This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T19:41:31+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 (CVSS score: 9.8) - Deserialization vulnerability in SnakeYAML library that can lead to remote code execution in multiple products CVE-2023-22522 (CVSS score]]> 2023-12-06T14:48:00+00:00 https://thehackernews.com/2023/12/atlassian-releases-critical-software.html www.secnews.physaphae.fr/article.php?IdArticle=8419504 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as follows - CVE-2023-33063 (CVSS score: 7.8) - Memory corruption in DSP Services during a remote call from HLOS to DSP. CVE-2023-33106 (CVSS score: 8.4) - Memory corruption in]]> 2023-12-06T10:53:00+00:00 https://thehackernews.com/2023/12/qualcomm-releases-details-on-chip.html www.secnews.physaphae.fr/article.php?IdArticle=8419451 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims\' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28,]]> 2023-12-05T12:29:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html www.secnews.physaphae.fr/article.php?IdArticle=8419205 False Vulnerability,Threat APT 28 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel]]> 2023-12-04T12:23:00+00:00 https://thehackernews.com/2023/12/logofail-uefi-vulnerabilities-expose.html www.secnews.physaphae.fr/article.php?IdArticle=8418948 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The three vulnerabilities are listed below - CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an]]> 2023-12-01T11:52:00+00:00 https://thehackernews.com/2023/12/zyxel-releases-patches-to-fix-15-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8418239 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software. The vulnerabilities, both of which reside in the WebKit web browser engine, are described below - CVE-2023-42916 - An out-of-bounds read issue that could be exploited to]]> 2023-12-01T09:55:00+00:00 https://thehackernews.com/2023/12/zero-day-alert-apple-rolls-out-ios.html www.secnews.physaphae.fr/article.php?IdArticle=8418223 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A CACTUS ransomware campaign has been observed exploiting recently disclosed security flaws in a cloud analytics and business intelligence platform called Qlik Sense to obtain a foothold into targeted environments. "This campaign marks the first documented instance [...] where threat actors deploying CACTUS ransomware have exploited vulnerabilities in Qlik Sense for initial access," Arctic Wolf]]> 2023-11-30T16:46:00+00:00 https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html www.secnews.physaphae.fr/article.php?IdArticle=8418040 False Ransomware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that\'s capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been]]> 2023-11-29T10:37:00+00:00 https://thehackernews.com/2023/11/gotitan-botnet-spotted-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8417700 False Vulnerability,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Benoît Sevens and Clément Lecigne of Google\'s Threat Analysis Group (TAG) have been]]> 2023-11-29T09:57:00+00:00 https://thehackernews.com/2023/11/zero-day-alert-google-chrome-under.html www.secnews.physaphae.fr/article.php?IdArticle=8417701 False Vulnerability,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new research has uncovered multiple vulnerabilities that could be exploited to bypass Windows Hello authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. The flaws were discovered by researchers at hardware and software product security and offensive research firm Blackwing Intelligence, who found the weaknesses in the fingerprint sensors from Goodix,]]> 2023-11-22T20:53:00+00:00 https://thehackernews.com/2023/11/new-flaws-in-fingerprint-sensors-let.html www.secnews.physaphae.fr/article.php?IdArticle=8415971 False Vulnerability None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI),]]> 2023-11-22T10:19:00+00:00 https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8415738 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host\'s resources to mine cryptocurrencies like Bitcoin, resulting in significant damage to the infrastructure and a negative]]> 2023-11-21T15:30:00+00:00 https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html www.secnews.physaphae.fr/article.php?IdArticle=8415313 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerabilities are as follows - CVE-2023-36584 (CVSS score: 5.4) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability CVE-2023-1671 (CVSS score: 9.8) -]]> 2023-11-17T11:27:00+00:00 https://thehackernews.com/2023/11/cisa-adds-three-security-flaws-with.html www.secnews.physaphae.fr/article.php?IdArticle=8413229 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6,]]> 2023-11-15T19:19:00+00:00 https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html www.secnews.physaphae.fr/article.php?IdArticle=8412374 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU\'s]]> 2023-11-15T13:22:00+00:00 https://thehackernews.com/2023/11/reptar-new-intel-cpu-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8412249 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release. The updates are in]]> 2023-11-15T11:16:00+00:00 https://thehackernews.com/2023/11/alert-microsoft-releases-patch-updates.html www.secnews.physaphae.fr/article.php?IdArticle=8412235 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS score: 9.8), the vulnerability impacts instances that have been upgraded to version 10.5 from an older version. "On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with]]> 2023-11-15T09:48:00+00:00 https://thehackernews.com/2023/11/urgent-vmware-warns-of-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8412202 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A