This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-13T04:39:10+00:00 www.secnews.physaphae.fr Security Affairs - Blog Secu CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a critical vulnerability impacting Oracle Fusion Middleware, tracked as CVE-2021-35587 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. An unauthenticated attacker with network access via HTTP can exploit […] ]]> 2022-11-29T16:31:33+00:00 https://securityaffairs.co/wordpress/139077/security/oracle-fusion-middleware-flaw-known-exploited-vulnerabilities-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=8282558 False Vulnerability None 3.0000000000000000 Security Affairs - Blog Secu ESET announced the discovery of a vulnerability impacting Acer laptops that can allow an attacker to deactivate UEFI Secure Boot. ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as […] ]]> 2022-11-28T20:08:00+00:00 https://securityaffairs.co/wordpress/139055/hacking/acer-flaw-uefi-secure-boot.html www.secnews.physaphae.fr/article.php?IdArticle=8274043 False Vulnerability None 3.0000000000000000 Security Affairs - Blog Secu Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from […] ]]> 2022-11-28T15:04:34+00:00 https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8271710 False Vulnerability,Threat None 2.0000000000000000 Security Affairs - Blog Secu The massive data breach suffered by Twitter that exposed emails and phone numbers of its customers may have impacted more than five million users. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-11-26T21:11:03+00:00 https://securityaffairs.co/wordpress/139001/data-breach/twitter-massive-data-breach.html www.secnews.physaphae.fr/article.php?IdArticle=8244621 False Data Breach,Vulnerability,Threat None 2.0000000000000000 Security Affairs - Blog Secu Google on Thursday released security updates to address a new zero-day vulnerability, tracked as CVE-2022-4135, impacting the Chrome web browser. Google rolled out an emergency security update for the desktop version of the Chrome web browser to address a new zero-day vulnerability, tracked as CVE-2022-4135, that is actively exploited. The CVE-2022-4135 vulnerability is a heap […] ]]> 2022-11-25T13:50:56+00:00 https://securityaffairs.co/wordpress/138977/hacking/8-google-chrome-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8218892 False Vulnerability None None Security Affairs - Blog Secu A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused […] ]]> 2022-11-21T21:19:22+00:00 https://securityaffairs.co/wordpress/138815/hacking/macos-sandbox-escape-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8152371 False Vulnerability None None Security Affairs - Blog Secu Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center, and in the Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams. The vulnerability in […] ]]> 2022-11-18T21:35:51+00:00 https://securityaffairs.co/wordpress/138716/security/atlassian-critical-flaws-crowd-bitbucket.html www.secnews.physaphae.fr/article.php?IdArticle=8095750 False Vulnerability None None Security Affairs - Blog Secu Researchers warn of a surge in cyberattacks targeting CVE-2022-24086, a pre-authentication issue impacting Adobe Commerce and Magento stores. In September 2022, Sansec researchers warned of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands […] ]]> 2022-11-17T16:32:32+00:00 https://securityaffairs.co/wordpress/138663/cyber-crime/trojanorders-attacks-adobe-commerce-magento.html www.secnews.physaphae.fr/article.php?IdArticle=8069985 False Vulnerability None None Security Affairs - Blog Secu Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify's Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it's used by a several organizations, including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games. […] ]]> 2022-11-15T22:23:01+00:00 https://securityaffairs.co/wordpress/138591/security/spotify-backstage-rce.html www.secnews.physaphae.fr/article.php?IdArticle=8034994 True Vulnerability None None Security Affairs - Blog Secu A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil […] ]]> 2022-11-10T13:45:11+00:00 https://securityaffairs.co/wordpress/138331/security/abb-totalflow-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7926063 False Vulnerability None 4.0000000000000000 Security Affairs - Blog Secu Citrix released security updates to address a critical authentication bypass vulnerability in Citrix ADC and Citrix Gateway. Citrix is urging customers to install security updates to address a critical authentication bypass issue, tracked as CVE-2022-27510, in Citrix ADC and Citrix Gateway. The company addressed the following three vulnerabilities: “Note that only appliances that are operating […] ]]> 2022-11-08T21:52:41+00:00 https://securityaffairs.co/wordpress/138264/security/citrix-gateway-adc-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7894623 False Vulnerability None 4.0000000000000000 Security Affairs - Blog Secu Microsoft warns of an uptick among threat actors increasingly using publicly-disclosed zero-day exploits in their attacks. According to the Digital Defense Report published by Microsoft, threat actors are increasingly leveraging publicly-disclosed zero-day vulnerabilities to target organizations worldwide. The researchers noticed a reduction in the time between the announcement of a vulnerability and the commoditization of […] ]]> 2022-11-05T17:30:47+00:00 https://securityaffairs.co/wordpress/138100/security/treat-actors-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=7848503 False Vulnerability,Threat None None Security Affairs - Blog Secu Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 […] ]]> 