What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-12-20 16:30:03 | (Déjà vu) Microsoft Releases Out-of-Band Security Update For Internet Explorer RCE Zero-Day (lien direct) | It has been reported that Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer. This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being used in targeted attacks. According to Microsoft’s security bulletin this is vulnerability in … The ISBuzz Post: This Post Microsoft Releases Out-of-Band Security Update For Internet Explorer RCE Zero-Day | Vulnerability Threat | ||
|
2018-12-12 19:30:05 | Marriott International Data Breach (lien direct) | Following the recent Marriott International data breach, whereby the records of 500 million people were compromised, global chains and SMBs alike should be looking even harder than ever to protect their networks from cybercriminals. Please see below for commentary from Rachel Rothwell, Zyxel Regional Director, Southern Europe and UK which looks at the vulnerability of our personal … The ISBuzz Post: This Post Marriott International Data Breach | Data Breach Vulnerability | ||
|
2018-12-11 15:30:05 | Edge Testing Solutions Brings Comprehensive Security Offering To UK Customers (lien direct) | Risk and vulnerability assessments introduced to assist the development of effective security strategies One of the UK's fastest growing and largest independent software testing companies, Edge Testing Solutions, part of Eurofins Digital Testing, is offering UK clients access to a new Security Division – Eurofins Cyber Security. The new division boasts approximately 100 security experts … The ISBuzz Post: This Post Edge Testing Solutions Brings Comprehensive Security Offering To UK Customers | Vulnerability | ||
|
2018-12-05 18:38:00 | Kubernetes Security Flaw Could Enable Remote Hacking (lien direct) | It has been reported that a severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Andrew van der Stock, Senior Principal Consultant at Synopsys: “APIs make the friction of doing business much less. We expect to see continued explosive growth of APIs … The ISBuzz Post: This Post Kubernetes Security Flaw Could Enable Remote Hacking | Vulnerability | Uber | |
|
2018-11-21 17:30:05 | (Déjà vu) Over 78% Of Australian And New Zealand Magento At Risk From Hackers Due To Simple Security Oversight (lien direct) | Security web scans and analysis on over 4,500 Australian and New Zealand Magento websites, the most popular e-commerce platform globally, reveal over 78% are at high risk from cyber criminals, according to leading global cybersecurity experts. The latest survey carried out by Foregenix identifies the most significant vulnerability for Australian and New Zealand SMEs' are hackers looking … The ISBuzz Post: This Post Over 78% Of Australian And New Zealand Magento At Risk From Hackers Due To Simple Security Oversight | Vulnerability Guideline | ||
|
2018-11-13 23:27:04 | Critical Flaw in GDPR Plug-In For WordPress (lien direct) | Hackers have been found exploiting a critical security vulnerability that affects a GDPR plug-in for WordPress to take control over vulnerable websites according to security researchers at Wordfence. Alex Calic, Strategic Technology Partnerships Officer at The Media Trust: “These attacks show that bad actors are always on the lookout for vulnerable third parties that serve multiple … The ISBuzz Post: This Post Critical Flaw in GDPR Plug-In For WordPress | Vulnerability | ||
|
2018-11-13 15:15:03 | Adobe ColdFusion Flaw (lien direct) | Hackers are exploiting a remote code vulnerability in Adobe Cold Fusion that a patch was recently issued for according to researchers at Volexity. Justin Jett, Director of Audit and Compliance at Plixer: “The recent Adobe ColdFusion flaw that has been exploited recently is another example of how quickly malicious actors are to take advantage of … The ISBuzz Post: This Post Adobe ColdFusion Flaw | Vulnerability | ||
|
2018-11-09 19:30:03 | VirtualBox Zeroday (lien direct) | Following the news that a security researcher has announced a zeroday in Oracle’s VirtualBox virtualization software, Craig Young, security researcher at Tripwire commented below. Craig Young, Security Researcher at Tripwire: “The vulnerability is in the implementation of a virtual Intel E1000 compatible network adapter. The write-up demonstrates how an attacker with permissions to load Linux kernel modules … The ISBuzz Post: This Post VirtualBox Zeroday | Vulnerability | ||
