What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-01-03 02:38:01 | Vulnerability in Chrome for Android Patched Three Years After Disclosure (lien direct) | A vulnerabilitiy recently patched by Google in Chrome for Android was an information disclosure bug that was originally reported in 2015, but not patched until the release of Chrome 70 in October 2018, security researchers say. | Vulnerability | ||
|
2018-12-21 14:55:02 | UK\'s NCSC Adopts HackerOne for Vulnerability Coordination Disclosure (lien direct) | Almost since its inception in October 2016, the UK's National Cyber Security Centre (NCSC) has been considering how to formalize its vulnerability disclosure process. While the agency has a wider role in strengthening the overall cyber security of UK business, it has a more specific responsibility towards government systems. | Vulnerability | ||
|
2018-12-21 05:59:01 | Cisco Patches Privilege Escalation Vulnerability in Adaptive Security Appliance (lien direct) | A vulnerability in Cisco Adaptive Security Appliance (ASA) Software could allow an attacker to retrieve files or replace software images on a device. | Vulnerability | ||
|
2018-12-20 05:53:03 | Google Finds Internet Explorer Zero-Day Exploited in Targeted Attacks (lien direct) | An out-of-band update released by Microsoft on Wednesday for its Internet Explorer web browser patches a zero-day vulnerability exploited by malicious actors in targeted attacks. | Vulnerability | ||
|
2018-12-17 15:57:01 | Bug Gives Twitter Apps More Permissions Than Shown (lien direct) | Twitter recently addressed a security vulnerability that resulted in certain applications not correctly showing all of the permissions they had. | Vulnerability | ||
|
2018-12-17 06:34:00 | Code Execution Flaw in SQLite Affects Chrome, Other Software (lien direct) | Many applications using the popular SQLite database management system could be exposed to attacks due to a potentially serious vulnerability that can lead to remote code execution, information disclosure, and denial-of-service (DoS) attacks. | Vulnerability Guideline | ||
|
2018-12-13 18:36:04 | Arctic Wolf Acquires Risk Assessment Firm RootSecure (lien direct) | Security operations center (SOC)-as-a-service provider Arctic Wolf Networks this week announced plans to add risk-based vulnerability assessment capabilities to its portfolio, with the acquisition of RootSecure Corp. | Vulnerability | ★★ | |
|
2018-12-12 12:44:00 | SAP Patches Critical Vulnerability in Hybris Commerce (lien direct) | SAP this week released its December 2018 set of security updates to address a dozen vulnerabilities in its products, including a Critical flaw in Hybris Commerce. | Vulnerability | ||
|
2018-12-07 14:54:03 | Vulnerability Exposes Rockwell Controllers to DoS Attacks (lien direct) | Some of Rockwell Automation's MicroLogix controllers and ControlLogix communications modules are affected by a potentially serious vulnerability that can be exploited for denial-of-service (DoS) attacks. | Vulnerability | ||
|
2018-12-07 08:55:03 | New Lawsuit Claims Marriott Still Exposes Customer Information (lien direct) | A new class action filed against Marriott following the massive data breach alleges that the hotel giant's systems are affected by a serious vulnerability that still exposes customer information. | Vulnerability | ||
|
2018-12-04 09:03:03 | Critical Privilege Escalation Flaw Patched in Kubernetes (lien direct) | A critical privilege escalation vulnerability has been found in Kubernetes, the popular open-source container orchestration system that allows users to automate deployment, scaling and management of containerized applications. | Vulnerability | Uber | |
|
2018-11-29 18:41:02 | Zoom Conferencing App Exposes Enterprises to Attacks (lien direct) | A potentially serious vulnerability discovered by researchers in the Zoom video conferencing application can allow external attackers or malicious insiders to hijack screen controls, spoof chat messages, and remove attendees from a session. | Vulnerability | ||
|
2018-11-29 17:52:05 | Colorado Agency Targeted in Nationwide Ransomware Scheme (lien direct) | No money was paid and no information was lost during a ransomware cyberattack that exploited a cloud-based vulnerability in the Colorado Department of Transportation's computer network last spring, officials said Wednesday. | Ransomware Vulnerability | ★★★★ | |
|
2018-11-29 17:08:02 | Cisco Patches SQL Injection Flaw in Prime License Manager (lien direct) | Cisco has fixed a vulnerability in the web framework code of Cisco Prime License Manager that could allow an attacker to execute arbitrary SQL queries. | Vulnerability | ||
|
2018-11-27 16:31:01 | Cisco Releases Second Patch for Webex Meetings Vulnerability (lien direct) | Cisco has released a new round of patches for a potentially serious Webex vulnerability first addressed one month ago. | Vulnerability | ★★★★ | |
|
