What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-06-25 14:17:19 | Old Vulnerability Exploited to Hack, Wipe WD Storage Devices (lien direct) | Many owners of My Book Live and My Book Live Duo network-attached storage (NAS) devices made by Western Digital (WD) reported having their files wiped, and it seems that it's the result of an attack exploiting an old vulnerability. | Vulnerability | ★★★ | |
|
2021-06-25 11:08:59 | Vulnerabilities Expose Fortinet Firewalls to Remote Attacks (lien direct) | A high-severity vulnerability patched recently by Fortinet in its FortiWeb web application firewall (WAF) can be exploited to execute arbitrary commands. The flaw can pose an even more serious risk if it's chained with a misconfiguration and another recently discovered security hole. | Vulnerability | ||
|
2021-06-24 11:05:17 | VMware Patches Critical Vulnerability in Carbon Black App Control (lien direct) | VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control (AppC) running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering. | Vulnerability | ||
|
2021-06-23 11:18:05 | VMware Patches Privilege Escalation Vulnerability in Tools for Windows (lien direct) | A high-severity vulnerability that VMware patched this week in VMware Tools for Windows could be exploited to execute arbitrary code with elevated privileges. | Vulnerability | ||
|
2021-06-23 08:45:53 | Palo Alto Networks Patches Critical Vulnerability in Cortex XSOAR (lien direct) | A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product. | Vulnerability | ||
|
2021-06-22 19:26:09 | Tor Browser Patches Application Probing Vulnerability (lien direct) | A new version of the open-source Tor Browser was released this week with patches for multiple vulnerabilities, including one that could allow malicious websites to track users across browsers by identifying applications running on their devices. | Vulnerability | ||
|
2021-06-22 04:10:56 | Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability (lien direct) | A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw. | Vulnerability | ||
|
2021-06-16 12:49:03 | Security Camera Feeds Exposed Due to Flaw in SDK Used by Many Vendors (lien direct) | A critical vulnerability discovered in a ThroughTek P2P software development kit (SDK) used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. | Vulnerability | ||
|
2021-06-15 14:46:43 | Researcher Earns $30,000 for Instagram Flaw Exposing Private Posts (lien direct) | A researcher says he has earned $30,000 through Facebook's bug bounty program for reporting an Instagram vulnerability that exposed private posts. | Vulnerability | ||
|
2021-06-11 13:09:45 | GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability (lien direct) | GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system. The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. | Vulnerability | ||
|
2021-06-08 13:52:16 | CISA Announces Vulnerability Disclosure Policy Platform (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform. | Vulnerability | ||
|
2021-06-07 12:55:35 | GitHub Updates Policies on Vulnerability Research, Exploits (lien direct) | Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research. | Vulnerability | ||
|
2021-06-07 10:55:52 | Attacks Exploiting VMware vSphere Flaw Spotted One Week After Patching (lien direct) | A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week after VMware announced the availability of patches. | Vulnerability Patching | ★★ | |
|
2021-06-03 13:49:50 | Trend Micro Releases PoC Exploit for Vulnerability Affecting macOS, iOS (lien direct) | Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. | Vulnerability | ||
|
2021-06-02 15:02:21 | Actively Exploited Zero-Day Found in WordPress Plugin Used by Many Online Stores (lien direct) | More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns. | Vulnerability | ||
|
2021-06-02 12:06:38 | Vulnerability in Lasso Library Impacts Products From Cisco, Akamai (lien direct) | A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions. | Vulnerability | ★★★ | |
|
2021-06-01 20:03:39 | Report: Accellion Failed to Notify Customers of FTA Zero-Day (lien direct) | Accellion failed to notify customers of a zero-day vulnerability in its file transfer application (FTA) and related cyber-attacks targeting the security flaw, according to a new report from professional services firm KPMG. | Vulnerability | ||
|
