This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T19:52:07+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied]]> 2023-08-21T19:14:00+00:00 https://thehackernews.com/2023/08/new-winrar-vulnerability-could-allow.html www.secnews.physaphae.fr/article.php?IdArticle=8372770 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series. "By]]> 2023-08-19T13:08:00+00:00 https://thehackernews.com/2023/08/new-juniper-junos-os-flaws-expose.html www.secnews.physaphae.fr/article.php?IdArticle=8372106 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one\'s own network.  Just recently, an attack believed to be perpetrated by the Chinese hacker group]]> 2023-08-18T17:19:00+00:00 https://thehackernews.com/2023/08/the-vulnerability-of-zero-trust-lessons.html www.secnews.physaphae.fr/article.php?IdArticle=8371755 False Hack,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited]]> 2023-08-17T10:40:00+00:00 https://thehackernews.com/2023/08/cisa-adds-citrix-sharefile-flaw-to-kev.html www.secnews.physaphae.fr/article.php?IdArticle=8371085 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can]]> 2023-08-16T09:50:00+00:00 https://thehackernews.com/2023/08/nearly-2000-citrix-netscaler-instances.html www.secnews.physaphae.fr/article.php?IdArticle=8370550 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. "Successful exploitation of these]]> 2023-08-15T22:14:00+00:00 https://thehackernews.com/2023/08/multiple-flaws-found-in-scrutisweb.html www.secnews.physaphae.fr/article.php?IdArticle=8370316 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) E-commerce sites using Adobe\'s Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be]]> 2023-08-14T18:44:00+00:00 https://thehackernews.com/2023/08/ongoing-xurum-attacks-on-e-commerce.html www.secnews.physaphae.fr/article.php?IdArticle=8369926 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities impacting CyberPower\'s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe\'s iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry]]> 2023-08-13T02:30:00+00:00 https://thehackernews.com/2023/08/multiple-flaws-in-cyberpower-and.html www.secnews.physaphae.fr/article.php?IdArticle=8369392 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom\'s Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.\'s desk phones and Zoom\'s Zero Touch Provisioning feature can gain full remote control of the devices,"]]> 2023-08-12T17:04:00+00:00 https://thehackernews.com/2023/08/zoom-ztp-audiocodes-phones-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8369280 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft\'s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It]]> 2023-08-11T09:08:00+00:00 https://thehackernews.com/2023/08/cisa-adds-microsoft-net-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8368689 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD\'s Zen 2 architecture-based processors known as]]> 2023-08-09T21:09:00+00:00 https://thehackernews.com/2023/08/collidepower-downfall-and-inception-new.html www.secnews.physaphae.fr/article.php?IdArticle=8367952 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has patched a total of 74 flaws in its software as part of the company\'s Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System]]> 2023-08-09T09:56:00+00:00 https://thehackernews.com/2023/08/microsoft-releases-patches-for-74-new.html www.secnews.physaphae.fr/article.php?IdArticle=8367708 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Friday disclosed that it has addressed a critical security flaw impacting Power Platform, but not before it came under criticism for its failure to swiftly act on it. "The vulnerability could lead to unauthorized access to Custom Code functions used for Power Platform custom connectors," the tech giant said. "The potential impact could be unintended information disclosure if secrets]]> 2023-08-05T13:08:00+00:00 https://thehackernews.com/2023/08/microsoft-addresses-critical-power.html www.secnews.physaphae.fr/article.php?IdArticle=8365996 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new high-severity security flaw in PaperCut print management software for Windows that could result in remote code execution under specific circumstances. Tracked as CVE-2023-39143 (CVSS score: 8.4), the flaw impacts PaperCut NG/MF prior to version 22.1.3. It has been described as a combination of a path traversal and file upload vulnerability. "]]> 2023-08-05T09:43:00+00:00 https://thehackernews.com/2023/08/researchers-uncover-new-high-severity.html www.secnews.physaphae.fr/article.php?IdArticle=8365954 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five]]> 2023-08-04T12:32:00+00:00 https://thehackernews.com/2023/08/major-cybersecurity-agencies.html www.secnews.physaphae.fr/article.php?IdArticle=8365600 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hundreds of Citrix NetScaler ADC and Gateway servers have been breached by malicious actors to deploy web shells, according to the Shadowserver Foundation. The non-profit said the attacks take advantage of CVE-2023-3519, a critical code