What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-06 12:50:35 | Apple Mail zero-click vulnerability could allow attackers to take-over victims accounts (lien direct) | A zero-click vulnerability has been discovered in Apple’s macOS Mail which allows attackers to take over a users account by adding or modifying any arbitrary file in Apple Mail's sandbox environment. The bug known as CVE-2020-9922 can be exploited by sending an email with two .ZIP files attached. Once a user has received these emails […] | Vulnerability | ||
|
2021-03-31 17:22:37 | VMware urges customers to patch critical vulnerabilities in vRealize Operations platform (lien direct) | Cloud computing and visualisation software and services provider VMware has patched a serious vulnerability that could have led an attacker to steal admin credentials in vRealize Operations. In an advisory published on Tuesday, the company stated that “multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware.” In the same announcement, VMware said that […] | Vulnerability | ||
|
2021-03-16 10:42:26 | Google disclose another Chrome zero-day flaw (lien direct) | Google is warning Mac, Window and Linux users of a third zero-day flaw that has been found in Google Chrome. This is the third Google Chrome zero-day vulnerability to be disclosed in the past three months. The flaw, tracked as CVE-2021-21193, has a rating of 8.8 out of 10 on the CVSS vulnerability-rating scale, classifying […] | Vulnerability | ||
|
2021-03-09 12:29:43 | GitHub bug invalidated users\' sessions and logged them out of their accounts (lien direct) | Yesterday, GitHub users were automatically logged out of their accounts after their sessions were invalidated in order to protect accounts from a potentially dangerous security vulnerability. Last week GitHub received reports that they were being targetted by suspicious behaviour from an external party. This suspicious behaviour related to a rare race condition vulnerability. The vulnerability was […] | Vulnerability | ||
|
2021-02-26 11:56:40 | Edgescan partners with BSI to deliver safe and secure client solutions (lien direct) | Edgescan, providers of the award winning Fullstack Vulnerability Management™ range of services, today announces its partnership with BSI, the business improvement company. The partnership will enable BSI clients to access Edgescan's Continuous Vulnerability Management, API Security Assessments, Penetration Testing as a Service (PTaaS) and Application Testing services, which can be tailored to meet their customer's […] | Vulnerability | ||
|
2021-02-25 18:25:39 | Research shows that a lack of attention is being paid to patching vulnerabilities and something has to be done about it (lien direct) | Edgescan, a full-stack vulnerability management service, has just released their Vulnerability Stat Report for 2021, and it's confirmed that 2020 really was as bad as we all thought it was. The stats report reveals a number of alarming statistics and trends from 2020, taking a deep-dive into vulnerability metrics from known vulnerabilities (CVE), Malware, Ransomware […] | Ransomware Vulnerability Patching | ||
|
2021-02-24 10:55:32 | Bombardier suffers ransomware and data leak (lien direct) | The Canadian airplane manufacturer has today revealed that it suffered a security breach. In a press release, Bombardier disclosed that some of its data has been published on the dark web portal operated by the Clop ransomware gang: “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting […] | Ransomware Vulnerability | ||
|
2021-02-12 15:22:13 | 223 vulnerabilities identified in recent ransomware attacks (lien direct) | Researches from RiskSense, a risk-based vulnerability management service, discovered 223 different vulnerabilities in the Common Vulnerabilities and Exposures (CVE) database that were used in ransomware attacks throughout 2020. This is four times the number of vulnerabilities related to ransomware than found in 2019 by RiskSense. The findings also show that ransomware families are not only […] | Ransomware Vulnerability | ||
|
2021-02-11 14:41:09 | Hack of Florida water plant shows vulnerability of critical national infrastructure (lien direct) | On Monday, officials in Florida announced that hackers came scarily close to poisoning the city of Oldsmar by changing the chemical levels during a breach of the computer system at the local water treatment plant. It was a wake-up call, said Pinellas County Sheriff Bob Gualtieri. “Water systems, like other public utility systems, are part […] | Vulnerability | ★★★ | |
|
