Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-08-14 04:57:00 |
BlueKeep Patching Efforts Sink: 750,000 Systems Still Vulnerable (lien direct) |
More than 750,000 systems remain vulnerable to the BlueKeep vulnerability as patching rate has decreased by around 85%, a new report from security firm BitSight reveals.
|
Vulnerability
Patching
|
|
|
|
2019-08-09 15:51:04 |
Vulnerability Has Been Lurking in Avaya Phones for 10 Years (lien direct) |
A security vulnerability discovered and patched 10 years ago has remained unaddressed in various Avaya phones until recently, McAfee security researchers have discovered.
|
Vulnerability
|
|
|
|
2019-08-07 12:33:05 |
SQL Injection Vulnerability Exposed Starbucks Financial Records (lien direct) |
A critical SQL injection vulnerability exposed nearly one million financial records stored in a Starbucks enterprise database, a researcher revealed this week.
|
Vulnerability
|
|
|
|
2019-08-07 10:02:05 |
Millions of Devices With Intel CPUs Exposed to SWAPGS Attack (lien direct) |
Researchers have discovered yet another speculative execution vulnerability that can allow attackers to steal potentially sensitive information from devices with Intel processors.
|
Vulnerability
|
|
|
|
2019-07-30 03:17:04 |
CapitalOne Discloses Massive Data Breach: 106 Million Impacted (lien direct) |
Capital One said on Monday that a malicious individual was able to exploit a vulnerability in cloud infrastructure used by the company and gain access to sensitive data on more than 100 million customers and credit applicants.
|
Vulnerability
|
|
|
|
2019-07-23 20:33:02 |
Hackers Compromise 62 Colleges via Campus ERP Platform (lien direct) |
Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.
|
Vulnerability
|
|
|
|
2019-07-23 11:21:04 |
ProFTPD Vulnerability Can Expose Servers to Attacks (lien direct) |
A security hole affecting the free and open source ProFTPD file transfer protocol (FTP) server can be exploited to copy files to vulnerable servers and possibly execute arbitrary code.
|
Vulnerability
|
|
|
|
2019-07-22 14:39:01 |
Critical RCE Vulnerability Found in Palo Alto Networks VPN Product (lien direct) |
A critical remote code execution vulnerability has been found and patched in Palo Alto Networks' GlobalProtect product.
|
Vulnerability
|
|
|
|
2019-07-19 14:47:02 |
Google Increases Bug Bounty Program Rewards (lien direct) |
Google on Thursday informed security researchers that they can now earn significantly higher rewards if they submit vulnerability reports through the company's bug bounty programs.
|
Vulnerability
|
|
|
|
2019-07-18 17:03:01 |
Over 800,000 Systems Still Vulnerable to BlueKeep Attacks (lien direct) |
Users and organizations continue to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708, but over 800,000 systems are still exposed to attacks.
|
Vulnerability
|
Wannacry
|
|
|
2019-07-18 05:52:03 |
Vulnerability Allows Hackers to Take Control of Drupal 8 Websites (lien direct) |
Drupal developers on Wednesday informed users that version 8.7.4 is affected by a potentially serious vulnerability, and advised them to update to version 8.7.5, which addresses the issue.
|
Vulnerability
|
|
|
|
2019-07-17 14:40:02 |
SLUB Backdoor Spreads via Newly Patched Vulnerability (lien direct) |
The threat actor behind the SLUB backdoor has started abusing a recently patched Internet Explorer vulnerability for distribution purposes, Trend Micro's security researchers reveal.
|
Vulnerability
Threat
|
|
|
|
2019-07-16 14:47:02 |
Thousands of Legacy Lenovo Storage Devices Exposed Millions of Files (lien direct) |
Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices.
|
Vulnerability
|
|
★★★★★
|
|
2019-07-15 12:42:03 |
Instagram Account Takeover Vulnerability Earns Hacker $30,000 (lien direct) |
A researcher claims to have received $30,000 from Facebook after discovering a critical vulnerability that could have been exploited to easily hack Instagram accounts.