2022-11-04T06:13:36+00:00 https://securityaffairs.co/wordpress/138068/security/cisco-addressed-multiple-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7817020 False Vulnerability None None Security Affairs - Blog Secu Fortinet addressed 16 vulnerabilities in some of the company's products, six flaws received a 'high' severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue is an improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC. A […] ]]> 2022-11-03T08:04:49+00:00 https://securityaffairs.co/wordpress/138021/security/fortinet-nov-2022-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7797744 False Vulnerability None None Security Affairs - Blog Secu ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise, the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data. […] ]]> 2022-11-01T13:19:26+00:00 https://securityaffairs.co/wordpress/137946/uncategorized/connectwise-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7764673 False Vulnerability None None Security Affairs - Blog Secu A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when […] ]]> 2022-11-01T09:46:44+00:00 https://securityaffairs.co/wordpress/137922/mobile-2/samsung-galaxy-store-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7762360 True Vulnerability None None Security Affairs - Blog Secu An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. 0patch released an unofficial patch to address an actively exploited security vulnerability in Microsoft Windows that could allow bypassing Mark-of-the-Web (MotW) protections by using files signed with malformed signatures. The issue affects all supported and multiple legacy […] ]]> 2022-10-31T18:21:37+00:00 https://securityaffairs.co/wordpress/137900/hacking/mark-of-the-web-bypass-0day.html www.secnews.physaphae.fr/article.php?IdArticle=7756517 False Vulnerability None None Security Affairs - Blog Secu A critical flaw in the cloud-based repository hosting service GitHub could’ve allowed attackers to takeover other repositories. The cloud-based repository hosting service GitHub has addressed a vulnerability that could have been exploited by threat actors to takeover the repositories of other users. The vulnerability was discovered by Checkmarx that called the attack technique RepoJacking. The […] ]]> 2022-10-31T12:11:03+00:00 https://securityaffairs.co/wordpress/137866/hacking/github-flaw-repojacking.html www.secnews.physaphae.fr/article.php?IdArticle=7754049 False Vulnerability,Threat None None Security Affairs - Blog Secu Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine. The flaw has been reported […] ]]> 2022-10-28T13:00:33+00:00 https://securityaffairs.co/wordpress/137753/hacking/7-chrome-zero-day-fixed.html www.secnews.physaphae.fr/article.php?IdArticle=7718829 False Vulnerability None None Security Affairs - Blog Secu 2022-10-27T13:38:51+00:00 https://securityaffairs.co/wordpress/137710/security/sirispy-apple-flaw-spy-conversations.html www.secnews.physaphae.fr/article.php?IdArticle=7703020 False Vulnerability None None Security Affairs - Blog Secu The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […] ]]> 2022-10-26T23:00:48+00:00 https://securityaffairs.co/wordpress/137689/security/openssl-second-critical-flaw-ever.html www.secnews.physaphae.fr/article.php?IdArticle=7692571 False Vulnerability None None Security Affairs - Blog Secu VMware addressed a critical remote code execution vulnerability in VMware Cloud Foundation tracked as CVE-2021-39144. VMware has released security updates to address a critical vulnerability, tracked as CVE-2021-39144 (CVSSv3 9.8), in VMware Cloud Foundation. VMware Cloud Foundation™ is the industry’s most advanced hybrid cloud platform. It provides a complete set of software-defined services for compute, storage, […] ]]> 2022-10-26T07:36:50+00:00 https://securityaffairs.co/wordpress/137640/hacking/vmware-cloud-foundation-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7682579 False Vulnerability None 5.0000000000000000 Security Affairs - Blog Secu A high-severity vulnerability, tracked as CVE-2022-35737, has been disclosed in the SQLite database library. The security expert Andreas Kellas detailed a high-severity vulnerability, tracked as CVE-2022-35737 (CVSS score: 7.5), in the SQLite database library, which was introduced in October 2000. The CVE-2022-35737 flaw is an integer overflow issue that impacts SQLite versions 1.0.12 through 3.39.1. The vulnerability was […] ]]> 2022-10-25T20:22:55+00:00 https://securityaffairs.co/wordpress/137629/hacking/cve-2022-35737-sqlite-bug.html www.secnews.physaphae.fr/article.php?IdArticle=7675578 False Vulnerability None None Security Affairs - Blog Secu Apple released security updates that addressed the ninth zero-day vulnerability actively exploited in the wild since the start of the year.  Apple has addressed the ninth zero-day vulnerability exploited in attacks in the wild since the start of the year. The vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write issue that can be exploited by an attacker to […] ]]> 2022-10-24T21:09:12+00:00 https://securityaffairs.co/wordpress/137579/security/apple-fixes-ninth-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=7668702 False Vulnerability None None Security Affairs - Blog Secu Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. Apache Commons Text is a library focused on algorithms working on strings. The vulnerability, dubbed “Text4Shell,” is an unsafe script evaluation issue […] ]]> 2022-10-19T22:50:57+00:00 https://securityaffairs.co/wordpress/137359/security/text4shell-apache-commons-text.html www.secnews.physaphae.fr/article.php?IdArticle=7570729 False Vulnerability,Threat None None Security