What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-04-08 12:51:05 | Spring4Shell Vulnerability Exploited by Mirai Botnet (lien direct) | Cybersecurity firm Trend Micro on Friday confirmed some earlier reports that the new Spring4Shell vulnerability has been exploited by the Mirai botnet. Two critical vulnerabilities have been patched recently in the popular Java application development framework Spring: CVE-2022-22965 (aka Spring4Shell and SpringShell) and CVE-2022-22963. | Vulnerability | ||
|
2022-04-06 13:49:47 | Google Doubles Rewards for Nest and Fitbit Vulnerabilities (lien direct) | Google on Tuesday announced that security researchers submitting eligible Google Nest and Fitbit vulnerability reports through its bug bounty program can now receive double the usual bounty payouts. | Vulnerability | ||
|
2022-04-04 10:54:01 | GitLab Patches Critical Account Takeover Vulnerability (lien direct) | DevOps platform GitLab has reset the passwords of some user accounts, after addressing a critical account takeover vulnerability. According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. | Vulnerability | ||
|
2022-04-04 10:41:53 | Vendors Assessing Impact of Spring4Shell Vulnerability (lien direct) | Companies are assessing the impact of the Spring vulnerability dubbed Spring4Shell on their products, and while some vendors have started releasing patches, many have determined that their products do not appear to be affected. | Vulnerability | ||
|
2022-04-01 10:33:30 | Trend Micro Patches Apex Central Zero-Day Exploited in Targeted Attacks (lien direct) | Trend Micro this week announced patches for a high-severity arbitrary file upload vulnerability in Apex Central that has already been exploited in what appear to be targeted attacks. | Vulnerability | ||
|
2022-04-01 10:11:54 | Spring4Shell Exploitation Attempts Confirmed as Patches Are Released (lien direct) | 
The Spring zero-day vulnerability named Spring4Shell (SpringShell) has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
|
Vulnerability | ||
|
2022-03-31 14:40:32 | Cybersecurity Vendors Assessing Impact of Recent OpenSSL Vulnerability (lien direct) | 
|
Vulnerability | ||
|
2022-03-30 10:46:46 | Federal Agencies Instructed to Patch New Chrome Zero-Day (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about an actively exploited zero-day vulnerability in Google's Chrome browser. | Vulnerability | ||
|
2022-03-29 17:52:34 | VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations (lien direct) | VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations. | Vulnerability | ||
|
2022-03-29 12:04:13 | Sophos Warns of Attacks Exploiting Recent Firewall Vulnerability (lien direct) | Sophos on Monday raised the alarm about a recently patched Sophos Firewall vulnerability being exploited in attacks. Impacting the User Portal and Webadmin of Sophos Firewall, the bug is described as an authentication bypass that could lead to remote code execution. | Vulnerability Guideline | ||
|
2022-03-29 10:36:10 | SonicWall Patches Critical Vulnerability in Firewall Appliances (lien direct) | SonicWall has released patches for a critical-severity vulnerability in the web management interface of multiple firewall appliances. Tracked as CVE-2022-22274 (CVSS score of 9.4), the security flaw is described as a stack-based buffer overflow bug that impacts SonicOS. | Vulnerability | ||
|
2022-03-28 13:36:26 | Critical Remote Code Execution Vulnerability in Sophos Firewall (lien direct) | Sophos on Friday announced the rollout of urgent patches for a critical authentication bypass vulnerability in the web portal of its Sophos Firewall product. Reported by an external researcher via the Sophos bug bounty program, the vulnerability is tracked as CVE-2022-1040 and impacts Sophos Firewall v18.5 MR3 (18.5.3) and older releases. | Vulnerability | ||
|
2022-03-27 11:58:30 | Google Issues Emergency Fix for Chrome Zero-Day (lien direct) | Google has issued an emergency security update for Chrome 99 to resolve a vulnerability for which a public exploit already exists. | Vulnerability | ||
|
2022-03-24 09:37:12 | Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers (lien direct) | HP this week announced that more than 200 printer models are impacted by a severe remote code execution vulnerability that was exploited by researchers at the Pwn2Own hacking contest last year, where participants earned a total of more than $1 million. | Vulnerability | ||
|
2022-03-16 16:03:13 | Hackuity Emerges From Stealth With $13 Million in Funding (lien direct) | Risk-based vulnerability management platform Hackuity this week emerged from stealth mode with a €12 million (roughly $13.2 million) investment. The Series A funding round was led by Sonae IM and received participation from previous investor Caisse des Dépôts. To date, the company has raised $17.2 million. | Vulnerability | ||
|
2022-03-16 15:45:07 | Google Patches Critical Vulnerability With Chrome 99 Update (lien direct) | A Chrome 99 update released by Google on Tuesday patches a critical vulnerability discovered by one of the company's own researchers. | Vulnerability | ||
|
2022-03-16 12:41:17 | Severe Vulnerability Patched in CRI-O Container Engine for Kubernetes (lien direct) | A severe vulnerability affecting the CRI-O container engine for Kubernetes could be exploited to escape the container and gain root access to the host, CrowdStrike reports. CRI-O is a lightweight container runtime for Kubernetes with support for OCI (Open Container Initiative) compatible runtimes. | Vulnerability | Uber | |
|
2022-03-16 12:21:51 | US Warns About Russian Attacks Exploiting MFA Protocols, PrintNightmare Flaw (lien direct) | The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI on Tuesday warned organizations that Russian state-sponsored threat actors have gained access to networks and systems by exploiting default multi-factor authentication (MFA) protocols and a Windows vulnerability known as PrintNightmare. | Vulnerability Threat | ||
|
2022-03-15 19:15:19 | High-Severity DoS Vulnerability Patched in OpenSSL (lien direct) |
OpenSSL updates announced on Tuesday patch a high-severity denial-of-service (DoS) vulnerability related to certificate parsing.