India-based bug bounty hunter Laxman Muthiyah discovered the security hole while analyzing Instagram's password recovery system for mobile devices.
|
Hack
Vulnerability
|
|
|
|
2019-07-12 13:39:05 |
FIRST Announces CVSS Version 3.1 (lien direct) |
The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS).
CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws.
|
Vulnerability
|
|
|
|
2019-07-12 07:43:02 |
Flaw in Walkie-Talkie App on Apple Watch Allows Spying (lien direct) |
Apple has disabled the Walkie-Talkie app on the Apple Watch after learning of a serious vulnerability that can be exploited to spy on users.
|
Vulnerability
|
|
|
|
2019-07-11 12:10:02 |
SAP Patches Critical Flaw in Diagnostics Agent (lien direct) |
SAP this week released 11 Security Notes as part of the Patch Day – July 2019, one of which was a Hot News Note addressing a Critical vulnerability in Diagnostics Agent.
Tracked as CVE-2019-0330 and featuring a CVSS score of 9.1, the bug is an OS command injection that could lead to the compromise of the entire SAP system.
|
Vulnerability
Guideline
|
|
|
|
2019-07-10 16:03:02 |
Intel Patches Serious Vulnerability in Processor Diagnostic Tool (lien direct) |
Intel's Patch Tuesday updates for July 2019 fix a serious vulnerability in the company's Processor Diagnostic Tool and a less serious issue in its Solid State Drives (SSD) for Data Centers (DC) product.
|
Tool
Vulnerability
|
|
|
|
2019-07-10 14:41:00 |
Flaw in Rockwell PanelView Allows Root-Level Access to Devices (lien direct) |
A serious vulnerability in Rockwell Automation's PanelView graphics terminals allows a remote, unauthenticated attacker to gain root-level access to the device's file system.
|
Vulnerability
|
|
|
|
2019-07-10 06:09:01 |
GE Says Anesthesia Machine Vulnerability Poses No Risk to Patients (lien direct) |
Researchers have discovered a vulnerability that can be used to hack some of GE Healthcare's hospital anesthesia devices, but the vendor says it does not pose a direct risk to patients.
|
Hack
Vulnerability
|
|
|
|
2019-07-09 18:25:04 |
Vulnerability Gives Attackers Remote Access to Zoom Users\' Cameras (lien direct) |
A vulnerability in the Zoom Client for Mac allows a remote attacker to force a user into joining a video call with the video camera active, a security researcher has discovered.
|
Vulnerability
|
|
|
|
2019-07-03 18:56:00 |
Multiple Chinese Groups Share the Same RTF Weaponizer (lien direct) |
During an investigation into a possibly shared RTF weaponizer by Indian and Chinese APT groups, researchers have discovered that multiple Chinese groups have updated the weaponizer to exploit the Microsoft Equation Editor (EE) vulnerability CVE-2018-0798. The same weaponizer had previously delivered exploits for EE vulnerabilities CVE-2017-11882 and CVE-2018-0802.
|
Vulnerability
|
|
|
|
2019-07-03 06:06:02 |
U.S. Cyber Command Warns of Outlook Flaw Exploited by Iranian Hackers (lien direct) |
The U.S. Cyber Command (USCYBERCOM) on Tuesday warned that it had spotted attacks exploiting a Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
|
Vulnerability
|
|
|
|
2019-07-01 17:22:00 |
Risk-Based Vulnerability Management is a Must for Security & Compliance (lien direct) |
Vulnerability management and compliance go hand-in-hand. Just as adhering to certain regulatory standards can help an organization manage vulnerabilities more effectively, managing vulnerabilities effectively can make an organization less susceptible to the sorts of security incidents that could render it noncompliant.