2018-11-23 13:55:05 | (Déjà vu) VMware Patches Workstation Flaw Disclosed at Hacking Contest (lien direct) | VMware Fixes Vulnerability That Earned Researcher $100,000 at Hacking Contest VMware has patched a critical Workstation and Fusion vulnerability disclosed recently by a researcher at a hacking competition in China. | Vulnerability | ||
|
2018-11-20 16:14:01 | Flash Player Update Patches Disclosed Code Execution Flaw (lien direct) | Security updates released on Tuesday by Adobe for Flash Player address a critical vulnerability whose details were disclosed a few days earlier. | Vulnerability | ||
|
2018-11-16 15:05:04 | Many ATMs Can be Hacked in Minutes: Report (lien direct) | Many automated teller machines (ATMs) lack adequate security mechanisms and can be compromised in minutes using various methods, according to a new report from vulnerability assessment firm Positive Technologies. | Vulnerability | ||
|
2018-11-13 21:47:00 | Microsoft Patches Actively Exploited Windows Vulnerability (lien direct) | Microsoft's Patch Tuesday updates for November 2018 address more than 60 vulnerabilities, including zero-days and publicly disclosed flaws. | Vulnerability | ||
|
2018-11-13 20:08:02 | (Déjà vu) Adobe Patches Disclosed Acrobat Vulnerability (lien direct) | Adobe has released Patch Tuesday updates for Flash Player, Acrobat and Reader, and Photoshop CC to address three vulnerabilities – one in each product. | Vulnerability | ||
|
2018-11-13 19:30:01 | SAP Patches Critical Vulnerability in HANA Streaming Analytics (lien direct) | SAP this week published its November 2018 set of security patches, which include 11 new Security Patch Day Notes, along with 3 updates for previously released notes. | Vulnerability | ||
|
2018-11-09 15:21:02 | VMware Patches VM Escape Flaw Disclosed at Chinese Hacking Contest (lien direct) | VMware informed customers on Friday that patches are available for a critical virtual machine (VM) escape vulnerability disclosed recently by a researcher at the GeekPwn2018 hacking competition. | Vulnerability | ||
|
2018-11-09 06:16:04 | Adobe ColdFusion Vulnerability Exploited in the Wild (lien direct) | A recently patched remote code execution vulnerability affecting the Adobe ColdFusion web application development platform has been exploited in the wild by one or more threat groups, Volexity warned on Thursday. | Vulnerability Threat | ||
|
2018-11-08 14:34:01 | DJI Drone Vulnerability Exposed Customer Data, Flight Logs, Photos and Videos (lien direct) | Vulnerability Exposed DJI Customer Data and Drone Flight Logs, Photos and Videos Generated During Drone Flights | Vulnerability | ★★★ | |
|
2018-11-07 15:23:05 | Evernote Flaw Allows Hackers to Steal Files, Execute Commands (lien direct) | A serious cross-site scripting (XSS) vulnerability discovered in the Evernote application for Windows can be exploited to steal files and execute arbitrary commands. | Vulnerability | ||
|
2018-11-07 10:31:01 | Researcher Drops Oracle VirtualBox Zero-Day (lien direct) | A researcher has disclosed the details of a zero-day vulnerability affecting Oracle's VirtualBox virtualization software. The flaw appears serious as exploitation can allow a guest-to-host escape. | Vulnerability | ||
|
2018-11-02 14:23:04 | Sauter Quickly Patches Flaw in Building Automation Software (lien direct) | A serious vulnerability that allows an attacker to steal files from an affected system has been found by a researcher in a building automation product from Swiss-based Fr. Sauter AG. It took the vendor only 10 days to release a patch. | Vulnerability | ||
|
2018-11-01 06:20:00 | Cisco Warns of Zero-Day Vulnerability in Security Appliances (lien direct) | Cisco informed customers on Wednesday that some of its security appliances are affected by a serious vulnerability that has been actively exploited. | Vulnerability | ||
|
2018-10-29 15:26:05 | X.Org Flaw Exposes Unix-Like OSes to Attacks (lien direct) | Several Unix-like operating systems are affected by a potentially serious X.Org vulnerability that can be exploited for privilege escalation and arbitrary code execution. X.Org is a popular open source implementation of the X Windows System (also known as X11, X or X-Windows), the graphical windowing system used by BSD and Linux operating systems. | Vulnerability | ||
|
2018-10-25 14:23:03 | Researchers Find Command Injection Flaw in Cisco WebEx (lien direct) | Cisco's WebEx software is affected by a serious vulnerability that can be exploited to execute arbitrary commands with elevated privileges. | Vulnerability | ||
|
2018-10-24 18:40:05 | Exploit for New Windows Zero-Day Published on Twitter (lien direct) | A new zero-day vulnerability in Windows was made public on Twitter by the same researcher who published an exploit for a bug in the Windows Task Scheduler at the end of August. | Vulnerability | ||
|
2018-10-22 19:24:02 | Cisco, F5 Networks Investigate libssh Vulnerability Impact (lien direct) | Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations. | Vulnerability | ||
|