|
2018-11-09 18:07:01 | The Vulnerabilities Of Hardware-Based Disk Encryption (lien direct) | Bernard Parsons, CEO and Co-Founder of Becrypt: The security and vulnerability of hardware-based disk encryption of solid-state drives (SSDs) has been forensically probed recently, as the relevance of data breaches continues to increase. Established thinking has pointed to the security offered by hardware-based encryption as being similar to, or superior than, software-based encryption methods. The current … The ISBuzz Post: This Post The Vulnerabilities Of Hardware-Based Disk Encryption | Vulnerability | ||
|
2018-11-05 21:00:01 | 81K Facebook Account Private Messages For Sale On Dark Web (lien direct) | The news dropped that criminals are selling the private messages of 81,000 Facebook account for 10 cents per account on the Dark Web. These bad actors also have access to the information of 120M Facebook users. Rich Campagna, CMO at Bitglass: “Malicious browser extensions highlight the harsh reality that an unknown vulnerability can pose a major threat … The ISBuzz Post: This Post 81K Facebook Account Private Messages For Sale On Dark Web | Vulnerability Threat | ||
|
2018-10-31 18:47:05 | DemonBot DDoS Malware (lien direct) | Last week, news broke that an unsophisticated Linux-based botnet dubbed DemonBot is targeting exposed cloud servers using a vulnerability in Hadoop's resource management tool to infect cloud servers with the botnet malware. Gavin Millard, VP of Intelligence at Product Marketing at Tenable “This isn’t the first time the YARN exploit has been used. Back in September … The ISBuzz Post: This Post DemonBot DDoS Malware | Malware Tool Vulnerability | ||
|
2018-10-29 12:30:03 | Critical Vulnerability Discovered In Popular Cisco WebEx Service (lien direct) | A new critical remote code execution vulnerability flaw has been discovered in Cisco’s WebEx online and video collaboration software. The vulnerability can allow malicious attackers to remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. Lane Thames, Senior Security Researcher at Tripwire: “This is an interesting vulnerability. I … The ISBuzz Post: This Post Critical Vulnerability Discovered In Popular Cisco WebEx Service | Vulnerability | ||
|
2018-10-25 21:30:01 | Another Windows Zero-Day Vulnerability Gets Disclosed On Twitter (lien direct) | It has been reported that another zero-day security hole in Windows 10 has been made public on Twitter. SandboxEscaper tweeted about the bug (and released a proof of concept), noting that it was difficult to exploit, but still unpatched. The vulnerability affects all flavors of Windows 10 – including the latest October 2018 Update, for those who have installed it – along … The ISBuzz Post: This Post Another Windows Zero-Day Vulnerability Gets Disclosed On Twitter | Vulnerability | ||
|
2018-10-10 13:45:01 | October Patch Tuesday (lien direct) | Greg Wiseman, Senior Security Researcher at Rapid7: “This month’s patches from Microsoft include fixes for 49 distinct vulnerabilities. One that's already been exploited in the wild is CVE-2018-8453, a privilege escalation vulnerability allowing an attacker to gain full control over a system as long as they first have a way to execute code on the … The ISBuzz Post: This Post October Patch Tuesday | Vulnerability | ||
|
2018-10-06 09:00:01 | CRITICALSTART\'s Section 8 Researchers Identify Vulnerability In Paessler\'s PRTG (lien direct) | Threat intelligence and penetration testing team finds local privilege escalation issue in network monitoring software CRITICALSTART, aleading provider of cybersecurity solutions, today announced its Section 8 threat intelligence and security research team identified a local privilege escalation vulnerability in Paessler's PRTG Network Monitor software. The Section 8 team followed standard vulnerability reporting procedures and alerted Paessler back in July … The ISBuzz Post: This Post CRITICALSTART's Section 8 Researchers Identify Vulnerability In Paessler's PRTG | Vulnerability Threat Guideline | ||
|
2018-09-29 10:30:01 | Industry Leaders Reaction on Recent Facebook Hack (lien direct) | It is being reported that Facebook said an attack on its computer network led to the exposure of information from nearly 50 million of its users. The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook's code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials. More … The ISBuzz Post: This Post Industry Leaders Reaction on Recent Facebook Hack | Hack Vulnerability Guideline | ||
