What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-14 14:10:05 | Remote Code Execution Vulnerability Impacts SQLite (lien direct) | A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. | Vulnerability | ||
|
2019-05-13 13:43:01 | Remote Code Execution Flaw Found in Kaspersky Products (lien direct) | Researchers have discovered a serious remote code execution vulnerability affecting products from Kaspersky Lab. The cybersecurity firm pushed out a patch to customers in early April. | Vulnerability | ||
|
2019-05-13 06:32:04 | Microsoft SharePoint Vulnerability Exploited in the Wild (lien direct) | A critical vulnerability in Microsoft's SharePoint collaboration platform has been exploited in the wild to deliver malware. | Vulnerability | ||
|
2019-05-08 14:40:00 | Jenkins Vulnerability Exploited to Deliver \'Kerberods\' Malware (lien direct) | A vulnerability disclosed late last year has been exploited by malicious actors to deliver a piece of malware that deploys a Monero cryptocurrency miner and looks for new victims on the internet and the local network. | Malware Vulnerability | ||
|
2019-04-04 18:00:02 | NVIDIA Patches High Severity Flaws in Tegra Drivers (lien direct) | NVIDIA this week released security patches to address multiple vulnerabilities in the Tegra Linux Driver Package (L4T), including several flaws assessed with a “high” severity rating. The most important of the bugs is CVE‑2018‑6269, a vulnerability residing in the Tegra kernel driver (the issue features a CVSS score of 8.8). | Vulnerability | ||
|
2019-03-28 17:42:04 | Critical Flaw Allows Hackers to Take Control of PowerFlex AC Drives (lien direct) | Rockwell Automation's Allen Bradley PowerFlex 525 AC drives are affected by a critical denial-of-service (DoS) vulnerability that allows hackers to take control of devices. | Vulnerability | ||
|
2019-03-28 13:36:01 | WinRAR Vulnerability Exploited to Deliver New Malware (lien direct) | A recently patched vulnerability affecting the popular archiver utility WinRAR has been increasingly exploited by malicious actors, including to deliver new malware to targeted users. | Malware Vulnerability | ||
|
2019-03-27 17:43:00 | (Déjà vu) NVIDIA Patches Serious Flaw in GeForce Experience Software (lien direct) | A security update released recently by NVIDIA for its GeForce Experience software patches a potentially serious vulnerability that could lead to arbitrary code execution, a denial-of-service (DoS) condition, or privilege escalation. | Vulnerability Guideline | ||
|
2019-03-21 12:58:02 | Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator (lien direct) | A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric's Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not pose a risk to operating safety controllers. | Vulnerability | ||
|
2019-03-20 19:48:02 | Authentication Bypass Vulnerability Found in SoftNAS Cloud (lien direct) | A security firm's Vulnerability Research Team (VRT) found and reported a vulnerability in SoftNAS Cloud data storage. SoftNAS fixed the vulnerability last week, and details of the vulnerability are now being made public. | Vulnerability | ||
|
2019-03-20 19:23:02 | Vulnerability in NSA\'s Reverse Engineering Tool Allows Remote Code Execution (lien direct) | A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March, could be exploited to execute code remotely, researchers say. | Tool Vulnerability | ||
|
2019-03-20 16:34:02 | Google Photos Flaw Allowed Hackers to Track Users (lien direct) | Google recently patched a vulnerability in its Photos service that could have been exploited via browser-based timing attacks to track users, Imperva revealed on Wednesday. | Vulnerability | ||
|
2019-03-19 16:26:00 | Microsoft Dominates 2018\'s Most Exploited Vulnerabilities (lien direct) | Eight of the top ten most exploited vulnerabilities in 2018 affected Microsoft products. Only one -- but the second most exploited -- was an Adobe vulnerability. The last one, ranking at the ninth most exploited vulnerability of 2018, was an Android vulnerability. | Vulnerability | ||
|
2019-03-15 07:05:05 | Details of Actively Exploited Windows Flaw Made Public (lien direct) | Researchers from Chinese cybersecurity firm Qihoo 360 have made public technical details that can be used to construct a proof-of-concept (PoC) exploit for CVE-2019-0808, a recently patched Windows vulnerability that has been involved in targeted attacks. | Vulnerability | ||
|
2019-03-14 16:49:04 | WordPress 5.1.1 Patches Remote Code Execution Vulnerability (lien direct) | WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites. | Vulnerability | ||
|
2019-03-14 16:41:05 | Code Execution Flaw Found in Sonatype Nexus Repository Manager (lien direct) | A critical remote code execution vulnerability has been found and patched in Sonatype's Nexus Repository Manager (NXRM), a popular open-source tool that allows developers to manage software components. | Tool Vulnerability | ||