2021-02-05 16:31:54 | Google releases new version of Chrome Browser (lien direct) | Version 88.0.4324.150 of the Chrome browser was released today. The new version, compatible with Windows, Mac and Linux contains a bugfix for a zero-day vulnerability. The vulnerability was assigned the identifier CVE-2021-21148. Google described it as a “heap overflow” memory corruption bug, which was exploited in attacks before Mattias Buelens found and reported the issue […] | Vulnerability | ★★★★★ | |
|
2021-02-02 11:57:59 | (Déjà vu) 1.6 million Washington unemployment claims exposed in data breach (lien direct) | The Office of the Washington State Auditor (SAO) has experienced a data breach which has resulted in the exposure of 1.6 million employment claims, and the sensitive personal information that they contain. The Washington SAO revealed that a threat actor had exploited a vulnerability in Accellion, a secure file transfer service that helps organisations share […] | Data Breach Vulnerability Threat | ||
|
2021-01-29 13:36:26 | “Severe” Vulnerability found in Libgcrypt (lien direct) | A serious vulnerability has been found in the latest version of GNU Privacy Guard (GnuPG)‘s free encryption software cryptographic library, Libgcrypt 1.9.0. Libgcrypt is GnuPG’s general purpose cryptographic library GnuPG, but a number of other encryption software’s also employ it. Libgcrypt 1.9.0 was originally been released last week, on 19th January 2021, and was supposed […] | Vulnerability | ||
|
2021-01-26 10:39:56 | North Korean hackers target security researchers (lien direct) | Google has revealed that a number of cyber-security researchers who are focused on vulnerability research have been targetted by a North Korean government hacking group. Google’s Threat Analysis Group (TAG), who is a security team specialised in discovering advanced persistent threat (APT) groups, first noticed the attacks. Google’s TAG published a report outlining the attack, […] | Vulnerability Threat | ||
|
2021-01-15 17:06:30 | (Déjà vu) XSS vulnerability affects government websites (lien direct) | An undisclosed Cross-Site Scripting (XSS) vulnerability in Apache Velocity Tools can be exploited by unauthenticated attackers to target government sites, including NASA, BleepingComputer reported today. Although 90 days have elapsed since the vulnerability was reported and patched, BleepingComputer is not aware of a formal disclosure made by the project.Security researcher Jackson Henry of the Sakura Samurai ethical hacking group […] | Vulnerability | ★★★★ | |
|
2021-01-11 12:20:44 | Google\'s Titan security key can be cloned (lien direct) | Researchers at NinjaLab have discovered a vulnerability in Google’s Titan physical security key which means it can be cloned. The vulnerability leaves the key exposed to hackers who can gain access to users accounts without the key’s owner being aware. Physical two-factor authentication security keys, such as Titan, are known to be the strongest form […] | Vulnerability | ||
|
2020-12-16 17:56:16 | The top 5 known vulnerabilities that are a threat to your security posture (lien direct) | Every year, fullstack vulnerability management provider Edgescan releases its Vulnerability Statistics Report, which highlights the highest impact vulnerabilities still out there in the wild. As a teaser to their 2021 report, their team has compiled a useful list of the top 5 known, unpatched vulnerabilities leveraged by cybercriminals in order launch attacks on unsuspecting organisations. […] | Vulnerability Threat | ||
|
2020-12-11 12:33:04 | Critical vulnerability found in Glassdoor\'s platform (lien direct) | Glassdoor, a platform for posting anonymous company reviews and job hunting, has recently fixed a critical issue that could have been exploited by bad actors to take over accounts. The bug bounty researcher “Tabahi (https://twitter.com/_tabahi) ” discovered the vulnerability and described it as a site-wide cross-site request forgery (CSRF) bug with an estimated severity score […] | Vulnerability | ||
|
2020-11-26 11:08:44 | (Déjà vu) Researchers discover Windows zero-day vulnerability (lien direct) | A French security research firm has accidentality discovered a zero-day vulnerability that affects the Windows 7 and Windows Server 2008 R2 operating systems. The researchers found the vulnerability while they were working on updating a Windows security tool. The vulnerability can be found in two misconfigured registry keys for the DNSCache and RPC Endpoint Mapper […] | Vulnerability | ★★★★ | |
|
2020-11-19 11:53:37 | Cisco Webex flaw leaves meetings open to snooping (lien direct) | A vulnerability has been discovered in Cisco’s Webex conferencing application which allows meeting attendees to act as ‘ghosts’. The flaw (CVE-2020-3419) allows any member of the meeting to spy on potential company secrets being shared. Attacks can be remote, but they would need to access the meeting before joining it, having the meetings ‘join’ links […] | Vulnerability | ||
