This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-08T20:11:20+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch Vulnerabilities added to the CISA known exploited vulnerability (KEV) list do indeed get patched faster, but not fast enough.]]> 2024-05-07T20:50:29+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-kev-catalog-speed-up-remediation www.secnews.physaphae.fr/article.php?IdArticle=8495461 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi\'s File Manager, has at least 1 billion installations.]]> 2024-05-02T21:59:01+00:00 https://www.darkreading.com/cloud-security/billions-android-devices-open-dirty-stream-attack www.secnews.physaphae.fr/article.php?IdArticle=8492625 False Vulnerability,Mobile None 2.0000000000000000 Dark Reading - Informationweek Branch MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.]]> 2024-05-01T04:01:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/verizon-dbir-basic-security-gaffes-underpin-bumper-crop-of-breaches www.secnews.physaphae.fr/article.php?IdArticle=8491604 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The CVE-2024-27322 security vulnerability in R\'s deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.]]> 2024-04-29T20:51:03+00:00 https://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-risk www.secnews.physaphae.fr/article.php?IdArticle=8491279 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.]]> 2024-04-26T20:55:10+00:00 https://www.darkreading.com/cyber-risk/more-than-3-000-qlik-sense-servers-vuln-to-cactus-ransomware-attacks www.secnews.physaphae.fr/article.php?IdArticle=8489268 False Ransomware,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The semiconductor manufacturing giant\'s security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.]]> 2024-04-26T20:16:23+00:00 https://www.darkreading.com/endpoint-security/intel-harnesses-hackathons-to-tackle-hardware-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8489269 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Though PAN originally described the attacks exploiting the vulnerability as being limited, they are increasingly growing in volume, with more exploits disclosed by outside parties.]]> 2024-04-26T19:51:58+00:00 https://www.darkreading.com/vulnerabilities-threats/palo-alto-updates-remediation-for-max-critical-firewall-bug www.secnews.physaphae.fr/article.php?IdArticle=8489271 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The targeted operation utilized CVE-2017-8570 as the initial vector and employed a notable custom loader for Cobalt Strike, yet attribution to any known threat actor remains elusive.]]> 2024-04-26T13:45:02+00:00 https://www.darkreading.com/cyberattacks-data-breaches/military-tank-manual-zero-day-ukraine-cyberattack www.secnews.physaphae.fr/article.php?IdArticle=8489087 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.]]> 2024-04-24T13:24:44+00:00 https://www.darkreading.com/cloud-security/patch-crushftp-zero-day-cloud-exploit-targets-us-orgs www.secnews.physaphae.fr/article.php?IdArticle=8488006 False Vulnerability,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.]]> 2024-04-23T20:40:36+00:00 https://www.darkreading.com/ics-ot-security/siemens-working-on-fix-for-device-affected-by-palo-alto-firewall-bug www.secnews.physaphae.fr/article.php?IdArticle=8487612 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.]]> 2024-04-23T12:00:00+00:00 https://www.darkreading.com/endpoint-security/edge-vpns-firewalls-nonexistent-telemetry-apts www.secnews.physaphae.fr/article.php?IdArticle=8487357 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch An open direct vulnerability in the Nespresso Web domain lets attackers bypass detection as they attempt to steal victims\' Microsoft credentials.]]> 2024-04-22T19:35:01+00:00 https://www.darkreading.com/cyberattacks-data-breaches/nespresso-domain-phish-cream-sugar www.secnews.physaphae.fr/article.php?IdArticle=8486986 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Existing AI technology can allow hackers to automate exploits for public vulnerabilities in minutes flat. Very soon, diligent patching will no longer be optional.]]> 2024-04-18T20:23:46+00:00 https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories www.secnews.physaphae.fr/article.php?IdArticle=8484931 False Vulnerability,Threat,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Users will need to download the latest version of Ivanti\'s Avalanche to apply fixes for all of the bugs.]]> 2024-04-17T18:07:07+00:00 https://www.darkreading.com/vulnerabilities-threats/ivanti-releases-fixes-for-more-than-2-dozen-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8484299 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions.]]