This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-30T23:02:00+00:00 www.secnews.physaphae.fr Dark Reading - Informationweek Branch State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft\'s Outlook email client that was patched in March, in a widespread global campaign.]]> 2023-12-08T15:00:00+00:00 https://www.darkreading.com/ics-ot-security/russian-espionage-group-hammers-zero-click-microsoft-outlook-bug www.secnews.physaphae.fr/article.php?IdArticle=8420259 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Four RCE vulnerabilities in Confluence, Jira, and other platforms, allow instance takeover and environment infestation.]]> 2023-12-06T22:56:00+00:00 https://www.darkreading.com/application-security/patch-now-critical-atlassian-bugs-endanger-enterprise-apps www.secnews.physaphae.fr/article.php?IdArticle=8419700 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.]]> 2023-11-29T20:15:00+00:00 https://www.darkreading.com/vulnerabilities-threats/google-patches-another-chrome-zero-day-as-browser-attacks-mount www.secnews.physaphae.fr/article.php?IdArticle=8417898 False Vulnerability,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.]]> 2023-11-29T19:31:00+00:00 https://www.darkreading.com/cloud-security/patch-now-attackers-pummel-critical-easy-to-exploit-owncloud-flaw www.secnews.physaphae.fr/article.php?IdArticle=8417883 False Vulnerability,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.]]> 2023-11-28T21:55:00+00:00 https://www.darkreading.com/vulnerabilities-threats/researchers-discover-trio-of-critical-vulns-in-ray-open-source-framework-for-scaling-ai-ml-workloads www.secnews.physaphae.fr/article.php?IdArticle=8417636 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Google says the issue has to do with organizations ensuring they implement least-privilege principles.]]> 2023-11-28T15:05:00+00:00 https://www.darkreading.com/cloud-security/vendor-claims-design-flaw-in-google-workspace-is-putting-organizations-at-risk www.secnews.physaphae.fr/article.php?IdArticle=8417532 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.]]> 2023-11-21T21:35:00+00:00 https://www.darkreading.com/attacks-breaches/autozone-moveit-data-breach-state-of-maine www.secnews.physaphae.fr/article.php?IdArticle=8415586 False Data Breach,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-critical-windows-defender-bypass-public www.secnews.physaphae.fr/article.php?IdArticle=8415587 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors were actively exploiting CVE-2023-36025 in Windows SmartScreen as a zero-day vulnerability before Microsoft patched it in November.]]> 2023-11-21T21:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/exploit-for-critical-windows-defender-bypass-goes-public www.secnews.physaphae.fr/article.php?IdArticle=8417434 False Vulnerability,Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, so companies need other sources of threat intelligence.]]> 2023-11-20T19:16:03+00:00 https://www.darkreading.com/edge/exploited-vulnerabilities-take-months-to-make-kev-list www.secnews.physaphae.fr/article.php?IdArticle=8415098 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.]]> 2023-11-16T21:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/cachewarp-amd-vm-bug-opens-door-to-privilege-escalation www.secnews.physaphae.fr/article.php?IdArticle=8413060 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security holes can allow server takeover, information theft, model poisoning, and more.]]> 2023-11-16T17:47:00+00:00 https://www.darkreading.com/vulnerabilities-threats/unpatched-critical-vulnerabilities-ai-models-takeover www.secnews.physaphae.fr/article.php?IdArticle=8412993 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The security vulnerability in a component of a widely used JavaScript implementation of Bitcoin makes passwords guessable via brute-force attacks.]]> 2023-11-16T17:40:00+00:00 https://www.darkreading.com/application-security/randstorm-bug-crypto-wallets-theft www.secnews.physaphae.fr/article.php?IdArticle=8412994 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-11-14T22:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/software-vulnerabilities-are-on-the-decline-according-to-new-synopsys-research www.secnews.physaphae.fr/article.php?IdArticle=8412168 False Vulnerability,Studies None 3.0000000000000000 Dark Reading - Informationweek Branch In this Black Hat Europe preview, devices bridging critical machinery with the wider Internet are exposed and subject to numerous supply chain-induced bugs.]]