What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-10-04 10:54:24 | La sécurité des gardiens devient une autorité de numérotation CVE Keeper Security Becomes a CVE Numbering Authority (lien direct) |
Aujourd'hui, Mothword Management Company Keeper Security a annoncé qu'elle avait été autorisée par le programme commun des vulnérabilités et expositions (CVE) en tant qu'autorité de numérotation CVE (CNA).Keeper est la première société de gestion de mot de passe à rejoindre cet effort mondial pour identifier, définir et cataloguer les vulnérabilités de cybersécurité divulguées publiquement.En tant que CNA, Keeper a la capacité de [& # 8230;]
Today, password management company Keeper Security has announced that it has been authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Keeper is the first password management company to join this global effort to identify, define and catalogue publicly-disclosed cybersecurity vulnerabilities. As a CNA, Keeper has the ability to […] |
Vulnerability | ★★ | |
|
2023-09-12 15:07:41 | Ne laisse pas la cybersécurité au hasard Don\\'t Leave Cybersecurity to Chance (lien direct) |
Dans l'ère numérique d'aujourd'hui, où les organisations s'appuient fortement sur la technologie et les données, garantissant de fortes pratiques de cybersécurité est primordiale, et un aspect souvent négligé, est le départ des membres du personnel.Le départ d'un employé peut introduire des vulnérabilités et des risques s'ils ne sont pas gérés correctement.L'établissement d'un processus bien défini pour les départs du personnel est crucial non seulement [& # 8230;]
In today’s digital age, where organisations heavily rely on technology and data, ensuring strong Cyber Security practices is paramount, and one often overlooked aspect, is the departure of staff members. The departure of an employee can introduce vulnerabilities and risks if not handled properly. Establishing a well-defined process for staff departures is crucial not only […] |
Vulnerability | ★★ | |
|
2023-07-28 15:37:17 | Movet Dergest: le fournisseur de services gouvernementaux américains Maximus Hit MOVEit latest: US Government services provider Maximus hit (lien direct) |
L'attaque Moveit est constamment évolue et cette semaine, une nouvelle mise à jour s'est produite.Maximus Inc., un fournisseur de services gouvernementaux américains est la dernière victime de l'exploitation de CloP Ransomware Gang \\ d'une vulnérabilité critique au sein du logiciel de transfert de fichiers Moveit de Progress Software Corp. \\.On estime que jusqu'à 11 millions de personnes ont eu [& # 8230;]
The MOVEit attack is constantly evolving and this week a new update has occurred. Maximus Inc., a US government services provider is the latest victim of the Clop ransomware gang\'s exploitation of a critical vulnerability within Progress Software Corp.\'s MOVEit file transfer software. It is estimated that as many as 11 million people have had […] |
Ransomware Vulnerability | ★★ | |
|
2022-09-02 10:10:28 | TikTok Vulnerability Discovered on Android (lien direct) | Researchers have discovered a critical vulnerability in the TikTok Android app which could allow hackers to hijack user accounts remotely. The vulnerability, CVE-2022-28799, was reported to the ByteDance owned company by Microsoft in February 2022. Tiktok quickly fixed the issue. It is estimated that the app has around 1.5billion downloads on the Play Store, however, […] | Vulnerability | ||
|
2022-08-19 11:21:50 | (Déjà vu) Ring App Vulnerability Urgently Patched by Amazon (lien direct) | Amazon have patched a high-severity security issue in its Ring app for Android in May that could have enabled a rogue application installed on a user’s device to access sensitive information and camera recordings. The Ring app for Android has over 10 million downloads. Application security firm Checkmarx explained that it identified a cross-site scripting […] | Vulnerability | ||
|
2022-07-25 10:18:53 | (Déjà vu) Hacker Selling Twitter Account Data of Millions of Users (lien direct) | A threat actor used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts. The data from the breach is now up for sale on a hacker forum for $30,000. A threat actor known as ‘devil’ said on a stolen data market that the database contains information […] | Vulnerability Threat | ||
|
