What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-02 11:01:00 | Discrepancies Discovered in Vulnerability Severity Ratings (lien direct) | Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says. | Vulnerability | ★★★ | |
|
2023-01-30 19:00:00 | Facebook Bug Allows 2FA Bypass Via Instagram (lien direct) | The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports. | Vulnerability | ★★★ | |
|
2023-01-26 20:00:00 | SaaS RootKit Exploits Hidden Rules in Microsoft 365 (lien direct) | A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit. | Vulnerability | ★★★ | |
|
2023-01-25 20:30:00 | Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI (lien direct) | The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things. | Vulnerability | ★★ | |
|
2023-01-25 18:00:00 | Log4j Vulnerabilities Are Here to Stay - Are You Prepared? (lien direct) | Don't make perfect the enemy of good in vulnerability management. Context is key - prioritize vulnerabilities that are actually exploitable. Act quickly if the vulnerability is on a potential attack path to a critical asset. | Vulnerability | ★★ | |
|
2023-01-17 15:00:00 | 3 Lessons Learned in Vulnerability Management (lien direct) | In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting. | Vulnerability | ★★★★ | |
|
2023-01-09 23:41:00 | Firmware Vulnerability in Chips Helps Hackers Take Control of Systems (lien direct) | The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations. | Vulnerability | ★★ | |
|
2022-12-22 15:00:01 | Google WordPress Plug-in Bug Allows AWS Metadata Theft (lien direct) | A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands. | Vulnerability | ★★★ | |
|
2022-12-14 18:00:00 | CSAF Is the Future of Vulnerability Management (lien direct) | Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation. | Vulnerability | ★★★ | |
|
2022-12-14 17:20:07 | Apple Zero-Day Actively Exploited on iPhone 15 (lien direct) | Without many details, Apple patches a vulnerability that has been exploited in the wild to execute code. | Vulnerability | ★★ | |
|
2022-10-11 15:21:39 | Skybox Security Unveils Industry\'s First SaaS Solution For Security Policy and Vulnerability Management Across Hybrid Environments (lien direct) | Skybox Security Cloud Edition ushers in a new era of proactive cybersecurity . | Vulnerability | ||
|
2022-09-30 14:00:00 | With the Software Supply Chain, You Can\'t Secure What You Don\'t Measure (lien direct) | Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain. | Vulnerability | ||
|
2022-09-21 15:28:37 | 15-Year-Old Python Flaw Slithers into Software Worldwide (lien direct) | An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559. | Vulnerability | ||
|
2022-09-09 17:56:48 | Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy (lien direct) | The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality. | Vulnerability | ||
|
2022-09-06 13:00:00 | Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration (lien direct) | Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready. | Ransomware Vulnerability | ||
|
2022-09-01 19:49:52 | Skyrocketing IoT Bug Disclosures Put Pressure on Security Teams (lien direct) | The expanding Internet of Things ecosystem is seeing a startling rate of vulnerability disclosures, leaving companies with a greater need for visibility into and patching of IoT devices. | Vulnerability Patching | ||
|
2022-09-01 14:45:27 | Apple Quietly Releases Another Patch for Zero-Day RCE Bug (lien direct) | Apple continues a staged update process to address a WebKit vulnerability that allows attackers to craft malicious Web content to load malware on affected devices. | Malware Vulnerability | ||
|
2022-08-31 16:00:00 | TikTok for Android Bug Allows Single-Click Account Hijack (lien direct) | A security vulnerability (CVE-2022-28799) in one of TikTok for Android's deeplinks could affect billions of users, Microsoft warns. | Vulnerability | ||
|
2022-08-30 13:33:35 | Google Expands Bug Bounties to Its Open Source Projects (lien direct) | The search engine giant's Vulnerability Rewards Program now covers any Google open source software projects - with a focus on critical software such as Go and Angular. | Vulnerability | ||
|
2022-08-23 14:00:00 | Apathy is Your Company\'s Biggest Cybersecurity Vulnerability - Here\'s How to Combat It (lien direct) | Make security training more engaging to build a strong cybersecurity culture. Here are four steps security and IT leaders can take to avoid the security disconnect. | Vulnerability Guideline | ★★ | |
|
2022-08-20 19:28:29 | DeepSurface Adds Risk-Based Approach to Vulnerability Management (lien direct) | DeepSurface's Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help. | Vulnerability | ||
|
2022-08-17 18:49:19 | Google Chrome Zero-Day Found Exploited in the Wild (lien direct) | The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation. | Vulnerability | ||
|
2022-08-16 14:39:57 | Windows Vulnerability Could Crack DC Server Credentials Open (lien direct) | The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim. | Vulnerability | ||
|
2022-08-15 18:56:45 | Most Q2 Attacks Targeted Old Microsoft Vulnerabilities (lien direct) | The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago. | Vulnerability | ||
|
2022-08-12 20:18:21 | Patch Madness: Vendor Bug Advisories Are Broken, So Broken (lien direct) | Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs. | Vulnerability | ||
|
2022-08-11 23:54:33 | Microsoft: We Don\'t Want to Zero-Day Our Customers (lien direct) | The head of Microsoft's Security Response Center defends keeping its initial vulnerability disclosures sparse -- it is, she says, to protect customers. | Vulnerability | ||