> 2023-11-14T19:14:00+00:00 https://www.darkreading.com/vulnerabilities-threats/21-vulnerabilities-discovered-crucial-it-ot-connective-routers www.secnews.physaphae.fr/article.php?IdArticle=8412058 False Vulnerability,Industrial None 4.0000000000000000 Dark Reading - Informationweek Branch A class action suit claims Intel knowingly sold billions of faulty chips for years. The outcome could help define where poor vulnerability remediation becomes outright negligence.]]> 2023-11-10T22:12:00+00:00 https://www.darkreading.com/vulnerabilities-threats/intel-downfall-lawsuit-10k-plaintiff-ignoring-chip-bug www.secnews.physaphae.fr/article.php?IdArticle=8409345 False Vulnerability,Legislation None 2.0000000000000000 Dark Reading - Informationweek Branch Meanwhile, CISA joins the call to patch CVE-2023-4966 immediately amid reports of mass-exploit activity; at least 5,000 orgs remain exposed.]]> 2023-11-10T18:59:00+00:00 https://www.darkreading.com/vulnerabilities-threats/ransomware-hit-china-owned-bank-citrixbleed-flaw www.secnews.physaphae.fr/article.php?IdArticle=8409275 False Ransomware,Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A 30-year-old, rarely updated protocol for medical devices has exposed reams of highly personal data, thanks to a lack of proper security throughout owner environments.]]> 2023-11-10T18:05:00+00:00 https://www.darkreading.com/risk/leaky-dicom-medical-protocol-exposes-millions-patient-records www.secnews.physaphae.fr/article.php?IdArticle=8409249 False Vulnerability,Medical None 3.0000000000000000 Dark Reading - Informationweek Branch The latest vulnerability severity scoring system addresses gaps in the previous version; here\'s how to get the most out of it.]]> 2023-11-07T20:40:00+00:00 https://www.darkreading.com/operations/mileage-orgs-will-get-from-cvss-4-0-will-vary www.secnews.physaphae.fr/article.php?IdArticle=8407463 False Vulnerability,Patching None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-11-06T19:59:00+00:00 https://www.darkreading.com/cloud/aqua-security-introduces-industry-first-kubernetes-vulnerability-scanning-with-trivy-kbom www.secnews.physaphae.fr/article.php?IdArticle=8406780 False Vulnerability Uber 2.0000000000000000 Dark Reading - Informationweek Branch In-the-wild exploit activity from dozens of cyberattacker networks is ramping up for the security vulnerability in Confluence, tracked as CVE-2023-22518.]]> 2023-11-03T21:51:00+00:00 https://www.darkreading.com/attacks-breaches/critical-atlassian-bug-exploit-immediate-patching www.secnews.physaphae.fr/article.php?IdArticle=8405538 False Vulnerability,Threat,Patching None 2.0000000000000000 Dark Reading - Informationweek Branch Atlassian CISO warns Confluence Data Center and Server customers they\'re vulnerable to "significant data loss" if all on-premises versions aren\'t patched.]]> 2023-11-01T17:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/atlassian-customers-should-patch-latest-critical-vuln-immediately www.secnews.physaphae.fr/article.php?IdArticle=8404189 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Report highlights the challenges impeding the applications industry from achieving AppSec maturity.]]> 2023-10-31T17:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/survey-appsec-maturity-hindered-by-staffing-budgets-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8403625 False Vulnerability,Studies None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft\'s longstanding practice isn\'t enough to handle its vulnerability problem.]]> 2023-10-31T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/20-years-later-is-patch-tuesday-enough www.secnews.physaphae.fr/article.php?IdArticle=8403495 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The country has issued a recommendation to update after a high-risk vulnerability was disclosed last week in the browser.]]> 2023-10-30T18:40:00+00:00 https://www.darkreading.com/dr-global/uae-cyber-council-warns-google-chrome-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8402972 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The "iLeakage" attack affects all recent iPhone, iPad, and MacBook models, allowing attackers to peruse your Gmail inbox, steal your Instagram password, or scrutinize your YouTube history.]]