|
2019-03-11 16:21:00 | GIF Attack on Facebook Messenger Earned Hacker $10,000 (lien direct) | A white hat hacker earned $10,000 from Facebook last year for finding a Messenger vulnerability that apparently could have been exploited to randomly obtain other users' images. | Vulnerability | ||
|
2019-03-08 09:54:00 | Google Discloses Actively Exploited Windows Vulnerability (lien direct) | Google this week released information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw (CVE-2019-5786). | Vulnerability | ||
|
2019-03-06 18:09:02 | Google Patches Actively Exploited Chrome Vulnerability (lien direct) | A vulnerability Google patched last week in the Chrome browser had been already exploited in the wild. | Vulnerability | ||
|
2019-03-06 07:18:00 | Rockwell Automation Patches Critical DoS/RCE Flaw in RSLinx Software (lien direct) | Patches released by Rockwell Automation for its RSLinx Classic software address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and possibly for remote code execution. | Vulnerability | ||
|
2019-03-01 19:46:03 | Adobe Patches ColdFusion Vulnerability Exploited in the Wild (lien direct) | Adobe has released out-of-band updates for its ColdFusion web application development platform to address a critical vulnerability that has been exploited in the wild. | Vulnerability | ||
|
2019-03-01 14:05:00 | Cobalt Strike Bug Exposes Attacker Servers (lien direct) | A recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers, Fox-IT security researchers reveal. | Vulnerability | ||
|
2019-03-01 13:48:02 | Cisco Patches Critical Vulnerability in Wireless Routers (lien direct) | Cisco released security patches this week to address a Critical vulnerability in several wireless routers that allows an attacker to remotely execute code on the impacted devices. | Vulnerability | ||
|
2019-02-27 15:37:05 | Chrome Zero-Day Exploited to Harvest User Data via PDF Files (lien direct) | Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google's web browser. | Vulnerability | ||
|
2019-02-26 15:31:00 | Hackers Exploit WinRAR Vulnerability to Deliver Malware (lien direct) | Malicious hackers have started exploiting a critical WinRAR vulnerability disclosed less than one week ago, just as RARLab has released the final version of the update that should patch the flaw. | Malware Vulnerability | ||
|
2019-02-26 08:00:00 | Drupal RCE Flaw Exploited in Attacks Days After Patch (lien direct) | A vulnerability patched recently in the Drupal content management system (CMS) has been exploited in the wild to deliver cryptocurrency miners and other payloads. The attacks started just three days after a fix was released. | Vulnerability | ||
|
2019-02-22 07:14:00 | Researcher Earns $10,000 for Another XSS Flaw in Yahoo Mail (lien direct) | A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user's emails and attach malicious code to their outgoing messages. | Vulnerability | Yahoo | |
|
2019-02-21 16:53:05 | Adobe Releases Second Patch for Data Leakage Flaw in Reader (lien direct) | Adobe on Thursday released a second fix for the Reader vulnerability tracked as CVE 2019-7089 after the researcher who discovered the flaw managed to bypass the first patch. The security hole, identified by Alex Inführ from Cure53, allows a specially crafted PDF document to send SMB requests to the attacker's server when the file is opened. | Vulnerability | ||
|
2019-02-21 13:47:04 | WinRAR Vulnerability Exposes Millions of Users to Attacks (lien direct) | WinRAR, the popular data compression tool utilized by over 500 million users worldwide, is affected by a serious vulnerability that can allow arbitrary code execution through specially crafted ACE archives. | Tool Vulnerability | ||
|
2019-02-21 06:26:00 | Critical Drupal Vulnerability Allows Remote Code Execution (lien direct) | Security updates released on Wednesday for the Drupal content management system (CMS) patch a “highly critical” vulnerability that can be exploited for remote code execution. | Vulnerability | ||
|
2019-02-18 18:24:02 | Privilege Escalation Vulnerability Found in LG Device Manager (lien direct) | A privilege escalation vulnerability that allows attackers to elevate permissions to SYSTEM has been found in the LG Device Manager application provided by the tech giant for its laptops. | Vulnerability | ||
|
2019-02-18 12:27:03 | Exploit Code Published for Recent Container Escape Vulnerability (lien direct) | Proof-of-concept (PoC) code is now publicly available for a recently disclosed container escape vulnerability impacting popular cloud platforms, including AWS, Google Cloud, and numerous Linux distributions. | Vulnerability | ||
|
2019-02-15 14:54:05 | CSRF Vulnerability in Facebook Earns Researcher $25,000 (lien direct) | 
|
Vulnerability | ||
|