2018-10-22 18:40:01 | Flaw in Media Library Impacts VLC, Other Software (lien direct) | A serious vulnerability in the LIVE555 Streaming Media RTSP server affects popular applications, including VLC, MPlayer and others, Cisco Talos has discovered. | Vulnerability | ||
|
2018-10-22 16:35:03 | Recent Branch.io Patch Creates New XSS Flaw (lien direct) | The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week. | Vulnerability | ||
|
2018-10-19 18:09:04 | 0-Day in jQuery Plugin Impacts Thousands of Applications (lien direct) | Thousands of projects are possibly impacted by a jQuery File Upload plugin vulnerability that has been actively exploited in the wild, a security researcher has discovered. | Vulnerability | ||
|
2018-10-18 05:37:03 | Tumblr Vulnerability Exposed User Account Information (lien direct) | Tumblr on Wednesday disclosed a vulnerability that could have been exploited to obtain user account information, including email addresses and protected passwords. | Vulnerability | ||
|
2018-10-17 20:12:04 | Libssh Vulnerability Exposes Servers to Attacks (lien direct) | Servers using libssh to implement the Secure Shell (SSH) remote login protocol may be vulnerable to attacks due to the existence of an authentication bypass flaw discovered recently by a researcher. | Vulnerability | ||
|
2018-10-17 05:04:05 | (Déjà vu) VMware Patches Code Execution Flaw in Virtual Graphics Card (lien direct) | VMware has patched a critical arbitrary code execution vulnerability in the SVGA virtual graphics card used by its Workstation, ESXi and Fusion products. | Vulnerability | ||
|
2018-10-15 16:29:01 | Microsoft Incompletely Patches JET Database Vulnerability (lien direct) | An out-of-bounds (OOB) write bug in the Microsoft JET Database Engine that could be exploited for remote code execution has been incompletely addressed with the latest Patch Tuesday security updates, 0patch says. | Vulnerability | ||
|
2018-10-15 05:13:05 | Branch.io Flaws Exposed Tinder, Shopify, Yelp Users to XSS Attacks (lien direct) | Hundreds of millions of users may have been exposed to cross-site scripting (XSS) attacks due to a vulnerability present in Branch.io, a service used by Tinder, Shopify, Yelp and many others. | Vulnerability | ||
|
2018-10-10 13:37:05 | SAP Patches Critical Vulnerability in BusinessObjects (lien direct) | This week, SAP released its October 2018 set of patches, which includes the first Hot News security note for SAP BusinessObjects in over five years. | Vulnerability | ||
|
2018-10-09 17:37:00 | Apple Patches Passcode Bypass in iOS (lien direct) | Apple on Monday released patches for iOS devices to address a recently disclosed vulnerability that could result in | Vulnerability | ||
|
2018-10-01 12:51:05 | Telegram Leaks User IP Addresses (lien direct) | A vulnerability in Telegram Desktop results in the end-user public and private IP addresses being leaked during a call, a security researcher has discovered. | Vulnerability | ||
|
2018-09-26 13:01:02 | Researchers See Improvements in Vehicle Cybersecurity (lien direct) | Data from vulnerability assessments conducted by security consulting firm IOActive in the past years shows some improvements in vehicle cybersecurity. | Vulnerability | ||
|
2018-09-26 10:25:03 | Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian (lien direct) | Qualys has disclosed the details of an integer overflow vulnerability in the Linux kernel that can be exploited by a local attacker for privilege escalation. The flaw, dubbed “Mutagen Astronomy,” affects certain versions of the Red Hat, CentOS and Debian distributions. | Vulnerability | ||
|
2018-09-25 17:41:04 | (Déjà vu) Third-Party Patch Available for Microsoft JET Database Zero-Day (lien direct) | An unofficial patch is already available for the unpatched Microsoft JET Database Engine vulnerability that Trend Micro's Zero Day Initiative (ZDI) made public last week. | Vulnerability | ||
|
2018-09-24 10:53:02 | Cisco Removes Default Password From Video Surveillance Manager (lien direct) | A critical vulnerability recently patched in the Cisco Video Surveillance Manager (VSM) could allow an unauthenticated attacker to log in as root. | Vulnerability | ||
|
2018-09-21 16:14:01 | ZDI Shares Details of Microsoft JET Database Zero-Day (lien direct) | Trend Micro's Zero Day Initiative (ZDI) on Thursday made public details on a vulnerability impacting the Microsoft JET Database Engine, although a patch isn't yet available for it. | Vulnerability | ||
|
2018-09-19 12:56:02 | Privacy Protection Means Encryption at the Application Layer (lien direct) | Comprehensive Data Security Measures Should Include a Formal Process for Application Security and Vulnerability Assessment | Vulnerability | ||
|
2018-09-18 14:42:03 | Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras (lien direct) | A critical vulnerability in NUUO software could allow attackers to remotely view video feeds and tamper with the recordings of hundreds of thousands of surveillance cameras, Tenable reveals. | Vulnerability |
To see everything:
Our RSS (filtrered)