> 2023-10-27T20:29:00+00:00 https://www.darkreading.com/vulnerabilities-threats/safari-side-channel-attack-enables-browser-theft www.secnews.physaphae.fr/article.php?IdArticle=8401605 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch SolarWinds\' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.]]> 2023-10-20T20:27:10+00:00 https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover www.secnews.physaphae.fr/article.php?IdArticle=8398389 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.]]> 2023-10-18T18:49:19+00:00 https://www.darkreading.com/vulnerabilities-threats/critical-citrix-bug-exploited-zero-day-patching-not-enough www.secnews.physaphae.fr/article.php?IdArticle=8397394 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch The European Union\'s Cyber Resilience Act\'s requirement to disclose vulnerabilities within 24 hours of exploitation could potentially expose organizations to attacks from adversaries or government surveillance.]]> 2023-10-13T19:00:00+00:00 https://www.darkreading.com/edge/security-pros-warn-that-eu-vulnerability-disclosure-rule-is-risky www.secnews.physaphae.fr/article.php?IdArticle=8395260 False Vulnerability,Legislation None 3.0000000000000000 Dark Reading - Informationweek Branch The goal of the program is to uncover critical or important vulnerabilities within the AI-powered Bing program.]]> 2023-10-13T17:20:00+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-debuts-ai-bug-bounty-program-offers-15k www.secnews.physaphae.fr/article.php?IdArticle=8395223 False Vulnerability,Patching None 3.0000000000000000 Dark Reading - Informationweek Branch This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environment.]]> 2023-10-12T22:00:00+00:00 https://www.darkreading.com/dr-tech/how-to-scan-environment-vulnerable-curl www.secnews.physaphae.fr/article.php?IdArticle=8394722 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The company released NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, on GitHub.]]> 2023-10-11T11:00:00+00:00 https://www.darkreading.com/dr-tech/protect-ai-releases-3-ai-ml-security-tools-as-open-source www.secnews.physaphae.fr/article.php?IdArticle=8394299 False Tool,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch October\'s CVE update is here. Here\'s which security vulnerabilities to patch now to exorcise your Microsoft systems demons.]]> 2023-10-10T21:59:59+00:00 https://www.darkreading.com/vulnerabilities-threats/microsoft-patch-tuesday-haunted-zero-days-wormable-bug www.secnews.physaphae.fr/article.php?IdArticle=8394088 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.]]> 2023-10-10T19:43:00+00:00 https://www.darkreading.com/vulnerabilities-threats/new-one-click-exploit-supply-chain-risk-linux-oses www.secnews.physaphae.fr/article.php?IdArticle=8394075 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerabilities exist in the widely used TorchServe framework, used by Amazon, Google, Walmart, and many other heavy hitters.]]> 2023-10-05T19:25:00+00:00 https://www.darkreading.com/application-security/critical-shelltorch-flaws-open-source-ai-google www.secnews.physaphae.fr/article.php?IdArticle=8391964 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Patch now: The Atlassian security vulnerability appears to be a remotely exploitable privilege-escalation bug that cyberattackers could use to crack collaboration environments wide open.]]> 2023-10-05T15:43:55+00:00 https://www.darkreading.com/application-security/critical-zero-day-atlassian-confluence-active-exploit www.secnews.physaphae.fr/article.php?IdArticle=8391893 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Red Teams can help organizations better understand vulnerabilities and secure critical AI deployments.]]> 2023-10-02T18:55:00+00:00 https://www.darkreading.com/risk/addressing-ai-and-security-challenges-with-red-teams-a-google-perspective www.secnews.physaphae.fr/article.php?IdArticle=8390608 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The federal department that oversees the US diplomatic corps abroad suffers a serious lack of visibility into the cyber threats it faces and the security vulnerabilities it\'s harboring.]]