|
2020-11-06 11:00:08 | Leading Irish cyber security firm, Edgescan, further cements global market expansion with US company incorporation. (lien direct) | CEO, Eoin Keary today announced that Edgescan is now incorporated in the USA. He said that “it provides us with a firm foothold in the USA allowing us to be closer to our North American clients.” Edgescan has been providing fullstack vulnerability management, cyber security and pen testing services to US based clients for a […] | Vulnerability | ||
|
2020-10-22 10:08:38 | Chrome users need to update their browser now (lien direct) | Attention all Chrome users – you should update your browser to the latest version released yesterday. Google released this version of Chrome to patch several high-severity security issues. These included a 0-day vulnerability that has been used by hackers on targeted computers. The vulnerability was found by Sergei Glazunov, a security researcher at Google’s Project […] | Vulnerability | ||
|
2020-10-14 16:11:05 | Qualys VMDR Product Review (lien direct) | Supplier: Qualys Website: www.qualys.com Price: Based on size of organisation Scores Performance 5/5 Features 5/5 Value for Money 4/5 Ease of Use 4/5 Overall 5/5 Verdict Qualys VMDR is a smart modular security solution that delivers joined-up vulnerability assessment, management and remediation services with full visibility of global assets. As cyber-attacks get ever more sophisticated […] | Vulnerability | ||
|
2020-10-05 10:37:36 | A critical vulnerability leaves millions of Grindr accounts open to highjacking (lien direct) | A French security researcher, Wassime Bouimadaghene, has discovered a critical vulnerability in Grindr, which enables hackers to easily highjack users accounts by using the victim’s email. The vulnerability takes advantage of the ‘forgotten password’ feature on the app. This token allows hackers to easily change the password of an account and highjack it. This method […] | Vulnerability | ||
|
2020-10-02 10:40:03 | Significant vulnerabilities found by Huawei Cyber Security Evaluation Centre (lien direct) | In an oversight report published yesterday, investigators at the UK Huawei Cyber Security Evaluation Centre (HCSEC) found a significant vulnerability that would have national implications. These issues were so severe that they were withheld from the company. These vulnerabilities are typically design-related failures that would allow certain actors, such as the Chinese government to carry […] | Vulnerability | ||
|
2020-09-21 14:04:35 | CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability- CVE-2020-1472-affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature […] | Vulnerability | ||
|
2020-09-16 13:28:03 | Facebook hacked by researchers exploiting MobileIron MDM flaw (lien direct) | The social networking site was hacked by a researcher who had identified a flaw on MobileIron's Mobile Device Management (MDM) used by an employee. In this case, the vulnerability was not entirely Facebook’s fault as the weakness in a third-party service created a ripple effect which negatively impacted users security. However, this highlights how important […] | Vulnerability | ||
|
2020-09-07 10:08:15 | Recent plugin bug leads to millions of WordPress sites being probed and attacked (lien direct) | The plugin, which was installed on more than 700,000 sites, allowed the attacker to take over the victim’s site by uploading a web shell disguised inside an image file on the victim’s server. It is unclear how the zero-day vulnerability was discovered by hackers, however the File Manager developers responded quickly, creating and releasing a […] | Vulnerability | ||
|
2020-08-14 12:47:01 | BootHole vulnerability in Linux systems renders servers unbootable (lien direct) | It was reported this week by Naked Security that Linux systems are affected by a vulnerability that can render those Linux servers unbootable. BootHole leverages a vulnerability in both GRUB2 and Secure Boot, explains TechRepublic. To make BootHole a bit more daunting, it’s actually a really easy hack to pull off. The only thing blocking […] | Hack Vulnerability | ||
|
2020-08-05 11:08:58 | Serious bug found in official Facebook WordPress chat plugin allows attackers to intercept messages (lien direct) | On June 26, 2020, Wordfence’s threat intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites. This flaw made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors […] | Vulnerability Threat | ||
|