injection vulnerability that could lead to unauthenticated remote code execution. The flaw, patched by Citrix last month, carries a CVSS score of 9.8. The]]> 2023-08-03T19:50:00+00:00 https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html www.secnews.physaphae.fr/article.php?IdArticle=8365288 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and discovered by Rapid7, the issue "allows unauthenticated attackers to access the API in older unsupported]]> 2023-08-03T09:36:00+00:00 https://thehackernews.com/2023/08/researchers-discover-bypass-for.html www.secnews.physaphae.fr/article.php?IdArticle=8365033 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce\'s email services, allowing threat actors to craft targeted phishing messages using the company\'s domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook\'s Web Games platform,"]]> 2023-08-02T18:25:00+00:00 https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html www.secnews.physaphae.fr/article.php?IdArticle=8364755 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of]]> 2023-08-02T18:25:00+00:00 https://thehackernews.com/2023/08/industrial-control-systems.html www.secnews.physaphae.fr/article.php?IdArticle=8364754 False Vulnerability,Industrial None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Advanced persistent threat (APT) actors exploited a recently disclosed critical flaw impacting Ivanti Endpoint Manager Mobile (EPMM) as a zero-day since at least April 2023 in attacks directed against Norwegian entities, including a government network. The disclosure comes as part of a new joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian]]> 2023-08-02T09:11:00+00:00 https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8364582 False Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in the Ninja Forms plugin for WordPress that could be exploited by threat actors to escalate privileges and steal sensitive data. The flaws, tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, impact versions 3.6.25 and below, Patchstack said in a report last week. Ninja Forms is installed on over 800,000 sites. A brief description]]> 2023-07-31T12:12:00+00:00 https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html www.secnews.physaphae.fr/article.php?IdArticle=8363783 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL). "]]> 2023-07-29T09:57:00+00:00 https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html www.secnews.physaphae.fr/article.php?IdArticle=8363039 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As part of Checkmarx\'s mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find. What we found is an]]> 2023-07-28T17:18:00+00:00 https://thehackernews.com/2023/07/a-data-exfiltration-attack-scenario.html www.secnews.physaphae.fr/article.php?IdArticle=8362735 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users. "The impacted Ubuntu versions are prevalent in the cloud as they serve as the default]]> 2023-07-27T18:55:00+00:00 https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8362245 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively,]]> 2023-07-26T10:32:00+00:00 https://thehackernews.com/2023/07/critical-mikrotik-routeros.html www.secnews.physaphae.fr/article.php?IdArticle=8361572 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what\'s believed to be an intentional backdoor that could have potentially exposed sensitive information. The issues, discovered by Midnight Blue in 2021 and held back until now, have]]> 2023-07-25T15:58:00+00:00 https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8361220 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new security vulnerability has been discovered in AMD\'s Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed Zenbleed and tracked as CVE-2023-20593 (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The]]> 2023-07-25T15:33:00+00:00 https://thehackernews.com/2023/07/zenbleed-new-flaw-in-amd-zen-2.html www.secnews.physaphae.fr/article.php?IdArticle=8361222 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as]]> 2023-07-25T09:21:00+00:00 https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html www.secnews.physaphae.fr/article.php?IdArticle=8361054 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078, with the issues remediated in versions 1.8.3.7 and 1.8.4.9 released by Atera on April 17, 2023, and]]> 2023-07-24T18:31:00+00:00 https://thehackernews.com/2023/07/critical-zero-days-in-atera-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8360780 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH\'s forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.]]