> 2023-09-29T17:03:04+00:00 https://www.darkreading.com/cloud/cybersecurity-gaps-plague-state-department-gao-report www.secnews.physaphae.fr/article.php?IdArticle=8389551 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch So far this year, Google has disclosed six vulnerabilities that attackers were actively exploiting before the company had a patch for them.]]> 2023-09-28T21:46:00+00:00 https://www.darkreading.com/vulnerabilities-threats/chrome-flags-third-zero-day-this-month-tied-to-spying-exploits www.secnews.physaphae.fr/article.php?IdArticle=8389228 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.]]> 2023-09-28T21:45:00+00:00 https://www.darkreading.com/vulnerabilities-threats/new-cisco-ios-zero-day-delivers-a-double-punch www.secnews.physaphae.fr/article.php?IdArticle=8389229 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch All of the security bugs are under active attacks, but the extent of their exploitation is unknown.]]> 2023-09-22T16:10:00+00:00 https://www.darkreading.com/application-security/apple-fixes-3-more-zero-day-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8386806 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.]]> 2023-09-20T20:09:00+00:00 https://www.darkreading.com/application-security/fake-winrar-poc-exploit-conceals-venomrat-malware www.secnews.physaphae.fr/article.php?IdArticle=8386016 False Malware,Vulnerability None 1.00000000000000000000 Dark Reading - Informationweek Branch The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.]]> 2023-09-19T20:20:00+00:00 https://www.darkreading.com/endpoint/trend-micro-patches-zero-day-endpoint-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8385493 False Vulnerability,Prediction None 2.0000000000000000 Dark Reading - Informationweek Branch The WebP vulnerability affects multiple browsers besides Firefox and Thunderbird, with active exploitation ongoing.]]> 2023-09-19T18:14:36+00:00 https://www.darkreading.com/dr-global/qatar-cyber-chiefs-warn-mozilla-rce-bugs www.secnews.physaphae.fr/article.php?IdArticle=8385450 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-09-18T22:04:00+00:00 https://www.darkreading.com/vulnerabilities-threats/omdia-research-finds-risk-based-vulnerability-management-set-to-encompass-the-vulnerability-management-market-by-2027 www.secnews.physaphae.fr/article.php?IdArticle=8385033 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.]]> 2023-09-15T21:30:00+00:00 https://www.darkreading.com/application-security/microsoft-flushes-out-ncurses-gremlins www.secnews.physaphae.fr/article.php?IdArticle=8383896 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-09-13T21:45:00+00:00 https://www.darkreading.com/ics-ot/claroty-unveils-vulnerability-risk-management-capabilities-to-elevate-risk-reduction-for-cyber-physical-systems www.secnews.physaphae.fr/article.php?IdArticle=8382448 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.]]> 2023-09-13T19:45:00+00:00 https://www.darkreading.com/application-security/microsoft-azure-hdinsight-xss-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8382423 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The security vulnerability could lead to arbitrary code execution by way of application crashing.]]> 2023-09-12T19:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/critical-google-chrome-zero-day-bug-exploited www.secnews.physaphae.fr/article.php?IdArticle=8382017 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.]]> 2023-09-11T17:38:08+00:00 https://www.darkreading.com/dr-global/iranian-apt-hits-us-aviation-org-via-manageengine-fortinet-bugs www.secnews.physaphae.fr/article.php?IdArticle=8381464 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch This Tech Tip focuses on best security practices to write secure JavaScript code.]]> 2023-09-06T23:50:00+00:00 https://www.darkreading.com/dr-tech/coding-tips-to-sidestep-javascript-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8379873 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch By securing access to code and running scans against all code changes, developers can better prevent - and detect - potential risks and vulnerabilities.]]