2022-06-20 09:33:21 | WordPress Update Millions of Sites to patch a Critical Vulnerability Affecting the Ninja Forms Plugin (lien direct) | Content management system (CMS) provider WordPress has forcibly updated over a million sites in order to patch a critical vulnerability affecting the Ninja Forms plugin. The Wordfence threat intelligence team spotted the flaw in June and documented it in an advisory by the company on Thursday. The document said that the code injection vulnerability made […] | Vulnerability Threat | ||
|
2022-06-17 10:41:03 | (Déjà vu) Chinese Hackers Exploited Critical Security Vulnerability in Sophos Firewall (lien direct) | A sophisticated Chinese advanced persistent threat (APT) actor exploited a critical security vulnerability in Sophos’ firewall product that came to public attention earlier this year to infiltrate an unnamed South Asian target as part of a highly-targeted attack. Volexity said in a report, “the attacker implement[ed] an interesting web shell backdoor, create[d] a secondary form […] | Vulnerability Threat | ||
|
2022-06-16 09:17:42 | New Zimbra Bug Allows Data Stealing With No User Interaction (lien direct) | Technical details have emerged about a vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without user interaction or authentication. The security issue is currently being tracked as CVE-2022-27924 and impacts Zimbra releases 8.8x and 9.x for both open-source and commercial versions of the platform. Since the 10th […] | Vulnerability | ||
|
2022-06-09 09:17:56 | (Déjà vu) Unofficial Security Patch Released For Microsoft Zero-Day Vulnerability (lien direct) | As the Follina flaw continues to be exploited in the wild, an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Diagnostic Tool (MSDT) has been made available. Referenced as DogWalk, the issue relates to a path traversal flaw that, when a potential target opens a specially created “.diagcab” archive file that […] | Tool Vulnerability | ||
|
2022-06-07 10:19:31 | (Déjà vu) Motorola\'s Unisoc Chips Found to Contain Vulnerability (lien direct) | A critical vulnerability in the Unisoc Tiger T700 chips that power the Motorola Moto G20, E30 and E40 smartphones has been found by the cyber-threat intelligence firm Checkpoint Research (CPR). These components have been marked as threat vectors due to a stack overflow vulnerability. The Unisoc Tiger T700 chip replaced MediaTek’s chips in these devices […] | Vulnerability Threat | ||
|
2022-06-06 14:18:47 | Armis unveils Industry\'s first End-to-End Risk-Based Vulnerability Lifecycle Management (lien direct) | Last week, Armis announced Armis Asset Vulnerability Management (AVM), the only solution for risk-based vulnerability management that enables organisations to prioritise mitigation efforts across the entire asset attack surface. This includes IT, OT, ICS, IoMT, IIoT, Cloud and cellular-IoT, managed or unmanaged. The new solution strengthens the existing Armis Platform, which provides unified asset visibility […] | Vulnerability | ||
|
2022-06-06 11:41:11 | (Déjà vu) State-Backed Hackers Exploit Microsoft “Follina” Bug to Target U.S. and European Entities (lien direct) | A suspected state-aligned threat actor has been linked to a fresh set of attacks exploiting the Microsoft Office “Follina” vulnerability to target government entities across the U.S. and Europe. Proofpoint, an enterprise security firm, said that it blocked attempts at exploiting the remote code execution flaw. The flaw is being tracked CVE-2022-30190 (CVSS Score: 7.8). […] | Vulnerability Threat | ||
|
2022-05-05 10:21:16 | OWASP patches path traversal flaw (lien direct) | The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks. The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched […] | Vulnerability | ||
|
2022-04-05 15:23:56 | Armis Appoints Tom Gol as CTO for Research (lien direct) | Today, Armis announced the appointment of Tom Gol as CTO for Research. He will be reporting directly to Nadir Izrael, Global CTO and Co-founder at Armis. In this role, Tom will lead and oversee all research efforts as the company continues to solidify its place as a security leader and expert in threat and vulnerability research. His team […] | Vulnerability Threat Guideline | ||
|