> 2023-07-24T14:40:00+00:00 https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html www.secnews.physaphae.fr/article.php?IdArticle=8360726 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on Thursday warning that the newly disclosed critical security flaw in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices is being abused to drop web shells on vulnerable systems. "In June 2023, threat actors exploited this vulnerability as a zero-day to drop a web shell on a critical]]> 2023-07-21T10:56:00+00:00 https://thehackernews.com/2023/07/citrix-netscaler-adc-and-gateway.html www.secnews.physaphae.fr/article.php?IdArticle=8359580 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser]]> 2023-07-20T22:26:00+00:00 https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html www.secnews.physaphae.fr/article.php?IdArticle=8359336 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers. "Attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account," Sonar vulnerability]]> 2023-07-20T21:26:00+00:00 https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html www.secnews.physaphae.fr/article.php?IdArticle=8359338 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild. The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions: ColdFusion 2023 (Update]]> 2023-07-20T09:01:00+00:00 https://thehackernews.com/2023/07/adobe-rolls-out-new-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8359083 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered a privilege escalation vulnerability in Google Cloud that could enable malicious actors tamper with application images and infect users, leading to supply chain attacks. The issue, dubbed Bad.Build, is rooted in the Google Cloud Build service, according to cloud security firm Orca, which discovered and reported the issue. "By abusing the flaw and enabling]]> 2023-07-19T15:04:00+00:00 https://thehackernews.com/2023/07/badbuild-flaw-in-google-cloud-build.html www.secnews.physaphae.fr/article.php?IdArticle=8358731 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Citrix is alerting users of a critical security flaw in NetScaler Application Delivery Controller (ADC) and Gateway that it said is being actively exploited in the wild. Tracked as CVE-2023-3519 (CVSS score: 9.8), the issue relates to a case of code injection that could result in unauthenticated remote code execution. It impacts the following versions - NetScaler ADC and NetScaler Gateway 13.1]]> 2023-07-19T08:51:00+00:00 https://thehackernews.com/2023/07/zero-day-attacks-exploited-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8358619 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Discover stories about threat actors\' latest tactics, techniques, and procedures from Cybersixgill\'s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT]]> 2023-07-18T16:24:00+00:00 https://thehackernews.com/2023/07/go-beyond-headlines-for-deeper-dives.html www.secnews.physaphae.fr/article.php?IdArticle=8358216 False Ransomware,Malware,Vulnerability,Threat ChatGPT,ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It primarily targets Windows systems and aims to gather sensitive information from]]> 2023-07-17T14:34:00+00:00 https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html www.secnews.physaphae.fr/article.php?IdArticle=8357669 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system (DCS) and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion DCS platform allow for "unauthorized remote code execution, which means an attacker would have]]> 2023-07-14T20:11:00+00:00 https://thehackernews.com/2023/07/critical-security-flaws-uncovered-in.html www.secnews.physaphae.fr/article.php?IdArticle=8356565 False Vulnerability,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the company said in an advisory. It also said that the issue has been addressed and that it\'s expected to]]> 2023-07-14T12:35:00+00:00 https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8356424 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method. "In this instance, the PoC is a wolf in sheep\'s clothing, harboring malicious intent under the guise of a harmless learning tool," Uptycs researchers Nischay Hegde and Siddartha Malladi said.]]> 2023-07-13T18:26:00+00:00 https://thehackernews.com/2023/07/blog-post.html www.secnews.physaphae.fr/article.php?IdArticle=8355966 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Progress Software has announced the discovery and patching of a critical SQL injection vulnerability in MOVEit Transfer, popular software used for secure file transfer. In addition, Progress Software has patched two other high-severity vulnerabilities. The identified SQL injection vulnerability, tagged as CVE-2023-36934, could potentially allow unauthenticated attackers to gain unauthorized]]> 2023-07-07T19:31:00+00:00 https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html www.secnews.physaphae.fr/article.php?IdArticle=8353388 False Vulnerability,Patching None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical vulnerability (CVE-2022-31199) in the widely used Netwrix Auditor server and its associated agents. This]]> 2023-07-07T10:42:00+00:00 https://thehackernews.com/2023/07/cybersecurity-agencies-sound-alarm-on.html www.secnews.physaphae.fr/article.php?IdArticle=8353305 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. "As StackRot is a Linux kernel vulnerability found in the memory]]> 2023-07-06T16:25:00+00:00 https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html