What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-08-27 13:56:41 | Vulnerability Allows Remote Hacking of Annke Video Surveillance Product (lien direct) | Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke, a Hong Kong-based global provider of home and business security solutions. | Hack Vulnerability | ||
|
2021-08-27 08:48:32 | Critical Vulnerability Exposed Azure Cosmos DBs for Months (lien direct) | Microsoft this week started notifying customers of a critical vulnerability in Azure Cosmos DB that could have provided attackers with administrative access to Cosmos DB instances. | Vulnerability | ||
|
2021-08-26 14:59:02 | Cisco Patches Serious Vulnerabilities in Data Center Products (lien direct) | Cisco this week announced the release of patches for a critical vulnerability affecting its Application Policy Infrastructure Controller (APIC) and Cloud APIC products. | Vulnerability | ||
|
2021-08-26 12:43:57 | Atlassian Patches Critical Code Execution Vulnerability in Confluence (lien direct) | Atlassian this week informed customers about the availability of patches for a critical vulnerability affecting the company's Confluence enterprise collaboration product. | Vulnerability | ||
|
2021-08-25 10:44:52 | Biden, Tech Leaders Eye \'Concrete Steps\' to Boost Cybersecurity (lien direct) | A White House cybersecurity gathering including Big Tech executives was set Wednesday to unveil steps aimed at improving cybersecurity following high-profile attacks which raised questions about the vulnerability of so-called critical infrastructure. | Vulnerability | ||
|
2021-08-24 15:44:05 | OpenSSL Vulnerability Can Be Exploited to Change Application Data (lien direct) | 
The OpenSSL Project on Tuesday announced the availability of OpenSSL 1.1.1l, which patches a high-severity vulnerability that could allow an attacker to change an application's behavior or cause the app to crash.
|
Vulnerability | ||
|
2021-08-23 12:59:09 | Details Disclosed for Critical Vulnerability in Sophos Appliances (lien direct) | Organizations using security appliances from Sophos have been advised to make sure their devices are up to date after a researcher disclosed the details of a critical vulnerability patched last year. | Vulnerability | ||
|
2021-08-23 12:20:30 | PetitPotam Vulnerability Exploited in Ransomware Attacks (lien direct) | The recently disclosed Windows Server vulnerability dubbed “PetitPotam” is being actively exploited in malicious attacks, including some aimed at deploying a piece of ransomware named LockFile. | Ransomware Vulnerability | ||
|
2021-08-20 10:27:32 | High-Severity DoS Vulnerability Patched in BIND DNS Software (lien direct) | The Internet Systems Consortium (ISC) this week publicly announced the availability of patches for a high-severity denial-of-service (DoS) vulnerability affecting its BIND DNS software. | Vulnerability | ||
|
2021-08-19 14:58:27 | Cisco: Critical Flaw in Older SMB Routers Will Remain Unpatched (lien direct) | Cisco this week published information on a critical code execution vulnerability affecting its small business RV110W, RV130, RV130W, and RV215W routers, but cautioned that there are no plans to release security fixes. | Vulnerability | ||
|
2021-08-18 10:23:32 | BadAlloc Flaw Impacts Many Systems Running BlackBerry\'s QNX Embedded OS (lien direct) | BlackBerry this week informed customers that the QNX embedded operating system is affected by a BadAlloc vulnerability leading to arbitrary code execution or denial of service. | Vulnerability Guideline | ||
|
2021-08-17 15:16:26 | High-Severity Command Injection Vulnerability Found in Fortinet Firewall (lien direct) | Researchers have discovered a vulnerability in Fortinet's FortiWeb web application firewall (WAF), and while it has been classified as high severity, the actual risk of exploitation in the wild seems low. | Vulnerability | ||
|
2021-08-17 12:01:35 | Millions of IoT Devices Exposed to Attacks Due to Cloud Platform Vulnerability (lien direct) | Researchers at FireEye's threat intelligence and incident response unit Mandiant have identified a critical vulnerability that exposes millions of IoT devices to remote attacks. | Vulnerability Threat | ||
|
2021-08-12 15:53:00 | Microsoft Confirms (Yet Another) PrintNightmare Flaw as Ransomware Actors Pounce (lien direct) | Exasperated Windows fleet administrators woke up Thursday to news of a new, unpatched Print Spooler vulnerability that leaves machines exposed to remote code execution attacks. | Ransomware Vulnerability | ||
|
2021-08-09 13:09:44 | Vulnerability Affecting Routers From Many Vendors Exploited Days After Disclosure (lien direct) | Cybercriminals quickly started exploiting a vulnerability that affects routers and modems from many vendors that use the same underlying firmware. On August 3, cybersecurity firm Tenable published a blog post describing a vulnerability affecting routers that use firmware from Arcadyan, a Taiwan-based provider of networking solutions. | Vulnerability | ||
