What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-01-13 13:32:55 | Cisco Patches Critical Vulnerability in Contact Center Products (lien direct) | Cisco on Wednesday announced patches for a critical vulnerability in Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited remotely to elevate privileges to administrator. | Vulnerability | ||
|
2022-01-12 09:24:50 | SAP Patches Log4Shell Vulnerability in More Applications (lien direct) | German software maker SAP this week announced its first set of security updates for 2022, including patches for more applications affected by the Log4Shell vulnerability. | Vulnerability | ||
|
2022-01-11 15:42:08 | Millions of Routers Impacted by NetUSB Kernel Vulnerability (lien direct) | A vulnerability in the NetUSB kernel module could allow remote attackers to execute code on millions of router devices, endpoint security company SentinelOne warns. | Vulnerability | ||
|
2022-01-11 12:50:36 | Microsoft Details \'powerdir\' macOS Vulnerability Leading to Data Leaks (lien direct) | A vulnerability addressed recently in Apple's macOS platform could be exploited to gain unauthorized access to a user's personal data, Microsoft explains. | Vulnerability | ||
|
2022-01-07 15:35:29 | Log4Shell-Like Vulnerability Found in Popular H2 Database (lien direct) | A critical, unauthenticated remote code execution vulnerability has been impacting the H2 database console since 2008. An open-source Java SQL database, H2 is an in-memory solution that eliminates the need to store data on disk, and is one of the most popular Maven packages, having roughly 7,000 artifact dependencies, | Vulnerability | ||
|
2022-01-05 17:47:55 | VMware Plugs Security Holes in Workstation, Fusion and ESXi (lien direct) | VMware this week shipped security updates for its Workstation, Fusion and ESXi product lines, warning that a heap-overflow vulnerability could expose users to code execution attacks. | Vulnerability | ||
|
2022-01-05 12:13:01 | FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action (lien direct) | The U.S. Federal Trade Commission (FTC) on Tuesday informed companies that they could face legal action if their customers are impacted by an attack that involves exploitation of the recent Log4j vulnerabilities. | Vulnerability | ||
|
2022-01-04 13:24:27 | Unpatched HomeKit Vulnerability Exposes iPhones, iPads to DoS Attacks (lien direct) | A researcher claims Apple has failed to patch a potentially serious vulnerability that can be exploited to launch denial-of-service (DoS) attacks against iPhones and iPads. | Vulnerability | ||
|
2021-12-29 17:21:27 | Chinese Spies Exploit Log4Shell to Hack Major Academic Institution (lien direct) | China-linked cyberespionage group Aquatic Panda was recently observed exploiting the Log4Shell vulnerability to compromise a large academic institution, CrowdStrike's Falcon OverWatch team reports. | Hack Vulnerability | ||
|
2021-12-29 12:35:10 | Another Remote Code Execution Vulnerability Patched in Log4j (lien direct) | The developers of Log4j have patched another remote code execution vulnerability affecting the widely used logging utility. | Vulnerability | ||
|
2021-12-23 12:22:23 | Microsoft Office Patch Bypassed for Malware Distribution in Apparent \'Dry Run\' (lien direct) | Cybercriminals have found a way to bypass the patch for a recent Microsoft Office vulnerability and leveraged it to briefly distribute Formbook malware, Sophos reports. | Malware Vulnerability | ||
|
2021-12-22 18:53:34 | Microsoft Confirms \'NotLegit\' Azure Flaw Exposed Source Code Repositories (lien direct) | Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories. | Vulnerability | ||
|
2021-12-21 11:14:12 | FBI Sees APTs Exploiting Recent ManageEngine Desktop Central Vulnerability (lien direct) | The Federal Bureau of Investigation (FBI) has released an alert regarding the exploitation of a recent vulnerability in Zoho's ManageEngine Desktop Central product. | Vulnerability | ||
|
2021-12-21 09:40:10 | Facebook Patches Vulnerability Exposing Page Admin Identity (lien direct) | Facebook paid a teenage researcher from Nepal a $4,750 bug bounty reward for a vulnerability that could have been exploited to uncover the identity of a page's administrator. | Vulnerability | ||
|
2021-12-20 11:47:42 | Log4j Update Patches New Vulnerability That Allows DoS Attacks (lien direct) | CISA Orders Federal Agencies to Mitigate Log4j Vulnerabilities The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to mitigate the Log4j vulnerabilities. The announcement came just before the disclosure of a new flaw affecting the popular logging utility. | Vulnerability | ||
|
2021-12-17 18:36:52 | Russian Cyberspy Groups Start Exploiting Log4Shell Vulnerability (lien direct) | Severity of Second Log4j Vulnerability Increased to Critical Russia has been added to the list of nation states targeting the recently disclosed Log4Shell vulnerability, with exploitation attempts linked to several of the country's cyberespionage groups. | Vulnerability | ||
|
2021-12-17 14:14:50 | VMware Patches Critical Flaw in Workspace ONE UEM Console (lien direct) | VMware on Thursday announced the release of patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. | Vulnerability | ||
|
2021-12-15 14:26:00 | Industry Reactions to Log4Shell Vulnerability (lien direct) | The widely used Log4j logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including profit-driven cybercriminals and state-sponsored groups. | Tool Vulnerability | ||
|
2021-12-15 12:58:51 | SAP Patches Log4Shell Vulnerability in 20 Applications (lien direct) | German software maker SAP is scrambling to patch the Log4Shell vulnerability in its applications and has rolled out fixes for tens of other severe flaws in its products. | Vulnerability | ||
|
2021-12-15 02:13:24 | Chinese, Iranian State Hackers Exploiting Log4j Flaw: Mandiant (lien direct) | Chinese and Iranian state actors are exploiting the recently disclosed “Log4Shell” vulnerability that has sparked chaos across the tech world, cybersecurity firm Mandiant warned late Tuesday. | Vulnerability | ||
|
2021-12-14 14:11:35 | Log4Shell Tools and Resources for Defenders - Continuously Updated (lien direct) | 
The widely used Apache Log4j Java-based logging tool is affected by a critical remote code execution vulnerability that has been increasingly exploited by malicious actors, including to deliver various types of malware.
