What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-09-04 10:48:58 | Préoccupations de cybersécurité dans l'IA: Vulnérabilités des drapeaux NCSC dans les chatbots et les modèles de langue Cybersecurity Concerns In AI: NCSC Flags Vulnerabilities In Chatbots And Language Models (lien direct) |
L'adoption croissante de modèles de grandes langues (LLMS) comme Chatgpt et Google Bard s'est accompagné de l'augmentation des menaces de cybersécurité, en particulier des attaques d'injection et d'empoisonnement des données rapides.Le National Cyber Security Center du Royaume-Uni (NCSC) a récemment publié des conseils sur la relève de ces défis.Comprenant les attaques d'injection rapides similaires aux menaces d'injection SQL, les attaques d'injection rapides manipulent l'IA [& # 8230;]
The increasing adoption of large language models (LLMs) like ChatGPT and Google Bard has been accompanied by rising cybersecurity threats, particularly prompt injection and data poisoning attacks. The U.K.\'s National Cyber Security Centre (NCSC) recently released guidance on addressing these challenges. Understanding Prompt Injection Attacks Similar to SQL injection threats, prompt injection attacks manipulate AI […] |
Vulnerability | ChatGPT ChatGPT | ★★ |
|
2023-08-01 13:34:40 | Everlast, célèbre marque d'équipement de boxe, ciblé dans la cyberattaque audacieuse liée au plus grand braquage de banque en ligne de World \\ Everlast, Famous Boxing Equipment Brand, Targeted In Daring Cyberattack Linked to World\\'s Largest Online Bank Heist (lien direct) |
Everlast, la célèbre marque d'équipement de boxe américain, a récemment été victime d'une cyberattaque effrontée orchestrée par un cybergang associé à la plus grande basse banque en ligne du monde.Les attaquants ont infiltré la boutique en ligne des Everlast, capturant discrètement les données de carte de crédit pendant le processus de paiement.Étonnamment, cette vulnérabilité reste active à mesure que les événements continuent de se dérouler.L'enquête expose une attaque sophistiquée [& # 8230;]
Everlast, the renowned American boxing equipment brand, recently fell victim to a brazen cyberattack orchestrated by a cybergang associated with the world’s biggest online bank heist. The attackers infiltrated Everlast’s online shop, discreetly capturing credit card data during the checkout process. Shockingly, this vulnerability remains active as events continue to unfold. Investigation Exposes Sophisticated Attack […] |
Vulnerability | ★★★★ | |
|
2023-04-22 14:11:01 | Résumé des nouvelles et des événements qui se sont produits cette semaine Summary Of News And Events That Happened This Week (lien direct) |
Voici un aperçu des nouvelles et des événements qui se sont produits au cours de la semaine.L'application chinoise utilise une faille Android pour espionner les utilisateurs, la CISA avertit qu'une grande entreprise de sécurité américaine a donné au gouvernement jusqu'au 4 mai pour corriger une vulnérabilité zéro-jour qui a permis aux logiciels de commerce électronique d'écouter les clients.Le CVE-2023-20963 a été ajouté à la CISA connue [& # 8230;]
Here is a rundown of news and events that happened over the week. Chinese App Uses Android Flaw To Spy On Users, CISA Warns A top US security firm has given the government until May 4 to patch a zero-day vulnerability that allowed e-commerce software to eavesdrop on customers. CVE-2023-20963 was added to CISA’s Known […] |
Vulnerability | ★★ | |
|
2023-04-17 15:24:25 | L'application chinoise utilise une faille Android pour espionner les utilisateurs, prévient CISA Chinese App Uses Android Flaw To Spy On Users, CISA Warns (lien direct) |
L'application chinoise pour le commerce électronique Pinduoduo est soupçonnée d'avoir utilisé une vulnérabilité Android de haute sévérité comme un jour zéro pour espionner ses utilisateurs, conformément à l'agence américaine de sécurité de cybersécurité et d'infrastructure (CISA).Pour les appareils Android non corrigées, ce trou de sécurité dans le cadre Android (identifié comme CVE-2023-20963) permet aux attaquants d'augmenter leurs privilèges sans [& # 8230;]
The Chinese app for e-commerce Pinduoduo is suspected of having used a high-severity Android vulnerability as a zero-day to spy on its users, in line with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). For unpatched Android devices, this security hole in the Android Framework (identified as CVE-2023-20963) enables attackers to increase their privileges without […] |
Vulnerability | ★★★★ | |
|