2019-02-14 16:09:02 | Google Paid Out $3.4 Million for Vulnerabilities Reported in 2018 (lien direct) | Google revealed recently that it paid out a total of $3.4 million for flaws reported in 2018 by researchers through its Vulnerability Reward Program (VRP). The $3.4 million was awarded for 1,319 reports submitted by 317 researchers from 78 countries. The largest single reward was $41,000 and $181,000 were donated to charity, the company said. | Vulnerability | ||
|
2019-02-14 14:23:04 | Many ICS Vulnerability Advisories Contain Errors: Report (lien direct) | Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos. | Vulnerability | ||
|
2019-02-13 18:42:03 | Third-Party Patch Released for Code Execution Flaw in OpenOffice (lien direct) | An unofficial patch has been made available for a recently disclosed remote code execution vulnerability affecting the Apache OpenOffice open source productivity suite. | Vulnerability | ||
|
2019-02-12 13:35:04 | (Déjà vu) Unofficial Patch Released for Adobe Reader Zero-Day (lien direct) | One day before Adobe's monthly security updates, a third-party fix has been released for an Adobe Reader vulnerability revealed several weeks ago. | Vulnerability | ||
|
2019-02-12 13:23:01 | (Déjà vu) macOS Vulnerability Leaks Safari Data (lien direct) | A vulnerability in the latest macOS release could allow a malicious application to access restricted Safari data, an application developer has discovered. | Vulnerability | ||
|
2019-02-12 10:40:04 | Container Escape Flaw Hits AWS, Google Cloud, Linux Distros (lien direct) | A vulnerability recently addressed in runc could allow malicious containers to gain root-level code execution on the host. | Vulnerability | ||
|
2019-02-11 14:06:05 | Tenable Adds \'Predictive Prioritization\' to Vulnerability Management Offering (lien direct) | Tenable on Monday announced the general availability of a new service designed to help organizations identify the vulnerabilities that have the highest likelihood of being exploited. | Vulnerability | ||
|
2019-02-11 04:54:03 | Bezos Case Exposes Billionaires\' Vulnerability to Hackers (lien direct) | The stunning revelation that a tabloid obtained below-the-belt selfies of Amazon founder Jeff Bezos -- the world's richest man -- suggests that even billionaires are not out of the reach of hackers. | Vulnerability | ||
|
2019-02-08 06:56:04 | Apple Patches FaceTime Spying Vulnerability (lien direct) | Apple has finally released an iOS update that should fully patch the Group FaceTime vulnerability that could have been exploited to spy on users through their device's microphone and camera. | Vulnerability | ||
|
2019-02-07 17:30:05 | Zero-day Vulnerability Highlights the Responsible Disclosure Dilemma (lien direct) | A zero-day vulnerability found in a video-conferencing system and responsibly disclosed led to the response, "Our developers are aware of some known vulnerabilities with the systems, development for these devices has slowed significantly as they are End of Life. For devices that are still under support, we may target future releases." | Vulnerability | ★★★★★ | |
|
2019-01-29 07:10:01 | Apple Working on Patch to Prevent FaceTime Spying (lien direct) | A critical vulnerability in Apple's FaceTime chat application can be exploited to spy on people. The tech giant has disabled a FaceTime feature in an effort to prevent abuse until a patch is made available. | Vulnerability | ||
|
2019-01-25 17:46:00 | Check Point ZoneAlarm Flaw Allows Privilege Escalation (lien direct) | A vulnerability in Check Point's popular ZoneAlarm antivirus and firewall allows attackers to escalate their privileges on a system running the security software. The vendor has released an update that should address the flaw. | Vulnerability | ||
|
2019-01-18 19:22:03 | Hackers Actively Scanning for ThinkPHP Vulnerability, Akamai Says (lien direct) | There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals. | Vulnerability | ||
|
2019-01-17 13:34:02 | Flaw in Reservation System Impacts Many Airlines (lien direct) | A vulnerability discovered in a reservation system used by hundreds of airlines around the world could expose the details of millions of their customers, researchers warned this week. | Vulnerability | ||
|
2019-01-11 21:03:05 | Phishers Use Zero-Width Spaces to Bypass Office 365 Protections (lien direct) | A recently addressed vulnerability in Office 365 allowed attackers to bypass existing phishing protections and deliver malicious messages to victims' inboxes. | Vulnerability | ||
|
2019-01-04 15:58:01 | Serious DoS Flaw Impacts Several Yokogawa Products (lien direct) | A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric. | Vulnerability | ||
|
2019-01-04 14:37:00 | Vulnerability in Skype for Android Exposes User Data (lien direct) | A vulnerability in Skype for Android allows an unauthenticated attacker to view photos and contacts, and even open links in the browser, a security researcher has discovered. | Vulnerability |
To see everything:
Our RSS (filtrered)