Affairs - Blog Secu Cybersecurity researchers published technical details about a now-patched FabriXss flaw that impacts Azure Fabric Explorer. Orca Security researchers have released technical details about a now-patched FabriXss vulnerability, tracked as CVE-2022-35829 (CVSS 6.2), that impacts Azure Fabric Explorer. An attacker can exploit the vulnerability to gain administrator privileges on the cluster. In order to exploit this flaw, an […] ]]> 2022-10-19T15:14:05+00:00 https://securityaffairs.co/wordpress/137349/hacking/azure-azure-fabric-fabrixss.html www.secnews.physaphae.fr/article.php?IdArticle=7563881 False Vulnerability None None Security Affairs - Blog Secu HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform. The company released an out-of-band security update to address the remote code […] ]]> 2022-10-18T12:27:39+00:00 https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7540029 False Vulnerability None None Security Affairs - Blog Secu Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker […] ]]> 2022-10-15T12:58:39+00:00 https://securityaffairs.co/wordpress/137138/security/palo-alto-networks-pan-os-flaw-3.html www.secnews.physaphae.fr/article.php?IdArticle=7481337 False Vulnerability None None Security Affairs - Blog Secu Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A proof-of-concept (PoC) exploit code for the authentication bypass vulnerability CVE-2022-40684 (CVSS score: 9.6) in FortiGate firewalls and FortiProxy web proxies has been released online. The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from […] ]]> 2022-10-14T09:37:35+00:00 https://securityaffairs.co/wordpress/137095/hacking/fortinet-cve-2022-40684-poc.html www.secnews.physaphae.fr/article.php?IdArticle=7452991 False Vulnerability None None Security Affairs - Blog Secu Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate […] ]]> 2022-10-10T20:47:43+00:00 https://securityaffairs.co/wordpress/136905/breaking-news/cve-2022-40684-fortinet-products-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=7385236 True Vulnerability None None Security Affairs - Blog Secu Threat actors are exploiting an unpatched severe remote code execution vulnerability in the Zimbra collaboration platform. Researchers from Rapid7 are warning of the exploitation of unpatched zero-day remote code execution vulnerability, tracked as CVE-2022-41352, in the Zimbra Collaboration Suite. Rapid7 has published technical details, including a proof-of-concept (PoC) code and indicators of compromise (IoCs) regarding […] ]]> 2022-10-08T13:17:46+00:00 https://securityaffairs.co/wordpress/136800/hacking/zimbra-collaboration-suite-rce.html www.secnews.physaphae.fr/article.php?IdArticle=7351546 False Vulnerability None None Security Affairs - Blog Secu VMware this week addressed a severe vulnerability in vCenter Server that could lead to arbitrary code execution. VMware on Thursday released security patches to address a code execution vulnerability, tracked as CVE-2022-31680 (CVSS score of 7.2), in vCenter Server. The security issue is an unsafe deserialization vulnerability that resides in the platform services controller (PSC). […] ]]> 2022-10-07T22:03:12+00:00 https://securityaffairs.co/wordpress/136791/security/vmware-vcenter-server-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=7339658 False Vulnerability,Guideline None None Security Affairs - Blog Secu Fortinet addressed a critical authentication bypass vulnerability that impacted FortiGate firewalls and FortiProxy web proxies. Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684, that impacted FortiGate firewalls and FortiProxy web proxies. An attacker can exploit the vulnerability to log into vulnerable devices. “An authentication bypass using an alternate path or channel [CWE-88] in […] ]]> 2022-10-07T14:37:59+00:00 https://securityaffairs.co/wordpress/136786/security/fortinet-critical-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7334778 False Vulnerability None None Security Affairs - Blog Secu Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. SonarSource Researchers disclosed details about a now-fixed vulnerability (CVE-2022-24828) in PHP software package repository Packagist,, that could have been exploited to carry out supply chain attacks. The issue was addressed within hours by […] ]]> 2022-10-04T20:19:23+00:00 https://securityaffairs.co/wordpress/136638/hacking/packagist-supply-chain-attack-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7298794 False Vulnerability None None Security Affairs - Blog Secu CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its  Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […] ]]> 2022-10-01T17:02:02+00:00 https://securityaffairs.co/wordpress/136514/security/atlassian-bitbucket-flaw-known-exploited-vulnerabilities-catalog.html www.secnews.physaphae.fr/article.php?IdArticle=7251281 True Vulnerability None None Security Affairs - Blog Secu The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which is considered part of DoD's vulnerability disclosure program (VDP). The challenge was launched Chief […] ]]> 2022-09-30T15:44:10+00:00 https://securityaffairs.co/wordpress/136462/hacking/dod-hack-us-results.html www.secnews.physaphae.fr/article.php?IdArticle=7226736 False Hack,Vulnerability None None Security Affairs - Blog Secu Sophos warns that a critical code injection security vulnerability in its Firewall product is actively exploited in the wild. Sophos warns of a critical code injection security vulnerability, tracked as CVE-2022-3236, affecting its Firewall product which is being exploited in the wild. The CVE-2022-3236 flaw resides in the User Portal and Webadmin of Sophos