|
2021-08-06 15:07:20 | VMware Patches Severe Vulnerability in Workspace ONE Access, Identity Manager (lien direct) | VMware on Thursday released security updates for multiple products to address a pair of security bugs, one serious enough to give attackers access to sensitive information. | Vulnerability | ||
|
2021-08-06 13:52:31 | Critical Code Execution Vulnerability Patched in Pulse Connect Secure (lien direct) | IT management and security company Ivanti this week released patches for multiple vulnerabilities in its Pulse Connect Secure VPN appliances, including a critical issue that could be exploited to execute arbitrary code with root privileges. | Vulnerability | ||
|
2021-08-06 11:32:02 | Analysis of ICS Exploits Can Help Defenders Prioritize Vulnerability Remediation (lien direct) | Industrial cybersecurity firm Dragos has published an analysis of exploits targeting vulnerabilities in industrial control systems (ICS) and operational technology (OT) systems. The company says the findings can help defenders prioritize remediation and mitigation efforts. | Vulnerability | ||
|
2021-08-05 13:40:20 | Cisco Patches Critical Vulnerability in Small Business VPN Routers (lien direct) | Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices. | Vulnerability | ||
|
2021-08-03 12:42:59 | Code Execution Flaw Found in Cisco Firepower Device Manager On-Box Software (lien direct) | Cisco has addressed a vulnerability in the Firepower Device Manager (FDM) On-Box software that could be exploited to gain code execution on vulnerable devices. FDM On-Box is used to configure Cisco Firepower firewalls, providing administrators with both management and diagnostics capabilities. | Vulnerability | ||
|
2021-08-02 16:53:54 | Potential RCE Flaw Patched in PyPI\'s GitHub Repository (lien direct) | A vulnerability in the GitHub Actions workflow for PyPI's source repository could be exploited to perform a malicious pull request and eventually execute arbitrary code on pypi.org, according to a warning from a Japanese security researcher. | Vulnerability | ||
|
2021-07-30 12:40:57 | Remote Code Execution Flaws Patched in WordPress Download Manager Plugin (lien direct) | A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns. | Vulnerability | ||
|
2021-07-29 17:02:39 | Researchers Publish Details on Recent Critical Hyper-V Vulnerability (lien direct) | Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021. | Vulnerability | ||
|
2021-07-27 16:06:33 | Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years (lien direct) | Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years. | Vulnerability | ||
|
2021-07-27 13:02:48 | Critical Vulnerability Found in Sunhillo Aerial Surveillance Product (lien direct) | An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group. | Vulnerability | ||
|
2021-07-27 12:09:31 | Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S. (lien direct) | A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States. | Tool Vulnerability Threat | ||
|
2021-07-22 18:49:31 | Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million (lien direct) | European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. | Vulnerability | ||
|
2021-07-22 15:03:10 | Atlassian Patches Critical Vulnerability in Jira Data Center Products (lien direct) | Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products. | Vulnerability | ||
|
2021-07-21 11:45:19 | Millions of Devices Affected by Vulnerability in HP, Samsung, Xerox Printer Drivers (lien direct) | A printer driver shipped to millions of computers since 2005 is affected by a vulnerability that can be exploited for privilege escalation, according to endpoint security company SentinelOne. | Vulnerability | ||
|
2021-07-21 08:47:25 | Fortinet Patches Remote Code Execution Vulnerability in FortiManager, FortiAnalyzer (lien direct) | Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges. | Vulnerability | ||
|
2021-07-20 13:38:03 | Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks (lien direct) | A high-severity vulnerability affecting Rockwell Automation's MicroLogix 1100 programmable logic controllers (PLCs) can be exploited to cause a device to enter a persistent fault condition. | Vulnerability | ||
|
2021-07-20 10:32:30 | Researchers: Apple Quietly Patched 0-Click Wi-Fi Code Execution Vulnerability in iOS (lien direct) | Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID. | Vulnerability Guideline | ||
|
2021-07-16 16:27:17 | Cisco Patches High-Risk Flaw in ASA, FTD Software (lien direct) | Cisco on Thursday released patches for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, warning that exploitation could lead to crippling denial-of-service attacks. | Vulnerability Threat Guideline | ||
|
