What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-11-09 18:43:53 | Russian Cybercrime Group Exploits SolarWinds Serv-U Vulnerability (lien direct) | The Russia-linked 'Evil Corp' cybercrime group has been exploiting a vulnerability in SolarWinds Serv-U for initial infection, cybersecurity and risk mitigation firm NCC Group reports. | Vulnerability | ||
|
2021-11-09 13:07:10 | Critical Flaw in Sitecore Experience Platform Exploited in Attacks (lien direct) | Adversaries have started targeting a critical remote code execution vulnerability in Sitecore Experience Platform (Sitecore XP), the Australian Cyber Security Center (ACSC) warns. | Vulnerability | ||
|
2021-11-08 17:53:01 | Global Companies Compromised via ADSelfService Plus Exploitation (lien direct) | At least nine global organizations have been compromised in attacks targeting a recent vulnerability in ManageEngine ADSelfService Plus, according to a warning from researchers at Palo Alto Networks. | Vulnerability | ||
|
2021-11-03 09:46:52 | Many GitLab Servers Affected by Actively Exploited Flaw Patched Six Months Ago (lien direct) | An actively exploited remote code execution vulnerability in GitLab continues to affect roughly 30,000 Internet-facing installations six months after patches were released, Rapid7 says. | Vulnerability | ||
|
2021-11-02 15:30:30 | Kaspersky Patches Vulnerability That Can Lead to Unbootable System (lien direct) | Microsoft Phishing Messages Come From Kaspersky Email Address Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address. | Vulnerability Guideline | ||
|
2021-10-29 13:28:08 | Shrootless: macOS Vulnerability Found by Microsoft Allows Rootkit Installation (lien direct) | Microsoft on Thursday published information on a vulnerability in Apple's macOS platform that could allow an attacker to bypass System Integrity Protection (SIP) and modify operating system files. | Vulnerability | ||
|
2021-10-28 15:52:44 | Critical GoCD Authentication Flaw Exposes Software Supply Chain (lien direct) | A highly-critical vulnerability in a popular open-source CI/CD solution can be exploited to hijack sensitive secrets for downstream supply chain attacks, according to a warning from SonarSource. | Vulnerability | ||
|
2021-10-25 17:51:31 | CISA Raises Alarm on Critical Vulnerability in Discourse Forum Software (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) over the weekend issued an alert on a critical vulnerability in open source discussion platform Discourse. | Vulnerability | ||
|
2021-10-25 12:26:34 | Researcher Earns $2 Million for Critical Vulnerability in Polygon (lien direct) | Security researcher Gerhard Wagner earned a $2 million bug bounty reward for a critical vulnerability in Polygon's Plasma Bridge that could have allowed a malicious user to submit the same withdrawal transaction 224 times, with different exit IDs. | Vulnerability | ||
|
2021-10-15 10:42:43 | Deepfence Open Sources Vulnerability Mapping Tool \'ThreatMapper\' (lien direct) | Cloud and container security company Deepfence this week announced the open source availability of ThreatMapper, a tool designed to help organizations scan for, map, and rank application vulnerabilities. By performing post-deployment scans of applications and infrastructure, the platform seeks to identify emerging threats in both first-party and third-party solutions. | Tool Vulnerability | ★★★★ | |
|
2021-10-14 15:00:08 | NFT Marketplace OpenSea Patches Flaw Potentially Leading to Cryptocurrency Theft (lien direct) | OpenSea, the world's largest NFT marketplace, has addressed a security vulnerability that could have allowed hackers to hijack user accounts and empty their crypto wallets with the help of maliciously crafted NFTs (non-fungible tokens). | Vulnerability | ||
|
2021-10-14 09:55:09 | Microsoft Adds Power Platform to Bug Bounty Program (lien direct) | Microsoft this week announced that it is now accepting vulnerability submissions for the Power Platform. Security researchers who hunt for and report security errors in Power Platform can now earn up to $20,000 in bounty rewards for severe flaws, as part of the recently rebranded Dynamics 365 and Power Platform Bounty Program. | Vulnerability | ||
|
2021-10-13 20:51:19 | Necro Python Botnet Starts Targeting Visual Tools DVRs (lien direct) | Security researchers have spotted signs of the Necro Python botnet targeting a vulnerability in Visual Tools DVR systems to install a Monero miner on infected systems. | Vulnerability | ||
|
2021-10-12 11:21:34 | GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket (lien direct) | Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. | Vulnerability | ||
|
2021-10-12 01:34:32 | Apple Confirms iOS 15 Zero-Day Exploitation (lien direct) | Apple rushes out iOS 15.0.2 to address a remote code execution vulnerability that is being actively exploited Apple's iOS zero-day problems appear to be getting worse. | Vulnerability | ||
|
2021-10-08 11:03:32 | Apache Releases Another Patch for Actively Exploited HTTP Server Zero-Day (lien direct) | The Apache HTTP Server Project on Thursday announced the release of another update in response to a recently discovered zero-day vulnerability after determining that the initial fix was incomplete. | Vulnerability | ||