group of academics has disclosed a new "software fault attack" on AMD\'s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It]]> 2023-11-15T00:10:00+00:00 https://thehackernews.com/2023/11/cachewarp-attack-new-vulnerability-in.html www.secnews.physaphae.fr/article.php?IdArticle=8412056 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active]]> 2023-11-14T11:33:00+00:00 https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html www.secnews.physaphae.fr/article.php?IdArticle=8411585 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal]]> 2023-11-09T22:24:00+00:00 https://thehackernews.com/2023/11/zero-day-alert-lace-tempest-exploits.html www.secnews.physaphae.fr/article.php?IdArticle=8408634 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS]]> 2023-11-09T11:03:00+00:00 https://thehackernews.com/2023/11/cisa-alerts-high-severity-slp.html www.secnews.physaphae.fr/article.php?IdArticle=8408279 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a]]> 2023-11-07T14:29:00+00:00 https://thehackernews.com/2023/11/sidecopy-exploiting-winrar-flaw-in.html www.secnews.physaphae.fr/article.php?IdArticle=8407145 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7 said it observed the exploitation of CVE-2023-22518 and CVE-2023-22515 in multiple customer environments, some of which have been leveraged for the deployment of Cerber (aka C3RB3R) ransomware. Both vulnerabilities are critical, allowing threat]]> 2023-11-07T12:44:00+00:00 https://thehackernews.com/2023/11/experts-warn-of-ransomware-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8407092 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Veeam has released security updates to address four flaws in its ONE IT monitoring and analytics platform, two of which are rated critical in severity. The list of vulnerabilities is as follows - CVE-2023-38547 (CVSS score: 9.9) - An unspecified flaw that can be leveraged by an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration]]> 2023-11-07T10:38:00+00:00 https://thehackernews.com/2023/11/critical-flaws-discovered-in-veeam-one.html www.secnews.physaphae.fr/article.php?IdArticle=8407052 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the]]> 2023-11-06T22:25:00+00:00 https://thehackernews.com/2023/11/qnap-releases-patch-for-2-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8406734 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST said in a statement.]]> 2023-11-02T10:49:00+00:00 https://thehackernews.com/2023/11/first-announces-cvss-40-new.html www.secnews.physaphae.fr/article.php?IdArticle=8404607 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution. "In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations," cybersecurity firm Rapid7 disclosed in a]]> 2023-11-02T09:57:00+00:00 https://thehackernews.com/2023/11/hellokitty-ransomware-group-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8404608 False Ransomware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure that could result in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution]]> 2023-11-01T10:23:00+00:00 https://thehackernews.com/2023/11/alert-f5-warns-of-active-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8403894 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as CVE-2023-22518, the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data]]> 2023-10-31T16:46:00+00:00 https://thehackernews.com/2023/10/atlassian-warns-of-new-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8403481 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it\'s almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other]]> 2023-10-30T17:39:00+00:00 https://thehackernews.com/2023/10/new-webinar-5-must-know-trends.html www.secnews.physaphae.fr/article.php?IdArticle=8402826 False Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -  CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (]]> 2023-10-30T12:16:00+00:00 https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8402689 False Vulnerability,Threat Uber 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has announced that it\'s expanding its Vulnerability Rewards Program (VRP) to reward researchers for finding attack scenarios tailored to generative artificial intelligence (AI) systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than traditional digital security, such as the potential for unfair bias, model manipulation or]]> 2023-10-27T16:24:00+00:00 https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html www.secnews.physaphae.fr/article.php?IdArticle=8401398 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) F5 has alerted customers of a critical security vulnerability impacting BIG-IP that could result in unauthenticated remote code execution. The issue, rooted in the configuration utility component, has been assigned the CVE identifier CVE-2023-46747, and carries a CVSS score of 9.8 out of a maximum of 10. "This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP]]> 2023-10-27T09:53:00+00:00 https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8401236 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code]]> 2023-10-26T10:53:00+00:00 https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html www.secnews.physaphae.fr/article.php?IdArticle=8400737 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims\' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using known]]> 2023-10-25T18:50:00+00:00 https://thehackernews.com/2023/10/nation-state-hackers-exploiting-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8400151 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS score: 9.8), has been described as an out-of-bounds write vulnerability in the implementation of the DCE/RPC protocol. "A malicious actor with network