|
Vulnerability | ||
|
2022-03-09 11:37:06 | Microsoft Warns of Spoofing Vulnerability in Defender for Endpoint (lien direct) | As part of its March 2022 security updates, Microsoft on Tuesday patched a class spoofing vulnerability in Defender for Endpoint and warned of its impact on all platforms. | Vulnerability | ||
|
2022-02-28 14:30:55 | CISA Urges Organizations to Patch Actively Exploited Zimbra XSS Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday announced that it has expanded its Known Exploited Vulnerabilities Catalog with a zero-day recently identified in the Zimbra email platform. | Vulnerability | ||
|
2022-02-24 15:28:56 | NSA Informs Cisco of Vulnerability Exposing Nexus Switches to DoS Attacks (lien direct) | Cisco this week announced the availability of patches for four vulnerabilities in its FXOS and NX-OS network operating systems, including one denial of service bug that was reported by the NSA. | Vulnerability | ||
|
2022-02-21 11:32:36 | Vulnerability in UpdraftPlus Plugin Exposed Millions of WordPress Site Backups (lien direct) | A high-severity vulnerability in the UpdraftPlus WordPress plugin can allow an attacker to obtain website backups that could contain sensitive information. | Vulnerability | ||
|
2022-02-18 10:59:43 | VMware NSX Data Center Flaw Can Expose Virtual Systems to Attacks (lien direct) | Details of Recently Patched VMware NSX Vulnerability Disclosed VMware this week announced the availability of a patch for a high-severity vulnerability affecting the NSX Data Center for vSphere network virtualization product. | Vulnerability | ||
|
2022-02-17 13:32:30 | Malicious Emails Can Crash Cisco Email Security Appliances (lien direct) | Cisco this week informed customers that its Email Security Appliance (ESA) product is affected by a high-severity denial of service (DoS) vulnerability that can be exploited using specially crafted emails. | Vulnerability | ||
|
2022-02-16 14:44:19 | High-Severity Vulnerability Found in Apache Database System Used by Major Firms (lien direct) | Researchers detail code execution vulnerability in Apache Cassandra | Vulnerability | ||
|
2022-02-15 11:16:43 | Google Discovers Attack Exploiting Chrome Zero-Day Vulnerability (lien direct) | Google on Monday announced the release of 11 security patches for Chrome, including one for a vulnerability exploited in the wild. | Vulnerability | ||
|
2022-02-14 16:07:20 | Over 28,000 Vulnerabilities Disclosed in 2021: Report (lien direct) | Risk Based Security on Monday released its vulnerability report for 2021 and revealed that a record-breaking 28,695 flaws were disclosed last year, which represents a significant increase from the 23,269 disclosed in 2020. | Vulnerability | ||
|
2022-02-13 18:01:12 | Adobe Releases Emergency Patch for Exploited Commerce Zero-Day (lien direct) | Adobe released an emergency advisory on Sunday to inform Commerce and Magento users of a critical zero-day vulnerability that has been exploited in attacks. | Vulnerability | ||
|
2022-02-12 12:40:30 | CISA Says \'HiveNightmare\' Windows Vulnerability Exploited in Attacks (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 16 new CVE identifiers to its list of known exploited vulnerabilities, including a Windows flaw that federal agencies are required to patch within two weeks. | Vulnerability | ||
|
2022-02-11 12:29:54 | Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021 (lien direct) | Google this week said it handed out a record $8.7 million in bug bounty payouts in 2021 as part of its Vulnerability Reward Programs (VRPs). A total of 696 researchers from 62 countries received bug bounties. | Vulnerability | ||
|
2022-02-07 22:11:36 | High-Severity Flaw in Argo CD Is Information Leak Risk (lien direct) | A high-severity security vulnerability in Argo CD could allow an attacker to access sensitive information from target applications. | Vulnerability | ||
|
2022-02-07 18:40:14 | New Mexico Lawmakers Propose $45M School Cybersecurity Fund (lien direct) | Lawmakers in New Mexico are considering major investments in cybersecurity, following two serious cyberattacks against school districts in the state just last month, and increased vulnerability of information technology in K-12 schools nationally. | Vulnerability | ||
|
2022-02-07 11:06:55 | CISA Urges Organizations to Patch Exploited Windows Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of vulnerabilities known to be exploited in malicious attacks with a recently addressed Windows zero-day flaw. | Vulnerability | ||
|
2022-02-02 12:06:33 | (Déjà vu) Cloudflare Launches Public Bug Bounty Program (lien direct) | Web performance and security services provider Cloudflare this week announced that its bug bounty program is now open to all vulnerability hunters on HackerOne. | Vulnerability | ★★★★ | |