|
2021-10-06 11:06:32 | (Déjà vu) Over 100,000 Apache HTTP Servers Affected by Actively Exploited Zero-Day Flaw (lien direct) | Users are urged to immediately patch an Apache HTTP Server zero-day vulnerability that has been exploited in the wild. More than 100,000 servers appear to be exposed to attacks. | Vulnerability | ||
|
2021-10-04 08:38:08 | Google Pledges $1 Million to Secure Open Source Program (lien direct) | Google last week pledged $1 million in financial support to the Secure Open Source (SOS) rewards program run by the Linux Foundation. The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. | Vulnerability | ||
|
2021-10-01 10:11:11 | Google Patches Vulnerability in Cloud Endpoints Proxy (lien direct) | A researcher has disclosed the details of a privilege escalation vulnerability he discovered in a Google Cloud component. The flaw was patched by Google in late August, but some users will need to manually update their systems to prevent potential exploitation. | Vulnerability | ||
|
2021-09-30 17:39:23 | Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites (lien direct) | Apple's AirTag product is affected by a vulnerability that could be exploited by hackers to lure unsuspecting users to phishing or other types of malicious websites. | Vulnerability | ||
|
2021-09-29 11:42:13 | Google Announces Rewards for Tsunami Security Scanner Plugins (lien direct) | Google this week announced that it is offering monetary payouts to individuals who help expand the detection capabilities of the Tsunami security scanner. Two types of contributions are currently accepted in the experimental reward program, namely vulnerability detection plugins and web application fingerprints. | Vulnerability | ||
|
2021-09-28 12:20:39 | Trend Micro Patches Critical Vulnerability in Server Protection Solution (lien direct) | Trend Micro has released patches for a critical authentication bypass vulnerability in Trend Micro ServerProtect. Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. | Vulnerability | ||
|
2021-09-27 11:31:26 | VMware Confirms In-the-Wild Exploitation of vCenter Server Vulnerability (lien direct) | VMware has confirmed that the recently patched vCenter Server vulnerability tracked as CVE-2021-22005 has been exploited in the wild, and some researchers say it has been chained with another flaw that was fixed in the same round of updates. | Vulnerability | ||
|
2021-09-27 10:01:34 | Chrome 94 Update Patches Actively Exploited Zero-Day Vulnerability (lien direct) | Google has shipped an urgent Chrome update to address yet another zero-day vulnerability that has been actively exploited in attacks. Tracked as CVE-2021-37973, the security bug is described as a use-after-free issue in the Portals API, a web page navigation technology that pre-renders content when transitioning to a new page, for a seamless experience. | Vulnerability | ||
|
2021-09-24 15:30:03 | FamousSparrow Cyberspies Exploit ProxyLogon in Attacks on Governments, Hotels (lien direct) | A cyberespionage group active since at least 2019 started exploiting ProxyLogon one day after the Microsoft Exchange vulnerability was publicly disclosed, ESET security researchers say. | Vulnerability | ||
|
2021-09-24 13:10:38 | SonicWall Patches Critical Vulnerability in SMA Appliances (lien direct) | SonicWall has published a security advisory and a security notice to inform customers about a critical vulnerability affecting some of its Secure Mobile Access (SMA) appliances. | Vulnerability | ||
|
2021-09-23 20:39:09 | Apple Confirms New Zero-Day Attacks on Older iPhones (lien direct) | Apple on Thursday confirmed a new zero-day exploit hitting older iPhones and warned that the security vulnerability also affects the macOS Catalina platform. | Vulnerability | ||
|
2021-09-23 12:42:18 | VMware vCenter Servers in Hacker Crosshairs After Disclosure of New Flaw (lien direct) | The internet is already being scanned for VMware vCenter servers affected by CVE-2021-22005, a critical vulnerability for which the virtualization giant announced patches just a couple of days ago. | Vulnerability | ||
|
2021-09-22 17:32:47 | Netgear Patches Remote Code Execution Flaw in SOHO Routers (lien direct) | A security vulnerability in Small Offices/Home Offices (SOHO) routers from Netgear could be exploited to execute arbitrary code remotely as root, according to security researchers at consulting firm GRIMM. | Vulnerability | ||
|
2021-09-22 15:02:05 | Many Hikvision Cameras Exposed to Attacks Due to Critical Vulnerability (lien direct) | More than 70 Hikvision camera and NVR models are affected by a critical vulnerability that can allow hackers to remotely take control of devices without any user interaction. | Vulnerability | ||
|
2021-09-22 14:00:59 | Remote Code Execution Vulnerability Found in AWS WorkSpaces (lien direct) | Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely. Tracked as CVE-2021-38112, the security bug could be triggered when the user opens a malicious WorkSpaces URI from the browser, allowing a remote attacker to execute arbitrary code on the vulnerable system. | Vulnerability | ||
|