access to vCenter Server may trigger an out-of-bounds]]> 2023-10-25T15:41:00+00:00 https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8400088 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files]]> 2023-10-25T10:17:00+00:00 https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html www.secnews.physaphae.fr/article.php?IdArticle=8400012 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term "continuous vulnerability scanning" is becoming more popular. Hackers won\'t wait for your next scan One-off scans can be a simple \'one-and-done\']]> 2023-10-19T17:18:00+00:00 https://thehackernews.com/2023/10/vulnerability-scanning-how-often-should.html www.secnews.physaphae.fr/article.php?IdArticle=8397690 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively]]> 2023-10-19T09:32:00+00:00 https://thehackernews.com/2023/10/google-tag-detects-state-backed-threat.html www.secnews.physaphae.fr/article.php?IdArticle=8397549 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before]]> 2023-10-18T17:57:00+00:00 https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8397237 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don\'t just target single weaknesses; they\'re on the hunt for combinations of exposures and attack methods that can lead them to their desired objective. Despite the presence of numerous security tools, organizations often have to deal with two]]> 2023-10-18T17:12:00+00:00 https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html www.secnews.physaphae.fr/article.php?IdArticle=8397238 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A medium-severity flaw has been discovered in Synology\'s DiskStation Manager (DSM) that could be exploited to decipher an administrator\'s password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account,"]]> 2023-10-18T12:18:00+00:00 https://thehackernews.com/2023/10/new-admin-takeover-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8397128 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,]]> 2023-10-17T20:07:00+00:00 https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8396752 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A severity flaw impacting industrial cellular routers from Milesight may have been actively exploited in real-world attacks, new findings from VulnCheck reveal. Tracked as CVE-2023-43261 (CVSS score: 7.5), the vulnerability has been described as a case of information disclosure that affects UR5X, UR32L, UR32, UR35, and UR41 routers before version 35.3.0.7 that could enable attackers to access]]> 2023-10-17T15:46:00+00:00 https://thehackernews.com/2023/10/experts-warn-of-severe-flaws-affecting.html www.secnews.physaphae.fr/article.php?IdArticle=8396654 False Vulnerability,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has warned of a critical, unpatched security flaw impacting IOS XE software that\'s under active exploitation in the wild. Rooted in the web UI feature, the zero-day vulnerability is assigned as CVE-2023-20198 and has been assigned the maximum severity rating of 10.0 on the CVSS scoring system. It\'s worth pointing out that the shortcoming only affects enterprise networking gear that have]]> 2023-10-17T09:42:00+00:00 https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8396540 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as]]> 2023-10-16T19:25:00+00:00 https://thehackernews.com/2023/10/pro-russian-hackers-exploiting-recent.html www.secnews.physaphae.fr/article.php?IdArticle=8396240 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly]]> 2023-10-16T15:01:00+00:00 https://thehackernews.com/2023/10/signal-debunks-zero-day-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8396115 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545 (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the]]> 2023-10-12T10:09:00+00:00 https://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html www.secnews.physaphae.fr/article.php?IdArticle=8394604 False Vulnerability None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-21608 (CVSS score: 7.8), the vulnerability has been described as a use-after-free bug that can be exploited to achieve remote code execution (RCE) with the]]> 2023-10-11T17:56:00+00:00 https://thehackernews.com/2023/10/us-cybersecurity-agency-warns-of.html www.secnews.physaphae.fr/article.php?IdArticle=8394301 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Passwords are at the core of securing access to an organization\'s data. However, they also come with security vulnerabilities that stem from their inconvenience. With a growing list of credentials to keep track of, the average end-user can default to shortcuts. Instead of creating a strong and unique password for each account, they resort to easy-to-remember passwords, or use the same password]]> 2023-10-11T17:32:00+00:00 https://thehackernews.com/2023/10/take-offensive-approach-to-password.html www.secnews.physaphae.fr/article.php?IdArticle=8394302 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant\'s threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in]]> 2023-10-11T09:42:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8394187 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,]]> 2023-10-10T20:54:00+00:00 https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8393814 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s rapidly evolving technological landscape, the integration of Artificial Intelligence (AI) and Large Language Models (LLMs) has become ubiquitous across various industries. This wave of innovation promises improved efficiency and performance, but lurking beneath the surface are complex vulnerabilities and unforeseen risks that demand immediate attention from cybersecurity professionals]]> 