2023-03-15 15:56:13 | Rubrik Admits Data Theft In GoAnywhere Zero-Day Attack (lien direct) | The secure file transfer platform Fortra GoAnywhere has a zero-day vulnerability that was used to steal data, according to cybersecurity company Rubrik. The company stated that it had been the target of a widespread attack employing a zero-day vulnerability targeting GoAnywhere MFT devices all around the world, according to a statement from Rubrik CISO Michael […] | Vulnerability | ★★★ | |
|
2023-02-23 13:20:53 | (Déjà vu) Google Paid Security Researchers Bug Bounties Of $12 Million (lien direct) | With the Vulnerability Reward Program, Google last year awarded its highest bug bounty ever for an important exploit chain disclosure that the business valued at $605,000. For a total of more than 2,900 vulnerabilities in its products that security researchers found and disclosed, Google spent over $12 million. In 2022, Google released the Vulnerability Reward […] | Vulnerability | ★ | |
|
2023-02-09 09:50:12 | 20 Powerful Vulnerability Scanning Tools In 2023 (lien direct) | Vulnerability scanning is the process of using automated tools to identify potential security weaknesses and vulnerabilities in an organization’s infrastructure. It is an essential step in maintaining the security of a system as it helps identify any potential points of attack or entry for malicious actors. In 2023, vulnerability scanning will be more essential than […] | Vulnerability | ★★★ | |
|
2023-02-03 10:44:42 | Vulnerability in F5 BIG-IP May Cause DoS and Code Execution (lien direct) | An authenticated attacker could use a high-severity format string vulnerability in BIG-IP to cause a denial-of-service (DoS) condition and possibly execute arbitrary code, according to a warning from F5. The security flaw, identified as CVE-2023-22374, affects iControl SOAP, an open API that permits system communication and is run as root. Administrative accounts are the only […] | Vulnerability | ★★★ | |
|
2023-01-31 09:53:46 | (Déjà vu) $27,000 Awarded By Meta As Bounty For 2FA Bypass Vulnerability (lien direct) | A researcher has revealed the specifics of a 2FA bypass issue affecting Instagram and Facebook. A researcher has revealed the specifics of a two-factor authentication (2FA) flaw for which Facebook parent company Meta offered him a $27,000 bug bounty. In September 2022, Gtm Manoz of Nepal noticed that a system created by Meta for validating […] | Vulnerability | ★ | |
|
2022-11-08 14:07:04 | British Govt Now Scanning All Internet Devices Hosted In UK – Expert Comments (lien direct) | The UK's National Cyber Security Centre (NCSC) has begun scanning all Internet-exposed devices hosted in the UK for vulnerabilities. As described on the NCSC Scanning information site: As part of the NCSC's mission to make the UK the safest place to live and do business online, we are building a data-driven view of “the vulnerability […] | Vulnerability | ||
|
2022-10-28 10:40:22 | Supply Chain Attacks Or Vulnerabilities Experienced By 80% Of Organisations (lien direct) | It has been reported that four out of five (80%) organisations have been notified of a vulnerability or attack in their supply chain of software in the past 12 months, according to new research. The survey of 1500 IT decision makers and cybersecurity leaders across the UK, North America, and Australia demonstrated the significant impact […] | Vulnerability Guideline | ||
|
2022-10-07 10:41:18 | (Déjà vu) Comment: Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack (lien direct) | Code security company SonarSource has published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community. Packagist is the default repository for PHP dependency manager Composer, aggregating public PHP packages that can be installed using Composer. Each month, Composer is used to download more than […] | Vulnerability | ||
|
2022-07-25 12:23:44 | Google Chrome Zero-day Vulnerability Discovered By Avast (lien direct) | Avast recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East in a highly targeted way. Specifically, the Avast Threat Intelligence team found out that in Lebanon, journalists were among the targeted parties, and further targets were located […] | Vulnerability Threat | ★★★ | |
|
2022-07-18 11:30:02 | Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability – Expert Comments (lien direct) | The Wordfence Threat Intelligence team is reporting on a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This is an ongoing campaign targeting an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which though previously disclosed, had not been patched they closed the plugin. “As the plugin was closed without a patch, all versions […] | Vulnerability Threat | ||
