What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-30 11:42:24 | La vulnérabilité du cloud Microsoft a conduit à un détournement de recherche Bing, à l'exposition des données Office 365 [Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data] (lien direct) | > Une erreur de configuration Azure Active Directory (AAD) menant à Bing.com a obtenu les chercheurs WIZ a gagné une récompense de prime de bogue de 40 000 $.
>An Azure Active Directory (AAD) misconfiguration leading to Bing.com compromise earned Wiz researchers a $40,000 bug bounty reward. |
Vulnerability Cloud | ★★★★ | |
|
2023-03-30 11:05:12 | 3CX confirme l'attaque de la chaîne d'approvisionnement alors que les chercheurs découvrent le composant Mac [3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component] (lien direct) | > 3CX confirme enquêter sur une violation de sécurité, car la communauté de la cybersécurité partage plus d'informations sur ce qui semble être une attaque sophistiquée en chaîne d'approvisionnement.
>3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack. |
Vulnerability | ★★★ | |
|
2023-03-20 11:53:33 | Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm (lien direct) | >Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra's GoAnywhere solution. | Ransomware Data Breach Vulnerability | ★★ | |
|
2023-03-14 11:24:28 | Fortinet Finds Zero-Day Exploit in Government Attacks After Devices Detect Integrity Breach (lien direct) | Fortinet says recently patched FortiOS vulnerability was exploited in sophisticated attacks targeting government entities. | Vulnerability | ★★★ | |
|
2023-03-13 14:32:01 | CISA Warns of Plex Vulnerability Linked to LastPass Hack (lien direct) | >CISA has added vulnerabilities in Plex Media Server and VMware NSX-V to its Known Exploited Vulnerabilities catalog. | Hack Vulnerability | LastPass LastPass | ★★★ |
|
2023-03-09 14:45:12 | Vulnerability Exposes Cisco Enterprise Routers to Disruptive Attacks (lien direct) | >Cisco has released patches for a high-severity DoS vulnerability in IOS XR software for several enterprise-grade routers. | Vulnerability | ★★★ | |
|
2023-03-07 11:53:23 | Exploitation of Bitrix CMS Vulnerability Drives ICS Attack Surge in Russia (lien direct) | >Kaspersky has seen a surge in attacks on ICS computers in Russia and blames it on the exploitation of a Bitrix CMS vulnerability tracked as CVE-2022-27228. | Vulnerability | ★★ | |
|
2023-02-28 11:41:25 | Vulnerability in Popular Real Estate Theme Exploited to Hack WordPress Websites (lien direct) | A critical vulnerability in the Houzez premium WordPress theme and plugin has been exploited in the wild. | Hack Vulnerability | ★★★ | |
|
2023-02-22 13:30:01 | R1Soft Server Backup Manager Vulnerability Exploited to Deploy Backdoor (lien direct) | Hackers have been exploiting a vulnerability tracked as CVE-2022-36537 to hack hundreds of R1Soft servers. | Hack Vulnerability | ★★★ | |
|
2023-02-16 09:36:01 | Surge in ESXiArgs Ransomware Attacks as Questions Linger Over Exploited Vulnerability (lien direct) | >Hundreds of new servers were compromised in the past days as part of ESXiArgs ransomware attacks, but it's still unclear which vulnerability is being exploited. | Ransomware Vulnerability | ★★ | |
|
2023-02-14 11:42:35 | GoAnywhere Zero-Day Attack Victims Start Disclosing Significant Impact (lien direct) | >Organizations hit by exploitation of the GoAnywhere MFT zero-day vulnerability CVE-2023-0669 have started coming forward. | Vulnerability | ★★ | |
|
2023-02-09 11:00:00 | ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware (lien direct) | >There have been some new developments in the case of the ESXiArgs ransomware attacks, including related to the encryption method used by the malware, victims, and the vulnerability exploited by the hackers. After the US Cybersecurity and Infrastructure Security Agency (CISA) announced the availability of an open source tool designed to help some victims of […] | Ransomware Malware Tool Vulnerability | ★★★ | |
|
2023-02-06 10:30:00 | Many VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability (lien direct) | >Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021. | Ransomware Vulnerability | ★★ | |
|
2023-02-02 15:10:19 | F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution (lien direct) | >A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code. | Vulnerability | ★★★ | |
|
2023-01-30 11:34:58 | Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability (lien direct) | >A researcher has disclosed the details of a 2FA bypass vulnerability affecting Instagram and Facebook. | Vulnerability | ★★★ | |
|
2023-01-20 14:29:45 | In-the-Wild Exploitation of Recent ManageEngine Vulnerability Commences (lien direct) | Cloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. | Vulnerability Threat | ★★ | |
|
2023-01-13 11:21:01 | Fortinet Says Recently Patched Vulnerability Exploited to Hack Governments (lien direct) | Fortinet reported this week that a recently patched vulnerability tracked as CVE-2022-42475 has been exploited in highly targeted attacks aimed at government organizations. The security hole impacts the FortiOS SSL-VPN and it can allow a remote, unauthenticated hacker to execute arbitrary code or commands using specially crafted requests. | Hack Vulnerability | ★★★ | |