2023-10-09T17:25:00+00:00 https://thehackernews.com/2023/10/webinar-how-vcisos-can-navigating.html www.secnews.physaphae.fr/article.php?IdArticle=8393136 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO\'s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device]]> 2023-10-09T16:19:00+00:00 https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html www.secnews.physaphae.fr/article.php?IdArticle=8393138 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The maintainers of the Curl library have released an advisory warning of two forthcoming security vulnerabilities that are expected to be addressed as part of updates released on October 11, 2023. This includes a high severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges]]> 2023-10-09T16:02:00+00:00 https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8393139 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from CVE-2023-40284 through CVE-2023-40290, vary in severity from High to Critical, according to Binarly]]> 2023-10-06T11:32:00+00:00 https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html www.secnews.physaphae.fr/article.php?IdArticle=8392121 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation, while removing five bugs from the list due to lack of adequate evidence. The vulnerabilities newly added are below - CVE-2023-42793 (CVSS score: 9.8) - JetBrains TeamCity Authentication Bypass Vulnerability]]> 2023-10-05T15:00:00+00:00 https://thehackernews.com/2023/10/cisa-warns-of-active-exploitation-of.html www.secnews.physaphae.fr/article.php?IdArticle=8391786 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Wednesday rolled out security patches to address a new zero-day flaw in iOS and iPadOS that it said has come under active exploitation in the wild. Tracked as CVE-2023-42824, the kernel vulnerability could be abused by a local attacker to elevate their privileges. The iPhone maker said it addressed the problem with improved checks. "Apple is aware of a report that this issue may have]]> 2023-10-05T09:12:00+00:00 https://thehackernews.com/2023/10/apple-rolls-out-security-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8391718 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as CVE-2023-22515, is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to]]> 2023-10-05T08:58:00+00:00 https://thehackernews.com/2023/10/atlassian-confluence-hit-by-newly.html www.secnews.physaphae.fr/article.php?IdArticle=8391719 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has detailed a new campaign in which attackers unsuccessfully attempted to move laterally to a cloud environment through a SQL Server instance. "The attackers initially exploited a SQL injection vulnerability in an application within the target\'s environment," security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen said in a Tuesday report. "This allowed the]]> 2023-10-04T15:48:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-cyber-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8391371 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library\'s ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader\'s processing of the GLIBC_TUNABLES]]> 2023-10-04T12:51:00+00:00 https://thehackernews.com/2023/10/looney-tunables-new-linux-flaw-enables.html www.secnews.physaphae.fr/article.php?IdArticle=8391312 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. "There are indications from Google Threat Analysis Group and Google Project Zero that CVE-2023-33106, CVE-2023-33107,]]> 2023-10-03T22:07:00+00:00 https://thehackernews.com/2023/10/qualcomm-releases-patch-for-3-new-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8391073 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems. Israel-based runtime application security company Oligo, which made the discovery, has coined the vulnerabilities ShellTorch. "These vulnerabilities [...] can lead to a full chain Remote]]> 2023-10-03T21:54:00+00:00 https://thehackernews.com/2023/10/warning-pytorch-models-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8391074 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security Configuration Assessment (SCA) is critical to an organization\'s cybersecurity strategy. SCA aims to discover vulnerabilities and misconfigurations that malicious actors exploit to gain unauthorized access to systems and data. Regular security configuration assessments are essential in maintaining a secure and compliant environment, as this minimizes the risk of cyber attacks. The]]> 2023-10-03T17:18:00+00:00 https://thehackernews.com/2023/10/protecting-your-it-infrastructure-with.html www.secnews.physaphae.fr/article.php?IdArticle=8390933 False Vulnerability,Guideline None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts the following driver versions - Midgard GPU Kernel Driver: All versions from r12p0 - r32p0 Bifrost GPU Kernel Driver: All versions from r0p0 - r42p0 Valhall GPU Kernel Driver: All versions from r19p0 -]]> 2023-10-03T10:28:00+00:00 https://thehackernews.com/2023/10/arm-issues-patch-for-mali-gpu-kernel.html www.secnews.physaphae.fr/article.php?IdArticle=8390786 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefine]]> 2023-10-02T13:32:00+00:00 https://thehackernews.com/2023/10/openrefines-zip-slip-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8390402 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability]]> 2023-09-30T09:44:00+00:00 https://thehackernews.com/2023/09/new-critical-security-flaws-expose-exim.html www.secnews.physaphae.fr/article.php?IdArticle=8389745 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The]]> 2023-09-29T08:32:00+00:00 https://thehackernews.com/2023/09/cisco-warns-of-vulnerability-in-ios-and.html www.secnews.physaphae.fr/article.php?IdArticle=8389325 