2022-03-31 09:22:59 | Unpatched SpringShell bug threatens web app security (lien direct) | A new critical remote code execution bug, dubbed “SpringShell” by some in the community, has been identified by security researchers. The vulnerability impacts the spring-core artifact, a popular framework used extensively in Java applications, specifically with JKD9 or newer. Sonatype explained, “the vulnerability affects anyone using spring-core, a core part of the Spring Framework, to […] | Vulnerability | ||
|
2022-03-30 11:33:24 | A third of malware infections use Log4Shell (lien direct) | Researchers at Lacework have revealed that the Log4Shell vulnerability was exploited as an initial attack vector in 31% of cases monitored by the company over the past six months. The software vendor's latest Lacework Cloud Threat Report highlights typical risks in today’s digital landscape. The findings confirm what security experts suspected, that the Log4j bug was used […] | Malware Vulnerability Threat | ★★ | |
|
2022-03-25 10:43:26 | Honda bug allows hackers to unlock and start your car (lien direct) | Multiple researchers disclosed a vulnerability this week that would allow nearby attackers to unlock and even start some Honda and Acura cars. To carry out the attack, threat actors would capture the R signals sent from a key fob to a car, then resending these signals to unlock the car and even start the engine […] | Vulnerability Threat | ||
|
2022-03-11 16:29:53 | High rates of known, exploitable vulnerabilities still found in the wild, report reveals (lien direct) | This week, smart vulnerability management provider Edgescan has published the findings of its 2022 Vulnerability Statistics Report, which for the 7th year running offers a comprehensive view of the state of vulnerability management globally. The report reveals that organizations are still taking nearly two months to remediate critical risk vulnerabilities, with the average mean time […] | Vulnerability | ★★★★★ | |
|
2022-03-03 11:57:39 | Cyber attack attempts on Ukraine surge tenfold (lien direct) | A threat actor in support of Russia has compromised at least 30 Ukrainian universities as vulnerability exploit attempts have surged, according to Wordfence. The security firm has generated useful intelligence on the the attacks campaign as it protects over 8300 Ukrainian WordPress sites, including those of private businesses, government, military and police. The attack campaign […] | Vulnerability Threat | ||
|
2022-02-18 10:39:49 | Vulnerability found in major WordPress plugin (lien direct) | UpdraftPlus, a WordPress plugin with over 3 million installations, has been patched following the discovery of a vulnerability by security researcher Marc Montpas. The Wordfence Threat Intelligence team explained in a blog post that the vulnerability enables any logged in user, including subscriber-level users, to download backups made with the plugin. The WordPress security company […] | Vulnerability Threat | ||
|
2022-02-15 11:06:35 | (Déjà vu) Google update fixes zero-day vulnerability (lien direct) | Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, as fix for a high-severity zero-day vulnerability used by cyber-attackers. “Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild,” the company said in a security advisory released today. Chrome update will roll out over the coming weeks but it is possible […] | Vulnerability | ||
|
2022-02-04 16:36:50 | Ransomware gangs and supply chain vulnerabilities: Nozomi Networks Labs reports on the current threat landscape (lien direct) | While vulnerability disclosures increased 21% in the second half of 2021 and increasingly sophisticated criminal attacks made regular news, organizations are fighting back with targeted remediation efforts A new OT/IoT security trends report from Nozomi Networks Labs finds cyber threats have becoming a never-ending reality for critical business operations. In a review of the threat […] | Vulnerability Threat | ★★★★ | |
|
2022-02-04 15:29:27 | Edgescan partners with Manicode to revolutionise secure coding courses (lien direct) | Edgescan, the provider of the most comprehensive fullstack vulnerability management solution, today announces a partnership with Manicode Security, the secure coding education company. With a combination of lecture, security testing demonstration, and code review, Manicode classes are sure to entertain and educate app, web services, and mobile software developers and architects to the practices of […] | Vulnerability | ||
