Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-06-17 12:00:51 |
Exploited Vulnerability Patched in WordPress Plugin With Over 1 Million Installations (lien direct) |
More than one million WordPress websites were potentially impacted by a critical Ninja Forms plugin vulnerability that appears to have been exploited in the wild.
With over one million installations, the popular Ninja Forms plugin helps administrators add customizable forms to their WordPress sites.
|
Vulnerability
|
|
|
|
2022-06-16 13:18:51 |
Cisco Patches Critical Vulnerability in Email Security Appliance (lien direct) |
Cisco on Wednesday announced patches for a critical vulnerability affecting its Email Security Appliance (ESA) and Secure Email and Web Manager products.
|
Vulnerability
|
|
|
|
2022-06-15 13:52:14 |
Critical Code Execution Vulnerability Patched in Splunk Enterprise (lien direct) |
Splunk this week announced the release of out-of-band patches that address multiple vulnerabilities across Splunk Enterprise, including a critical issue that could lead to arbitrary code execution.
|
Vulnerability
Guideline
|
|
★★★
|
|
2022-06-15 10:32:34 |
Attackers Can Exploit Critical Citrix ADM Vulnerability to Reset Admin Passwords (lien direct) |
Citrix on Tuesday warned of a critical vulnerability in Citrix Application Delivery Management (ADM) that could essentially allow an unauthenticated attacker to log in as administrator.
|
Vulnerability
|
|
|
|
2022-06-14 18:38:33 |
Windows Updates Patch Actively Exploited \'Follina\' Vulnerability (lien direct) |
Microsoft has fixed roughly 50 vulnerabilities with its June 2022 Patch Tuesday updates, including the actively exploited flaw known as Follina and CVE-2022-30190.
|
Vulnerability
|
|
|
|
2022-06-13 11:09:48 |
Cybercriminals, State-Sponsored Threat Actors Exploiting Confluence Server Vulnerability (lien direct) |
A recently patched Confluence Server vulnerability is being exploited by multiple cybercrime and state-sponsored threat groups, according to Microsoft.
|
Vulnerability
Threat
|
|
|
|
2022-06-09 13:51:23 |
\'Follina\' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware (lien direct) |
Several malware families are being delivered using the recently disclosed Windows vulnerability identified as Follina and CVE-2022-30190, which remains without an official patch.
|
Malware
Vulnerability
|
|
|
|
2022-06-09 10:42:29 |
Threat Actors Start Exploiting Meeting Owl Pro Vulnerability Days After Disclosure (lien direct) |
Threat actors have already started exploiting a severe vulnerability that Owl Labs addressed in its video conferencing devices earlier this week.
|
Vulnerability
|
|
|
|
2022-06-08 11:48:25 |
Owl Labs Patches Severe Vulnerability in Video Conferencing Devices (lien direct) |
Video conferencing company Owl Labs has released patches for a severe vulnerability affecting its Meeting Owl Pro and Whiteboard Owl devices.
Owl Labs' Meeting Owl Pro features a 360° lens camera to offer a panoramic view of the conference room. It offers support for various video conferencing solutions, including Zoom, Skype, and Google Meet.
|
Vulnerability
|
|
|
|
2022-06-06 14:52:15 |
Critical Account Takeover Vulnerability Patched in GitLab Enterprise Edition (lien direct) |
DevOps platform GitLab has announced security updates that resolve multiple vulnerabilities, including a critical-severity bug leading to account takeover.
|
Vulnerability
Guideline
|
|
|
|
2022-06-06 10:53:20 |
Critical U-Boot Vulnerability Allows Rooting of Embedded Systems (lien direct) |
A critical vulnerability in the U-Boot boot loader could be exploited to write arbitrary data, which can allow an attacker to root Linux-based embedded systems, according to NCC Group.
|
Vulnerability
|
|
|
|
2022-06-06 10:02:46 |
Atlassian Patches Confluence Zero-Day as Exploitation Attempts Surge (lien direct) |
Atlassian informed customers on Friday that it has released patches for the critical Confluence Server vulnerability that has been exploited in attacks. The announcement came just before cybersecurity organizations warned that exploitation attempts have spiked.