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can]]> 2023-09-28T08:43:00+00:00 https://thehackernews.com/2023/09/update-chrome-now-google-releases-patch.html www.secnews.physaphae.fr/article.php?IdArticle=8388898 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression," a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of]]> 2023-09-27T18:25:00+00:00 https://thehackernews.com/2023/09/researchers-uncover-new-gpu-side.html www.secnews.physaphae.fr/article.php?IdArticle=8388393 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially]]> 2023-09-27T10:53:00+00:00 https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html www.secnews.physaphae.fr/article.php?IdArticle=8388219 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert\'s head spin. If you\'re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. What is cybersecurity compliance?]]> 2023-09-26T17:20:00+00:00 https://thehackernews.com/2023/09/essential-guide-to-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8387980 False Vulnerability,General Information,Legislation,Guideline None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security vulnerability in the JetBrains TeamCity continuous integration and continuous deployment (CI/CD) software could be exploited by unauthenticated attackers to achieve remote code execution on affected systems. The flaw, tracked as CVE-2023-42793, carries a CVSS score of 9.8 and has been addressed in TeamCity version 2023.05.4 following responsible disclosure on September 6,]]> 2023-09-26T10:30:00+00:00 https://thehackernews.com/2023/09/critical-jetbrains-teamcity-flaw-could.html www.secnews.physaphae.fr/article.php?IdArticle=8387874 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization]]> 2023-09-22T13:30:00+00:00 https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8386624 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a]]> 2023-09-22T07:41:00+00:00 https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8386550 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as]]> 2023-09-21T10:33:00+00:00 https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html www.secnews.physaphae.fr/article.php?IdArticle=8386156 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security flaws have been disclosed in the Nagios XI network monitoring software that could result in privilege escalation and information disclosure. The four security vulnerabilities, tracked from CVE-2023-40931 through CVE-2023-40934, impact Nagios XI versions 5.11.1 and lower. Following responsible disclosure on August 4, 2023, They have been patched as of September 11, 2023, with]]> 2023-09-20T18:08:00+00:00 https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html www.secnews.physaphae.fr/article.php?IdArticle=8385812 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled]]> 2023-09-20T12:48:00+00:00 https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html www.secnews.physaphae.fr/article.php?IdArticle=8385714 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that\'s bundled along with the software. The complete list of impacted]]> 2023-09-20T10:58:00+00:00 https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html www.secnews.physaphae.fr/article.php?IdArticle=8385635 False Vulnerability,Prediction None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system." CVE-2023-36845 refers to a]]> 2023-09-19T15:00:00+00:00 https://thehackernews.com/2023/09/over-12000-juniper-firewalls-found.html www.secnews.physaphae.fr/article.php?IdArticle=8385232 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The volume of cybersecurity vulnerabilities is rising, with close to 30% more vulnerabilities found in 2022 vs. 2018. Costs are also rising, with a data breach in 2023 costing $4.45M on average vs. $3.62M in 2017. In Q2 2023, a total of 1386 victims were claimed by ransomware attacks compared with just 831 in Q1 2023. The MOVEit attack has claimed over 600 victims so far and that number is still]]> 2023-09-15T16:43:00+00:00 https://thehackernews.com/2023/09/the-interdependence-between-automated.html www.secnews.physaphae.fr/article.php?IdArticle=8383674 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of memory corruption flaws have been discovered in the ncurses (short for new curses) programming library that could be exploited by threat actors to run malicious code on vulnerable Linux and macOS systems. "Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program\'s context or perform other malicious]]> 2023-09-14T19:37:00+00:00 https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html www.secnews.physaphae.fr/article.php?IdArticle=8382693 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in N-Able\'s Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges. Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows]]> 2023-09-14T15:22:00+00:00 https://thehackernews.com/2023/09/n-ables-take-control-agent.html www.secnews.physaphae.fr/article.php?IdArticle=8382618 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities were released on August]]> 2023-09-13T19:35:00+00:00 https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8382342 False Vulnerability Uber 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) More details have emerged about a set of now-patched cross-site scripting (XSS) flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions,]]> 2023-09-13T19:01:00+00:00 https://thehackernews.com/2023/09/researchers-detail-8-vulnerabilities-in.html www.secnews.physaphae.fr/article.php?IdArticle=8382318 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Adobe\'s Patch Tuesday update for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC,]]> 2023-09-13T08:27:00+00:00 