> 2024-04-15T19:28:57+00:00 https://www.darkreading.com/cyberattacks-data-breaches/palo-alto-network-issues-hot-fixes-for-zero-day-bug-in-its-firewall-os www.secnews.physaphae.fr/article.php?IdArticle=8482930 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.]]> 2024-04-09T20:44:38+00:00 https://www.darkreading.com/vulnerabilities-threats/researchers-discover-thousands-of-lg-smart-tvs-at-risk-of-attacks www.secnews.physaphae.fr/article.php?IdArticle=8478910 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.]]> 2024-04-09T18:31:16+00:00 https://www.darkreading.com/ics-ot-security/ev-charging-stations-still-riddled-with-cybersecurity-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8478857 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.]]> 2024-04-04T15:15:37+00:00 https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection www.secnews.physaphae.fr/article.php?IdArticle=8475975 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch As part of its Secure by Design initiative, the Cybersecurity and Infrastructure Security Agency urged companies to redouble efforts to quash SQL injection vulnerabilities. Here\'s how.]]> 2024-04-03T19:58:52+00:00 https://www.darkreading.com/application-security/tools-and-techniques-to-tame-sql-injection www.secnews.physaphae.fr/article.php?IdArticle=8475869 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The National Vulnerability Database can\'t keep up, and the agency is calling for a public-private partnership to manage it going forward.]]> 2024-04-02T20:54:44+00:00 https://www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backlog www.secnews.physaphae.fr/article.php?IdArticle=8474822 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Australia gets its cyber-groove back, and 2023\'s zero-day field day.]]> 2024-03-29T20:51:51+00:00 https://www.darkreading.com/cloud-security/ciso-corner-cyber-pro-swindle-risk-valuation www.secnews.physaphae.fr/article.php?IdArticle=8472757 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.]]> 2024-03-28T21:15:17+00:00 https://www.darkreading.com/application-security/cisco-ios-bugs-unauthenticated-remote-dos-attacks www.secnews.physaphae.fr/article.php?IdArticle=8472251 False Vulnerability,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch You don\'t have to stop using SSH keys to stay safe. This Tech Tip explains how to protect your system against CVE-2023-48795.]]> 2024-03-27T22:25:13+00:00 https://www.darkreading.com/vulnerabilities-threats/10-steps-to-detect-prevent-and-remediate-the-terrapin-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8471993 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys - even quantum-resistant ones.]]> 2024-03-27T20:06:33+00:00 https://www.darkreading.com/application-security/patchless-apple-m-chip-vulnerability-cryptography-bypass www.secnews.physaphae.fr/article.php?IdArticle=8471601 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Advanced adversaries are increasingly focused on enterprise technologies and their vendors, while end-user platforms are having success stifling zero-day exploits with cybersecurity investments, according to Google.]]> 2024-03-27T15:27:37+00:00 https://www.darkreading.com/threat-intelligence/zero-day-bonanza-exploits-enterprises www.secnews.physaphae.fr/article.php?IdArticle=8471451 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A proof-of-concept exploit released last week has spurred attacks on the vulnerability, which the CISA has flagged as an urgent patch priority.]]> 2024-03-26T15:13:15+00:00 https://www.darkreading.com/cloud-security/patch-critical-fortinet-rce-bug-active-attack www.secnews.physaphae.fr/article.php?IdArticle=8470826 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Zero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.]]> 2024-03-21T22:32:49+00:00 https://www.darkreading.com/threat-intelligence/team-s-tesla-hack-wins-them-200k-and-a-new-car www.secnews.physaphae.fr/article.php?IdArticle=8468149 False Hack,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The White House urged operators of water and wastewater systems to review and beef up their security controls against attacks by Iran- and China-based groups.]]> 2024-03-20T21:45:25+00:00 https://www.darkreading.com/ics-ot-security/new-us-warning-highlights-vulnerability-of-us-water-systems-to-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8467542 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Like Spectre, the new GhostRace exploit could give attackers a way to access sensitive information from system memory and take other malicious actions.]]> 2024-03-15T21:09:49+00:00 https://www.darkreading.com/cyber-risk/ghostrace-speculative-execution-attack-cpu-os-vendors www.secnews.physaphae.fr/article.php?IdArticle=8464559 False Vulnerability,Threat None 4.0000000000000000 Dark Reading - Informationweek Branch Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that spreads the multifaceted malware.]]