Firewall, […] ]]> 2022-09-23T21:43:32+00:00 https://securityaffairs.co/wordpress/136135/security/sophos-user-portal-webadmin-bug.html www.secnews.physaphae.fr/article.php?IdArticle=7090531 False Vulnerability None None Security Affairs - Blog Secu Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […] ]]> 2022-09-23T13:54:46+00:00 https://securityaffairs.co/wordpress/136112/hacking/magento-2-cve-2022-24086.html www.secnews.physaphae.fr/article.php?IdArticle=7082889 False Vulnerability None None Security Affairs - Blog Secu A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers. An attacker can trigger the flaw to exfiltrate sensitive […] ]]> 2022-09-22T21:10:33+00:00 https://securityaffairs.co/wordpress/136094/security/oracle-cloud-infrastructure-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=7068505 False Vulnerability None None Security Affairs - Blog Secu More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ […] ]]> 2022-09-22T13:27:22+00:00 https://securityaffairs.co/wordpress/136081/hacking/python-bug-cve-2007-4559.html www.secnews.physaphae.fr/article.php?IdArticle=7061569 False Vulnerability None None Security Affairs - Blog Secu Uber on Thursday disclosed a security breach, threat actors gained access to its network, and stole internal documents. Uber on Thursday suffered a cyberattack, the attackers were able to penetrate its internal network and access internal documents, including vulnerability reports. According to the New York Times, the threat actors hacked an employee’s Slack account and […] ]]> 2022-09-16T07:22:27+00:00 https://securityaffairs.co/wordpress/135811/data-breach/uber-hacked-systems-allegedly-compromised.html www.secnews.physaphae.fr/article.php?IdArticle=6924934 False Vulnerability,Threat Uber,Uber None Security Affairs - Blog Secu Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites. The WPGateway plugin is a premium plugin that allows users of […] ]]> 2022-09-14T05:21:01+00:00 https://securityaffairs.co/wordpress/135715/cyber-crime/wordpress-wpgateway-critical-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6881565 False Vulnerability,Threat None None Security Affairs - Blog Secu Apple has addressed the eighth zero-day vulnerability that is actively exploited in attacks against iPhones and Macs since January. Apple has released security updates to fix a zero-day vulnerability, tracked as CVE-2022-32917, which is actively exploited in attacks against iPhone and Mac devices. This is the eighth zero-day vulnerability fixed by the IT giant since […] ]]> 2022-09-12T20:21:09+00:00 https://securityaffairs.co/wordpress/135647/security/apple-fixes-eighth-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6863162 False Vulnerability None None Security Affairs - Blog Secu Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […] ]]> 2022-09-09T11:50:31+00:00 https://securityaffairs.co/wordpress/135518/hacking/backupbuddy-wordpress-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6801258 False Vulnerability,Threat None None Security Affairs - Blog Secu Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 […] ]]> 2022-09-08T11:24:22+00:00 https://securityaffairs.co/wordpress/135464/security/cisco-security-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=6783598 False Vulnerability None None Security Affairs - Blog Secu Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […] ]]> 2022-09-07T08:53:00+00:00 https://securityaffairs.co/wordpress/135426/hacking/zyxel-rce-nas.html www.secnews.physaphae.fr/article.php?IdArticle=6763785 False Vulnerability None None Security Affairs - Blog Secu QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […] ]]> 2022-09-05T20:43:48+00:00 https://securityaffairs.co/wordpress/135347/malware/qnap-deadbolt-ransomware-new-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=6743256 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu Google rolled out emergency fixes to address a vulnerability in the Chrome web browser that is being actively exploited in the wild. Google on Friday released emergency fixes to address a vulnerability, tracked as CVE-2022-3075, in the Chrome web browser that is being actively exploited in the wild. The CVE-2022-3075 flaw is caused by insufficient data […] ]]> 2022-09-03T15:37:55+00:00 https://securityaffairs.co/wordpress/135249/security/chrome-emergency-patches.html www.secnews.physaphae.fr/article.php?IdArticle=6707733 False Vulnerability None None Security Affairs - Blog Secu A security issue in the Google Chrome browser could allow malicious web pages to automatically overwrite clipboard content. A vulnerability in the Google Chrome browser, as well as Chromium-based browsers, could allow malicious web pages to automatically overwrite the clipboard content without any user interaction and consent simply visiting them. According to a blog post […] ]]> 2022-09-02T10:48:48+00:00 https://securityaffairs.co/wordpress/135197/hacking/google-chrome-bug-clipboard-overwrite.html www.secnews.physaphae.fr/article.php?IdArticle=6682125 False Vulnerability None None Security Affairs - Blog Secu 2022-08-31T22:31:33+00:00 https://securityaffairs.co/wordpress/135125/mobile-2/tiktok-android-app-bug.html www.secnews.physaphae.fr/article.php?IdArticle=6653000 False Vulnerability,Guideline None None Security Affairs - Blog Secu Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google launched a new bug bounty program as part of the new Open Source Software Vulnerability Rewards Program (OSS VRP) that covers the source projects of the IT giant. The company will pay up to $31,337 […] ]]> 2022-08-30T16:50:57+00:00 https://securityaffairs.co/wordpress/135059/security/google-bug-bounty-open-source.html www.secnews.physaphae.fr/article.php?IdArticle=6628596 False Vulnerability None None Security Affairs - Blog Secu Atlassian addressed a critical vulnerability in Bitbucket Server and Data Center that could lead to malicious code execution on vulnerable instances. Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS score 9.9), that could be explored to execute malicious code on vulnerable installs The flaw is a command injection vulnerability that can be exploited via […] ]]> 2022-08-26T23:08:15+00:00 https://securityaffairs.co/wordpress/134896/hacking/atlassian-bitbucket-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6554787 False Vulnerability,Guideline None None Security Affairs - Blog Secu An Iran-linked Mercury APT group exploited the Log4Shell vulnerability in SysAid applications for initial access to the targeted organizations. The Log4Shell flaw (CVE-2021-44228) made the headlines in December after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability (aka Log4Shell) that affects the Apache Log4j Java-based logging library. The flaw can be exploited […] ]]> 2022-08-26T17:19:35+00:00 https://securityaffairs.co/wordpress/134876/apt/mercury-exploit-log4shell-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6548347 False Vulnerability None None Security Affairs - Blog Secu VMware this week released patches to address an important-severity vulnerability in the VMware Tools suite of utilities. The virtualization giant VMware this week released patches to address an important-severity flaw, tracked as CVE-2022-31676, which impacts the VMware Tools suite of utilities. VMware Tools is a set of services and modules that enable several features in company […] ]]> 2022-08-24T07:56:58+00:00 https://securityaffairs.co/wordpress/134791/security/vmware-vmware-tools-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6498486 False Vulnerability None None Security Affairs - Blog Secu Microsoft shared technical details of a critical ChromeOS flaw that could be exploited to trigger a DoS condition or for remote code execution. Microsoft shared details of a critical ChromeOS vulnerability tracked as CVE-2022-2587 (CVSS score of 9.8). The flaw is an out-of-bounds write issue in OS Audio Server that could be exploited to trigger […] ]]> 2022-08-23T23:25:15+00:00 https://securityaffairs.co/wordpress/134782/security/critical-chromeos-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6491975 False Vulnerability None None Security Affairs - Blog Secu Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. […] ]]> 2022-08-23T16:50:11+00:00 https://securityaffairs.co/wordpress/134756/security/hikvision-cameras-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=6486443 False Vulnerability None None Security Affairs - Blog Secu Researchers shared details of an eight-year-old flaw dubbed DirtyCred, defined as nasty as Dirty Pipe, in the Linux kernel. Researchers from Northwestern University (Zhenpeng Lin  |  PhD Student,Yuhang Wu  |  PhD Student, Xinyu Xing  |  Associate Professor) disclosed an eight-year-old security vulnerability in the Linux kernel, dubbed DirtyCred, which they defined “as nasty as Dirty Pipe.” The Dirty Pipe flaw, tracked […] ]]> 2022-08-22T17:50:43+00:00 https://securityaffairs.co/wordpress/134719/security/linux-dirtycred-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6474464 False Vulnerability None None Security Affairs - Blog Secu Threat actors have exploited a zero-day vulnerability in the General Bytes Bitcoin ATM servers to steal BTC from multiple customers. Threat actors have exploited a zero-day flaw in General Bytes Bitcoin ATM servers that allowed them to hijack transactions associated with deposits and withdrawal of funds. GENERAL BYTES is the world's largest Bitcoin, Blockchain, and […] ]]> 2022-08-21T17:40:20+00:00 https://securityaffairs.co/wordpress/134664/hacking/general-bytes-bitcoin-atm-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6459309 False Vulnerability,Threat None None Security Affairs - Blog Secu The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday […] ]]> 2022-08-20T16:56:39+00:00 https://securityaffairs.co/wordpress/134633/hacking/cisa-7-news-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=6437754 False Vulnerability None None Security Affairs - Blog Secu 2022-08-19T11:56:41+00:00 https://securityaffairs.co/wordpress/134588/hacking/amazon-ring-vulnerability-camera-recordings.html www.secnews.physaphae.fr/article.php?IdArticle=6411877 False Vulnerability None None Security Affairs - Blog Secu Cisco addressed a high-severity escalation of privilege vulnerability (CVE-2022-20871) in AsyncOS for Cisco Secure Web Appliance. Cisco Secure Web Appliance (formerly Secure Web Appliance (WSA)) offers protection from malware and web-based attacks and provides application visibility and control. Cisco has addressed a high-severity escalation of privilege vulnerability, tracked as CVE-2022-20871, that resides in the web management interface of AsyncOS for Cisco Secure Web […] ]]> 2022-08-19T09:04:18+00:00 https://securityaffairs.co/wordpress/134580/security/cisco-secure-web-appliance-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6409263 False Malware,Vulnerability None None Security Affairs - Blog Secu Apple released Safari 15.6.1 for macOS Big Sur and Catalina to address a zero-day vulnerability actively exploited in the wild. Safari 15.6.1 for macOS Big Sur and Catalina addressed an actively exploited zero-day vulnerability tracked as CVE-2022-32893. The flaw is an out-of-bounds write issue in WebKit and the IT giant fixed it with improved bounds […] ]]> 2022-08-18T22:37:20+00:00 