|
2023-01-12 11:16:48 | Recently Disclosed Vulnerability Exploited to Hack Hundreds of SugarCRM Servers (lien direct) | Exploitation of a critical vulnerability affecting the widely used SugarCRM customer relationship management system was seen just days after someone made public an exploit. | Hack Vulnerability | ★★ | |
|
2023-01-05 15:55:19 | Zoho Urges ManageEngine Users to Patch Serious SQL Injection Vulnerability (lien direct) | Zoho this week announced patches for a high-severity SQL injection vulnerability in ManageEngine Password Manager Pro, PAM360, and Access Manager Plus. ManageEngine is an enterprise software solution offering management capabilities for endpoints, enterprise services, identity and access, IT operations, and security information and events. | Vulnerability | ★★ | |
|
2022-12-14 16:19:14 | Google Announces Vulnerability Scanner for Open Source Developers (lien direct) | Google this week announced OSV-Scanner, a free scanner that open source developers can use to receive vulnerability details relevant to their projects. The high number of dependencies that software projects rely on increases the risk of falling victim to a supply chain attack or to the exploitation of unknown vulnerabilities. | Vulnerability | ★ | |
|
2022-11-29 12:02:35 | Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability (lien direct) | Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products. | Vulnerability | ★★★ | |
|
2022-11-18 12:06:24 | Omron PLC Vulnerability Exploited by Sophisticated ICS Malware (lien direct) | A critical vulnerability has not received the attention it deserves | Malware Vulnerability | ||
|
2022-11-17 09:39:05 | Magento Vulnerability Increasingly Exploited to Hack Online Stores (lien direct) | E-commerce malware and vulnerability detection firm Sansec warns of a surge in cyberattacks targeting CVE-2022-24086, a critical mail template vulnerability affecting Adobe Commerce and Magento stores. | Malware Hack Vulnerability | ||
|
2022-11-16 10:54:15 | Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers (lien direct) | A team of researchers from the University of Michigan, University of Pennsylvania and NASA have identified a potentially serious vulnerability in networking technology used in spacecraft, aircraft, and industrial control systems. | Hack Vulnerability | ||
|
2022-11-15 15:07:54 | Zendesk Vulnerability Could Have Given Hackers Access to Customer Data (lien direct) | An SQL injection vulnerability in Zendesk Explore could have allowed a threat actor to leak Zendesk customer account information, data security firm Varonis reports. Zendesk Explore is the analytics and reporting service of Zendesk, a popular customer support software-as-a-service solution. | Vulnerability Threat | ||
|
2022-11-14 13:52:06 | Aiphone Intercom System Vulnerability Allows Hackers to Open Doors (lien direct) | A vulnerability in Aiphone intercom products allows attackers to breach the entry system and gain access to the building that uses it. Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. | Vulnerability | ||
|
2022-11-11 12:18:29 | Google Pays $70k for Android Lock Screen Bypass (lien direct) | Google recently handed out a $70,000 bug bounty reward for an Android vulnerability leading to lock screen bypass, security researcher David Schutz says. | Vulnerability Guideline | ||
|
2022-11-10 11:30:18 | ABB Oil and Gas Flow Computer Hack Can Prevent Utilities From Billing Customers (lien direct) | Oil and gas flow computers and remote controllers made by Swiss industrial technology firm ABB are affected by a serious vulnerability that could allow hackers to cause disruptions and prevent utilities from billing their customers, according to industrial cybersecurity firm Claroty. | Hack Vulnerability | ||
|
2022-10-21 10:28:32 | CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a Linux kernel flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to address it within three weeks. | Malware Vulnerability | ||
|
2022-10-11 10:36:13 | Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack (lien direct) | Fortinet has confirmed that the critical vulnerability whose existence came to light last week is a zero-day flaw that has been exploited in at least one attack. | Vulnerability | ||
|
2022-10-04 15:14:58 | Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack (lien direct) | Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community. | Vulnerability | ||
|
2022-09-12 11:34:17 | Vulnerability in BackupBuddy Plugin Exploited to Hack WordPress Sites (lien direct) | A recently resolved vulnerability in the BackupBuddy WordPress plugin has been exploited in malicious attacks since late August, Defiant's Wordfence team warns. | Hack Vulnerability | ||
|
2022-08-30 11:20:14 | Google Launches Bug Bounty Program for Open Source Projects (lien direct) | Google today introduced a new bug bounty program to reward security researchers who discover and report vulnerabilities in the company's open source projects. As part of the new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337. The lowest vulnerability reward will be $100. | Vulnerability | ||
|
