What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-05-20 10:38:01 | Incident averted: Slack patches security hole that would let criminals hijack downloaded docs. (lien direct) | The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability that could let attackers modify the location where downloaded files are stored. Malicious actors could exploit the flaw to steal and spy on users' documents by uploading them to […] | Vulnerability | ★★★★★ | |
|
2019-05-16 10:49:00 | Tenable Launches Nessus Essentials. (lien direct) | Expanded Free Version of the World's Most Widely Adopted Vulnerability Assessment Solution. Tenable®, Inc., the Cyber Exposure company, has announced Nessus® Essentials, an enhanced free version of its market-defining vulnerability assessment solution (formerly Nessus Home). Nessus Essentials is designed to be used by students, professors and people who are starting their cybersecurity careers, helping the […] | Vulnerability | ||
|
2019-05-15 10:50:02 | Microsoft Patch Tuesday fixes 79 vulnerabilities. (lien direct) | Microsoft released its monthly batch of security updates known as Patch Tuesday, and this month’s security release includes fixes for 79 vulnerabilities in a wide range of Microsoft products. The two headliners of this month’s patches are CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a security advisory for dealing with the latest […] | Vulnerability | ||
|
2019-05-14 13:12:05 | Massive global implications for Cisco router vulnerability. (lien direct) | A vulnerability in Cisco routers has massive global implications. To compromise the routers, researchers from the security firm Red Balloon exploited two vulnerabilities. The first is a bug in Cisco's IOS operating system-not to be confused with Apple’s iOS-which would allow a hacker to remotely obtain root access to the devices…The second vulnerability, though, is […] | Vulnerability | ||
|
2019-05-14 13:12:00 | Major vulnerability in WhatsApp. (lien direct) | Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed. WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber actor”. A fix was rolled out on Friday. […] | Vulnerability | ||
|
2019-05-08 10:09:04 | Tenable Expands Partnership With ServiceNow To Improve Vulnerability Prioritization And Remediation. (lien direct) | Tenable®, Inc., the Cyber Exposure company, today announced its enhanced integration with ServiceNow to help shared customers improve their vulnerability prioritization and remediation programs by addressing one of the most difficult challenges in cybersecurity - vulnerability overload. Prioritizing vulnerabilities with the Common Vulnerability Scoring System (CVSS) presents significant limitations since it scores the majority as […] | Vulnerability | ||
|
2019-04-11 12:27:02 | Coordinated attacks on WordPress sites impacted Mailgun. (lien direct) | Email automation and delivery service Mailgun was one of the many companies that have been hacked as part of a massive coordinated attack against WordPress sites. The attacks exploited an unpatched cross-site scripting (XSS) vulnerability in a WordPress plugin named Yuzo Related Posts. The vulnerability allowed hackers to inject code in vulnerable sites, which they […] | Vulnerability | ||
|
2019-03-28 15:55:00 | Cisco routers exposed to hacks. (lien direct) | Cisco acknowledged yesterday that it bungled a crucial patch for a vulnerability in two router models. The company’s shoddy initial patches allowed hackers to continue attacks throughout the past two months.The security flaws impact Cisco RV320 and RV325 WAN VPN routers, two models popular with internet service providers and large enterprises. Source: ZDNet | Vulnerability | ||
|
2019-03-11 14:47:02 | Zero-day discovered in Chrome and Windows 7. (lien direct) | Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability […] | Vulnerability Threat | ||
|
2019-03-04 10:51:03 | Hackers have started attacks on Cisco RV110, RV130, and RV215 routers. (lien direct) | Two days after Cisco patched a severe vulnerability in a popular brand of SOHO routers, and one day after the publication of proof-of-concept code, hackers have started scans and attacks exploiting the said security bug to take over unpatched devices. The vulnerability, tracked as CVE-2019-1663, was of note when it came out on February 27 because […] | Vulnerability | ||
|
2019-02-28 16:28:00 | Radiflow Incorporates Dynamic Vulnerability Assessment Scoring Into Its Industrial Threat Detection Solution. (lien direct) | Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today announced that the company has added dynamic vulnerability assessment scoring capabilities in the new release of its iSID industrial threat detection solution. The current practices for risk assessments and security remediations employed by industrial enterprises and critical infrastructure operators generally rely on […] | Vulnerability Threat Guideline | ||
|
2019-02-26 16:37:00 | New IoT Vulnerabilities Illustrate Risks Of Connected Devices. (lien direct) | McAfee researchers have uncovered two new vulnerabilities within connected devices that allow hackers access to the personal lives of consumers. A vulnerability within BoxLock smart padlock enables hackers to unlock the device within a few seconds, and a vulnerability within the Mr. Coffee brand coffee maker with Wemo grants hackers access to home networks. As […] | Vulnerability | ||