> 2024-03-14T14:23:05+00:00 https://www.darkreading.com/endpoint-security/windows-smartscreen-bypass-flaw-exploited-to-drop-darkgate-rat www.secnews.physaphae.fr/article.php?IdArticle=8463835 False Malware,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-03-13T23:16:34+00:00 https://www.darkreading.com/ics-ot-security/claroty-team-82-63-of-known-exploited-vulnerabilities-tracked-by-cisa-are-on-healthcare-organization-networks www.secnews.physaphae.fr/article.php?IdArticle=8463462 False Vulnerability,Medical None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers can remotely execute code with system privileges by exploiting a vulnerability in the source code of the open source container management system.]]> 2024-03-13T17:13:35+00:00 https://www.darkreading.com/cloud-security/patch-now-kubernetes-flaw-allows-for-full-takeover-of-windows-nodes www.secnews.physaphae.fr/article.php?IdArticle=8463320 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerabilities found in ChatGPT plugins - since remediated - heighten the risk of proprietary information being stolen and the threat of account takeover attacks.]]> 2024-03-13T12:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/critical-chatgpt-plugin-vulnerabilities-expose-sensitive-data www.secnews.physaphae.fr/article.php?IdArticle=8463142 False Vulnerability,Threat ChatGPT 2.0000000000000000 Dark Reading - Informationweek Branch A prolific but previously hidden threat actor turns public vulnerabilities into working exploits before companies have time to patch.]]> 2024-03-12T20:00:35+00:00 https://www.darkreading.com/threat-intelligence/magnet-goblin-exploits-ivanti-1-day-bug-mere-hours www.secnews.physaphae.fr/article.php?IdArticle=8462802 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch A decade after Stuxnet, vulnerabilities in OT systems and programmable logic controllers remain exposed.]]> 2024-03-08T15:00:00+00:00 https://www.darkreading.com/ics-ot-security/ongoing-struggle-to-protect-plcs www.secnews.physaphae.fr/article.php?IdArticle=8460849 False Vulnerability,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Just one day after disclosure, adversaries began targeting the vulnerabilities to take complete control of affected instances of the popular developer platform.]]> 2024-03-07T22:51:32+00:00 https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive www.secnews.physaphae.fr/article.php?IdArticle=8460536 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A pair of critical bugs could open the door to complete system compromise, including access to location information, iPhone camera and mic, and messages. Rootkitted attackers could theoretically perform lateral movement to corporate networks, too.]]> 2024-03-06T19:15:07+00:00 https://www.darkreading.com/ics-ot-security/patch-now-apple-zero-day-exploits-bypass-kernel-security www.secnews.physaphae.fr/article.php?IdArticle=8459979 False Vulnerability,Threat,Mobile None 3.0000000000000000 Dark Reading - Informationweek Branch Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.]]> 2024-03-04T23:05:43+00:00 https://www.darkreading.com/application-security/critical-teamcity-bugs-endanger-software-supply-chain www.secnews.physaphae.fr/article.php?IdArticle=8459026 False Tool,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Applications are increasingly distributed, expanding companies\' cloud attack surfaces, and requiring regular testing to find and fix vulnerabilities - else companies risk a growing sprawl of services.]]> 2024-02-29T20:48:36+00:00 https://www.darkreading.com/application-security/pentesting-as-a-service-cloud-applications www.secnews.physaphae.fr/article.php?IdArticle=8457256 False Vulnerability,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries.]]> 2024-02-29T15:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/mttr-most-important-security-metric www.secnews.physaphae.fr/article.php?IdArticle=8457001 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Developer-driven security programs place the development team at the center of reducing vulnerabilities.]]> 2024-02-27T18:00:00+00:00 https://www.darkreading.com/cybersecurity-operations/4-ways-organizations-drive-demand-for-software-security-training www.secnews.physaphae.fr/article.php?IdArticle=8455990 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The Office of the National Cyber Director technical report focuses on reducing memory-safety vulnerabilities in applications and making it harder for malicious actors to exploit them.]]> 2024-02-27T00:12:58+00:00 https://www.darkreading.com/application-security/white-house-switch-memory-safe-languages www.secnews.physaphae.fr/article.php?IdArticle=8455963 False Vulnerability,Threat,Technical None 2.0000000000000000 Dark Reading - Informationweek Branch Vulnerability CVE-2024-23204, affecting Apple\'s popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.]]