2021-07-16 15:53:16 | Google: New Chrome Zero-Day Being Exploited (lien direct) | For the seventh time this year, Google is dealing with zero-day attacks targeting users of its flagship Chrome web browser. The search advertising giant released a Chrome security refresh overnight with a warning that malicious hackers are actively exploiting a critical type confusion vulnerability to launch malware attacks. | Malware Vulnerability | ||
|
2021-07-16 15:26:43 | Critical WooCommerce Vulnerability Targeted Hours After Patch (lien direct) | Hackers have started targeting a critical WooCommerce vulnerability only days after patches started rolling out, patchstack says. WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals. | Vulnerability | ||
|
2021-07-14 10:03:53 | Microsoft Says SolarWinds Serv-U Zero-Day Exploited by Chinese Group (lien direct) | Microsoft said on Tuesday that a recently patched SolarWinds Serv-U zero-day vulnerability has been exploited by a Chinese threat group. | Vulnerability Threat | ||
|
2021-07-14 08:45:49 | CISA Says Multiple Threat Actors Exploiting Windows \'PrintNightmare\' Vulnerability (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued Emergency Directive 21-04, which requires all federal agencies to apply the available patches for the recently disclosed Microsoft Print Spooler service vulnerability within one week. | Vulnerability Threat | ||
|
2021-07-13 11:10:03 | Critical Vulnerability Can Be Exploited to Hack Schneider Electric\'s Modicon PLCs (lien direct) | A vulnerability affecting some of Schneider Electric's Modicon programmable logic controllers (PLCs) can be exploited to bypass authentication mechanisms, allowing attackers to take complete control of the targeted device. | Hack Vulnerability | ||
|
2021-07-13 10:14:41 | Recently Patched ForgeRock AM Vulnerability Exploited in Attacks (lien direct) | Government agencies in the United States and Australia warn organizations that a recently patched vulnerability affecting ForgeRock Access Management has been exploited in the wild. | Vulnerability | ||
|
2021-07-12 16:00:58 | Solarwinds Confirms New Zero-Day Flaw Under Attack (lien direct) | Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.” | Vulnerability | ||
|
2021-07-12 13:50:12 | CISA Releases Analysis of 2020 Risk and Vulnerability Assessments (lien direct) | The United States Cybersecurity and Infrastructure Security Agency (CISA) has published the results of the Risk and Vulnerability Assessments (RVAs) it conducted in fiscal year 2020, revealing some of the security weaknesses that impact government and critical infrastructure organizations. | Vulnerability | ||
|
2021-07-07 14:37:34 | Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced (lien direct) | A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. | Vulnerability | ||
|
2021-07-06 21:40:57 | Microsoft Ships Emergency Patch for Critical Windows \'PrintNightmare\' Vulnerability (lien direct) | Microsoft late Tuesday pushed out an emergency patch to cover the Windows 'PrintNightmare' security flaw. | Vulnerability | ||
|
2021-07-06 13:51:22 | Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw (lien direct) | A researcher at Positive Technologies has described the potential impact of a recently addressed command injection vulnerability affecting SonicWall's Network Security Manager (NSM) product. | Vulnerability | ||
|
2021-07-02 15:24:13 | Microsoft Tells Azure Users to Update PowerShell to Patch Vulnerability (lien direct) | Microsoft has told Azure users to update PowerShell - if they are using versions 7.0 or 7.1 - to address a remote code execution vulnerability patched earlier this year. | Vulnerability | ||
|
2021-07-02 14:20:14 | Microsoft Confirms \'PrintNightmare\' is New Windows Security Flaw (lien direct) | Microsoft late Thursday acknowledged a severe security vulnerability in the Print Spooler utility that ships by default on Windows and warned that the bug exposes users to computer takeover attacks. | Vulnerability | ||
|
2021-07-01 11:07:38 | Vulnerability Found in Industrial Remote Access Product From Claroty (lien direct) | The Secure Remote Access (SRA) product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations. | Vulnerability Threat | ||
|
2021-06-30 12:48:54 | Zero-Day Vulnerability Exploited in Recent Attacks on WD Storage Devices (lien direct) | Western Digital (WD) on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage (NAS) devices involved the exploitation of a zero-day vulnerability. | Vulnerability | ||
|
2021-06-30 11:14:33 | Google Working on Patching GCP Vulnerability That Allows VM Takeover (lien direct) | A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform. | Vulnerability Patching | ||
|
2021-06-28 11:31:03 | XSS Vulnerability in Cisco Security Products Exploited in the Wild (lien direct) | A cross-site scripting (XSS) vulnerability patched last year in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has reportedly been exploited in the wild. | Vulnerability Threat |
To see everything:
Our RSS (filtrered)