www.secnews.physaphae.fr/article.php?IdArticle=8352872 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a popular plugin that facilitates the]]> 2023-07-01T12:55:00+00:00 https://thehackernews.com/2023/07/unpatched-wordpress-plugin-flaw-could.html www.secnews.physaphae.fr/article.php?IdArticle=8351264 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from the command-and-control (C2) server," Kaspersky said in a new report. Also called Silent Chollima and Stonefly,]]> 2023-06-29T16:19:00+00:00 https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html www.secnews.physaphae.fr/article.php?IdArticle=8350591 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the business environment becomes increasingly connected, organizations\' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan coverage, among others. Given attack surface sprawl and evolving threats, many organizations are]]> 2023-06-27T16:57:00+00:00 https://thehackernews.com/2023/06/beyond-asset-discovery-how-attack.html www.secnews.physaphae.fr/article.php?IdArticle=8349691 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has rolled out updates to address a critical security vulnerability impacting its FortiNAC network access control solution that could lead to the execution of arbitrary code. Tracked as CVE-2023-33299, the flaw is rated 9.6 out of 10 for severity on the CVSS scoring system. It has been described as a case of Java untrusted object deserialization. "A deserialization of untrusted data]]> 2023-06-27T11:05:00+00:00 https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8349609 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the WordPress "Abandoned Cart Lite for WooCommerce" plugin that\'s installed on more than 30,000 websites. "This vulnerability makes it possible for an attacker to gain access to the accounts of users who have abandoned their carts, who are typically customers but can extend to other high-level users when the right conditions are met," Defiant\'s]]> 2023-06-22T15:47:00+00:00 https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html www.secnews.physaphae.fr/article.php?IdArticle=8348007 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to rope the devices into a distributed denial-of-service (DDoS) botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work of a threat actor who goes by the online alias zxcr9999 on Telegram and runs a Telegram channel]]> 2023-06-21T11:06:00+00:00 https://thehackernews.com/2023/06/new-condi-malware-hijacking-tp-link-wi.html www.secnews.physaphae.fr/article.php?IdArticle=8347607 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild. The flaw, tracked as CVE-2023-20887, could allow a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution. It impacts VMware]]> 2023-06-21T10:30:00+00:00 https://thehackernews.com/2023/06/alert-hackers-exploiting-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8347608 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zyxel has rolled out security updates to address a critical security flaw in its network-attached storage (NAS) devices that could result in the execution of arbitrary commands on affected systems. Tracked as CVE-2023-27992 (CVSS score: 9.8), the issue has been described as a pre-authentication command injection vulnerability. "The pre-authentication command injection vulnerability in some Zyxel]]> 2023-06-20T17:42:00+00:00 https://thehackernews.com/2023/06/zyxel-releases-urgent-security-updates.html www.secnews.physaphae.fr/article.php?IdArticle=8347297 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity. One vulnerability is currently awaiting analysis. The list of impacted products are GT6, GT-AXE16000, GT-AX11000 PRO, GT-AXE11000, GT-AX6000, GT-AX11000,]]> 2023-06-20T14:09:00+00:00 https://thehackernews.com/2023/06/asus-releases-patches-to-fix-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8347244 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The]]> 2023-06-16T09:05:00+00:00 https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html www.secnews.physaphae.fr/article.php?IdArticle=8346028 False Ransomware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security flaw has been uncovered in the WooCommerce Stripe Gateway WordPress plugin that could lead to the unauthorized disclosure of sensitive information. The flaw, tracked as CVE-2023-34000, impacts versions 7.4.0 and below. It was addressed by the plugin maintainers in version 7.4.1, which shipped on May 30, 2023. WooCommerce Stripe Gateway allows e-commerce websites to directly accept]]> 2023-06-14T14:03:00+00:00 https://thehackernews.com/2023/06/critical-security-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8345206 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet on Monday disclosed that a newly patched critical flaw impacting FortiOS and FortiProxy may have been "exploited in a limited number of cases" in attacks targeting government, manufacturing, and critical infrastructure sectors. The vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), concerns a heap-based buffer