> 2024-02-22T20:39:07+00:00 https://www.darkreading.com/application-security/zero-click-apple-shortcuts-vulnerability-allows-silent-data-theft www.secnews.physaphae.fr/article.php?IdArticle=8453834 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Admins are urged to remove vSphere\'s vulnerable Enhanced Authentication Plug-in, which was discontinued nearly three years ago but is still widely in use.]]> 2024-02-21T15:22:14+00:00 https://www.darkreading.com/application-security/critical-vulnerability-vmware-vsphere-plugin-session-hijacking www.secnews.physaphae.fr/article.php?IdArticle=8453255 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet.]]> 2024-02-20T18:16:24+00:00 https://www.darkreading.com/cloud-security/keytrap-dns-bug-threatens-widespread-internet-outages www.secnews.physaphae.fr/article.php?IdArticle=8452837 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Enterprises typically use the Java-like programming language to customize their Salesforce instances, but attackers are hunting for vulnerabilities in the apps.]]> 2024-02-20T14:00:00+00:00 https://www.darkreading.com/cloud-security/misconfigurated-custom-salesforce-apps-expose-corporate-data www.secnews.physaphae.fr/article.php?IdArticle=8452725 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Using information from a common technique for finding vulnerabilities, Google\'s Gemini can currently produce patches for 15% of such bugs. And it\'s not the only way to help automate bug fixing.]]> 2024-02-15T22:57:53+00:00 https://www.darkreading.com/application-security/ai-patch-ease-developer-operations-workload www.secnews.physaphae.fr/article.php?IdArticle=8453049 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2024-02-15T21:33:39+00:00 https://www.darkreading.com/cloud-security/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher www.secnews.physaphae.fr/article.php?IdArticle=8450579 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Microsoft has observed signs of active exploits targeting CVE-2024-2140.]]> 2024-02-15T21:30:32+00:00 https://www.darkreading.com/cyberattacks-data-breaches/microsoft-exchange-server-flaw-exploited-zero-day-bug www.secnews.physaphae.fr/article.php?IdArticle=8450580 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.]]> 2024-02-13T22:26:26+00:00 https://www.darkreading.com/vulnerabilities-threats/attackers-exploit-microsoft-security-bypass-zero-day-bugs www.secnews.physaphae.fr/article.php?IdArticle=8449759 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A SAML vulnerability in Ivanti appliances has led to persistent remote access and full control for opportunistic cyberattackers.]]> 2024-02-13T20:44:32+00:00 https://www.darkreading.com/cloud-security/ivanti-flaw-exploited-inject-novel-backdoor www.secnews.physaphae.fr/article.php?IdArticle=8449718 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Brand-new vulnerabilities from both vendors this week - one exploited in the wild - add to a steady stream of critical security issues in the security platforms.]]> 2024-02-12T14:00:00+00:00 https://www.darkreading.com/cloud-security/fortinet-ivanti-keep-customers-busy-with-yet-more-critical-bugs www.secnews.physaphae.fr/article.php?IdArticle=8449260 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Cyberattacks on critical infrastructure targeting IoT and OS networks are increasing in sophistication, while ICS vulnerabilities surge, new data shows.]]> 2024-02-08T13:00:00+00:00 https://www.darkreading.com/iot/iot-networks-face-bug-barrage-advancing-adversaries www.secnews.physaphae.fr/article.php?IdArticle=8448001 False Vulnerability,Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch However, not everyone agrees with the NVD\'s assessment of CVE-2023-40547 being a near-maximum severity bug.]]> 2024-02-07T22:17:19+00:00 https://www.darkreading.com/vulnerabilities-threats/rce-vulnerability-in-shim-bootloader-impacts-all-linux-distros www.secnews.physaphae.fr/article.php?IdArticle=8447817 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Cyberattackers can exploit a vulnerability in JetBrain\'s continuous integration and delivery (CI/CD) server (a popular APT target) to gain administrative control.]]> 2024-02-07T18:17:02+00:00 https://www.darkreading.com/vulnerabilities-threats/patch-critical-teamcity-bug-server-takeover www.secnews.physaphae.fr/article.php?IdArticle=8447759 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A grouping of serious printer bugs, unveiled at last summer\'s Pwn2Own, were patchless for months, but are finally fixed now.]]