|
Vulnerability
|
|
|
|
2019-06-21 13:58:04 |
Millions of Devices Exposed to Attacks Due to Flaw in PC-Doctor Software (lien direct) |
More than 100 million computers from Dell and other vendors may have been exposed to hacker attacks due to a serious vulnerability in software made by hardware diagnostic tools provider PC-Doctor.
|
Vulnerability
|
|
|
|
2019-06-21 07:56:03 |
Mozilla Patches Second Firefox Zero-Day Used in Cryptocurrency Attacks (lien direct) |
Mozilla on Thursday patched a second zero-day vulnerability in Firefox that has been exploited by malicious actors to deliver Mac malware to cryptocurrency exchanges.
|
Malware
Vulnerability
|
|
|
|
2019-06-19 08:54:04 |
Oracle Patches Another Remote Code Execution Flaw in WebLogic (lien direct) |
Oracle on Tuesday announced that it has released emergency patches for a critical remote code execution vulnerability affecting WebLogic Server, a Java EE application server that is part of the company's Fusion Middleware offering.
|
Vulnerability
|
|
|
|
2019-06-19 05:54:01 |
Firefox Zero-Day Vulnerability Exploited in Targeted Attacks (lien direct) |
Updates released by Mozilla for its Firefox web browser on Tuesday patch a critical vulnerability that has been actively exploited in attacks.
|
Vulnerability
|
|
|
|
2019-06-18 14:23:05 |
Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks (lien direct) |
A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the flaw have been made available by the vendor.
|
Vulnerability
|
|
|
|
2019-06-17 18:07:04 |
DHS Issues Alert for Windows \'BlueKeep\' Vulnerability (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) on Monday issued an alert for the Windows vulnerability tracked as BlueKeep and CVE-2019-0708.
|
Vulnerability
|
|
|
|
2019-06-15 04:54:02 |
Hackers Target Recent Vulnerability in Exim Mail Server (lien direct) |
Cybercriminals are already targeting a recently disclosed vulnerability in the open-source Exim mail server, Cybereason reports.
|
Vulnerability
|
|
|
|
2019-06-13 13:01:05 |
XSS Vulnerability Exposed Google Employees to Attacks (lien direct) |
A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information.
|
Vulnerability
|
|
|
|
2019-06-12 14:22:04 |
Flaw in Evernote Extension Allows Hackers to Steal Data (lien direct) |
A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user.
|
Vulnerability
|
|
|
|
2019-06-11 10:01:00 |
Critical Vulnerability Exposes Oil Tank Monitoring Devices to Attacks (lien direct) |
A critical vulnerability has been found in oil tank monitoring devices from Tecson/GOK, but the vendor has released a patch and points out that there are less than 1,000 devices that could be affected.
Tecson is a Germany-based manufacturer of tank measurement systems, including oil tank displays, level probes, and remote monitoring products.
|
Vulnerability
|
|
|
|
2019-06-10 17:19:04 |
Critical Oracle WebLogic Vulnerability Exploited in Attacks (lien direct) |
A recently patched vulnerability in Oracle WebLogic is being exploited in attacks aimed at installing crypto-miners on vulnerable machines, Trend Micro reports.
|
Vulnerability
|
|
|
|
2019-06-05 15:29:00 |
(Déjà vu) Unofficial Patch Available for Recent Windows 10 Task Scheduler Zero-Day (lien direct) |
An unofficial patch has been released for a recently disclosed zero-day vulnerability in Windows 10's Task Scheduler.
|
Vulnerability
|
|
|
|
2019-06-05 12:54:05 |
NSA Urges Windows Users to Patch \'BlueKeep\' Vulnerability (lien direct) |
The U.S. National Security Agency (NSA) on Tuesday urged Windows users and administrators to immediately address the vulnerability tracked as BlueKeep and CVE-2019-0708.
|
Vulnerability
|
|
|
|
2019-05-31 14:13:02 |
Microsoft Reminds Users to Patch Wormable \'BlueKeep\' Vulnerability (lien direct) |
Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation.