2020-08-04 15:02:20 | Dangerous flaws found in Cisco, Microsoft, Citrix and IBM Among Many Others (lien direct) | RiskIQ, released its Vulnerability Landscape report, a high-level view of critical vulnerabilities in twelve very widely used remote access and perimeter devices. The report shows that the rapidly increasing adoption of these devices throughout the COVID-19 pandemic is increasing digital attack surfaces outside the corporate firewall at incredible speed-and introducing a range of critical, rapidly […] | Vulnerability | ||
|
2020-07-27 10:21:25 | FBI Warns of Network Protocols Abused in Large Scale DDoS Attacks (lien direct) | The Federal Bureau of Investigation added three network protocols and one web application to its list of newly discovered DDoS attack vectors. In a private industry notification, the Bureau reported that: In February 2020, UK security researchers identified a vulnerability in the built-in network discovery protocols of Jenkins servers-free, open source, automation servers used to […] | Vulnerability | ★★★★★ | |
|
2020-07-14 08:01:38 | (Déjà vu) Highly-Critical SAP bug that could let attackers take over corporate servers patched (lien direct) | SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially affecting over 40,000 SAP customers, […] | Vulnerability | ||
|
2020-07-10 08:59:13 | Zero-Day Vulnerability Discovered in Zoom (lien direct) | Security researchers recently found a flaw in the videoconferencing software, Zoom, which would have allowed hackers to remotely take control of computers running on old Microsoft Windows operating systems. Specifically, the vulnerability applies to Zoom running on Windows 7 or older operating systems. While Microsoft has attempted to phase out technical support for Windows 7 […] | Vulnerability | ||
|
2020-07-09 10:11:49 | USB Poses Significant Risk to OT Security (lien direct) | According to a Honeywell report, the use of USBs are the second most widespread industrial vector vulnerability within operational technology. Whilst the number of threats disrupting OT was at 26% in 2018, this percentage has significantly risen to 59% today. “This isn't a case of accidental exposure to viruses through USB,” said Eric Knapp, director […] | Vulnerability | ||
|
2020-07-06 12:45:33 | OnePlus Fixes Vulnerability That Could Have Exposed Customer Personal Data (lien direct) | OnePlus, a Chinese phone manufacturer, recently spotted a vulnerability in its system which deals with out-of-warranty repairs for devices in the US. Through a link used to make a payment for repairs, customers could access the personal information of other customers. This includes names, addresses, phone numbers, email addresses as well as further information on […] | Vulnerability | ||
|
2020-07-06 11:48:06 | Vulnerability Allows Cybercriminals to Evade Malware Detection (lien direct) | As a result of a Path Traversal bug in the .NET Core library of Microsoft, attackers could now implement malicious code on to a system without being detected by antivirus and end-point detection software. Paul Laîné of Context Information Security was the first to find this vulnerability and claims that this is made possible because […] | Malware Vulnerability | ||
|
2020-07-03 09:47:45 | Vulnerability in popular bitcoin wallets can be exploited for fraud (lien direct) | A new vulnerability in some popular bitcoin wallets can be exploited by scammers to commit fraud and even make the wallets themselves unusable. Discovered by wallet startup ZenGo, the vulnerability, dubbed “BigSpender,” was found in bitcoin wallets from Ledger Live, Edge and Breadwallet – but potentially affects others as well. The vulnerability allows a scammer […] | Vulnerability | ||
|
2020-07-03 09:44:56 | Researchers Uncover Zero-Day Vulnerability on Cisco Routers (lien direct) | CyCognito Inc today announced its research team has uncovered a significant Cross-Site Scripting (XSS) vulnerability on the web admin interface of Cisco small business router models RV042 and RV042G. Cisco routers are popular around the world, and the company has approximately 50% market share in the router and switch market globally. This vulnerability gives attackers […] | Vulnerability | ||
|
2020-06-23 11:11:03 | AMD to Offer Fixes to Severe Vulnerabilities (lien direct) | AMD has fixed one high-severity vulnerability affecting its client and embedded processors; fixes for the other two will come out later in June. Three high-severity vulnerabilities have been disclosed in AMD's client and embedded processors that came out between 2016 and 2019. An attacker with physical or privileged access to certain AMD powered systems could […] | Vulnerability | ||
|