> 2024-02-06T22:41:20+00:00 https://www.darkreading.com/endpoint-security/critical-bugs-canon-small-office-printers-code-execution-ddos www.secnews.physaphae.fr/article.php?IdArticle=8447443 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Full 10s on the CVSS vulnerability severity scale have been assigned to two flaws discovered in Fortinet\'s FortiSIEM cybersecurity operations platform.]]> 2024-02-06T20:02:40+00:00 https://www.darkreading.com/vulnerabilities-threats/fortinet-fortisiem-hit-with-twin-max-severity-bugs www.secnews.physaphae.fr/article.php?IdArticle=8447395 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Private spyware vendors were behind nearly half of all zero-day exploits in Google products since 2014.]]> 2024-02-06T10:00:00+00:00 https://www.darkreading.com/threat-intelligence/govts-are-driving-sharp-growth-in-commercial-spyware-industry-google-warns www.secnews.physaphae.fr/article.php?IdArticle=8447205 False Vulnerability,Threat,Commercial None 2.0000000000000000 Dark Reading - Informationweek Branch The fuzzing framework uses AI to boost code coverage and to speed up vulnerability discovery.]]> 2024-02-05T18:00:00+00:00 https://www.darkreading.com/application-security/google-open-sources-ai-boosted-fuzzing-framework www.secnews.physaphae.fr/article.php?IdArticle=8447278 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Everyone knows to patch vulnerabilities for Internet-facing assets, but what about internal ones? One botnet is counting on your complacency.]]> 2024-02-01T19:39:00+00:00 https://www.darkreading.com/threat-intelligence/fritzfrog-botnet-exploits-log4shell-overlooked-internal-hosts www.secnews.physaphae.fr/article.php?IdArticle=8445689 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The four security vulnerabilities are found in Docker and beyond, and one affecting runC affects essentially every cloud-native developer worldwide.]]> 2024-01-31T22:00:00+00:00 https://www.darkreading.com/cloud-security/leaky-vessel-cloud-bugs-container-escapes-globally www.secnews.physaphae.fr/article.php?IdArticle=8445347 False Vulnerability,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear.]]> 2024-01-30T23:22:00+00:00 https://www.darkreading.com/endpoint-security/ivanti-zero-day-patches-delayed-krustyloader-attacks-mount www.secnews.physaphae.fr/article.php?IdArticle=8444979 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability, tracked as CVE-2024-20253, makes enterprise communications infrastructure and customer service call centers sitting ducks for unauthenticated cyberattackers.]]> 2024-01-25T17:46:00+00:00 https://www.darkreading.com/remote-workforce/critical-cisco-unified-communications-rce-bug-root-access www.secnews.physaphae.fr/article.php?IdArticle=8443068 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The new bug is Apple\'s 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.]]> 2024-01-23T23:30:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/days-after-google-apple-discloses-actively-exploited-0-day-in-its-browser-engine www.secnews.physaphae.fr/article.php?IdArticle=8442318 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Even the most careful VMware customers may need to go back and double check that they weren\'t compromised by a zero-day exploit for CVE-2023-34048.]]> 2024-01-22T22:08:00+00:00 https://www.darkreading.com/endpoint-security/chinese-spies-exploited-critical-vmware-bug-2-years www.secnews.physaphae.fr/article.php?IdArticle=8441859 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Though reports say this latest Ivanti bug is being exploited, it\'s unclear exactly how threat actors are using it.]]> 2024-01-19T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/third-ivanti-vulnerability-exploited-in-the-wild-cisa-reports www.secnews.physaphae.fr/article.php?IdArticle=8440748 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."]]> 2024-01-18T22:30:00+00:00 https://www.darkreading.com/vulnerabilities-threats/citrix-discovers-two-vulnerabilities-both-exploited-in-the-wild www.secnews.physaphae.fr/article.php?IdArticle=8440444 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.]]> 2024-01-17T21:15:00+00:00 https://www.darkreading.com/cloud-security/google-chrome-zero-day-bug-attack-code-injection www.secnews.physaphae.fr/article.php?IdArticle=8440044 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Anyone who hasn\'t mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.]]> 2024-01-16T21:25:00+00:00 https://www.darkreading.com/cloud-security/ivanti-zero-day-exploits-skyrocket-no-patches www.secnews.physaphae.fr/article.php?IdArticle=8439675 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability in a popular hospitality industry gadget allows attackers to take over the device, pivot into the user\'s network, or brick the device entirely, rendering HVAC unusable.]]> 2024-01-16T19:55:00+00:00 https://www.darkreading.com/ics-ot-security/bosch-smart-thermostat-firmware-bug www.secnews.physaphae.fr/article.php?IdArticle=8439650 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch It\'s a tale as old as time: an old, long-since patched vulnerability that remains actively exploited.]]