|
2018-09-13 13:30:01 | Tesla\'s Remote Fix For Its Model S Key Fob Vulnerability Is A Positive Sign For The Auto Industry (lien direct) | Tesla Model S key fob system is vulnerable to spoofing attacks, Craig Smith, Rapid7's research director of transportation security, commented below on this report. According to reports, researchers identified a flaw which would allow attackers to steal a Tesla simply by walking past the owner and cloning his/her key. The malicious actor would have to first identify the … The ISBuzz Post: This Post Tesla’s Remote Fix For Its Model S Key Fob Vulnerability Is A Positive Sign For The Auto Industry | Vulnerability | Tesla | |
|
2018-09-13 12:40:00 | Over 60 Vulnerabilities Patched In Microsoft September Updates (lien direct) | Tripwire's Vulnerability and Exposure Research Team (VERT) have uncovered and investigated many of the vulnerabilities found within the Microsoft September 2018 Security Updates. Tripwire identified three vulnerabilities as critical with exploitation more likely. One of these is the vulnerability CVE-2018-8440, which takes advantage of a flaw in the task scheduler ALPC (Advanced Local Procedure Call) to … The ISBuzz Post: This Post Over 60 Vulnerabilities Patched In Microsoft September Updates | Vulnerability | ||
|
2018-09-12 17:55:04 | September Patch Tuesday (lien direct) | Chris Goettl, Director of Product Management, Security at Ivanti: This month has a light third party line-up with a couple of non-Microsoft updates for Adobe Flash and Google Chrome with a moderate Microsoft line-up. Microsoft released fixes for 61 unique CVEs this month including the fix for the ALPC Elevation of Privilege vulnerability (CVE-2018-8440) that … The ISBuzz Post: This Post September Patch Tuesday | Vulnerability | ||
|
2018-09-05 15:30:01 | New “Cronix” Crytpo Mining Campaign (lien direct) | F5 Labs just detected a new Monero crypto mining campaign that exploits the latest Apache Struts 2 critical RCE vulnerability. Responsibly disclosed just two weeks ago by Semmle, known threat actors weaponized a PoC exploit published on GitHub and are currently exploiting the vulnerability to deploy “xmrigCC” crypto-miner. Of note, just a year and a … The ISBuzz Post: This Post New “Cronix” Crytpo Mining Campaign | Vulnerability Threat | ||
|
2018-08-29 19:30:03 | Microsoft Windows Zero-Day Vulnerability (lien direct) | Yesterday news broke of a Microsoft Windows zero-day vulnerability with no workaround. There seems to be no patch available and the vulnerability is found in nearly ubiquitous software. IT security experts commented below. Allan Liska, Security Solutions Architect at Recorded Future: “The 64-bit versions of Microsoft Windows 10 and Windows Server 2016 both suffer from … The ISBuzz Post: This Post Microsoft Windows Zero-Day Vulnerability | Vulnerability | ||
|
2018-08-28 14:30:00 | Vulnerability That 3Rd Party Website Extensions Pose (lien direct) | Third Party extensions for websites are a key target for cybercriminals as they are the place where critical customer and payment data flows through. Chris Olson, CEO at The Media Trust commented below. Chris Olson, CEO at The Media Trust: “The problem with third parties is that most remain unknown to website owners. Heavily trafficked online … The ISBuzz Post: This Post Vulnerability That 3Rd Party Website Extensions Pose | Vulnerability | ||
|
2018-07-27 21:38:02 | 268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited (lien direct) | Rapid7 conducted hundreds of simulated cyberattacks, and recently published the results in a study that showed at least one vulnerability was exploited in 84% of engagements. The study, titled “Under the Hoodie,” reflects 268 tests conducted across a number of industries. Justin Jett, Director of Audit and Compliance at Plixer: “With the latest results from Rapid7's Under … The ISBuzz Post: This Post 268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited | Vulnerability | ||
|