> 2023-09-06T13:00:00+00:00 https://www.darkreading.com/microsoft/overcoming-open-source-vulnerabilities-in-the-software-supply-chain- www.secnews.physaphae.fr/article.php?IdArticle=8379622 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch No patch is available yet for the bug, which can enable remote code execution under the correct circumstances.]]> 2023-09-05T21:44:00+00:00 https://www.darkreading.com/application-security/researchers-discover-critical-vulnerability-in-phpfusion-cms www.secnews.physaphae.fr/article.php?IdArticle=8379331 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The Kinsing threat group has launched more than 1,000 cyberattacks in less than two months, exploiting a security vulnerability in the internal corporate messaging app in order to upload the malware and a cryptominer.]]> 2023-08-31T14:59:00+00:00 https://www.darkreading.com/remote-workforce/cyberattackers-openfire-cloud-servers-takeover-barrage www.secnews.physaphae.fr/article.php?IdArticle=8377226 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.]]> 2023-08-22T21:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/adobe-patches-critical-deserialization-vulnerability-but-exploits-persist www.secnews.physaphae.fr/article.php?IdArticle=8373402 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Neglecting security of Border Gateway Protocol (BGP) and other routing protocols has created multiple vulnerabilities that must be addressed.]]> 2023-08-18T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/unveiling-the-hidden-risks-of-routing-protocols www.secnews.physaphae.fr/article.php?IdArticle=8371773 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The four finalists in the startup competition tackled problems in firmware security, cloud infrastructure, open source software, and vulnerability remediation.]]> 2023-08-11T12:00:00+00:00 https://www.darkreading.com/dr-tech/mobb-wins-black-hat-startup-spotlight-competition www.secnews.physaphae.fr/article.php?IdArticle=8368920 False Vulnerability,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch A challenge will be offered to teams to build tools using AI in order to solve open source\'s vulnerability challenges.]]> 2023-08-09T21:39:00+00:00 https://www.darkreading.com/threat-intelligence/darpa-launches-contest-tools-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8368091 False Tool,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Vicarius launched vuln_GPT, which it says will generate and execute scripts to ameliorate flaws such as the TETRA backdoor.]]> 2023-08-09T20:38:00+00:00 https://www.darkreading.com/dr-tech/new-vuln_gpt-llm-seeks-and-remediates-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8368076 False Tool,Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Nearly a decade after it was disclosed, the Shellshock vulnerability still plagues organizations. Learn how to protect yourself.]]> 2023-08-09T14:00:00+00:00 https://www.darkreading.com/attacks-breaches/why-shellshock-remains-cybersecurity-threat-after-9-years www.secnews.physaphae.fr/article.php?IdArticle=8367891 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Further TETRA-related vulnerabilities have been disclosed in base stations that run and decrypt the worldwide communications protocol for industrial systems.]]> 2023-08-08T19:27:00+00:00 https://www.darkreading.com/dr-global/tetra-zero-day-vulnerabilities-endanger-industrial-communications www.secnews.physaphae.fr/article.php?IdArticle=8367454 False Vulnerability,Industrial None 2.0000000000000000 Dark Reading - Informationweek Branch Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.]]> 2023-08-08T02:00:00+00:00 https://www.darkreading.com/threat-intelligence/ransomware-victims-surge-as-threat-actors-pivot-to-zero-day-exploits www.secnews.physaphae.fr/article.php?IdArticle=8367025 False Ransomware,Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-08-07T21:09:00+00:00 https://www.darkreading.com/vulnerabilities-threats/securityscorecard-launches-managed-cyber-risk-services-to-mitigate-zero-day-and-critical-supply-chain-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8366959 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-08-07T20:54:00+00:00 https://www.darkreading.com/attacks-breaches/akamai-research-rampant-abuse-of-zero-day-and-one-day-vulnerabilities-leads-to-143-increase-in-victims-of-ransomware www.secnews.physaphae.fr/article.php?IdArticle=8366914 False Ransomware,Vulnerability,Studies None 2.0000000000000000 Dark Reading - Informationweek Branch The cyberattacks used the legitimate Salesforce.com domain by chaining the vulnerability to an abuse of Facebook\'s Web games platform, slipping past email protections.]]