|
Vulnerability
|
|
|
|
2019-05-29 18:10:03 |
Docker Vulnerability Gives Arbitrary File Access to Host (lien direct) |
A newly disclosed vulnerability in Docker could be exploited by a malicious attacker to escape the container and gain arbitrary read/write file access on the host with root privileges.
|
Vulnerability
|
|
|
|
2019-05-29 14:16:05 |
Google Researcher Finds Code Execution Vulnerability in Notepad (lien direct) |
Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft's Notepad text editor.
|
Vulnerability
|
|
|
|
2019-05-28 14:39:00 |
One Million Devices Vulnerable to BlueKeep as Hackers Scan for Targets (lien direct) |
Nearly one million devices are vulnerable to attacks involving the Windows vulnerability dubbed BlueKeep and it appears that hackers have already started scanning the web in search of potential targets.
|
Vulnerability
|
|
|
|
2019-05-28 05:40:04 |
Siemens Medical Products Affected by Wormable Windows Flaw (lien direct) |
Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.
|
Vulnerability
|
|
|
|
2019-05-24 02:02:03 |
Researcher Drops 3 Separate 0-Day Windows Exploits in 24 Hours (lien direct) |
SandboxEscaper, the security researcher who posted a claimed zero-day Windows 10 vulnerability on GitHub Tuesday, has now posted the remaining four exploits (two yesterday and the final two today) that he or she (we'll say 'she') said she possessed.
|
Vulnerability
|
|
|
|
2019-05-23 12:52:04 |
PoC Exploits Created for Wormable Windows RDS Flaw (lien direct) |
Several proof-of-concept (PoC) exploits, including ones that can be used for remote code execution, have been developed for the recently patched Windows Remote Desktop Services (RDS) vulnerability tracked as CVE-2019-0708 and dubbed BlueKeep.
|
Vulnerability
|
|
|
|
2019-05-20 16:42:05 |
Linux Kernel Privilege Escalation Vulnerability Found in RDS Over TCP (lien direct) |
A memory corruption vulnerability recently found in Linux Kernel's implementation of RDS over TCP could lead to privilege escalation.
Tracked as CVE-2019-11815 and featuring a CVSS base score of 8.1, the flaw impacts Linux kernels prior to 5.0.8, but only systems that use the Reliable Datagram Sockets (RDS) for the TCP module.
|
Vulnerability
Guideline
|
|
|
|
2019-05-17 14:47:03 |
Slack Flaw Allows Hackers to Steal, Manipulate Downloads (lien direct) |
A recently patched vulnerability in the Slack desktop application for Windows can be exploited by malicious actors to steal and manipulate a targeted user's downloaded files.
|
Vulnerability
|
|
|
|
2019-05-17 13:29:01 |
Tenable Updates Free Vulnerability Assessment Solution (lien direct) |
Tenable this week announced Nessus Essentials, an expanded version of its free vulnerability assessment solution previously known as Nessus Home.
|
Vulnerability
|
|
|
|
2019-05-17 12:34:03 |
Wormable Windows RDS Vulnerability Poses Serious Risk to ICS (lien direct) |
A critical remote code execution vulnerability patched recently by Microsoft in Windows Remote Desktop Services (RDS) poses a serious risk to industrial environments, experts have warned.
|
Vulnerability
|
|
|
|
2019-05-15 06:06:05 |
Microsoft Patches RDS Vulnerability Allowing WannaCry-Like Attacks (lien direct) |
Microsoft's Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a zero-day and a flaw that can be exploited by malware to spread similar to the way the notorious WannaCry did back in 2017.
|
Malware
Vulnerability
|
Wannacry
|
|
|
2019-05-14 15:47:02 |
(Déjà vu) Adobe Patches Over 80 Vulnerabilities in Acrobat Products (lien direct) |
Adobe's Patch Tuesday updates for May 2019 fix a critical vulnerability in Flash Player and more than 80 flaws in the company's Acrobat products.
|
Vulnerability
|
|
|