2022-08-19 14:55:07 | Ring Camera Recordings Exposed Due to Vulnerability in Android App (lien direct) | A vulnerability patched recently by Amazon in the Android app for its Ring surveillance cameras exposed user data and video recordings, according to cybersecurity firm Checkmarx, whose researchers identified the flaw. | Vulnerability | ||
|
2022-08-15 11:48:00 | Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities (lien direct) | Google is once again boosting the maximum bounty payouts for Linux vulnerabilities reported as part of its open-source Kubernetes-based capture-the-flag (CTF) vulnerability rewards program (VRP). | Vulnerability | Uber | |
|
2022-08-12 10:43:09 | Zero-Day Vulnerability Exploited to Hack Over 1,000 Zimbra Email Servers (lien direct) | A new zero-day vulnerability affecting Zimbra has been exploited to hack more than 1,000 enterprise email servers, according to incident response firm Volexity. | Hack Vulnerability | ||
|
2022-08-11 17:44:56 | Cisco Patches High-Severity Vulnerability in Security Solutions (lien direct) | Cisco this week announced the release of patches for a high-severity vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow an unauthenticated attacker to leak an RSA private key. | Vulnerability Threat | ||
|
2022-08-11 10:58:37 | Palo Alto Networks Firewalls Targeted for Reflected, Amplified DDoS Attack (lien direct) | Palo Alto Networks is working on fixes for a reflected amplification denial-of-service (DoS) vulnerability that impacts PAN-OS, the platform powering its next-gen firewalls. | Vulnerability | ||
|
2022-08-09 18:08:36 | Already Exploited Zero-Day Headlines Microsoft Patch Tuesday (lien direct) | Microsoft on Tuesday released a critical-severity bulletin to warn of a newly discovered zero-day attack exploiting a remote code execution vulnerability in its flagship Windows operating system. | Vulnerability | ||
|
2022-08-06 10:11:49 | Twitter Breach Exposed Anonymous Account Owners (lien direct) | A vulnerability in Twitter's software that exposed an undetermined number of owners of anonymous accounts to potential identity compromise last year was apparently exploited by a malicious actor, the social media company said Friday. | Vulnerability | ||
|
2022-07-25 10:43:03 | Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak (lien direct) | Atlassian has warned customers that a vulnerability in Questions for Confluence will likely be used in attacks after someone made public a piece of information needed to exploit a recently addressed vulnerability. | Vulnerability | ||
|
2022-07-22 15:30:23 | Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari (lien direct) | A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft's Edge and Apple's Safari web browsers. | Vulnerability | ||
|
2022-07-15 01:26:53 | Log4j Software Flaw \'Endemic,\' New Cyber Safety Panel Says (lien direct) | A computer vulnerability discovered last year in a ubiquitous piece of software is an “endemic” problem that will pose security risks for potentially a decade or more, according to a new cybersecurity panel created by President Joe Biden. | Vulnerability | ||
|
2022-07-07 14:21:31 | OpenSSL Patches Remote Code Execution Vulnerability (lien direct) | OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks. The vulnerability, tracked as CVE-2022-2274, was introduced in OpenSSL 3.0.4 and could potentially allow malicious hackers to launch remote code attacks on unpatched SSL/TLS server side devices. | Vulnerability | ||
|
2022-06-30 11:11:22 | Vulnerability in Amazon Photos Android App Exposed User Information (lien direct) | Cybersecurity firm Checkmarx has published details on a high-severity vulnerability in the Amazon Photos Android application that could have allowed malicious apps to steal an Amazon access token. | Vulnerability | ||
|
2022-06-29 13:57:09 | Azure Service Fabric Vulnerability Can Lead to Cluster Takeover (lien direct) | Microsoft has patched a vulnerability that could allow an attacker with access to an Azure Linux container to escalate privileges and take over the entire cluster. | Vulnerability | ||
|
2022-06-28 16:43:08 | CISA Says \'PwnKit\' Linux Vulnerability Exploited in Attacks (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) says a Linux vulnerability tracked as CVE-2021-4034 and PwnKit has been exploited in attacks. | Vulnerability | ||
|
2022-06-24 13:53:25 | Researchers: It Took Oracle 6 Months to Patch \'Mega\' Vulnerability Affecting Many Systems (lien direct) | Security researchers have published technical details on a critical Fusion Middleware vulnerability that Oracle took six months to patch. | Vulnerability | ||
|
2022-06-24 10:30:56 | US Agencies Warn Organizations of Log4Shell Attacks Against VMware Products (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) and the Coast Guard Cyber Command (CGCYBER) have issued a joint advisory to warn organizations that threat actors continue to exploit the Log4Shell vulnerability in VMware Horizon and Unified Access Gateway (UAG) servers. | Vulnerability Threat | ★★ | |
|
2022-06-22 13:42:57 | SMA Technologies Patches Critical Security Issue in Workload Automation Solution (lien direct) | A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations. Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations. | Vulnerability |
To see everything:
Our RSS (filtrered)
