting in information disclosure. | Vulnerability | ||
|
2019-09-23 12:32:31 | Flaw Gives Hackers Remote Access to Files Stored on D-Link DNS-320 Devices (lien direct) | D-Link DNS-320 ShareCenter network-attached storage (NAS) devices are affected by a critical vulnerability that can be exploited remotely to take complete control of a device and access the files stored on it. | Vulnerability | ||
|
2019-09-20 14:56:50 | Vulnerability Patched in Forcepoint VPN Client for Windows (lien direct) | Researchers at breach and attack simulation firm SafeBreach discovered that the Forcepoint VPN Client for Windows is affected by a vulnerability that can be exploited to escalate privileges and for other purposes. | Vulnerability | ||
|
2019-09-19 17:33:35 | MITRE Publishes New List of Most Dangerous Software Weaknesses (lien direct) | The MITRE Corporation this week published an updated list of the most dangerous software weaknesses and vulnerabilities. Known as the Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors (CWE Top 25), the new list has been created based on real-world vulnerabilities found in the NVD (National Vulnerability Database). | Vulnerability | ||
|
2019-09-19 13:26:25 | Critical Vulnerability Exposes Harbor Registries to Attacks (lien direct) | Harbor registries with default settings are impacted by a vulnerability that allows any user to elevate privileges to administrator, Palo Alto Networks reports. | Vulnerability | ||
|
2019-09-17 13:37:13 | AMD Radeon Driver Flaw Leads to VM Escape (lien direct) | A vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver could be triggered from within a VMware guest to execute code on the host, Cisco Talos warns. | Vulnerability | ★★★★ | |
|
2019-09-16 16:24:46 | Saudi Attacks Expose Threat to Critical Infrastructure (lien direct) | The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware. | Vulnerability Threat | ||
|
2019-09-16 14:40:28 | LastPass Patches Bug Leaking Last-Used Credentials (lien direct) | A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass. A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones. | Vulnerability | LastPass | |
|
2019-09-11 14:43:03 | SAP Patches Critical Vulnerability in NetWeaver (lien direct) | Four of the Security Notes published by SAP as part of the September 2019 Security Patch Day are rated Hot News, the same as last month. | Vulnerability | ||
|
2019-09-09 15:17:01 | Cyberattack Disrupted Firewalls at U.S. Power Utility (lien direct) | A denial-of-service (DoS) attack that caused disruptions at a power utility in the United States earlier this year exploited a known vulnerability in a firewall used by the affected organization. | Vulnerability | ||
|
2019-09-09 13:57:00 | BlueKeep Exploit Added to Metasploit (lien direct) | An initial public exploit targeting the recently addressed BlueKeep vulnerability in Microsoft Windows has been added to Rapid7's Metasploit framework. | Vulnerability | ||
|
2019-09-06 14:16:04 | Exim Vulnerability Allows Remote Code Execution as Root (lien direct) | Exim mail servers are vulnerable to attacks due to a security hole that allows a local or remote attacker to execute arbitrary code with root privileges. | Vulnerability | ||
|
2019-09-06 12:49:03 | Cisco Patches Remote Command Execution in Webex Teams Client (lien direct) | Cisco this week addressed a High severity vulnerability in the Webex Teams client for Windows that could allow an attacker to execute commands remotely. The issue is created “due to improper restrictions on software logging features used by the application on Windows operating systems.” | Vulnerability | ||
|
2019-09-06 12:34:01 | Unpatched Privilege Escalation Vulnerability Impacts Android (lien direct) | The Android operating system is affected by a zero-day privilege escalation bug residing in the V4L2 driver, Trend Micro's Zero Day Initiative (ZDI) reveals. | Vulnerability | ||
|
2019-09-04 17:44:03 | Vulnerability in Network Provisioning Affects Majority of All Android Phones (lien direct) | An SMS phishing attack against many modern Android phones could route all internet traffic through a proxy controlled by the attacker. The problem lies in weak (sometimes non-existent) authentication for over-the-air (OTA) provisioning. | Vulnerability | ★★ | |