|
Tool Vulnerability | ||
|
2021-12-14 12:16:40 | Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks (lien direct) |
Several types of malware are being delivered in attacks exploiting the recently disclosed Log4j vulnerability named Log4Shell and LogJam.
|
Malware Vulnerability | ||
|
2021-12-14 11:57:17 | Chrome 96 Update Patches Exploited Zero-Day Vulnerability (lien direct) | Google on Monday announced a Chrome 96 update that patches five vulnerabilities, including a zero-day that has been exploited in attacks. The most severe of these vulnerabilities can be exploited to execute arbitrary code in the context of the browser. | Vulnerability | ||
|
2021-12-14 09:34:08 | Industrial Organizations Targeted in Log4Shell Attacks (lien direct) | Industrial organizations are exposed to attacks leveraging a recently disclosed - and already exploited - vulnerability affecting the widely used Log4j logging utility. | Vulnerability | ||
|
2021-12-13 11:31:45 | Companies Respond to Log4Shell Vulnerability as Attacks Rise (lien direct) | 
Government organizations and the private sector are responding to the disclosure of a critical vulnerability affecting the widely used Log4j logging utility, as exploitation attempts are on the rise.
|
Vulnerability | ★★ | |
|
2021-12-13 11:00:58 | Mirai-Based \'Manga\' Botnet Targets Recent TP-Link Vulnerability (lien direct) | A newly discovered variant of the Mirai-based Manga botnet is targeting a vulnerability in TP-Link routers that was addressed last month. | Vulnerability | ||
|
2021-12-09 12:21:53 | \'Moobot\' Botnet Targets Hikvision Devices via Recent Vulnerability (lien direct) | A Mirai-based botnet dubbed 'Moobot' is attempting to exploit a recently addressed vulnerability that affects many Hikvision products, according to Fortinet's FortiGuard Labs. | Vulnerability | ||
|
2021-12-08 19:33:16 | Windows URI Handling Flaw Leads to Drive-by Code Execution (lien direct) | A pair of German security researchers have publicly documented the discovery of a drive-by code execution vulnerability in Windows 10 and criticized Microsoft for botching its response to the still-unfixed security problem. | Vulnerability | ||
|
2021-12-06 17:17:48 | Zoho Confirms New Zero-Day, Ships Exploit Detector (lien direct) | The security problems at enterprise software provider Zoho continue to multiply with confirmation of a new critical authentication bypass vulnerability -- the third in four months -- being exploited in the wild by advanced threat actors. | Vulnerability Threat | ||
|
2021-12-02 13:09:26 | Critical Flaw in NSS Cryptographic Library Affects Several Popular Applications (lien direct) | Mozilla on Wednesday announced the rollout of patches for a critical vulnerability in the NSS (Network Security Services) cross-platform cryptographic library. | Vulnerability | ||
|
2021-12-01 15:31:29 | Critical Vulnerability Found in More Than 150 HP Printer Models (lien direct) | Multiple Vulnerabilities Found in More Than 150 HP Printer Models; Critical Flaw Could Allow Attackers to Move Laterally Vulnerabilities in more than 150 multi-function printers from HP demonstrate that any type of device that connects to a network can expand the perceived threat surface. | Vulnerability Threat | ||
|
2021-11-29 12:10:45 | Recently Patched Apache HTTP Server Vulnerability Exploited in Attacks (lien direct) | German Cybersecurity Agency and Cisco Warn of Attacks Targeting Apache HTTP Server Flaw Organizations are being advised to ensure that their Apache HTTP servers are up to date, after it came to light that a recently patched vulnerability has been exploited in attacks. | Vulnerability | ||
|
2021-11-24 11:41:32 | Researcher Awarded $10,000 for Google Cloud Platform Vulnerability (lien direct) | Security researcher David Schütz says he received over $10,000 in bug bounty payouts from Google after reporting a Google Cloud project vulnerability and subsequent bypasses to rolled-out fixes. | Vulnerability | ||
|
2021-11-23 17:41:36 | PoC Exploit Published for Latest Microsoft Exchange Zero-Day (lien direct) | A security researcher has released proof-of-concept (PoC) exploit code for a recently patched code execution vulnerability affecting on-prem Microsoft Exchange Server installations. | Vulnerability | ||
|
2021-11-23 15:55:51 | Serious Vulnerability Found in Imunify360 Web Server Security Product (lien direct) | A vulnerability discovered in CloudLinux's Imunify360 security product could have been exploited for remote code execution using specially crafted files. | Vulnerability | ||
|
2021-11-22 17:49:31 | (Déjà vu) U.S. Agencies Share More Details on ADSelfService Plus Vulnerability Exploitation (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have shared new details on in-the-wild attacks targeting a recently patched flawin Zoho's ManageEngine ADSelfService Plus product. | Vulnerability | ||