|
2022-08-08 14:20:00 | We Have the Tech to Scale Up Open Source Vulnerability Fixes - Now It\'s Time to Leverage It (lien direct) | Q&A with Jonathan Leitschuh, inaugural HUMAN Dan Kaminsky Fellow, in advance of his upcoming Black Hat USA presentation. | Vulnerability | ||
|
2022-08-04 20:36:33 | Time to Patch VMware Products Against a Critical New Vulnerability (lien direct) | A dangerous VMware authentication-bypass bug could give threat actors administrative access over virtual machines. | Vulnerability Threat | ||
|
2022-08-04 18:35:41 | High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover (lien direct) | The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users. | Vulnerability | ||
|
2022-07-27 23:10:52 | Overcoming the Fail-to-Challenge Vulnerability With a Friendly Face (lien direct) | Ahead of their Black Hat USA talk in August, Simon Pavitt and Stephen Dewsnip explain the value of helping people practice cyber defense via a "malicious floorwalker" exercise. | Vulnerability | ★★★★ | |
|
2022-07-26 17:00:00 | How Risk-Based Vulnerability Management Has Made Security Easier (lien direct) | Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort. | Vulnerability | ||
|
2022-07-18 17:55:01 | WordPress Page Builder Plug-in Under Attack, Can\'t Be Patched (lien direct) | An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn. | Vulnerability | ||
|
2022-07-14 20:43:13 | DHS Review Board Deems Log4j an \'Endemic\' Cyber Threat (lien direct) | Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says. | Vulnerability Threat | ||
|
2022-07-13 19:39:00 | The 3 Critical Elements You Need for Vulnerability Management Today (lien direct) | Most organizations are flying blind when remediating vulnerabilities. We lack the tooling to secure software fast enough. We need a new approach to vulnerability management now. | Vulnerability | ||
|
2022-07-13 14:54:51 | Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication (lien direct) | The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials. | Vulnerability | ||
|
2022-06-30 15:17:15 | Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration (lien direct) | An unauthenticated remote code execution vulnerability found in Zoho's compliance tool could leave organizations exposed to an information disclosure catastrophe, new analysis shows. | Tool Vulnerability | ||
|
2022-06-28 17:58:36 | Atlassian Confluence Exploits Peak at 100K Daily (lien direct) | Swarms of breach attempts against the Atlassian Confluence vulnerability are likely to continue for years, researchers say, averaging 20,000 attempts daily as of this week. | Vulnerability | ||
|
2022-06-28 13:00:00 | New Vulnerability Database Catalogs Cloud Security Issues (lien direct) | Researchers have created a new community website for reporting and tracking security issues in cloud platforms and services - plus fixes for them where available. | Vulnerability | ★★★ | |
|
2022-06-24 21:32:18 | Why We\'re Getting Vulnerability Management Wrong (lien direct) | Security is wasting time and resources patching low or no risk bugs. In this post, we examine why security practitioners need to rethink vulnerability management. | Vulnerability Patching | ||
|
2022-06-13 13:59:07 | DoS Vulnerability Allows Easy Envoy Proxy Crashes (lien direct) | The DoS vulnerability allows an attacker to create a Brotli "zip bomb," resulting in acute performance issues on Envoy proxy servers. | Vulnerability | ||
|
2022-06-02 20:54:49 | Research Reveals 75% of CISOs Are Worried Too Many Application Vulnerabilities Leak Into Production, Despite a Multi-Layered Security Approach (lien direct) | 79% of CISOs say continuous runtime vulnerability management is an essential capability to keep up with the expanding complexity of modern multi-cloud environments. | Vulnerability | ||
|
2022-05-31 17:08:46 | New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada (lien direct) | For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs. | Vulnerability | ||
|
2022-05-16 16:30:10 | Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut (lien direct) | Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear. | Vulnerability | ||
|
2022-05-10 15:36:55 | Onapsis Announces New Offering to Jumpstart Security for SAP Customers (lien direct) | Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications . | Vulnerability | ||
|
2020-10-05 16:45:00 | Android Camera Bug Under the Microscope (lien direct) | Critical Android vulnerability CVE-2019-2234 could enable attackers to take control of a victim's camera and take photos, record videos, and learn location. | Vulnerability | ||
|
2020-07-29 17:40:00 | \'BootHole\' Vulnerability Exposes Secure Boot Devices to Attack (lien direct) | A flaw in the GRUB2 bootloader affects most Linux devices and some Windows computers using UEFI Secure Boot. | Vulnerability | ||
|
2020-06-23 15:35:00 | (Déjà vu) Twitter Says Business Users Were Vulnerable to Data Breach (lien direct) | The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. | Data Breach Vulnerability | ||
|
2020-06-23 15:35:00 | Twitter Says Biz Users Were Vulnerable to Data Breach (lien direct) | The now-patched vulnerability left business users' personal information in web browser caches for anyone to find. | Data Breach Vulnerability | ||
|
2020-05-11 15:20:00 | Researchers Analyze Oracle WebLogic Flaw Under Attack (lien direct) | Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server. | Vulnerability | ||
|
2020-02-18 10:55:00 | 1.7M Nedbank Customers Affected via Third-Party Breach (lien direct) | A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank. | Vulnerability |
To see everything:
Our RSS (filtrered)