|
2022-07-01 14:17:57 | (Déjà vu) UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers (lien direct) | It has been reported that a new security vulnerability has been disclosed in RARlab’s UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that […] | Hack Vulnerability | ||
|
2022-05-31 17:27:14 | Microsoft Vulnerability Named Follina (lien direct) | Following the exposure of the Microsoft Office vulnerability mentioned yesterday by the SANS Institute, the vulnerability has been named Follina, and Microsoft is aware of it. Researchers at the SANS Institute have provided further advice on how to tackle the threat below. Researchers at SANS Institute said: How it works: “Malicious Office documents are a […] | Vulnerability Threat | ||
|
2022-05-10 13:30:57 | Horizon3ai Publishes Root Cause Of CVE-2022-1388, F5\'s BIG-IP iControl REST Endpoint Critical Vulnerability (lien direct) | F5 recently patched a critical vulnerability in their BIG-IP iControl REST endpoint CVE-2022-1388. This vulnerability is particularly worrisome for users because it is simple to exploit and provides an attacker with a method to execute arbitrary system commands. Attack engineers with Horizon3ai discovered the root cause of the vulnerability and have published an examination of its inner […] | Vulnerability | ★★★★ | |
|
2022-05-06 12:17:16 | Security Advisory Issued For Critical F5 Vulnerability (lien direct) | It has been reported that F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. Its exploitation […] | Vulnerability | ★★★★ | |
|
2022-05-06 11:53:51 | Breaking: Expert OpenSea Phishing Vulnerability (lien direct) | OpenSea has announced a vulnerability and is advising all to avoid clicking on a suspicious link. This is not the first time OpenSea has had a phishing-related incident and shows the need for greater care in our own security. | Vulnerability | ★★★★ | |
|
2022-04-14 14:03:40 | Microsoft\'s RPC Remote Code Execution CVE Update Vulnerability (lien direct) | In response to Microsoft's “Patch Tuesday” update revealing a new RPC Remote Code Execution CVE that affects numerous servers and workstation versions of Microsoft Windows, Information Security Experts reacted below. | Vulnerability | ||
|
2022-04-12 10:48:32 | CyRC Vulnerability Advisory: Stored XSS In Directus (lien direct) | CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus. Overview Synopsys Cybersecurity Research Center (CyRC) research has identified a stored cross-site scripting (XSS) vulnerability in Directus, a popular open source headless content management system (CMS) built in JavaScript. Directus is a web-based admin application that allows […] | Vulnerability Guideline | ||
|
2022-04-01 11:04:50 | Experts Insight On Spring4Shell Vulnerability (lien direct) | Following the news that a new zero-day vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed, please see below comments from security experts. | Vulnerability | ||
|
2022-03-29 13:36:17 | 2 New Security Incidents Happening Now (lien direct) | Google Chrome Zero-Day Attack Google Chrome experienced a zero-day attack (a zero-day attack is when a threat actor exploits a vulnerability before software developers are aware and can find a fix). The attack was reported to Google by an anonymous security researcher, and Google acknowledges that it is actively exploited in the wild. Google released […] | Vulnerability Threat | ||
|
2022-03-28 09:52:31 | Honda Bug Lets A Hacker Unlock And Start Your Car via Replay Attack (lien direct) | It has been reported that researchers have disclosed a ‘replay attack’ vulnerability affecting select Honda and Acura car models, that allows a nearby hacker to unlock your car and even start its engine from a short distance. The attack consists of a threat actor capturing the RF signals sent from your key fob to the car and resending […] | Vulnerability Threat | ||
|
2022-03-16 11:52:08 | QNAP Warns Severe Linux Bug Affects Most Of Its NAS Devices (lien direct) | In Local Privilege Escalation Vulnerability in Linux (Dirty Pipe), Taiwanese hardware vendor QNAP is reporting that most of its (NAS) devices are vulnerable to a high severity Linux vulnerability which allows local access users to gain root privileges. Excerpts: A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the […] | Vulnerability | ||
|