https://securityaffairs.co/wordpress/134553/security/safari-15-6-1-fixes-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=6400536 False Vulnerability None None Security Affairs - Blog Secu Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as CVE-2022-27255 (CVSS 9.8), affecting networking devices using Realtek's RTL819x system on a chip was released online. The issue resides in the Realtek's SDK for […] ]]> 2022-08-18T07:10:57+00:00 https://securityaffairs.co/wordpress/134515/breaking-news/realtek-rce-poc-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=6388999 False Vulnerability None None Security Affairs - Blog Secu Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is […] ]]> 2022-08-13T09:39:35+00:00 https://securityaffairs.co/wordpress/134334/hacking/uefi-secure-boot-feature-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6290775 False Vulnerability None None Security Affairs - Blog Secu Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco addressed a high severity vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The flaw, tracked as CVE-2022-20866, impacts the handling of RSA keys on devices running Cisco ASA Software and […] ]]> 2022-08-11T05:47:24+00:00 https://securityaffairs.co/wordpress/134287/security/cisco-flaw-asa-ftd.html www.secnews.physaphae.fr/article.php?IdArticle=6244329 False Vulnerability,Threat None None Security Affairs - Blog Secu Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch Tuesday security updates for August 2022 addressed 118 CVEs in multiple products, including .NET Core, Active Directory Domain Services, Azure Batch Node Agent, Azure Real Time Operating System, Azure Site Recovery, Azure Sphere, Microsoft ATA […] ]]> 2022-08-09T21:25:56+00:00 https://securityaffairs.co/wordpress/134211/security/microsoft-patch-tuesday-august-2022.html www.secnews.physaphae.fr/article.php?IdArticle=6217272 False Vulnerability None None Security Affairs - Blog Secu Twitter confirmed that the recent data breach that exposed data of 5.4 million accounts was caused by the exploitation of a zero-day flaw. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor offered […] ]]> 2022-08-05T22:08:30+00:00 https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html www.secnews.physaphae.fr/article.php?IdArticle=6150012 False Data Breach,Vulnerability,Threat None None Security Affairs - Blog Secu Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth. Google has fixed a critical vulnerability, tracked as CVE-2022-20345, that affects the Android System component. The IT giant has fixed the flaw with the release of Android 12 and 12L updates. Google did […] ]]> 2022-08-03T15:45:18+00:00 https://securityaffairs.co/wordpress/133956/security/android-critical-flaw-cve-2022-20345.html www.secnews.physaphae.fr/article.php?IdArticle=6108550 False Vulnerability None None Security Affairs - Blog Secu VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges. “A malicious actor with network access to the […] ]]> 2022-08-02T17:29:31+00:00 https://securityaffairs.co/wordpress/133938/security/vmware-critical-flaws-3.html www.secnews.physaphae.fr/article.php?IdArticle=6092888 False Vulnerability None None Security Affairs - Blog Secu A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum (ONVIF). ONVIF provides and promotes standardized interfaces for effective […] ]]> 2022-08-01T06:43:37+00:00 https://securityaffairs.co/wordpress/133877/security/dahua-severe-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=6073397 False Vulnerability None None Security Affairs - Blog Secu Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […] ]]> 2022-07-29T11:27:26+00:00 https://securityaffairs.co/wordpress/133798/hacking/atlassian-cve-2022-26138-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=6010742 True Vulnerability None None Security Affairs - Blog Secu Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […] ]]> 2022-07-26T06:22:58+00:00 https://securityaffairs.co/wordpress/133669/hacking/prestashop-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5946467 False Vulnerability,Threat None None Security Affairs - Blog Secu Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale […] ]]> 2022-07-24T08:29:58+00:00 https://securityaffairs.co/wordpress/133593/data-breach/twitter-leaked-data.html www.secnews.physaphae.fr/article.php?IdArticle=5918894 False Vulnerability,Threat None None Security Affairs - Blog Secu Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions for Confluence […] ]]> 2022-07-21T13:49:01+00:00 https://securityaffairs.co/wordpress/133496/hacking/atlassian-confluence-server-data-center-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5855185 False Vulnerability None None Security Affairs - Blog Secu Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research has published an analysis of the recently patched Windows vulnerability CVE-2022-30136 that impacts the Network File System. CVE-2022-30136 is a remote code execution vulnerability that resides in the Windows Network File System, it is due […] ]]> 2022-07-18T10:43:56+00:00 https://securityaffairs.co/wordpress/133355/security/cve-2022-30136-windows-nfs-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5815566 False Vulnerability None None Security Affairs - Blog Secu A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in the Netwrix Auditor software that can be exploited by attackers to execute arbitrary code on affected devices. Netwrix Auditor is a an auditing software that allows organizations to monitor their IT infrastructure, […] ]]> 2022-07-16T19:49:50+00:00 https://securityaffairs.co/wordpress/133310/hacking/netwrix-auditor-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5778726 