|
2022-02-02 11:03:14 | ESET Patches High-Severity Vulnerability in Windows Applications (lien direct) | Antivirus firm ESET on Monday announced patches for a local privilege escalation vulnerability impacting its Windows clients. Tracked as CVE-2021-37852 and reported to ESET by the Zero Day Initiative (ZDI), the vulnerability is considered “high severity,” as it could allow an attacker to misuse the AMSI scanning feature. | Vulnerability | ||
|
2022-02-01 13:46:18 | Critical Flaw Impacts WordPress Plugin With 1 Million Installations (lien direct) | Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin. Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts. | Vulnerability | ||
|
2022-01-31 11:52:52 | CISA\'s \'Must Patch\' List Puts Spotlight on Vulnerability Management Processes (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency's catalog of known exploited vulnerabilities can be useful not only for helping organizations patch high-risk vulnerabilities in their systems, but also to help them build or improve vulnerability management processes. | Vulnerability | ||
|
2022-01-28 11:41:48 | Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers (lien direct) | Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public. | Vulnerability | ||
|
2022-01-27 21:09:04 | Outlook Security Feature Bypass Allowed Sending Malicious Links (lien direct) | A Trustwave researcher has discovered a new technique to completely bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. The new technique, Trustwave SpiderLabs lead threat architect Reegun Richard Jayapaul explains, is a variation of a vulnerability that was initially addressed in February 2020. | Vulnerability Threat Guideline | ||
|
2022-01-26 12:31:45 | Polkit Vulnerability Provides Root Privileges on Linux Systems (lien direct) | Qualys security researchers warn of an easily exploitable privilege escalation vulnerability in polkit's pkexec, a SUID-root program found in all Linux distributions. | Vulnerability | ||
|
2022-01-26 11:19:00 | SonicWall Customers Warned of Possible Attacks Exploiting Recent Vulnerability (lien direct) | Hackers have started targeting a recently patched vulnerability affecting SonicWall's Secure Mobile Access (SMA) 100 series appliances, and while the attacks observed to date do not appear to have been successful, that could soon change. | Vulnerability | ||
|
2022-01-25 09:43:13 | Fewer-Than-Expected Log4j Attacks, but Mirai Joins the Fray (lien direct) | Log4Shell, the critical unauthenticated remote code execution vulnerability identified in early December 2021 in the Apache Log4j logging utility, hasn't seen the mass exploitation that many expected, but an exploit for it is now part of the Mirai botnet's arsenal, researchers warn. | Vulnerability | ||
|
2022-01-20 18:44:20 | Cisco Patches Critical Vulnerability in RCM for StarOS (lien direct) | Cisco on Tuesday announced patches for a critical vulnerability in the Redundancy Configuration Manager (RCM) for the StarOS software running on its ASR 5000 networking devices. A Cisco proprietary node/network function, RCM delivers redundancy of StarOS-based user plane functions. | Vulnerability | ||
|
2022-01-20 13:42:59 | SolarWinds Patches Serv-U Vulnerability Propagating Log4j Attacks (lien direct) | SolarWinds this week released patches for a Serv-U vulnerability that Microsoft says has been abused for the propagation of Log4j attacks. | Vulnerability | ||
|
2022-01-18 19:41:55 | Multi-Factor Authentication Bypass Led to Box Account Takeover (lien direct) | A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over victim's accounts without having access to the victim's phone, according to new research from Varonis. | Vulnerability | ||
|
2022-01-18 14:43:36 | Zoho Patches Critical Vulnerability in Endpoint Management Solutions (lien direct) | Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine. | Vulnerability | ||
|
2022-01-17 16:06:30 | Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors (lien direct) | A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles. Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device. | Vulnerability | ||
|
2022-01-17 14:14:23 | Safari 15 Vulnerability Allows Cross-Site Tracking of Users (lien direct) | A vulnerability in Apple's implementation of the IndexedDB API in Safari 15 allows websites to track users' activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains. | Vulnerability | ||
|
2022-01-17 13:13:42 | Critical SAP Vulnerability Allows Supply Chain Attacks (lien direct) | A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns. | Vulnerability |
To see everything:
Our RSS (filtrered)