|
Vulnerability
|
|
|
|
2022-06-03 10:00:06 |
Atlassian Confluence Servers Hacked via Zero-Day Vulnerability (lien direct) |
Atlassian scrambling to patch Confluence Server zero-day exploited by multiple threat groups
Atlassian customers have been warned that hackers are exploiting a Confluence Server zero-day vulnerability. The flaw is currently unpatched and it appears to have been exploited by multiple threat groups.
|
Vulnerability
Threat
|
|
|
|
2022-06-02 15:00:17 |
Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks (lien direct) |
Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.
|
Vulnerability
|
|
|
|
2022-06-01 14:56:36 |
Unpatched Vulnerability Exposes Horde Webmail Servers to Attacks (lien direct) |
The Horde webmail software is affected by a serious vulnerability that can be exploited to gain complete access to an organization's emails.
|
Vulnerability
|
|
★★★
|
|
2022-06-01 10:21:24 |
Chinese Threat Actors Exploiting \'Follina\' Vulnerability (lien direct) |
The Windows zero-day vulnerability identified as Follina and CVE-2022-30190 is being exploited in an increasing number of attacks, including by a Chinese APT group.
|
Vulnerability
Threat
|
|
|
|
2022-05-31 10:25:25 |
Microsoft Confirms Exploitation of \'Follina\' Zero-Day Vulnerability (lien direct) |
Microsoft has confirmed that Windows is affected by a zero-day vulnerability after researchers warned of exploitation in the wild.
|
Vulnerability
|
|
|
|
2022-05-30 11:10:12 |
Document Exploiting New Microsoft Office Zero-Day Seen in the Wild (lien direct) |
Cybersecurity researchers have issued a warning after spotting what appears to be a new Microsoft Office zero-day vulnerability that may have been exploited in the wild.
|
Vulnerability
|
|
|
|
2022-05-27 18:15:33 |
Exploitation of VMware Vulnerability Imminent Following Release of PoC (lien direct) |
When VMware announced patches for a critical vulnerability on May 18, users were warned that exploitation in the wild would likely start soon, and now a proof-of-concept (PoC) exploit targeting the flaw has been made public.
|
Vulnerability
|
|
|
|
2022-05-26 13:04:32 |
QCT Servers Affected by \'Pantsdown\' BMC Vulnerability (lien direct) |
Servers made by Quanta Cloud Technology (QCT) are affected by the baseboard management controller (BMC) vulnerability known as CVE-2019-6260 and “Pantsdown.”
|
Vulnerability
|
|
|
|
2022-05-25 10:05:50 |
Trend Micro Patches Vulnerability Exploited by Chinese Cyberspies (lien direct) |
Cybersecurity company Trend Micro has updated one of its products to patch a vulnerability that has been exploited by a threat actor linked to China.
|
Vulnerability
Threat
|
|
|
|
2022-05-23 10:23:44 |
Cisco Warns of Exploitation Attempts Targeting New IOS XR Vulnerability (lien direct) |
Cisco informed customers on Friday that it's aware of in-the-wild exploitation attempts targeting a new vulnerability affecting its IOS XR software.
|
Vulnerability
|
|
|
|
2022-05-18 08:38:10 |
Large-Scale Attack Targeting Tatsu Builder WordPress Plugin (lien direct) |
Tens of thousands of WordPress websites are potentially at risk of compromise as part of an ongoing large-scale attack targeting a remote code execution vulnerability in the Tatsu Builder plugin.
|
Vulnerability
|
|
|
|
2022-05-16 12:52:02 |
\'Sysrv\' Botnet Targeting Recent Spring Cloud Gateway Vulnerability (lien direct) |
A new variant of the Sysrv botnet has added a recent Spring Cloud Gateway vulnerability to its exploit portfolio, Microsoft warns.