2022-03-09 12:24:11 | Comment: Chinese Spies Hacked A Livestock App To Breach US State Networks (lien direct) | It has been reported that cyber researchers have revealed a long-running hacking campaign that breached at least six US state governments over the past year. Chinese cyberespionage group APT41 used a vulnerability in web-based software USAHERDS to penetrate at least two of those targets. It may have hit many more, given that 18 states run USAHERDS […] | Vulnerability Guideline | APT 41 | |
|
2022-03-09 12:17:31 | Expert Reacted On \'Dirty Pipe\' Linux Vulnerability (lien direct) | It has been reported that a cybersecurity researcher released the details of a Linux vulnerability that allows an attacker to overwrite data in arbitrary read-only files. The vulnerability — CVE-2022-0847 — was discovered by Max Kellermann in April 2021, but it took another few months for him to figure out what was actually happening. Kellermann explained that the vulnerability affects […] | Vulnerability | ||
|
2022-03-04 10:50:25 | (Déjà vu) Log4Shell Threat Far From Gone: Attackers Continue To Target Vulnerability (lien direct) | The quantity of cyber-attacks targeting the Log4Shell complex of vulnerabilities in Log4j still remains extremely high, according to new Threat Spotlight analysis from Barracuda Networks. The Log4Shell vulnerabilities have now been around for more than two months, and Barracuda researchers observed that the volume of attacks attempting to exploit these vulnerabilities has remained relatively constant, […] | Vulnerability Threat | ★★★★★ | |
|
2022-03-03 20:37:37 | Critical GitLab Vulnerability Could Allow Attackers To Steal Runner Registration Tokens (lien direct) | It has been reported that critical vulnerability in both GitLab Community and Enterprise Edition could enable an attacker to steal runner registration tokens. The vulnerability, which affects all versions from 12.10 to 14.6.4, all versions starting from 14.7 to 14.7.3, and all versions starting from 14.8 to 14.8.1, was announced in a security advisory from GitLab. If exploited, an […] | Vulnerability | ||
|
2022-02-10 12:57:00 | $100K Bounty To Hack ExpressVPN – YouAttest Comments (lien direct) | Express VPN is challenging researchers to crack into their TrustedServer challenging researchers to crack into their TrustedServer system with a $100K bug bounty. $100K Ground Rules: The first person to submit a valid vulnerability will receive an additional US$100,000 bonus bounty. This bonus will be valid until the prize has been claimed. Avoid violating the […] | Hack Vulnerability | ||
|
2021-07-01 13:08:19 | Peloton Vulnerability | Expert Reaction (lien direct) | BACKGROUND: McAfee finds security vulnerabilities in Peloton products. BACKGROUND: McAfee finds security vulnerabilities in Peloton products. | Vulnerability | ||
|
2021-07-01 13:03:32 | (Déjà vu) Hackers Use Zero-day To Mass-wipe My Book Live Devices (lien direct) | BACKGROUND: A zero-day vulnerability in Western Digital My Book Live NAS device has allowed a threat actor to perform a mass-factory reset of devices last week including admin passwords. Once… | Vulnerability Threat | ||
|
2021-06-15 11:31:04 | Serious Vulnerability in Microsoft Teams That Could Expose Confidential Files (lien direct) | It has been disclosed that a serious vulnerability in Microsoft Teams has been discovered by Tenable’s Zero-Day Research Team. By abusing PowerApps functionality (a separate product used within Teams for building and using custom… | Vulnerability | ||
|
2021-05-18 13:33:06 | (Déjà vu) Experts Reaction on guard.me Data Breach (lien direct) | The student health insurance carrier guard.me has taken their website offline after a vulnerability allowed a threat actor to access policyholders’ personal information. The website is one of the largest insurance providers… | Data Breach Vulnerability Threat | ||
|
2021-05-10 09:40:09 | Security Expert Re: Qualcomm Vulnerability Affects 40% Of Mobile Phones (lien direct) | Researchers identified a high severity security vulnerability found in Qualcomm’s Mobile Station Modem (MSM) chips, (including the latest 5G-capable versions), that could enable attackers to access mobile phone users’ text… | Vulnerability | ||
|
2021-04-30 19:04:15 | Anti-vax Hijack Shows QR Code Vulnerability (lien direct) | Quick-response (QR) codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website,… | Vulnerability | ★★★★★ | |
|
2021-04-29 14:40:44 | 77% of Q1 Ransomware Attacks Threaten Exfiltration – Experts Reaction (lien direct) | BACKGROUND: A new report- Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound from Coveware 's Quarterly Ransomware Report, Coveware notes “Data exfiltration extortion continues to be prevalent and we have… | Ransomware Vulnerability | ||