> 2023-08-04T20:33:00+00:00 https://www.darkreading.com/application-security/salesforce-zero-day-exploited-phish-facebook-credentials www.secnews.physaphae.fr/article.php?IdArticle=8365847 False Vulnerability None 1.00000000000000000000 Dark Reading - Informationweek Branch 2023-08-02T21:15:00+00:00 https://www.darkreading.com/attacks-breaches/guardio-uncovers-zero-day-vulnerability-in-salesforce-s-email-services www.secnews.physaphae.fr/article.php?IdArticle=8364934 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-08-02T20:43:00+00:00 https://www.darkreading.com/ics-ot/synsaber-and-ics-advisory-project-identify-vulnerability-trends-within-the-critical-infrastructure-sector www.secnews.physaphae.fr/article.php?IdArticle=8364912 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Nearly 200 models are affected by vulnerability that may give wireless access to unauthorized third parties.]]> 2023-08-01T20:50:00+00:00 https://www.darkreading.com/endpoint/canon-inkjet-printers-at-risk-for-third-party-compromise-via-wi-fi www.secnews.physaphae.fr/article.php?IdArticle=8364459 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch 2023-07-26T22:07:00+00:00 https://www.darkreading.com/vulnerabilities-threats/rezilion-uncovers-high-risk-vulnerabilities-missing-from-cisa-kev-catalog www.secnews.physaphae.fr/article.php?IdArticle=8361938 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Nonetheless, European standards body revised the wireless standard and insists its integrity remains sound.]]> 2023-07-26T19:30:00+00:00 https://www.darkreading.com/dr-global/tetra-owner-dismiss-backdoor-claims-in-vulnerability-research www.secnews.physaphae.fr/article.php?IdArticle=8361868 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch 2023-07-24T21:55:00+00:00 https://www.darkreading.com/vulnerabilities-threats/tara-partners-with-plante-moran-to-deliver-risk-based-vulnerability-management www.secnews.physaphae.fr/article.php?IdArticle=8360944 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The security vulnerabilities allow full takeover of Atlassian instances, so admins should patch now.]]> 2023-07-24T19:05:00+00:00 https://www.darkreading.com/cloud/atlassian-rce-bugs-plague-confluence-bamboo www.secnews.physaphae.fr/article.php?IdArticle=8360866 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Weak encryption algorithms leave radio communications open to attack and abuse.]]> 2023-07-24T08:00:00+00:00 https://www.darkreading.com/dr-global/zero-day-vulnerabilities-disclosed-in-global-emergency-services-communications-protocol www.secnews.physaphae.fr/article.php?IdArticle=8361350 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch In a nod to its centrality in IP networking, a Forescout researcher will parse overlooked vulnerabilities in the Border Gateway Protocol at Black Hat USA.]]> 2023-07-21T21:43:00+00:00 https://www.darkreading.com/vulnerabilities-threats/bgp-software-vulnerabilities-under-the-microscope-in-black-hat-session www.secnews.physaphae.fr/article.php?IdArticle=8359875 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Researcher discovers vulnerabilities in the open source Web application, which were fixed in the latest Apache OpenMeeting update.]]> 2023-07-20T17:21:04+00:00 https://www.darkreading.com/remote-workforce/apache-openmeetings-account-takeover-code-execution www.secnews.physaphae.fr/article.php?IdArticle=8359354 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Attackers show renewed relentlessness in exploiting OS vulnerabilities that also circumvent defense and detection measures.]]> 2023-07-18T21:20:00+00:00 https://www.darkreading.com/endpoint/researchers-battle-pernicious-rootkits www.secnews.physaphae.fr/article.php?IdArticle=8358474 False Vulnerability,Threat None 2.0000000000000000 Dark Reading - Informationweek Branch July\'s updates contained 100+ patches and security policy notes, leaving vulnerability management teams stressed and scrambling to prioritize. We\'re here to help find some zen.]]