2021-05-31 13:04:35 | SonicWall Patches Command Injection Flaw in Firewall Management Application (lien direct) | SonicWall last week announced the availability of patches for a severe vulnerability in its Network Security Manager (NSM) product. | Vulnerability | ||
|
2021-05-28 15:08:02 | Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs (lien direct) | Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens. | Hack Vulnerability | ||
|
2021-05-28 14:09:57 | Chinese Hackers Started Covering Tracks Days Before Public Exposure of Operations (lien direct) | One of the Chinese threat actors targeting Pulse Secure VPN appliances via a recently disclosed vulnerability has been attempting to cover its tracks by removing its webshells from victim networks, FireEye reports. | Vulnerability Threat | ||
|
2021-05-27 03:48:25 | Code Execution Flaw in Checkbox Survey Exploited in the Wild (lien direct) | A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University warns. | Vulnerability | ||
|
2021-05-26 14:29:30 | VMware Urges Customers to Immediately Patch Critical vSphere Vulnerability (lien direct) | VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. | Vulnerability | ||
|
2021-05-26 10:31:30 | Rising Cyberattacks in West Highlight Vulnerabilities (lien direct) | A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public priority but with no easy solution. | Vulnerability | ||
|
2021-05-25 11:37:55 | Apple Patches macOS Big Sur Vulnerability Exploited by Malware (lien direct) | Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS Big Sur that has been exploited in attacks. | Malware Vulnerability | ||
|
2021-05-24 17:32:14 | QNAP Says Recently Patched Flaw Exploited in Qlocker Ransomware Attacks (lien direct) | Taiwanese network-attached storage (NAS) appliance manufacturer QNAP Systems has revealed that a vulnerability in its Hybrid Backup Sync software has been exploited in Qlocker ransomware attacks. | Ransomware Vulnerability | ||
|
2021-05-18 14:01:39 | PoC Exploit Released for Wormable Windows Vulnerability (lien direct) | A researcher has released a proof-of-concept (PoC) exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable. | Vulnerability | ||
|
2021-05-14 13:29:52 | Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure (lien direct) | Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution. | Vulnerability | ||
|
2021-05-14 12:45:48 | Cisco to Acquire Vulnerability Management Firm Kenna Security (lien direct) | Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology. | Vulnerability | ||
|
2021-05-13 14:57:32 | Citrix Patches Vulnerability in Workspace App for Windows (lien direct) | Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows. | Vulnerability | ★★★ | |
|
2021-05-07 12:36:26 | TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers (lien direct) | Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week. | Vulnerability | ||
|
2021-05-07 10:50:57 | VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm (lien direct) | VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. | Vulnerability | ||
|
2021-05-06 16:59:25 | Qualcomm Modem Chip Flaw Exploitable From Android: Researchers (lien direct) | Billions of Android devices are exposed to a vulnerability in Qualcomm's Mobile Station Modem (MSM) chip A vulnerability in Qualcomm's Mobile Station Modem (MSM) chip– installed in around 30% of the world's mobile devices – can be exploited from within Android. | Vulnerability | ||
|
2021-05-05 19:09:32 | DOD Expands Vulnerability Disclosure Program to Web-Facing Targets (lien direct) | The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems. | Vulnerability | ||
|
2021-05-05 13:19:04 | Chrome for Windows Gets Hardware-enforced Exploitation Protection (lien direct) | Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection. | Vulnerability | ||
|
2021-04-30 14:03:48 | SonicWall Zero-Day Exploited by Ransomware Group Before It Was Patched (lien direct) | A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access (SMA) appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. | Ransomware Vulnerability | ||
|
2021-04-29 15:04:59 | Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks (lien direct) | F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager (APM), but fixes are not available for all impacted versions. | Vulnerability | ||
|
2021-04-29 14:35:46 | DigitalOcean Discloses Breach Involving Billing Information (lien direct) | Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems. | Vulnerability | APT 32 | |
|