overflow vulnerability in FortiOS and FortiProxy SSL-VPN that could]]> 2023-06-13T09:51:00+00:00 https://thehackernews.com/2023/06/critical-fortios-and-fortiproxy.html www.secnews.physaphae.fr/article.php?IdArticle=8344693 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability could gain]]> 2023-06-08T20:29:00+00:00 https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html www.secnews.physaphae.fr/article.php?IdArticle=8343331 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software\'s MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection]]> 2023-06-08T19:26:00+00:00 https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html www.secnews.physaphae.fr/article.php?IdArticle=8343332 False Ransomware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also patched by]]> 2023-06-08T10:48:00+00:00 https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html www.secnews.physaphae.fr/article.php?IdArticle=8343242 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google\'s Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023. "Type]]> 2023-06-06T15:51:00+00:00 https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8342518 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical flaw in Progress Software\'s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment. "An SQL injection]]> 2023-06-02T08:55:00+00:00 https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html www.secnews.physaphae.fr/article.php?IdArticle=8341379 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) IT hygiene is a security best practice that ensures that digital assets in an organization\'s environment are secure and running properly. Good IT hygiene includes vulnerability management, security configuration assessments, maintaining asset and system inventories, and comprehensive visibility into the activities occurring in an environment. As technology advances and the tools used by]]> 2023-06-01T17:24:00+00:00 https://thehackernews.com/2023/06/how-wazuh-improves-it-hygiene-for-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8341204 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that\'s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0, which was released in November 2012. “This vulnerability could be used by authors on a site to manipulate any files in the]]> 2023-06-01T09:31:00+00:00 https://thehackernews.com/2023/06/urgent-wordpress-update-fixes-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8341104 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed Migraine and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection (SIP), or “rootless,” which]]> 2023-05-31T17:27:00+00:00 https://thehackernews.com/2023/05/microsoft-details-critical-apple-macos.html www.secnews.physaphae.fr/article.php?IdArticle=8340867 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In this day and age, vulnerabilities in software and systems pose a considerable danger to businesses, which is why it is essential to have an efficient vulnerability management program in place. To stay one step ahead of possible breaches and reduce the damage they may cause, it is crucial to automate the process of finding and fixing vulnerabilities depending on the level of danger they pose.]]> 2023-05-30T17:25:00+00:00 https://thehackernews.com/2023/05/implementing-risk-based-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8340525 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could]]> 2023-05-27T13:15:00+00:00 https://thehackernews.com/2023/05/critical-oauth-vulnerability-in-expo.html www.secnews.physaphae.fr/article.php?IdArticle=8339834 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new security flaw has been disclosed in the Google Cloud Platform\'s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. "The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition]]> 2023-05-26T21:55:00+00:00 https://thehackernews.com/2023/05/severe-flaw-in-google-clouds-cloud-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8339647 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company\'s Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006. The California-headquartered firm]]> 2023-05-26T09:34:00+00:00 https://thehackernews.com/2023/05/barracuda-warns-of-zero-day-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8339537 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. "These vulnerabilities are due to improper validation of requests that are sent to the web interface," Cisco said, crediting an unnamed external researcher for]]> 2023-05-18T10:48:00+00:00 https://thehackernews.com/2023/05/critical-flaws-in-cisco-small-business.html www.secnews.physaphae.fr/article.php?IdArticle=8337530 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The second generation version of Belkin\'s Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and]]> 2023-05-17T15:47:00+00:00 https://thehackernews.com/2023/05/serious-unpatched-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8337334 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered an ongoing phishing campaign that