> 2023-07-17T19:41:00+00:00 https://www.darkreading.com/remote-workforce/5-major-takeaways-july-patch-tuesday www.secnews.physaphae.fr/article.php?IdArticle=8357911 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch A flaw in the REST API of Cisco\'s SD_WAN vManage software could allow remote, unauthenticated attackers to perform data exfiltration.]]> 2023-07-14T18:30:24+00:00 https://www.darkreading.com/remote-workforce/cisco-flags-critical-sd-wan-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8356655 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Rockwell Automation and CISA warn of security vulnerabilities that affect power plants, factories, and other critical infrastructure sites.]]> 2023-07-13T18:15:00+00:00 https://www.darkreading.com/ics-ot/critical-rce-vulnerability-rockwell-automation-plc-industrial www.secnews.physaphae.fr/article.php?IdArticle=8356155 False Vulnerability,Industrial None 4.0000000000000000 Dark Reading - Informationweek Branch The vulnerability gap continues to persist, and IT and security teams can play a major role in reducing their attack surface.]]> 2023-07-13T14:00:00+00:00 https://www.darkreading.com/operations/creating-a-patch-management-playbook-6-key-questions www.secnews.physaphae.fr/article.php?IdArticle=8356007 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch The startup, one of four finalists in this year\'s Black Hat USA Startup Spotlight competition, automates vulnerability remediation using AI.]]> 2023-07-12T21:47:00+00:00 https://www.darkreading.com/dr-tech/startup-spotlight-mobb-aims-to-be-the-fixer www.secnews.physaphae.fr/article.php?IdArticle=8355569 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Users need to patch the latest SQL injection vulnerability as soon as possible. Meanwhile, Cl0p\'s data extortion rampage gallops on.]]> 2023-07-07T18:20:49+00:00 https://www.darkreading.com/endpoint/moveit-transfer-another-critical-data-theft-bug www.secnews.physaphae.fr/article.php?IdArticle=8353444 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Not yet - but it can help make incremental progress in reducing vulnerability backlogs.]]> 2023-07-07T14:00:00+00:00 https://www.darkreading.com/application-security/can-generative-ai-be-trusted-to-fix-your-code- www.secnews.physaphae.fr/article.php?IdArticle=8353363 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.]]> 2023-06-29T19:40:00+00:00 https://www.darkreading.com/operations/cybellum-unveils-new-brand-amplifying-commitment-to-team-centric-product-security www.secnews.physaphae.fr/article.php?IdArticle=8350755 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A severe security vulnerability allows credentials for the power meters to continuously transmit in cleartext, allowing device takeover.]]> 2023-06-20T17:23:19+00:00 https://www.darkreading.com/ics-ot/schneider-power-meter-vulnerability-power-outages www.secnews.physaphae.fr/article.php?IdArticle=8347431 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks on the service continue to mount.]]> 2023-06-16T18:15:00+00:00 https://www.darkreading.com/vulnerabilities-threats/third-moveit-transfer-vulnerability-progress-software www.secnews.physaphae.fr/article.php?IdArticle=8346283 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Coalition ESS uses AI to generate dynamic risk scores to help organizations mitigate their most critical risks faster.]]> 2023-06-15T21:57:00+00:00 https://www.darkreading.com/risk/coalition-releases-security-vulnerability-exploit-scoring-system www.secnews.physaphae.fr/article.php?IdArticle=8345932 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Users urged to apply updates to FortiOS SSL-VPN after attackers may have leveraged a recently discovered vulnerability in attacks against government, manufacturing, and critical infrastructure organizations.]]> 2023-06-14T15:49:00+00:00 https://www.darkreading.com/vulnerabilities-threats/fortinet-patched-critical-flaw-may-have-been-exploited www.secnews.physaphae.fr/article.php?IdArticle=8345369 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch An audit uncovers an API-related security vulnerability dating back to Jetpack version 2.0 released in 2012 - and it affects millions of websites.]]