|
2019-02-22 14:11:05 | WTF PDF: Adobe re-patching its Acrobat, Reader patches. (lien direct) | Plus: How Microsoft Edge helps Facebook Flash files dodge click-to-play rules in Edge. Adobe is taking a second crack at patching security bugs in its Acrobat and Reader PDF apps. The APSB19-13 release, out today, attempts to completely kill off vulnerability CVE-2019-7089, which a software update earlier this month tried to address but was found to have […] | Vulnerability Patching | ||
|
2019-02-22 14:10:04 | Critical vulnerabilities in Bigscreen VR app. (lien direct) | A vulnerability in both the Bigscreen virtual reality app and the Unity game development platform on which it’s built makes it possible for hackers to listen to conversations and access user computers, according to researchers at the University of New Haven. “Our research shows hackers are able to monitor people day in and day out […] | Vulnerability | ||
|
2019-01-15 12:32:05 | Synopsys Unveils Coverity Enhancements To Extend Breadth, Depth, And Scalability Of Enterprise Application Security Testing. (lien direct) | Synopsys, Inc. (Nasdaq: SNPS) today announced the availability of a new version of its Coverity® static application security testing (SAST) solution, which enables organisations to build secure applications faster. The latest release of Coverity addresses three increasingly important needs for enterprise application security teams: scalability, broad language and framework support, and comprehensive vulnerability analysis. “While […] | Vulnerability | ||
|
2019-01-14 16:53:01 | Multiple Zero-Day Vulnerabilities Discovered By Tenable Research In Building Access Technology. (lien direct) | Tenable®, Inc., the Cyber Exposure company, today announced that Tenable Research has discovered several zero-day vulnerabilities in the PremiSys™access control system developed by IDenticard. When exploited, the most severe vulnerability would give an attacker unfettered access to the badge system database, allowing him/her to covertly enter buildings by creating fraudulent badges and disabling building locks. […] | Vulnerability | ||
|
2018-12-12 15:55:00 | Kaspersky Lab Uncovers Third Windows Zero Day Exploit In Three Months. (lien direct) | Kaspersky Lab technologies have automatically detected a new exploited vulnerability in the Microsoft Windows OS kernel, the third consecutive zero-day exploit to be discovered in three months. The latest exploited vulnerability (CVE-2018-8611) was found in malware targeting a small number of victims in the Middle East and Asia. Because the vulnerability exists in the kernel […] | Malware Vulnerability | ||
|
2018-11-30 16:30:03 | Researchers at Tenable discover a serious vulnerability in Zoom Conferencing (lien direct) | Yesterday, cybersecurity company Tenable announced that its research team has discovered a serious vulnerability in Zoom's Desktop Conferencing Application [CVE-2018-15715] that would allow a remote attacker or rogue meeting attendee to hijack screen controls, impersonate meeting attendees via chat messages and kick attendees out of meetings. The flaw exposes up to 750,000 companies around the ... | Vulnerability | ||
|
2018-11-20 11:11:01 | 80% Of European Magento Websites At Risk From Hackers Due To Simple Security Oversight. (lien direct) | Security web scans and analysis on over 80,000 European Magento websites – the most popular e-commerce platform globally – reveal 80% are at risk from cyber criminals, according to leading global cybersecurity experts. The latest survey carried out by Foregenix in October identifies the most significant vulnerability for European SMEs is hackers looking to exploit ... | Vulnerability Guideline | ||
|
2018-09-11 11:30:03 | A group of researchers showed how a Tesla Model S can be hacked and stolen in seconds using only $600 worth of equipment (lien direct) | A savvy car thief could drive off with a Tesla Model S by using just a few, relatively inexpensive pieces of computing hardware and some radios - at least, the thief could have until recently, when Tesla fixed an overlooked vulnerability in its cars’ security systems. View full story ORIGINAL SOURCE: Business Insider | Vulnerability | Tesla | |
|
2018-09-07 11:07:03 | Managing the Customer Trust Crisis: New Research Insights (lien direct) | New data privacy laws in Europe and California - not to mention the resulting flurry of updated privacy policy notifications landing in our inboxes - have put privacy matters in the spotlight. But the circumstances that have precipitated this highlight a worrying trend: customers are concerned about not just the vulnerability of their personal information, ... | Vulnerability | ||
|
2018-09-07 10:47:03 | (Déjà vu) Windows Task Scheduler Zero Day hit by Malware attack (lien direct) | Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability appeared online. A security researcher who uses the online name SandboxEscaper on August 27 released the source code for exploiting a security bug in the Advanced Local Procedure Call (ALPC) interface used by Windows ... | Malware Vulnerability | ||
|