|
2022-02-04 11:11:20 | Zimbra zero-day vulnerability exploited to steal emails (lien direct) | Attacks linked to a Chinese threat actor have exploited a Zimbra’s zero-day vulnerability and are stealing emails linked to European government and media. Researchers say that at the time of writing the exploit has no available patch. Zimbra says that more than 200,000 businesses from over 140 countries are using its software, including over 1,000 […] | Vulnerability Threat | ||
|
2022-02-03 10:27:30 | (Déjà vu) Hackers steal $326 million from blockchain platform Wormhole (lien direct) | Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to the tune of $326 million in cryptocurrency. Wormhole is a platform enabling users to transfer cryptocurrency across different blockchains. It locks the original token in a smart contract and mints a wrapped version of the stored token that is trans. Avalanche, Oasis, Binance […] | Vulnerability | ||
|
2022-01-31 11:45:04 | $2m Bug Bountry offered to Hackers (lien direct) | Qubit Finance revealed last week that attackers exploited a vulnerability in its QBridge deposit function, resulting in a loss of $80m. The hackers stole a large amount of Ethereum by converting it into Binance coins and exploiting the vulnerability to withdraw the Binance tokens without depositing any of the Ethereum. Qubit has addressed the attackers […] | Vulnerability | ||
|
2022-01-10 11:25:50 | The latest on the Log4j vulnerability (lien direct) | The threat posed by the Log4j vulnerability hasn’t gone away over the holidays, with the UK’s National Health Service (NHS) issuing a warning that hackers are actively targeting the security flaw and recommending that organisations within the health service apply the necessary updates in order to protect themselves. “Affected organisations should review the VMware Horizon […] | Vulnerability Threat | ||
|
2022-01-04 13:44:32 | Vulnerability lets anyone send emails from Uber.com (lien direct) | Researcher Seif Elsallamy recently discovered a vulnerability in Uber’s emailing system, which allows anyone to send an email on behalf of the company. If exploited, threat actors would be able to email the 57 million Uber users and drivers whose data was leaked in the 2016 data breach. Uber has been made aware of the […] | Vulnerability Threat | Uber Uber | |
|
2022-01-04 12:12:43 | New iOS vulnerability DoS bug revealed (lien direct) | A new denial of service (DoS) vulnerability dubbed “doorLock” was recently revealed in Apple HomeKit, impacting iOS 14.7 through 15.2. Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices. According to the researcher who disclosed the details, Apple has been aware of the vulnerability since […] | Vulnerability | ||
|
2021-12-24 11:41:17 | Flaw behind Gatekeeper bypass fixed on macOS (lien direct) | Apple has fixed the macOS vulnerability that could be exploited by unsigned and unauthorized script-based apps to bypass macOS security protocols on fully patched systems. The flaw was identified as CVE-2021-30853, and the vulnerability has been addressed on macOS 11.6. | Vulnerability | ||
|
2021-12-23 11:56:33 | World\'s top cybsersecurity agencies warn of Apache vulnerability threats (lien direct) | The Fives Eyes intelligence alliance have warned that threat actors are actively exploiting an Apache vulnerability in the Log4j logging library. The Five Eyes alliance, consisting of cybersecurity agencies in US, UK, Australia, Canada and New Zealand, announced in a joint statement on Wednesday that, “sophisticated cyber threat actors are actively scanning networks to potentially […] | Vulnerability Threat | ||
|
2021-12-09 10:47:55 | Call centre network security at risk: GOautodial vulnerability could lead to information disclosure and RCE (lien direct) | GOautodial, an open source call center software suite with 50,000 users around the world, has patched two vulnerabilities that could lead to information disclosure and remote code execution (RCE). Unearthed by Scott Tolley of the Synopsys Cybersecurity Research Center (CyRC), the first bug – tracked as CVE-2021-43175 – has been rated medium severity. An API router accepts a username, password, and action […] | Vulnerability Guideline | ★★ | |
|