> 2023-06-01T18:44:27+00:00 https://www.darkreading.com/endpoint/jetpack-wordpress-plugin-api-bug-mass-updates www.secnews.physaphae.fr/article.php?IdArticle=8341313 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft says the vulnerability could allow cyberattackers with root access to bypass security protections and install malware.]]> 2023-05-31T20:05:00+00:00 https://www.darkreading.com/endpoint/macos-migraine-bug-headache-device-system-integrity www.secnews.physaphae.fr/article.php?IdArticle=8340983 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP\'s security layer, eventually running rampant in the environment.]]> 2023-05-25T14:18:20+00:00 https://www.darkreading.com/cloud/google-cloud-bug-server-takeover-cloudsql-service www.secnews.physaphae.fr/article.php?IdArticle=8339406 False Vulnerability,Cloud None 2.0000000000000000 Dark Reading - Informationweek Branch A cybersecurity vulnerability found in an implementation of the social login functionality opens the door to account takeovers and more.]]> 2023-05-24T17:45:00+00:00 https://www.darkreading.com/endpoint/oauth-flaw-in-expo-platform-affects-hundreds-of-third-party-sites-apps www.secnews.physaphae.fr/article.php?IdArticle=8339092 False Vulnerability None 4.0000000000000000 Dark Reading - Informationweek Branch New rules aim to level up the quality of submissions to Google and Android device Vulnerability Reward Program.]]> 2023-05-19T13:05:00+00:00 https://www.darkreading.com/vulnerabilities-threats/google-debuts-quality-ratings-for-security-bug-disclosures www.secnews.physaphae.fr/article.php?IdArticle=8337886 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target\'s master password - and proof-of-concept code is available.]]> 2023-05-18T21:33:00+00:00 https://www.darkreading.com/application-security/keepass-vulnerability-imperils-master-passwords www.secnews.physaphae.fr/article.php?IdArticle=8337766 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A two-bit comedian is using a patched Microsoft vulnerability to attack the hospitality industry, and really laying it on thick along the way.]]> 2023-05-15T16:00:00+00:00 https://www.darkreading.com/threat-intelligence/microsoft-follina-bug-back-meme-themed-cyberattacks-travel www.secnews.physaphae.fr/article.php?IdArticle=8336696 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Adding a single character to a function in the previous Outlook patch rendered that fix useless, researchers say.]]> 2023-05-10T19:30:00+00:00 https://www.darkreading.com/remote-workforce/microsoft-patches-bug-that-enables-simple-bypass-of-previous-fix-for-actively-exploited-outlook-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8335430 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch A vulnerability in a DNA sequencer highlights the expanded attack surface area of healthcare organizations but also shows that reporting of medical device vulnerabilities works.]]> 2023-05-03T20:38:00+00:00 https://www.darkreading.com/ics-ot/medical-device-flaws-gets-new-twist-with-dna-sequencer-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8333259 False Vulnerability,Medical None 3.0000000000000000 Dark Reading - Informationweek Branch Oracle\'s characterization of the vulnerability in its Opera software as complex and hard to exploit is incorrect, researchers who found the flaw and reported it say.]]> 2023-05-03T13:05:00+00:00 https://www.darkreading.com/application-security/hotels-at-risk-from-bug-in-oracle-property-management-software www.secnews.physaphae.fr/article.php?IdArticle=8333113 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch More than 2,000 global organizations - including Fortune 1,000 companies - are at risk to reflective DDoS attacks that exploit a vulnerability discovered in the legacy Internet protocol.]]> 2023-04-26T17:52:38+00:00 https://www.darkreading.com/vulnerabilities-threats/high-severity-slp-flaw-can-amplify-ddos-attacks-up-to-2-200-times www.secnews.physaphae.fr/article.php?IdArticle=8331330 False Vulnerability None 2.0000000000000000 Dark Reading - Informationweek Branch Because the security vulnerability is under active exploit, Google isn\'t releasing full details of the flaw while users could remain vulnerable.]]> 2023-04-17T20:59:00+00:00 https://www.darkreading.com/remote-workforce/google-emergency-chrome-update-zero-day-bug www.secnews.physaphae.fr/article.php?IdArticle=8328698 False Vulnerability None 2.0000000000000000