False Vulnerability None None Security Affairs - Blog Secu Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently, Unit 42 researchers spotted a campaign targeting the Elastix system used in Digium phones since December 2021. Threat actors exploited a vulnerability, tracked as CVE-2021-45461 (CVSS score 9.8), in the Rest Phone Apps (restapps) module to implant […] ]]> 2022-07-16T13:14:26+00:00 https://securityaffairs.co/wordpress/133293/hacking/digium-phones-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5772481 False Vulnerability,Threat None None Security Affairs - Blog Secu Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […] ]]> 2022-07-15T22:27:19+00:00 https://securityaffairs.co/wordpress/133281/malware/sality-malware-industrial-systems.html www.secnews.physaphae.fr/article.php?IdArticle=5756154 False Vulnerability,Threat None None Security Affairs - Blog Secu Researchers spotted a massive campaign that scanned close to 1.6 million WordPress sites for vulnerable Kaswara Modern WPBakery Page Builder Addons. The Wordfence Threat Intelligence team observed a sudden increase in attacks targeting the Kaswara Modern WPBakery Page Builder Addons. Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. The […] ]]> 2022-07-15T14:33:04+00:00 https://securityaffairs.co/wordpress/133267/hacking/wpbakery-page-builder-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=5747300 False Vulnerability,Threat None None Security Affairs - Blog Secu Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […] ]]> 2022-07-14T09:24:51+00:00 https://securityaffairs.co/wordpress/133211/hacking/macos-sandbox-bypass-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=5717252 False Vulnerability None None Security Affairs - Blog Secu VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048, in vCenter Server IWA mechanism. VMware addressed a high-severity privilege escalation flaw, tracked as CVE-2021-22048 (CVSSv3 base score of 7.1.), in vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism after eight months since its disclosure. The vulnerability can be exploited by an attacker with non-administrative […] ]]> 2022-07-14T07:42:48+00:00 https://securityaffairs.co/wordpress/133204/security/vmware-vcenter-server-flaw-2.html www.secnews.physaphae.fr/article.php?IdArticle=5714170 False Vulnerability None None Security Affairs - Blog Secu Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team of security Researchers Kevin2600 and Wesley Li from Star-V Lab independently discovered a flaw in Honda models, named the Rolling-PWN Attack vulnerability (CVE-2021-46145), that can allow unlocking their vehicles- A remote keyless entry system (RKE) […] ]]> 2022-07-10T17:40:13+00:00 https://securityaffairs.co/wordpress/133090/hacking/honda-rolling-pwn-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5649896 False Vulnerability None None Security Affairs - Blog Secu Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the previously undocumented Rozena backdoor. Fortinet FortiGuard Labs researchers observed a phishing campaign that is leveraging the recently disclosed Follina security vulnerability (CVE-2022-30190, CVSS score 7.8) to distribute a previously undocumented backdoor on Windows systems. The Follina issue is a remote code execution vulnerability […] ]]> 2022-07-09T12:36:19+00:00 https://securityaffairs.co/wordpress/133051/hacking/follina-bug-rozena-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=5628846 False Vulnerability None None Security Affairs - Blog Secu Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security patches to address a critical vulnerability, tracked as CVE-2022-20812 (CVSS score of 9.0), in the Expressway series and TelePresence Video Communication Server (VCS). A remote attacker can trigger the flaw to overwrite files on the […] ]]> 2022-07-08T18:41:45+00:00 https://securityaffairs.co/wordpress/133020/security/cisco-cisco-expressway-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5615456 False Vulnerability None None Security Affairs - Blog Secu Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […] ]]> 2022-07-04T21:16:22+00:00 https://securityaffairs.co/wordpress/132863/hacking/4th-chrome-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=5554822 True Vulnerability None None Security Affairs - Blog Secu Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […] ]]> 2022-07-04T09:44:23+00:00 https://securityaffairs.co/wordpress/132846/cyber-crime/hackerone-incident.html www.secnews.physaphae.fr/article.php?IdArticle=5549291 False Vulnerability None None Security Affairs - Blog Secu US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […] ]]> 2022-07-04T07:16:39+00:00 https://securityaffairs.co/wordpress/132830/security/cisa-orders-patch-cve-2022-26925.html www.secnews.physaphae.fr/article.php?IdArticle=5548501 False Vulnerability None None Security Affairs - Blog Secu Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. SonarSource researchers have discovered a new vulnerability in RARlab’s UnRAR utility, tracked as CVE-2022-30333, that can be exploited by remote attackers to execute arbitrary code on a system that relies on the binary, like Zimbra […] ]]> 2022-06-29T14:48:08+00:00 https://securityaffairs.co/wordpress/132737/breaking-news/unrar-path-traversal-flaw-zimbra.html www.secnews.physaphae.fr/article.php?IdArticle=5452615 False Hack,Vulnerability None None Security Affairs - Blog Secu Expert discovered a remote memory-corruption vulnerability affecting the latest version of the OpenSSL library. Security expert Guido Vranken discovered a remote memory-corruption vulnerability in the recently released OpenSSL version 3.0.4. The