2020-05-29 10:40:16 | Verizon DBIR: Edgescan Explains the Stats (lien direct) | by Eoin Keary, CEO and founder of Edgescan: For the third year running Edgescan contributed to the Verizon DBiR. The DBiR is recognized as the defacto cyber report which casts a wide net across all types of cyber security and breaches, this includes vulnerability management in both infrastructure and applications. Edgescan vulnerability data is curated and validated, sanitised […] | Vulnerability | ★★★ | |
|
2020-05-27 09:45:20 | (Déjà vu) Android bug, Strandhogg 2.0, allows malware to steal data (lien direct) | Security researchers have found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The vulnerability, dubbed Strandhogg 2.0 (named after the Norse term for a hostile takeover) affects all devices running Android 9.0 and earlier. It's the “evil twin” to an […] | Malware Vulnerability | ||
|
2020-05-27 09:43:36 | Monero Mining Malware infects corporate systems (lien direct) | The Blue Mockingbird malware gang has infected more than 1000 business systems with Monero mining malware since December 2019. The global scale of the hacker group's operations was revealed by cloud security firm Red Canary on May 26. The report outlined the group's methodology. The malware attacks servers running ASP.NET applications and exploits a vulnerability […] | Malware Vulnerability | ||
|
2020-05-22 10:20:40 | Hackers try to exploit vulnerability in Sophos firewalls (lien direct) | UK cyber-security vendor Sophos published today an update on its investigation into a recent series of attacks that tried to exploit a zero-day vulnerability in its XG firewall product. Sophos said that after they learned of the incident and issued a hotfix, the attackers panicked and modified their attack routine to replace their original data-stealing […] | Vulnerability | ||
|
2020-05-19 10:32:17 | Hackers exploiting Magento vulnerability, FBI warns (lien direct) | The FBI says hackers are exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data. This type of attack is known as web skimming, e-skimming, or Magecart, and the FBI previously warned about a rise in attacks in October, […] | Vulnerability | ||
|
2020-05-15 09:24:46 | Facebook give $20k reward for vulnerability discovery (lien direct) | The cross-site scripting vulnerability could have allowed trivial account takeover. Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting (XSS) vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could allow threat actors to hijack […] | Vulnerability Threat | ||
|
2020-05-06 09:31:54 | RCE Bug Allows Attacker Device Access (lien direct) | The vulnerability is one of 39 affecting various aspects of the mobile OS that the company fixed in a security update this week. Google has patched a vulnerability in its Android OS that could allow attackers to completely take over someone's device to install programs, steal or change data, or create new accounts with full […] | Vulnerability | ||
|
2020-05-04 17:10:52 | All Your VMDR Questions, Answered (lien direct) | Last week, Qualys launched its latest solution, Vulnerability Management Detection and Response – VMDR, which integrates asset visibility, vulnerability management, detection and response across global hybrid-IT environments all from a single app. It was presented to the world with an informative webinar (available here). With the recognition that this launch is taking place during unprecedented […] | Vulnerability | ||
|
2020-04-30 10:03:57 | SD-WAN Routers threatened by Cisco flaw (lien direct) | Cisco's IOS XE software for SD-WAN routers has a high-severity insufficient input validation flaw. Cisco has patched a high-severity vulnerability in its router software, which if exploited could enable a local, authenticated attacker to execute arbitrary commands with root privileges. The flaw exists in Cisco IOS XE. This Linux-based version of Cisco's Internetworking Operating System […] | Vulnerability | ||
|
2020-04-28 10:14:14 | Hackers exploit WordPress vulnerability (lien direct) | Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts. The campaign has been going since the start of the month, and it’s still underway. The vulnerability is a cross-site scripting (XSS) bug in OneTone, a popular […] | Vulnerability | ||
|
2020-04-27 16:35:37 | Alert Logic Offers 90-day Free Vulnerability Detection with Extended Protection (lien direct) | Since the Coronavirus pandemic has taken hold, Alert Logic has experienced a 92 percent increase in deployed endpoints. As a result, the industry's first SaaS-enabled managed detection and response (MDR) provider is offering a 90-day free vulnerability detection with extended protection to help mitigate cyber-attacks aimed at the increased number of remote workers. Alert Logic's recent offer includes machine learning-enabled protection, […] | Vulnerability |
To see everything:
Our RSS (filtrered)