2021-12-09 10:28:42 | Cybercriminals take advantage of unpatched Hikvision systems (lien direct) | Moobot botnet is leveraging a known remote code execution (RCE) vulnerability in Hikvision products (CVE-2021-36260) to spread a Moobot, which carries out distributed denial of service (DDoS) attacks. The attack surface could be significant: China-based Hikvision touted itself as the “world's leading video-surveillance products supplier” on the company site. Although a patch was released in September, […] | Vulnerability Guideline | ||
|
2021-12-02 16:28:43 | Edgescan appoints Alon Verdnikov as CRO in a push to expand its presence in North America (lien direct) | Edgescan, the provider of the most comprehensive fullstack vulnerability management solution, today announces the appointment of Alon Verdnikov as Global CRO. Alon has a proven track record of managing global sales, marketing, customer success and global alliances and was previously VP of WW Sales and Alliances at Centrical whereby they achieved 800% ARR growth during […] | Vulnerability | ★★★★★ | |
|
2021-10-15 13:17:29 | SQL is the top critical risk in the web application layer in Q3, 2021 (lien direct) | Edgescan, the provider or fullstack vulnerability management, has released its Q3 Vulnerability Snapshot, a new, brief report showing the current vulnerability landscape based on thousands of assessments performed globally. Compiled by Eoin Keary, CEO of Edgescan, the report’s findings highlight the variability when it comes to cybercriminals’ favourite vulnerabilities to exploit. Looking at this quarterly […] | Vulnerability | ||
|
2021-09-15 15:59:40 | Major Azure vulnerability discovered by security researchers at Wiz (lien direct) | Cloud security vendor Wiz, who also found a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service recently, has found another security vulnerability in Azure that impacts Linux virtual machines. Users could end up with a little-known service called OMI installed as a byproduct of enabling any of several logging reporting and/or management options in Azure’s […] | Vulnerability | ||
|
2021-09-09 10:25:08 | Jenkins discloses attack on its Atlassian Confluence service (lien direct) | The open source automation server Jenkins has disclosed a successful attack on its Confluence service. Attackers abused an Open Graph Navigation Library (OGNL) injection flaw – the same vulnerability type involved in the notorious 2017 Equifax hack – capable of leading to remote code execution (RCE) in Confluence Server and Data Center instances. Rated CVSS […] | Hack Vulnerability Guideline | Equifax Equifax | |
|
2021-08-19 16:28:07 | Visibility into vulnerabilities: 3 steps to improve software vulnerability management (lien direct) | Vulnerabilities in enterprise IT are everywhere. While it's clear that they need to be addressed, how to do so isn't as clear. The sheer number of vulnerable software versions in an enterprise environment can be overwhelming, making it challenging to address them. The process requires time: to identify the need for an update, to create […] | Vulnerability | ||
|
2021-08-06 13:50:31 | DNS vulnerability allows for \'nation-state level spying\' (lien direct) | A new class of DNS vulnerabilities has been discovered, which impacts major DNS-as-a-Service (DNSaaS) providers. It could give hackers the ability to access sensitive information on corporate networks and the power for ‘nation-state level spying’. The flaws provide potential hackers with intelligence harvesting abilities by using a simple domain registration. The research explained: “We found […] | Vulnerability | ||
|
2021-07-29 11:51:22 | Synopsys Rapid Scan helps developers build secure apps with faster, accurate application security testing (lien direct) | This week, Synopsys announced the availability of new Rapid Scan capabilities in its Coverity static application security testing (SAST) and Black Duck software composition analysis (SCA) solutions. The Rapid Scan features provide fast, lightweight vulnerability detection for both proprietary and open source code. Rapid Scan is optimised for the early stages of development, particularly for […] | Vulnerability | ||
|