|
2019-08-29 10:44:05 | Pulse Secure Says Majority of Customers Patched Exploited Vulnerability (lien direct) | Pulse Secure and Fortinet Take Steps to Protect Customers Against Attacks Exploiting Recently Disclosed Vulnerabilities | Vulnerability | ||
|
2019-08-28 13:52:03 | DLL Hijacking Flaw Patched in Check Point Endpoint Security (lien direct) | Researchers at SafeBreach discovered that Check Point's Endpoint Security product is affected by a DLL hijacking vulnerability that can be exploited for privilege escalation and other purposes. | Vulnerability | ||
|
2019-08-27 13:31:04 | Apple Patches Re-Introduced Jailbreak Vulnerability (lien direct) | Apple this week released patches that address a recently re-introduced vulnerability that allows hackers to jailbreak devices. | Vulnerability | ||
|
2019-08-27 06:31:05 | Code Execution Flaw in QEMU Mostly Impacts Development, Test VMs (lien direct) | The open source machine emulator QEMU is affected by a vulnerability that can lead to a denial-of-service (DoS) condition or arbitrary code execution, but developers say users should not be too concerned about its impact. | Vulnerability Guideline | ||
|
2019-08-26 15:22:04 | Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (lien direct) | A researcher says he has received $10,000 from Facebook after finding another critical vulnerability that could have been exploited to hack Instagram accounts. | Hack Vulnerability | ||
|
2019-08-24 11:10:05 | Vulnerability Found in SimpleMDM Apple Device Management Solution (lien direct) | An XML external entity (XXE) vulnerability has been found and patched in the SimpleMDM Apple device management solution, but the researcher who found the flaw and the vendor disagree on its impact. SimpleMDM is an increasingly popular mobile device management (MDM) solution used by companies such as FedEx, Deloitte and the Discovery Channel. | Vulnerability | FedEx Deloitte | |
|
2019-08-22 14:59:02 | DLL Hijacking Flaw Found in Bitdefender Antivirus Free 2020 (lien direct) | A DLL hijacking vulnerability affecting Bitdefender Antivirus Free 2020 could have been exploited for privilege escalation and other malicious purposes, SafeBreach researchers revealed on Wednesday. | Vulnerability | ||
|
2019-08-20 09:42:01 | Harnessing Stunt Hacking for Enterprise Defense (lien direct) | Make Sure You Understand the Root Cause of the Vulnerabilities or Attack Vectors Behind the Next Over-Hyped Stunt Hack Every year, at least one mediocre security vulnerability surprisingly snatches global media attention, causing CISOs and security researchers to scratch their heads and sigh “who cares?” | Vulnerability | ||
|
2019-08-19 17:45:00 | Webmin Backdoored for Over a Year (lien direct) | Webmin, the open source web-based interface for managing Linux and UNIX systems, contained a remote code execution vulnerability for more than a year and it's believed to be an intentional backdoor. | Vulnerability | ||
|
2019-08-15 18:04:01 | Vulnerability Patched in Firefox Password Manager (lien direct) | The latest update released by Mozilla for Firefox patches a vulnerability that can be exploited to bypass the master password of the built-in password manager and obtain stored passwords. | Vulnerability | ||
|
2019-08-14 17:51:01 | New Bluetooth Vulnerability Allows Attackers to Intercept Traffic (lien direct) | A KNOB (key negotiation of Bluetooth) attack against the basic rate/enhanced data rate (BR/EDR, or Bluetooth Classic) configuration can result in information disclosure and/or escalation of privileges. | Vulnerability | ||
|
2019-08-14 15:24:00 | British Airways Criticized for Exposing Passenger Flight Details (lien direct) | British Airways (BA) has been criticized for allowing hackers easy access to customer flight information. The issue was exposed Tuesday by researchers who discovered "a vulnerability affecting British Airways' e-ticketing system that exposes passengers' personally identifiable information (PII)." | Vulnerability |
To see everything:
Our RSS (filtrered)