2021-04-29 11:59:49 | Apple Patches Security Bypass Vulnerability Impacting Macs With M1 Chip (lien direct) | Apple's latest macOS updates patch three vulnerabilities that can be exploited to bypass security mechanisms, including one that has been exploited in the wild and one that impacts only Macs powered by the M1 chip. | Vulnerability | ||
|
2021-04-28 16:00:25 | Death of the Manual Pen-Test: Blind Spots, Limited Visibility (lien direct) | Manual penetration testing (pen-testing) is increasingly challenged by automated methods of vulnerability discovery and management. The reasons are not difficult to understand: the cost and coverage of manual testing is too high and too limited. | Vulnerability | ||
|
2021-04-28 08:43:52 | Google Patches Yet Another Serious V8 Vulnerability in Chrome (lien direct) | An update released this week by Google for Chrome 90 patches yet another serious vulnerability affecting the V8 JavaScript engine used by the web browser. The flaw, tracked as CVE-2021-21227 and rated high severity, was reported to Google by researcher Gengming Liu from Chinese cybersecurity firm Singular Security Lab. | Vulnerability | ||
|
2021-04-27 11:13:25 | Apple Patches macOS Security Bypass Vulnerability Exploited by \'Shlayer\' Malware (lien direct) | Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group. | Malware Vulnerability Threat | ||
|
2021-04-27 00:16:39 | NTLM Relay Attack Abuses Windows RPC Protocol Vulnerability (lien direct) | A newly identified NTLM (New Technology LAN Manager) relay attack abuses a remote procedure call (RPC) vulnerability to enable elevation of privilege, researchers from cybersecurity firm SentinelOne reveal. | Vulnerability | ||
|
2021-04-22 15:59:46 | AV Under Attack: Trend Micro Confirms Apex One Exploitation (lien direct) | Anti-malware vendor Trend Micro is warning that attackers are attempting to exploit a previously patched vulnerability in its Apex One, Apex One as a Service, and OfficeScan product lines. | Vulnerability | ||
|
2021-04-21 13:46:02 | Vulnerability in CocoaPod Dependency Manager Exposed Millions of Apps (lien direct) | A remote code execution vulnerability identified on the central CocoaPods server could have allowed an attacker to poison any package download, security researcher Max Justicz reveals. | Vulnerability | ||
|
2021-04-16 14:04:26 | Critical Vulnerability Can Allow Attackers to Hijack or Disrupt Juniper Devices (lien direct) | A critical vulnerability patched recently by networking and cybersecurity solutions provider Juniper Networks could allow an attacker to remotely hijack or disrupt affected devices. | Vulnerability | ||
|
2021-04-16 10:47:41 | Google Project Zero Announces 2021 Updates to Vulnerability Disclosure Policy (lien direct) | Google's Project Zero cybersecurity research unit on Thursday announced that it's making some changes to its vulnerability disclosure policies, giving users 30 days to install patches before disclosing the technical details of a flaw. | Vulnerability | ||
|
2021-04-15 14:30:54 | Reddit Launches Public Bug Bounty Program (lien direct) | Reddit this week announced the launch of a public bug bounty program on the vulnerability hunting platform HackerOne. Following a three-year private bug bounty program on HackerOne, which has resulted in over $140,000 being awarded in bug bounties for 300 vulnerability reports focusing on reddit.com, the program is going public with an expanded scope. | Vulnerability | ||
|
2021-04-15 12:05:26 | (Déjà vu) Exploit for Second Unpatched Chromium Flaw Made Public Just After First Is Patched (lien direct) | A researcher has made public an exploit and details for an unpatched vulnerability affecting Chrome, Edge and other web browsers that are based on the open source Chromium project. This is the second Chromium proof-of-concept (PoC) exploit released this week. | Vulnerability | ||
|
2021-04-14 11:50:58 | Another Critical Vulnerability Patched in SAP Commerce (lien direct) | On Tuesday, as part of its April 2021 Security Patch Day, SAP announced the release of 14 new security notes and 5 updates to previously released notes. The only new Hot News note released with this round of patches addresses a critical vulnerability in SAP Commerce. | Vulnerability | ||
|
2021-04-13 13:50:20 | Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices (lien direct) | An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system. | Vulnerability |
To see everything:
Our RSS (filtrered)