> 2024-01-12T22:32:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cisa-adds-critical-microsoft-sharepoint-bug-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8438418 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.]]> 2024-01-12T22:30:00+00:00 https://www.darkreading.com/vulnerabilities-threats/gitlab-releases-updates-to-address-critical-vulnerabilities- www.secnews.physaphae.fr/article.php?IdArticle=8438419 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Patches will be available in late January and February, but until then, customers must take mitigation measures.]]> 2024-01-11T21:43:00+00:00 https://www.darkreading.com/vulnerabilities-threats/ivanti-researchers-report-of-two-critical-zero-day-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8438016 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch A second, easy-to-exploit critical security vulnerability in Microsoft\'s first 2024 Patch Tuesday allows RCE within Hyper-Virtualization.]]> 2024-01-09T23:00:00+00:00 https://www.darkreading.com/ics-ot-security/critical-windows-kerberos-bug-microsoft-security-bypass www.secnews.physaphae.fr/article.php?IdArticle=8437327 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Attackers can exploit the issue to access all data in Cacti database; and, it enables RCE when chained with a previous vulnerability.]]> 2024-01-08T23:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cacti-monitoring-tool-critical-sql-injection-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8436853 False Tool,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch 2024-01-04T22:24:00+00:00 https://www.darkreading.com/ics-ot-security/industrial-defender-risk-signal-an-intelligent-risk-based-vulnerability-management-solution-for-ot-security www.secnews.physaphae.fr/article.php?IdArticle=8434717 True Vulnerability,Industrial None 3.0000000000000000 Dark Reading - Informationweek Branch Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch.]]> 2024-01-03T21:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/apache-erp-0day-underscores-dangers-of-incomplete-patches www.secnews.physaphae.fr/article.php?IdArticle=8434658 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch CVE-2023-7024, exploited in the wild prior to patching, is a Chrome vulnerability that allows remote code execution within the browser\'s WebRTC component.]]> 2023-12-22T18:00:00+00:00 https://www.darkreading.com/cloud-security/google-eighth-zero-day-patch-2023-chrome www.secnews.physaphae.fr/article.php?IdArticle=8427494 False Vulnerability,Threat,Patching None 3.0000000000000000 Dark Reading - Informationweek Branch Files purporting to be an F5 vulnerability patch are deleting server contents.]]> 2023-12-20T15:00:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/targeted-f5-vulnerability-update-delivers-wiper-israeli-victims www.secnews.physaphae.fr/article.php?IdArticle=8426183 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The update to the company\'s Vulnerability Rating Taxonomy offers vulnerability researchers a framework for assessing and prioritizing vulnerabilities in large language models.]]> 2023-12-20T02:00:00+00:00 https://www.darkreading.com/application-security/bugcrowd-announces-vulnerability-ratings-for-llms www.secnews.physaphae.fr/article.php?IdArticle=8426117 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers can chain the vulnerabilities to gain full remote code execution.]]> 2023-12-19T20:55:00+00:00 https://www.darkreading.com/vulnerabilities-threats/researchers-release-details-on-two-patched-outlook-zero-click-flaws www.secnews.physaphae.fr/article.php?IdArticle=8425663 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Zoom\'s Vulnerability Impact Scoring System calculates the impact of a vulnerability to assign a cash payout for bugs, leading hackers to prioritize more severe flaws. Can it do the same for companies?]]> 2023-12-18T19:00:00+00:00 https://www.darkreading.com/application-security/putting-dollar-value-vulnerabilities-prioritize www.secnews.physaphae.fr/article.php?IdArticle=8424994 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Bug hunter programs can help organizations foster third-party discovery and reporting of issues and vulnerabilities specific to AI systems.]]> 2023-12-15T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/establishing-reward-criteria-for-reporting-bugs-in-ai-products www.secnews.physaphae.fr/article.php?IdArticle=8423441 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch New vulnerability impact scoring system aims to help cyber defenders find threats and patch against bugs most likely to disrupt their environments.]]