https://thehackernews.com/2023/09/update-adobe-acrobat-and-reader-to.html www.secnews.physaphae.fr/article.php?IdArticle=8382110 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mozilla on Tuesday released security updates to resolve a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in the wild, a day after Google released a fix for the issue in its Chrome browser. The shortcoming, assigned the identifier CVE-2023-4863, is a heap buffer overflow flaw in the WebP image format that could result in arbitrary code execution when]]> 2023-09-13T07:20:00+00:00 https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8382100 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "could allow an attacker to exploit a race condition within GitHub\'s repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News. "Successful exploitation of]]> 2023-09-12T17:02:00+00:00 https://thehackernews.com/2023/09/critical-github-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8381772 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday rolled out out-of-band security patches to address a critical security flaw in its Chrome web browser that it said has been exploited in the wild. Tracked as CVE-2023-4863, the issue has been described as a case of heap buffer overflow that resides in the WebP image format that could result in arbitrary code execution or a crash. Apple Security Engineering and Architecture (SEAR]]> 2023-09-12T10:45:00+00:00 https://thehackernews.com/2023/09/google-rushes-to-patch-critical-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8381649 False Vulnerability None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.  Recently, a]]> 2023-09-08T16:57:00+00:00 https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8380410 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that multiple nation-state actors are exploiting security flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus to gain unauthorized access and establish persistence on compromised systems. “Nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized]]> 2023-09-08T11:06:00+00:00 https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8380335 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. The update (version 2.1.1) plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset\'s metadata database. Outside of these]]> 2023-09-07T16:32:00+00:00 https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8380032 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” the]]> 2023-09-06T19:32:00+00:00 https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html www.secnews.physaphae.fr/article.php?IdArticle=8379667 False Vulnerability,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, tracked as CVE-2023-34392 and from CVE-2023-31168]]> 2023-09-06T15:43:00+00:00 https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8379593 False Vulnerability,Threat,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unknown threat actor has been observed weaponizing high-severity security flaws in the MinIO high-performance object storage system to achieve unauthorized code execution on affected servers. Cybersecurity and incident response firm Security Joes said the intrusion leveraged a publicly available exploit chain to backdoor the MinIO instance. The comprises CVE-2023-28432 (CVSS score: 7.5) and]]> 2023-09-04T19:43:00+00:00 https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html www.secnews.physaphae.fr/article.php?IdArticle=8378786 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Proof-of-concept (PoC) exploit code has been made available for a recently disclosed and patched critical flaw impacting VMware Aria Operations for Networks (formerly vRealize Network Insight). The flaw, tracked as CVE-2023-34039, is rated 9.8 out of a maximum of 10 for severity and has been described as a case of authentication bypass due to a lack of unique cryptographic key generation. “A]]> 2023-09-03T10:12:00+00:00 https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8378263 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited to bypass authentication and gain remote code execution. The most severe of the flaws is CVE-2023-34039 (CVSS score: 9.8), which relates to a case of authentication bypass arising as a result of a lack of unique cryptographic key generation. "A]]> 2023-08-30T12:27:00+00:00 https://thehackernews.com/2023/08/critical-vulnerability-alert-vmware.html www.secnews.physaphae.fr/article.php?IdArticle=8376609 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched Citrix NetScaler systems exposed to the internet are being targeted by unknown threat actors in what\'s suspected to be a ransomware attack. Cybersecurity company Sophos is tracking the activity cluster under the moniker STAC4663. Attack chains involve the exploitation of CVE-2023-3519, a critical code injection vulnerability impacting NetScaler ADC and Gateway servers that could]]> 2023-08-29T14:47:00+00:00 https://thehackernews.com/2023/08/citrix-netscaler-alert-ransomware.html www.secnews.physaphae.fr/article.php?IdArticle=8376137 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 (CVSS score: 7.5), the vulnerability relates to a path traversal vulnerability in Openfire\'s administrative console that could permit an unauthenticated attacker to access otherwise restricted]]> 2023-08-24T13:51:00+00:00 https://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html www.secnews.physaphae.fr/article.php?IdArticle=8373974 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (]]> 2023-08-22T09:06:00+00:00 https://thehackernews.com/2023/08/critical-adobe-coldfusion-flaw-added-to.html www.secnews.physaphae.fr/article.php?IdArticle=8372964 False Vulnerability None 2.0000000000000000