2018-07-26 23:23:04 | Critical Vulnerability In IBM Cloud Functions Serverless Platform (lien direct) | It has been reported that IBM has patched a critical vulnerability in Apache OpenWhisk, the open source serverless platform that IBM uses to run its cloud functions. This vulnerability allowed an attacker to replace a company’s serverless code with their own malicious code instead. Tim Mackey, Senior Technical Evangelist at BlackDuckbySynopsys: “OpenWhisk is an Apache Software Foundation project which provides a framework … The ISBuzz Post: This Post Critical Vulnerability In IBM Cloud Functions Serverless Platform | Vulnerability | ||
|
2018-07-12 18:31:03 | Organisations Pay $250K For Critical Security Bugs (lien direct) | HackerOne has today launched its 2018 Hacker-Powered Security Report, which is an annual study of the bug bounty and vulnerability disclosure ecosystem. The study analyses over 72,000 resolved security vulnerabilities, 1,000 customer bug bounty programs and more than $31 million in bounties awarded to hackers from over 100 countries. The full study can be found … The ISBuzz Post: This Post Organisations Pay $250K For Critical Security Bugs | Vulnerability | ||
|
2018-07-04 07:52:04 | Vulnerability Disclosure Policies and Bounty Program (lien direct) | In this video, Tulin discusses vulnerability disclosure policies and bounty program and what it means to organization. How the organization should develop an effective bounty program and what is required? * Part of Tulin’s CyberSec Talk. To view more videos in this series, visit here. Tulin SevginCyber Risk Management Lead, Senior Consultant Tulin is a … The ISBuzz Post: This Post Vulnerability Disclosure Policies and Bounty Program | Vulnerability Guideline | ||
|
2018-06-29 23:39:00 | Developers Rarely Feel Their Applications Could Be Targets (lien direct) | Hackers have exploited a web application vulnerability on a FastBooking server to install malware and pilfer data – such as names, email addresses, booking information and payment card data – on guests at hundreds of hotels. Mark Noctor, VP EMEA at Arxan Technologies, comments on this latest breach and explains just how risky application vulnerabilities … The ISBuzz Post: This Post Developers Rarely Feel Their Applications Could Be Targets | Malware Vulnerability | ||
|
2018-06-29 23:00:00 | Marketing Firm Exactis Exposes 340M Records + New Facebook Report (lien direct) | Marketing and data aggregation firm Exactis left a public server containing more than 340 million records–including phone numbers, emails and addresses, as well as 400 personal characteristics, like religion and hobbies–exposed. Setu Kulkarni, VP of Corporate Strategy at WhiteHat Security: “Interestingly, the researcher (who initially reported the vulnerability to Exactis and the FBI) got to the … The ISBuzz Post: This Post Marketing Firm Exactis Exposes 340M Records + New Facebook Report | Vulnerability | ||
|
2018-06-27 17:57:01 | Another Local Government Agency Hacked (lien direct) | The latest local government data breach has occurred in Midland, Texas where hackers leveraged a vulnerability in Superion's Click2Gov function in the payment server used to make online payments for utilities. Other cities might be affected as well including Beaumont, California, Oceanside California and Goodyear, Arizona. Ryan Wilk, VP of Customer Success: “Hackers will leverage … The ISBuzz Post: This Post Another Local Government Agency Hacked | Data Breach Vulnerability | APT 32 | |
|
2018-06-25 09:00:04 | Satori IoT Botnet Attacking D-Link DSL Routers (lien direct) | Hackers are leveraging a critical vulnerability in D-Link DSL routers in an attempt to make them part of Satori, a botnet that is used to take down websites and mine digital coins according to researchers at Netlab 360. Ashley Stephenson, CEO of Corero Network Security commented below. Ashley Stephenson, CEO at Corero Network Security: “At … The ISBuzz Post: This Post Satori IoT Botnet Attacking D-Link DSL Routers | Vulnerability | Satori Satori | |
|
2018-06-22 19:00:00 | 62% Of Enterprises Exposed To Sensitive Data Loss Via Firebase Vulnerability (lien direct) | HelpNet Security is today reporting findings by Appthority security researchers on a new vulnerability that leads to data exposures, not due to any code in the app, but to the app developers' failure to properly secure backend data stores (hence the name of the vuln, HospitalGown). The news story 3,000+ mobile apps leaking PII data from … The ISBuzz Post: This Post 62% Of Enterprises Exposed To Sensitive Data Loss Via Firebase Vulnerability | Vulnerability Guideline |
To see everything:
Our RSS (filtrered)