2021-09-21 14:09:40 | OpenOffice Vulnerability Exposes Users to Code Execution Attacks (lien direct) | A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents. | Vulnerability | ||
|
2021-09-21 03:45:05 | Attacks Targeting OMIGOD Vulnerability Ramping Up (lien direct) | Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month. | Vulnerability | ||
|
2021-09-17 15:01:26 | AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data (lien direct) | Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system. | Vulnerability | ||
|
2021-09-17 11:29:06 | U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have sounded the alarm over in-the-wild attacks targeting a recently disclosed vulnerability in Zoho's ManageEngine ADSelfService Plus product. | Vulnerability | ||
|
2021-09-16 10:51:24 | Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations (lien direct) | Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators. | Ransomware Vulnerability Threat | ||
|
2021-09-14 13:34:50 | Nearly Half of On-Premises Databases Vulnerable to Attacks: Study (lien direct) | A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose them to attacks. | Vulnerability | ||
|
2021-09-13 16:53:46 | Tens of Thousands of Unpatched Fortinet VPNs Hacked via Old Security Flaw (lien direct) | A threat actor has leaked online access credentials for 87,000 Fortinet VPN devices that were apparently compromised using a vulnerability identified and patched two years ago. | Vulnerability Threat | ||
|
2021-09-10 13:38:38 | HAProxy Vulnerability Leads to HTTP Request Smuggling (lien direct) | A critical security vulnerability in HAProxy could allow attackers to bypass security controls and access sensitive data without authorization, according to a warning from security research outfit JFrog. | Vulnerability | ||
|
2021-09-09 14:47:34 | Microsoft Warns of Information Leak Flaw in Azure Container Instances (lien direct) | Microsoft has patched an Azure Container Instances (ACI) vulnerability that could have allowed users to access the information of other Azure customers. | Vulnerability | ||
|
2021-09-08 17:34:44 | Zoho Confirms Zero-Day Authentication Bypass Attacks (lien direct) | Zoho has shipped an urgent patch for an authentication bypass vulnerability in its ManageEngine ADSelfService Plus alongside a warning that the bug is already exploited in attacks. Tracked as CVE-2021-40539, the security flaw is deemed critical as it could be exploited to take over a vulnerable system. | Vulnerability | ||
|
2021-09-07 21:31:45 | Critical Flaw in Pac-Resolver NPM Package Affects 290,000 Repositories (lien direct) | A high severity vulnerability recently addressed in popular NPC package Pac-Resolver could be exploited to execute arbitrary code remotely. | Vulnerability | ||
|
2021-09-07 21:24:39 | Jenkins Says Confluence Service Compromised Using Recent Exploit (lien direct) | Jenkins over the weekend announced that hackers managed to gain access to one of its servers after exploiting a critical vulnerability affecting Atlassian Confluence Server and Data Center. | Vulnerability | ||
|
2021-09-03 17:23:53 | USCYBERCOM Warns of Mass Exploitation of Atlassian Vulnerability Ahead of Holiday Weekend (lien direct) | USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are sounding the alarm just before the Labor Day weekend in the U.S., urging organizations to patch a critical vulnerability (CVE-2021-26084) affecting Atlassian Confluence Server and Data Center. | Vulnerability | ||
|
2021-09-02 21:01:17 | Facebook Pays Out $40,000 for Account Takeover Exploit Chain (lien direct) | Social media giant Facebook on Thursday announced a new payout guideline to help vulnerability hunters better understand its bounty decisions related to given bugs. | Vulnerability | ||
|
2021-09-02 10:47:16 | Recently Patched Confluence Vulnerability Exploited in the Wild (lien direct) | Hackers started exploiting a vulnerability in Atlassian's Confluence enterprise collaboration product just one week after the availability of a patch was announced. | Vulnerability | ||
|
2021-09-01 17:26:01 | Singapore\'s GovTech Announces New Vulnerability Rewards Programme (lien direct) | The Singapore Government Technology Agency (GovTech) on Tuesday introduced a new Vulnerability Rewards Programme (VRP) on HackerOne that offers bug bounty rewards of up to $150,000. | Vulnerability | ||
|
2021-09-01 10:58:27 | Vulnerability Allows Remote DoS Attacks Against Apps Using Linphone SIP Stack (lien direct) | A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. | Vulnerability | ||
|
2021-08-31 11:24:37 | \'ProxyToken\' Exchange Server Vulnerability Leads to Email Compromise (lien direct) | A vulnerability that Microsoft patched in Exchange Server earlier this year can allow attackers to set forwarding rules on target accounts and gain access to incoming emails. | Vulnerability | ||
|
2021-08-30 09:35:20 | CISA, Microsoft Issue Guidance on Recent Azure Cosmos DB Vulnerability (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an alert urging enterprises to address a newly disclosed vulnerability in Microsoft Azure Cosmos DB as soon as possible. | Vulnerability |
To see everything:
Our RSS (filtrered)