2021-07-23 16:30:43 | CASE STUDY: Archroma: designing security into company processes with Edgescan (lien direct) | What were the challenges Archroma was facing from a security perspective? We are a relatively young company, and we brought Edgescan on board quite early on, so rather than transitioning from another vulnerability management solution it was more a case of deploying the Edgescan SaaS across our IT infrastructure. We operate in the Operational Technology (OT) space, as well, but currently we have a different approach […] | Vulnerability | ||
|
2021-07-13 10:29:49 | Armis discloses critical vulnerability that allows remote takeover of Schneider Electric industrial controllers (lien direct) | Researchers at Armis, the unified asset visibility and security platform provider, have disclosed the discovery of an authentication bypass vulnerability in Schneider Electric's Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). The vulnerability, dubbed Modipwn, allows for a complete takeover of impacted devices by leveraging the UMAS protocol, and impacts Modicon M340, M580 […] | Vulnerability Guideline | ||
|
2021-06-08 16:13:19 | Software Giant Expands its Capabilities with Acquisition of Code Dx (lien direct) | Synopsys, Inc. has just recently announced that it has acquired Code Dx, provider of an award-winning application security risk management solution that automates and accelerates the discovery, prioritisation, and remediation of software vulnerabilities. This move by the software giant will allow customers to receive consolidated risk reporting and prioritisation across correlated software vulnerability data produced […] | Vulnerability | ||
|
2021-06-02 14:08:09 | XSS Vulnerability found in WordPress Plugin (lien direct) | A security researcher has discovered an XSS vulnerability in the ReDi Restaurant Reservation WordPress plugin. Bastijn Ouwendijk has publically shared his findings of the popular WordPress plugin which is used to manage reservations for online businesses. The ReDi Restaurant Reservation plug-in currently has more than 1000+ live installations. Ouwendijk stated in his poster that attackers […] | Vulnerability | ||
|
2021-05-26 08:04:15 | (Déjà vu) VMware issues critical patch on vCenter Server installs (lien direct) | According to Bleeping Computer, VMware is warning of a critical bug affecting all vCenter Server installs and the company is urging its customers to patch a critical remote code execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that impacts all vCenter Server deployments. “These updates fix a critical security vulnerability, and it needs […] | Vulnerability | ||
|
2021-05-20 08:41:30 | Bug allowed strangers to access Eufy camera feeds (lien direct) | Eufy warned its customers this week after discovering an internal server bug that gave strangers the power to access and control private home-video feeds for an entire day. Customers were also given access to do the same to other users. The vulnerability was the result of a planned server upgrade, which accidentally connected Eufy customers […] | Vulnerability | ||
|
2021-05-05 16:29:47 | Deja Vu: Apple macOS needs updating again to sort vulnerabilities (lien direct) | Just last week, Apple notified customers about a serious security vulnerability that was patched in macOS 11.3. And just a week later, it’s now warning over another bug fix in a macOS 11.3.1 release that corrects two separate issues which, if exploited, would allow for arbitrary code execution. It’s possible that these new vulns are […] | Vulnerability | ||
|
2021-04-21 16:01:21 | PRODUCT REVIEW – Edgescan makes fullstack vulnerability management easy (lien direct) | Supplier: Edgescan Website: www.edgescan.com Price: Based on assets Scores Performance 5/5 Features 5/5 Value for Money 4/5 Ease of Use 5/5 Overall 5/5 Verdict: Fullstack vulnerability management made easy – Edgescan does all the hard work so you don't have to The pandemic has undoubtedly led to a massive surge in cyber-attacks but even as […] | Vulnerability | ||
|
2021-04-19 12:18:00 | Vulnerabilities found in older version of WhatsApp (lien direct) | Cert-In, the Indian cybersecurity watchdog has recently issued a ‘high’ severity rating against WhatsApp and WhatsApp Business. The emergency response team has reported finding ‘multiple’ vulnerabilities within the mobile application, which could give hackers access to sensitive information. A vulnerability note was released stating: “Successful exploitation of these vulnerabilities could allow the attacker to execute […] | Vulnerability |
To see everything:
Our RSS (filtrered)