|
2021-11-22 15:55:47 | Researchers Hack Conti Ransomware Infrastructure (lien direct) | Prodaft security researchers exploited a vulnerability in the recovery servers used by the Conti Ransomware-as-a-Service (RaaS), which allowed them to gain insight into the inner workings of the ransomware. | Ransomware Hack Vulnerability | ||
|
2021-11-18 12:12:49 | Microsoft Informs Users of High-Severity Vulnerability in Azure AD (lien direct) | Microsoft on Wednesday informed customers about a recently patched information disclosure vulnerability affecting Azure Active Directory (AD). | Vulnerability | ||
|
2021-11-18 11:49:24 | FBI Warns of Actively Exploited FatPipe Zero-Day Vulnerability (lien direct) | The Federal Bureau of Investigation (FBI) this week sounded the alarm on a zero-day vulnerability in FatPipe products that has been under active exploitation since at least May 2021. | Vulnerability | ||
|
2021-11-17 14:43:31 | Netgear Patches Code Execution Vulnerability Affecting Many Products (lien direct) | A vulnerability in Netgear small office/home office (SOHO) devices can be exploited by an attacker on the local area network (LAN) to execute code remotely with root privileges, GRIMM security researchers warn. | Vulnerability | ||
|
2021-11-17 12:05:47 | CISA Releases Incident and Vulnerability Response Playbooks (lien direct) | In response to an executive order signed by President Biden in May, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two cybersecurity playbooks focusing on incident response and vulnerability response. | Vulnerability | ||
|
2021-11-16 20:07:55 | Blacksmith: Rowhammer Fuzzer Bypasses Existing Protections (lien direct) | A group of security researchers devised a new attack that completely bypasses the existing mitigations against the Rowhammer vulnerability in dynamic random-access memory (DRAM) chips. | Vulnerability | ||
|
2021-11-16 13:02:33 | Intel CPU Vulnerability Can Expose Cryptographic Keys (lien direct) | One of the vulnerabilities patched recently by Intel in its processors could allow an attacker with physical access to the targeted system to obtain cryptographic keys, according to the cybersecurity firm whose researchers discovered the flaw. | Vulnerability | ||
|
2021-11-15 11:18:35 | Fake Emails Sent From FBI Address via Compromised Law Enforcement Portal (lien direct) | Thousands of fake emails coming from an FBI email address were sent out on Friday by someone who exploited a vulnerability in a law enforcement portal. The FBI has confirmed the breach, but said impact was limited. | Vulnerability | ||
|
2021-11-12 16:03:40 | Researcher Shows Windows Flaw More Serious After Microsoft Releases Incomplete Patch (lien direct) | A researcher has discovered that a Windows vulnerability for which Microsoft released an incomplete patch in August is more serious than initially believed. | Vulnerability | ||
|
2021-11-12 11:59:37 | macOS Zero-Day Exploited to Deliver Malware to Users in Hong Kong (lien direct) | Google on Thursday shared details about a recent attack that exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. | Malware Vulnerability | ||
|
2021-11-10 20:11:40 | VMware Working on Patches for Serious vCenter Server Vulnerability (lien direct) | VMware announced on Wednesday that it's working on patches for a potentially serious privilege escalation vulnerability affecting vCenter Server. The vulnerability is tracked as CVE-2021-22048 and it has been assigned an “important” severity rating, which is equivalent to “high severity” based on its CVSS score of 7.1. | Vulnerability | ||
|
2021-11-10 19:03:59 | Critical Flaw in WordPress Plugin Leads to Database Wipe (lien direct) | A major security vulnerability in the WP Reset PRO WordPress plugin could be exploited by an authenticated user to wipe the entire database of a website, according to a warning from researchers at Packstack (formerly WebARX). | Vulnerability | ||
|
2021-11-10 14:48:59 | Citrix Patches Critical Vulnerability in ADC, Gateway (lien direct) | Citrix this week released patches for a couple of vulnerabilities affecting Citrix ADC, Gateway, and SD-WAN, including a critical bug leading to denial of service (DoS). | Vulnerability Guideline | ||
|
2021-11-10 04:20:38 | SAP Patches Critical Vulnerability in ABAP Platform Kernel (lien direct) | SAP on Tuesday announced the release of five new and two updated security notes as part of its November 2021 Security Patch Day, including one note that deals with a critical vulnerability in ABAP Platform Kernel. | Vulnerability |
To see everything:
Our RSS (filtrered)