The Sysrv botnet has been active since at least late 2020, looking to exploit known security bugs in access interfaces in order to compromise Windows and Linux systems and install a Monero cryptominer on them.
|
Vulnerability
|
|
★★
|
|
2022-05-16 12:05:07 |
SonicWall Patches Unauthorized Access Vulnerability in SMA Appliances (lien direct) |
SonicWall has released patches for multiple vulnerabilities in its Secure Mobile Access (SMA) series appliances, including a high-severity issue that could lead to unauthorized access.
|
Vulnerability
Guideline
|
|
★★★★
|
|
2022-05-16 11:16:20 |
(Déjà vu) CISA Removes Windows Vulnerability From \'Must-Patch\' List Due to Buggy Update (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) has temporarily removed a Windows flaw from its Known Exploited Vulnerabilities Catalog after it was informed by Microsoft that a recent update can cause problems on some types of systems.
|
Vulnerability
|
|
|
|
2022-05-16 10:05:34 |
Zyxel Firewall Vulnerability Exploitation Attempts Seen One Day After Disclosure (lien direct) |
Exploitation attempts targeting a recently disclosed vulnerability affecting Zyxel firewalls started just one day after the flaw's existence came to light.
|
Vulnerability
|
|
|
|
2022-05-13 15:11:38 |
Hackers Can Make Siemens Building Automation Controllers \'Unavailable for Days\' (lien direct) |
A vulnerability affecting building automation controllers from Siemens can be exploited to disrupt a device for an extended period of time, according to OT and IoT cybersecurity firm Nozomi Networks.
|
Vulnerability
|
|
|
|
2022-05-13 12:41:23 |
Critical Vulnerability Allows Remote Hacking of Zyxel Firewalls (lien direct) |
Thousands of Zyxel firewalls could be vulnerable to remote attacks due to a vulnerability discovered recently by cybersecurity firm Rapid7. The vendor was quick to release a patch, but it did not immediately inform customers about it.
|
Vulnerability
|
|
|
|
2022-05-11 11:17:40 |
SAP Patches Spring4Shell Vulnerability in More Products (lien direct) |
As part of its May 2022 Security Patch Day, SAP announced on Tuesday the release of eight new and four updated security notes, including three that address the recent Spring4Shell vulnerability in more products.
|
Vulnerability
|
|
★★★
|
|
2022-05-11 10:49:16 |
Critical Vulnerability Exploited to \'Destroy\' BIG-IP Appliances (lien direct) |
The recently patched F5 BIG-IP vulnerability tracked as CVE-2022-1388 is being increasingly exploited by threat actors, including to “destroy” affected appliances.
|
Vulnerability
Threat
|
|
★★★
|
|
2022-05-10 17:22:14 |
Microsoft Azure Vulnerability Allowed Code Execution, Data Theft (lien direct) |
Microsoft on Monday shared information on patches and mitigations for a vulnerability impacting Azure Data Factory and Azure Synapse Pipelines.
|
Vulnerability
|
|
★★★★
|
|
2022-05-10 11:26:52 |
Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability (lien direct) |
Indicators of compromise (IoCs) and other resources have been released to help defenders deal with the actively exploited F5 BIG-IP vulnerability tracked as CVE-2022-1388.
|
Vulnerability
|
|
★★★★
|
|
2022-05-10 10:51:50 |
QNAP Patches Critical Vulnerability in Network Surveillance Products (lien direct) |
Taiwanese network-attached storage (NAS) solutions provider QNAP Systems on Friday announced patches for a critical vulnerability impacting some of its network surveillance products.
|
Vulnerability
|
|
★★★
|
|
2022-05-09 11:32:32 |
RubyGems Fixes Critical Gem Takeover Vulnerability (lien direct) |
RubyGems has addressed a critical vulnerability that could have allowed any RubyGems.org user to remove and replace certain Ruby gems.
A package hosting service for the Ruby programming language, RubyGems.org hosts more than 170,000 gems. RubyGems also functions as a package manager.
|
Vulnerability
|
|
★★
|
|
2022-05-09 11:06:56 |
F5 BIG-IP in Attacker Crosshairs Following Disclosure of Critical Vulnerability (lien direct) |
Organizations using F5's BIG-IP application delivery controllers are advised to immediately update their systems as a recently patched vulnerability is already being exploited in the wild.
|
Vulnerability
|
|
★★★★
|
|
2022-05-04 10:37:29 |
Vulnerabilities Allow Hijacking of Most Ransomware to Prevent File Encryption (lien direct) |
A researcher has shown how a type of vulnerability affecting many ransomware families can be exploited to control the malware and terminate it before it can encrypt files on compromised systems.
|
Ransomware
Malware
Vulnerability
|
|
|
|
2022-05-03 13:27:38 |
DoD Announces Results of Vulnerability Disclosure Program for Defense Contractors (lien direct) |
The US Department of Defense (DoD) on Monday announced the conclusion of a 12-month pilot Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP) aimed at finding flaws in contractor networks.