makes use of a unique attack chain to deliver the XWorm malware on targeted systems. Securonix, which is tracking the activity cluster under the name MEME#4CHAN, said some of the attacks have primarily targeted manufacturing firms and healthcare clinics located in Germany. "The attack campaign has been leveraging rather]]> 2023-05-13T02:30:00+00:00 https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html www.secnews.physaphae.fr/article.php?IdArticle=8336193 False Malware,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) U.S. cybersecurity and intelligence agencies have warned of attacks carried out by a threat actor known as the Bl00dy Ransomware Gang that attempt to exploit vulnerable PaperCut servers against the education facilities sector in the country. The attacks took place in early May 2023, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) said in a]]> 2023-05-12T13:29:00+00:00 https://thehackernews.com/2023/05/bl00dy-ransomware-gang-strikes.html www.secnews.physaphae.fr/article.php?IdArticle=8335881 False Ransomware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security vulnerability has been disclosed in the popular WordPress plugin Essential Addons for Elementor that could be potentially exploited to achieve elevated privileges on affected sites. The issue, tracked as CVE-2023-32243, has been addressed by the plugin maintainers in version 5.7.2 that was shipped on May 11, 2023. Essential Addons for Elementor has over one million active]]> 2023-05-12T11:13:00+00:00 https://thehackernews.com/2023/05/severe-security-flaw-exposes-over.html www.secnews.physaphae.fr/article.php?IdArticle=8335845 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) According to Forrester, External Attack Surface Management (EASM) emerged as a market category in 2021 and gained popularity in 2022. In a different report, Gartner concluded that vulnerability management vendors are expanding their offerings to include Attack Surface Management (ASM) for a suite of comprehensive offensive security solutions. Recognition from global analysts has officially put]]> 2023-05-11T16:02:00+00:00 https://thehackernews.com/2023/05/how-attack-surface-management-supports.html www.secnews.physaphae.fr/article.php?IdArticle=8335600 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines. The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023. Akamai security]]> 2023-05-10T19:53:00+00:00 https://thehackernews.com/2023/05/experts-detail-new-zero-click-windows.html www.secnews.physaphae.fr/article.php?IdArticle=8335261 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state groups have now joined financially motivated actors in actively exploiting a critical flaw in PaperCut print management software, Microsoft said. The tech giant\'s threat intelligence team said it observed both Mango Sandstorm (Mercury) and Mint Sandstorm (Phosphorus) weaponizing CVE-2023-27350 in their operations to achieve initial access. "This activity shows Mint]]> 2023-05-09T14:23:00+00:00 https://thehackernews.com/2023/05/microsoft-warns-of-state-sponsored.html www.secnews.physaphae.fr/article.php?IdArticle=8334732 False Vulnerability,Threat APT 35 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro]]> 2023-05-06T11:11:00+00:00 https://thehackernews.com/2023/05/new-vulnerability-in-popular-wordpress.html www.secnews.physaphae.fr/article.php?IdArticle=8333932 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credited Catalpa of DBappSecurity for reporting the shortcoming. The product in question makes it possible]]> 2023-05-05T10:46:00+00:00 https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8333691 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections. Tracked as CVE-2023-27350 (CVSS score: 9.8), the issue affects PaperCut MF and NG installations that could be exploited by an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. While the flaw was patched by the]]> 2023-05-04T18:33:00+00:00 https://thehackernews.com/2023/05/researchers-uncover-new-exploit-for.html www.secnews.physaphae.fr/article.php?IdArticle=8333477 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs. The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. "The 5-year-old vulnerability (]]> 2023-05-03T13:00:00+00:00 https://thehackernews.com/2023/05/hackers-exploiting-5-year-old-unpatched.html www.secnews.physaphae.fr/article.php?IdArticle=8333043 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access]]> 2023-04-26T14:59:00+00:00 https://thehackernews.com/2023/04/apache-superset-vulnerability-insecure.html www.secnews.physaphae.fr/article.php?IdArticle=8331201 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the]]> 2023-04-26T12:35:00+00:00 https://thehackernews.com/2023/04/vmware-releases-critical-patches-for.html www.secnews.physaphae.fr/article.php?IdArticle=8331175 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it]]> 2023-04-25T18:56:00+00:00 https://thehackernews.com/2023/04/new-slp-vulnerability-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8330957 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of]]> 