> 2023-12-14T14:00:00+00:00 https://www.darkreading.com/cybersecurity-analytics/zoom-bug-scoring-system-prioritizes-riskiest-vulns www.secnews.physaphae.fr/article.php?IdArticle=8422639 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The company\'s final patch release for 2023 contained fixes for a total of just 36 vulnerabilities - none of which, for a change, were zero-days.]]> 2023-12-12T23:14:00+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-gives-admins-a-reprieve-with-lighter-than-usual-patch-update www.secnews.physaphae.fr/article.php?IdArticle=8421763 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Partnership expands comprehensive approach to software supply chain security.]]> 2023-12-11T22:00:00+00:00 https://www.darkreading.com/application-security/fortress-information-security-codesecure-team-up-to-analyze-sboms-remediate-critical-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8421238 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The infamous vulnerability may be on the older side at this point, but North Korea\'s primo APT Lazarus is creating new, unique malware around it at a remarkable clip.]]> 2023-12-11T16:15:00+00:00 https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d www.secnews.physaphae.fr/article.php?IdArticle=8421118 False Malware,Vulnerability APT 38 2.0000000000000000 Dark Reading - Informationweek Branch State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft\'s Outlook email client that was patched in March, in a widespread global campaign.]]> 2023-12-08T15:00:00+00:00 https://www.darkreading.com/ics-ot-security/russian-espionage-group-hammers-zero-click-microsoft-outlook-bug www.secnews.physaphae.fr/article.php?IdArticle=8420259 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.]]> 2023-12-06T22:56:00+00:00 https://www.darkreading.com/application-security/patch-now-critical-atlassian-bugs-endanger-enterprise-apps www.secnews.physaphae.fr/article.php?IdArticle=8419700 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.]]> 2023-11-29T20:15:00+00:00 https://www.darkreading.com/vulnerabilities-threats/google-patches-another-chrome-zero-day-as-browser-attacks-mount www.secnews.physaphae.fr/article.php?IdArticle=8417898 False Vulnerability,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.]]> 2023-11-29T19:31:00+00:00 https://www.darkreading.com/cloud-security/patch-now-attackers-pummel-critical-easy-to-exploit-owncloud-flaw www.secnews.physaphae.fr/article.php?IdArticle=8417883 False Vulnerability,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.]]> 2023-11-28T21:55:00+00:00 https://www.darkreading.com/vulnerabilities-threats/researchers-discover-trio-of-critical-vulns-in-ray-open-source-framework-for-scaling-ai-ml-workloads www.secnews.physaphae.fr/article.php?IdArticle=8417636 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Google says the issue has to do with organizations ensuring they implement least-privilege principles.]]> 2023-11-28T15:05:00+00:00 https://www.darkreading.com/cloud-security/vendor-claims-design-flaw-in-google-workspace-is-putting-organizations-at-risk www.secnews.physaphae.fr/article.php?IdArticle=8417532 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.]]> 2023-11-21T21:35:00+00:00 https://www.darkreading.com/attacks-breaches/autozone-moveit-data-breach-state-of-maine www.secnews.physaphae.fr/article.php?IdArticle=8415586 False Data Breach,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-for-critical-windows-defender-bypass-goes-public www.secnews.physaphae.fr/article.php?IdArticle=8417434 False Vulnerability,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-critical-windows-defender-bypass-public www.secnews.physaphae.fr/article.php?IdArticle=8415587 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, so companies need other sources of threat intelligence.]]> 2023-11-20T19:16:03+00:00 https://www.darkreading.com/edge/exploited-vulnerabilities-take-months-to-make-kev-list www.secnews.physaphae.fr/article.php?IdArticle=8415098 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.]]> 2023-11-16T21:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cachewarp-amd-vm-bug-opens-door-to-privilege-escalation www.secnews.physaphae.fr/article.php?IdArticle=8413060 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security holes can allow server takeover, information theft, model poisoning, and more.]]> 2023-11-16T17:47:00+00:00 https://www.darkreading.com/vulnerabilities-threats/unpatched-critical-vulnerabilities-ai-models-takeover www.secnews.physaphae.fr/article.php?IdArticle=8412993 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks.]]> 2023-11-16T17:40:00+00:00 https://www.darkreading.com/application-security/randstorm-bug-crypto-wallets-theft www.secnews.physaphae.fr/article.php?IdArticle=8412994 False Vulnerability None 3.0000000000000000