|
Vulnerability
|
|
|
|
2022-05-03 12:46:32 |
Many IoT Devices Exposed to Attacks Due to Unpatched Flaw in uClibc Library (lien direct) |
Nozomi Networks, a firm specialized in securing operational technology (OT) and IoT systems, has disclosed a potentially serious vulnerability affecting a C standard library used by several major companies.
|
Vulnerability
|
|
|
|
2022-04-29 12:06:05 |
Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability (lien direct) |
Rapid7 security researchers have identified 2,000 internet-exposed Linux servers that appear to be impacted by a Redis vulnerability that has been exploited in attacks.
|
Vulnerability
|
|
|
|
2022-04-26 10:41:14 |
Organizations Warned of Attacks Exploiting WSO2 Vulnerability (lien direct) |
Products made by enterprise software development solutions provider WSO2 are affected by a critical vulnerability that has been exploited in the wild.
According to WSO2's website, its products are used by many major companies worldwide, including Fortune 500 firms, which could all be at risk.
|
Vulnerability
|
|
|
|
2022-04-25 11:27:42 |
Atlassian Patches Critical Authentication Bypass Vulnerability in Jira (lien direct) |
Atlassian last week announced that its popular issue and project tracking software Jira is affected by a critical vulnerability, and advised customers to take action.
|
Vulnerability
|
|
|
|
2022-04-22 11:07:48 |
Unpatched Vulnerability Allows Hackers to Steal Emails of RainLoop Users (lien direct) |
An unpatched vulnerability affecting the RainLoop webmail client can be exploited to hijack a user's session and steal their emails, according to application security firm Sonar.
|
Vulnerability
|
|
|
|
2022-04-21 12:29:53 |
Cisco Patches Virtual Conference Software Vulnerability Reported by NSA (lien direct) |
Cisco on Wednesday announced the release of patches for several high-severity vulnerabilities in its products, including a bug reported by the National Security Agency (NSA).
|
Vulnerability
|
|
|
|
2022-04-20 13:25:42 |
(Déjà vu) Organizations Warned of Attacks Exploiting Recently Patched Windows Vulnerability (lien direct) |
The US Cybersecurity and Infrastructure Security Agency (CISA) says a recently patched Windows Print Spooler vulnerability has been exploited in attacks.
|
Vulnerability
|
|
|
|
2022-04-14 14:04:44 |
Critical Vulnerability in Elementor Plugin Impacts Millions of WordPress Sites (lien direct) |
A critical vulnerability addressed in the Elementor WordPress plugin could allow authenticated users to upload arbitrary files to affected websites, potentially leading to code execution.
Elementor is a drag-and-drop website builder for WordPress that has more than 5 million installations.
|
Vulnerability
Guideline
|
|
|
|
2022-04-14 11:41:42 |
Cisco Patches Critical Vulnerability in Wireless LAN Controller (lien direct) |
Cisco announced on Wednesday that updates released for its Wireless LAN Controller (WLC) software address a critical vulnerability that could allow an attacker to bypass authentication.
|
Vulnerability
|
|
|
|
2022-04-13 10:11:55 |
SAP Releases Patches for Spring4Shell Vulnerability (lien direct) |
German software maker SAP announced on Tuesday that more than 30 new and updated security notes were released on its April 2022 Security Patch Day, including notes that deal with the Spring4Shell vulnerability.
|
Vulnerability
|
|
|
|
2022-04-12 14:10:19 |
Amazon RDS Vulnerability Led to Exposure of Credentials (lien direct) |
Amazon Web Services (AWS) on Monday announced that it recently addressed a vulnerability in Amazon Relational Database Service (RDS) that could lead to the exposure of internal credentials.
|
Vulnerability
Guideline
|
|
|
|
2022-04-12 10:45:14 |
CISA Tells Orgs to Patch WatchGuard Flaw Exploited for Months Before Disclosure (lien direct) |
The Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to patch a WatchGuard firewall vulnerability exploited in attacks linked to a Russian state-sponsored threat actor. While the US government has known about the exploitation of this flaw for several months, federal agencies are apparently only now being told to patch it.
|
Vulnerability
Threat
|
|
|