2023-04-25T17:23:00+00:00 https://thehackernews.com/2023/04/modernizing-vulnerability-management.html www.secnews.physaphae.fr/article.php?IdArticle=8330907 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01]]> 2023-04-24T11:35:00+00:00 https://thehackernews.com/2023/04/russian-hackers-suspected-in-ongoing.html www.secnews.physaphae.fr/article.php?IdArticle=8330503 False Vulnerability,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 (CVSS score: 7.2), concerns a case of pre-authenticated command injection that could be abused to achieve code execution. The]]> 2023-04-20T16:52:00+00:00 https://thehackernews.com/2023/04/fortra-sheds-light-on-goanywhere-mft.html www.secnews.physaphae.fr/article.php?IdArticle=8329643 False Ransomware,Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google\'s Threat Analysis Group (TAG) has been]]> 2023-04-15T09:28:00+00:00 https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html www.secnews.physaphae.fr/article.php?IdArticle=8328023 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 (CVSS score: 7.8) - Android Framework Privilege Escalation Vulnerability CVE-2023-29492 (CVSS score: TBD) - Novi Survey Insecure Deserialization Vulnerability]]> 2023-04-14T12:45:00+00:00 https://thehackernews.com/2023/04/severe-android-and-novi-survey.html www.secnews.physaphae.fr/article.php?IdArticle=8327705 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. "While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they\'re known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from]]> 2023-04-14T01:30:00+00:00 https://thehackernews.com/2023/04/google-launches-new-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8327559 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access. "One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security]]> 2023-04-01T14:03:00+00:00 https://thehackernews.com/2023/04/microsoft-fixes-new-azure-ad.html www.secnews.physaphae.fr/article.php?IdArticle=8323965 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the]]> 2023-04-01T10:06:00+00:00 https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html www.secnews.physaphae.fr/article.php?IdArticle=8323938 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe," Proofpoint]]> 2023-03-31T19:37:00+00:00 https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html www.secnews.physaphae.fr/article.php?IdArticle=8323786 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution. Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed "Super FabriXss" by Orca Security, a nod to the FabriXss flaw (CVE-2022-35829, CVSS score: 6.2) that was fixed by Microsoft in October 2022. "The Super FabriXss vulnerability]]> 2023-03-30T22:32:00+00:00 https://thehackernews.com/2023/03/researchers-detail-severe-super.html www.secnews.physaphae.fr/article.php?IdArticle=8323528 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan,]]> 2023-03-30T17:51:00+00:00 https://thehackernews.com/2023/03/new-wi-fi-protocol-security-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8323450 False Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 3CX said it\'s working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that\'s using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The trojanized 3CX desktop app is the first stage in a multi-stage attack chain that pulls]]> 2023-03-30T12:01:00+00:00 https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html www.secnews.physaphae.fr/article.php?IdArticle=8323365 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released an out-of-band update to address a privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. The issue, dubbed aCropalypse, could enable malicious actors to recover edited portions of screenshots, potentially revealing sensitive information that may have been cropped out. Tracked as CVE-2023-28303, the vulnerability is rated 3.3 on the CVSS]]> 2023-03-27T15:18:00+00:00 https://thehackernews.com/2023/03/microsoft-issues-patch-for-acropalypse.html www.secnews.physaphae.fr/article.php?IdArticle=8322043 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. "External]]> 2023-03-25T11:43:00+00:00 https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html www.secnews.physaphae.fr/article.php?IdArticle=8321599 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites. The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023. It impacts versions 4.8.0 through 5.6.1. Put differently, the issue could permit]]> 2023-03-24T13:21:00+00:00 https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html www.secnews.physaphae.fr/article.php?IdArticle=8321174 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-16T12:04:00+00:00 https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html www.secnews.physaphae.fr/article.php?IdArticle=8319030 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) 2023-03-16T10:17:00+00:00 https://thehackernews.com/2023/03/cisa-issues-urgent-warning-adobe.html www.secnews.physaphae.fr/article.php?IdArticle=8319001 False Vulnerability,Threat None 2.0000000000000000