|
2021-04-29 12:44:03 | Security Expert Re: New Vulnerability Found in Linux Kernel (lien direct) | BACKGROUND: Cisco Talus discovered an information-disclosure security vulnerability in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. BACKGROUND: Cisco Talus discovered an… | Vulnerability | ||
|
2021-04-16 15:22:52 | Expert Advice Developers to Improve Software Security After NAME:WRECK Disclosure (lien direct) | The NAME:WRECK vulnerability disclosure showed the complexities developers are navigating through today. It remains to be seen if malicious actors have taken advantage of the vulnerabilities, but the scale of… | Vulnerability | ||
|
2021-03-26 10:53:40 | Security Expert Reacted On Facebook For Wordpress Vulnerabilities (lien direct) | Two severe vulnerabilities have been patched in Facebook for WordPress Plugin, which has been installed on over 500,000 websites. An attacker exploiting the most severe vulnerability could supply the plugin with… | Vulnerability | ||
|
2021-03-16 13:34:01 | Msoft Exchange Exploit Leads To 10X Attack Increase (lien direct) | Check Point Research has issued findings showing that the ongoing Microsoft Exchange zero-day vulnerability attacks have resulted in attacks increasing ten-fold – from 700 on March 11 to over 7,200 on March… | Vulnerability | ||
|
2021-03-11 12:36:06 | Security Flaw In Popular iPhone App Exposes Call Recordings Of Thousands (lien direct) | A popular iPhone call recording app exposed the recordings of thousands of users data, a security researcher at PingSafe has found. The Call Recorder app contains a security vulnerability that enabled third-parties… | Vulnerability | ||
|
2021-03-04 14:36:33 | Qualys Hit With Ransomware And Customer Invoices Leaked (lien direct) | Infosec outfit Qualys, its cloud-based vulnerability detection technology, and SSL server test webpage have seemingly fallen victim to a ransomware attack. Files appearing to originate from Qualys, including customer invoices,… | Ransomware Vulnerability | ||
|
2021-02-17 10:29:15 | Expert Reaction On SHAREit Recent Vulnerabilities (lien direct) | A vulnerability is found on the popular Android app SHAREit, a mobile that allows users to share files with friends or between personal devices. The vulnerability allows an adversary to… | Vulnerability | ||
|
2021-02-11 09:45:11 | Old Security Vulnerability Left Millions Of Internet Of Things Devices Vulnerable To Attacks (lien direct) | It has been reported that vulnerabilities in the communications protocols used by millions of Internet of Things (IoT) and operational technology (OT) devices could allow cyber attackers to intercept and… | Vulnerability | ||
|
2021-02-04 21:02:57 | (Déjà vu) Expert Advise On Latest macOS Root Privilege Escalation Flaw (lien direct) | A recently discovered heap-based buffer overflow vulnerability in Linux SUDO also impacts the latest version of Apple macOS Big Sur, with no patch available yet. This bug will allow the… | Vulnerability | ||
|
2021-02-03 16:19:09 | What Expert Says On VMWare ESXi Vulnerability To Encrypt Virtual Hard Disks (lien direct) | A criminal group that deployed the RansomExx ransomware is actively exploting the vulnerabilities in VMWare ESXi to encrypt the victim’s virtual hard drive. A senior security engineer commented below on… | Ransomware Vulnerability | ||
|
2021-01-27 08:34:24 | Experts On North Korea Hacking Campaign Response (lien direct) | In response to the recent Google discovery of a state-backed hacking campaign by North Korea targeting security researchers engaging in vulnerability research, cyber security experts commented below. In response to… | Vulnerability | ||
|
2021-01-14 13:14:04 | Expert Insight On Critical “Orbit Fox” WordPress Plugin Vulnerability (lien direct) | Two vulnerabilities have been found in the WordPress plugin “Orbit Fox by ThemeIsle” used by more than 400,000 sites. One made it possible for attackers with contributor level access or above… The ISBuzz Post: This Post Expert Insight On Critical “Orbit Fox” WordPress Plugin Vulnerability | Vulnerability | ||
|
2021-01-13 11:41:13 | SaferVPN Hit By Major Security Vulnerability (lien direct) | A new vulnerability in the VPN service SaferVPN is discovered that could allow for local privilege escalation on Windows systems. The researcher mmht3t disovered this vulnerability and briefly exploited as below:… The ISBuzz Post: This Post SaferVPN Hit By Major Security Vulnerability | Vulnerability |
To see everything:
Our RSS (filtrered)