library was released on June 21, 2022, and affects x64 systems with the AVX-512 instruction set. “OpenSSL version 3.0.4, released on June 21th 2022, is susceptible to […] ]]> 2022-06-28T11:02:10+00:00 https://securityaffairs.co/wordpress/132697/security/openssl-remote-memory-corruption-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5428809 False Vulnerability None None Security Affairs - Blog Secu Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerability on the Mitel […] ]]> 2022-06-25T11:59:00+00:00 https://securityaffairs.co/wordpress/132588/hacking/mitel-voip-ransomware-attack.html www.secnews.physaphae.fr/article.php?IdArticle=5379054 False Ransomware,Vulnerability,Threat None None Security Affairs - Blog Secu Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […] ]]> 2022-06-23T10:48:05+00:00 https://securityaffairs.co/wordpress/132531/hacking/qnap-critical-php-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=5340260 False Vulnerability None None Security Affairs - Blog Secu Google Project Zero experts disclosed details of a 5-Year-Old Apple Safari flaw actively exploited in the wild. Researchers from the Google Project Zero team have disclosed details of a vulnerability in Apple Safari that was actively exploited in the wild. The vulnerability, tracked as CVE-2022-22620, was fixed for the first time in 2013, but in […] ]]> 2022-06-20T14:37:44+00:00 https://securityaffairs.co/wordpress/132446/hacking/apple-safari-zero-day-2016.html www.secnews.physaphae.fr/article.php?IdArticle=5298888 False Vulnerability None None Security Affairs - Blog Secu A critical vulnerability in Ninja Forms plugin potentially impacted more than one million WordPress websites In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The analysis of the updates revealed that they patched a code injection vulnerability […] ]]> 2022-06-19T22:31:24+00:00 https://securityaffairs.co/wordpress/132417/hacking/wordpress-ninja-forms-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5286131 False Vulnerability,Threat None None Security Affairs - Blog Secu China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. Volexity researchers discovered that the zero-day vulnerability, tracked as CVE-2022-1040, in Sophos Firewall was exploited by Chinese threat actors to compromise a company and cloud-hosted web servers it was operating. The vulnerability was exploited by […] ]]> 2022-06-17T23:00:30+00:00 https://securityaffairs.co/wordpress/132377/apt/chinese-driftingcloud-apt-exploited-sophos-firewall-zero-day-before-it-was-fixed.html www.secnews.physaphae.fr/article.php?IdArticle=5230322 False Vulnerability,Threat None None Security Affairs - Blog Secu Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution. Fastjson is a Java library that can be used to convert Java Objects into their JSON representation. […] ]]> 2022-06-16T10:14:49+00:00 https://securityaffairs.co/wordpress/132333/security/fastjson-library-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5187227 False Vulnerability None None Security Affairs - Blog Secu Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. The flaw, tracked as CVE-2022-20798 (CVSS score 9.8), can be exploited by an unauthenticated, remote attacker to bypass […] ]]> 2022-06-16T08:41:13+00:00 https://securityaffairs.co/wordpress/132327/hacking/cisco-esa-critical-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5184991 True Vulnerability None None Security Affairs - Blog Secu Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Researchers from University of Texas, University of Illinois Urbana-Champaign, and the University of Washington, devised a new side-channel attack technique dubbed Hertzbleed that could allow remote attackers to steal encryption keys from modern Intel […] ]]> 2022-06-15T22:59:44+00:00 https://securityaffairs.co/wordpress/132316/hacking/hertzbleed-side-channel-attack-allows-to-remotely-steal-encryption-keys-from-amd-and-intel-chips.html www.secnews.physaphae.fr/article.php?IdArticle=5174244 False Vulnerability None None Security Affairs - Blog Secu Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset admin passwords. Citrix fixed a critical vulnerability in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can be exploited by attackers to reset admin passwords. Citrix Application Delivery Management (ADM) is a comprehensive platform […] ]]> 2022-06-15T18:39:38+00:00 https://securityaffairs.co/wordpress/132299/security/citrix-application-delivery-management-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5170131 False Vulnerability None None Security Affairs - Blog Secu A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of users. Researchers from Sonarsource have discovered a high-severity vulnerability impacting the Zimbra email suite, tracked as CVE-2022-27924 (CVSS score: 7.5), that can be exploited by an unauthenticated attacker to steal login credentials of users without user […] ]]> 2022-06-14T23:11:08+00:00 https://securityaffairs.co/wordpress/132269/hacking/zimbra-email-suite-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=5153200 False Vulnerability None None Security Affairs - Blog Secu Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. Ukraine’s Computer Emergency Response Team (CERT) is warning that the Russia-linked Sandworm APT may be exploiting the recently discovered Follina RCE. The issue, tracked as CVE-2022-30190, impacts the Microsoft Windows Support Diagnostic Tool (MSDT). Nation-state actors […] ]]> 2022-06-13T18:30:20+00:00 https://securityaffairs.co/wordpress/132227/apt/cert-ua-sandworm-follina-rce.html www.secnews.physaphae.fr/article.php?IdArticle=5134786 False Tool,Vulnerability None None