2018-09-06 09:35:01 | CroniX CryptoMiner Kills Rivals to Reign Supreme (lien direct) | The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims. Cybercriminals are quick to take advantage of any proof-of-concept (PoC) exploit code that falls into their hands. For the recently disclosed Apache Struts vulnerability (CVE-2018-11776) there are multiple PoCs available, so news ... | Vulnerability | ||
|
2018-09-06 09:26:01 | (Déjà vu) 16 Security Alerts Rated Critical and High Released by Cisco (lien direct) | Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs. Only three alerts refer to security problems with critical impact; among them is the recently disclosed remote code execution vulnerability in Apache Struts, for which several proof-of-concept exploits exist. Cisco notes that not all of its products that ... | Vulnerability | ★★ | |
|
2018-08-30 10:21:01 | Misfortune Cookie vulnerability continues to do damage (lien direct) | Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital’s network infrastructure. View Full Story ORIGINAL SOURCE: Bleeping Computer | Vulnerability | ||
|
2018-08-28 13:41:05 | Exploit Published for Unpatched Flaw in Windows Task Scheduler (lien direct) | A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a “local privilege escalation” issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account. Will Dormann, an engineer of CERT/CC, has confirmed the vulnerability and has issued ... | Vulnerability | ||
|
2018-08-10 09:00:02 | Under half of firms use vulnerability assessments (lien direct) | Less than half of organisations base their cyber defences on strategic vulnerability assessments, and a third of these do the bare minimum to meet compliance requirements, a study shows A study of 2,100 organisations reveals a global divide in how organisations assess cyber risk, with less than half using strategicvulnerability assessments. View Full Story ORIGINAL ... | Vulnerability | ★★★★ | |
|
2018-08-09 09:30:02 | \'Hidden Bee\' miner uses malvertising to lure victims (lien direct) | Researchers at Malwarebytes discovered a malware that targets a vulnerability in Flash Player. The attackers resort to malvertising in adult sites to lure victims, whom they suspect are from Asian countries based on the advertisements used, to the exploit kit landing page. Behind the supposedly online dating service is a malicious iframe that spreads the malware. The ... | Malware Vulnerability | ||
|
2018-08-07 10:32:04 | CVE-2018-5390: Vulnerability in Linux Kernel allows for DoS Attacks (lien direct) | A vulnerability has been identified in the Linux Kernel (version 4.9+) which is tracked in the CVE-2018-5390 advisory. It lists several conditions that allow criminals to modify packets leading to the coordination of DOS (Denial of service) attacks. An email message, posted by Juha-Matti Tilli reported yet another security related issue in the Linux Kernel. ... | Vulnerability Guideline | ||
|
2018-08-06 14:46:00 | Monero (XMR) mining malware attack claims 200,000 victims (lien direct) | Monero (XMR) has become the target for hackers over the past few days. Recently, BCFocus reported about a vulnerability in the Monero wallet that allowed hackers to loot XMR from crypto exchanges. This time, it is said that over 200,000 routers have been hacked using a malware in Brazil to secretly mine Monero (XMR). The online ... | Malware Vulnerability | ||
|
2018-07-31 09:06:01 | Most common web-based vulnerabilities still prevalent after nine years (lien direct) | Analysis of vulnerabilities discovered by NCC Group researchers over the last nine years found that instances of common web-based vulnerabilities have largely refused to fall over during this time, with cross-site scripting (XSS) vulnerabilities appearing the most frequently. The global cyber security and risk mitigation expert found that despite this type of vulnerability being ... | Vulnerability | ||
|
2018-07-26 11:10:00 | Cyber security vulnerability concerns skyrocket (lien direct) | Security professionals are more worried about data breaches and cyber attacks than they were a year ago, with most fearing that Meltdown-Spectre attacks are becoming the norm View Full Story ORIGINAL SOURCE: Computer Weekly | Vulnerability | ||
|
2018-07-25 11:06:05 | Dust yourself off and try again: Ancient Solaris patch missed the mark (lien direct) | A vulnerability first detected and “resolved” years ago in Oracle’s Unix OS, Solaris, has resurfaced, necessitating a fix in Big Red’s latest quarterly patch batch. View full story ORIGINAL SOURCE: The Register | Vulnerability | ||
|
2018-07-23 15:42:01 | Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware (lien direct) | Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report, compiled by the team of security analysts at the Skybox® Research Lab, aims to help organizations align their security strategy with the reality ... | Ransomware Malware Vulnerability Threat Guideline | ||
|
2018-03-13 11:58:04 | Smart camera vulnerabilities could allow criminals to spy on victims (lien direct) | Kaspersky Lab researchers have discovered multiple security vulnerabilities in popular smart cameras that are frequently used as baby monitors, or for internal home and office security surveillance. According to the research, the uncovered flaws could allow attackers to obtain remote access to video and audio feeds from the cameras, remotely disable these devices, execute arbitrary ... | Vulnerability |
To see everything:
Our RSS (filtrered)
