This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-10T13:06:08+00:00 www.secnews.physaphae.fr Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: Cisco Tags: Identity Services Engine Tags: AnyConnect VPN server Tags: CVE-2022-20822 Tags: CVE-2022-20959 Tags: CVE-2022-20933 Tags: input validation Cisco's latest security advisory includes a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) that could allow an attacker to read and delete files. (Read more...) ]]> 2022-10-24T20:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/cisco-patch-needed-for-remote-file-access-vulnerability-in-identity-services-engine www.secnews.physaphae.fr/article.php?IdArticle=7669153 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: Log4Text Tags: Apache Tags: Commons Text Tags: CVE-2022-42889 Tags: Log4j Tags: Log4Shell Tags: interpolators Log4Text is a recently found vulnerability in Apache Commons. Log4Text provoked a knee jerk reaction because it reminds us of Log4Shell. So should we worry? (Read more...) ]]> 2022-10-19T19:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/why-log4text-is-not-another-log4shell www.secnews.physaphae.fr/article.php?IdArticle=7571921 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: BOD 23-01 Tags: asset visibility Tags: vulnerability detection Tags: federal networks Tags: CISA Tags: CDM Tags: CISA has issued BOD 23-10 which requires all FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodic scans of these devices, and provide this information to CISA. (Read more...) ]]> 2022-10-06T11:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/improving-asset-visibility-and-vulnerability-detection-on-federal-networks www.secnews.physaphae.fr/article.php?IdArticle=7325315 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: Atlassian Tags: Bitbucket Tags: git Tags: CVE-2022-36804 Tags: RCE Tags: read permission International cybersecurity authorities are warning about the active exploitation of a vulnerability in Bitbucket Server and Data Center (Read more...) ]]> 2022-10-03T12:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/10/warnings-about-actively-exploited-vulnerability-in-bitbucket-server-and-data-center www.secnews.physaphae.fr/article.php?IdArticle=7291816 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: WPGateway Tags: WordPress Tags: plugin Tags: vulnerability Tags: CVE We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin. (Read more...) ]]> 2022-09-14T11:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/wpgateway-wordpress-plugin-vulnerability-could-allow-full-site-takeover www.secnews.physaphae.fr/article.php?IdArticle=6897778 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: BackupBuddy Tags: WordPress Tags: vulnerability Tags: exploit Tags: hack Tags: compromise Tags: update We take a look at a vulnerability in popular WordPress plugin BackupBuddy, and the steps you need to take to fix it. (Read more...) ]]> 2022-09-13T12:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/backupbuddy-wordpress-plugin-vulnerable-to-exploitation-update-now www.secnews.physaphae.fr/article.php?IdArticle=6876458 False Vulnerability None 4.0000000000000000 Malwarebytes Labs - MalwarebytesLabs Categories: BusinessAt Malwarebytes, we understand that small-and-medium sized businesses find it uniquely difficult to quickly respond to vulnerabilities. In this post, learn more about our approach to vulnerability response and how our Vulnerability Assessment and Patch Management solutions can address common SMB pain points. (Read more...) ]]> 2022-09-08T11:00:00+00:00 https://www.malwarebytes.com/blog/business/2022/09/vulnerability-response-for-smbs-the-malwarebytes-approach www.secnews.physaphae.fr/article.php?IdArticle=6792506 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: QNAP Tags: Photo Station Tags: Deadbolt Tags: ransomware Tags: VPN QNAP says it's detected that DeadBolt is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems directly connected to the internet. (Read more...) ]]> 2022-09-06T10:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/update-now-qnap-warns-users-about-deadbolt-leveraging-exploitation-of-photo-station-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=6756932 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: Apple Tags: iOS 12.5.6 Tags: webkit Tags: CVE-2022-32893 Apple has released a security update for iOS 12.5.6 to patch a remotely exploitable WebKit vulnerability that allows attackers to execute arbitrary code on unpatched devices. (Read more...) ]]> 2022-09-01T19:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/apple-releases-security-update-for-iphones-and-ipads-to-address-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=6673039 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: Exploit Tags: vulnerability Tags: Tik-Tok Tags: Microsoft Tags: JavaScript We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed. (Read more...) ]]> 2022-09-01T12:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/09/tiktok-vulnerability-could-have-allowed-hijackers-to-take-over-accounts www.secnews.physaphae.fr/article.php?IdArticle=6673040 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: BusinessWe're thrilled to announce our Patch Management module for OneView, which is paired alongside our Vulnerability Assessment module to help you uncover vulnerabilities, respond to threats, and keep your customers productive and safe. (Read more...) ]]> 2022-08-25T12:00:00+00:00 https://www.malwarebytes.com/blog/business/2022/08/introducing-patch-management-for-oneview www.secnews.physaphae.fr/article.php?IdArticle=6530048 False Vulnerability None 5.0000000000000000 Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: GitLab Tags: RCE Tags: CVE-2022-2884 Tags: GitHub Tags: import GitLab has released important security fixes to patch for an RCE vulnerability, known as CVE-2022-2884. (Read more...) ]]> 2022-08-25T10:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/08/update-now-gitlab-issues-critical-security-release-for-rce-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=6530049 False Vulnerability None 4.0000000000000000 Malwarebytes Labs - MalwarebytesLabs Categories: NewsTags: Microsoft Tags: ChromeOS Tags: Chrome Tags: Google Tags: audio Tags: bluetooth Tags: exploit Tags: vulnerability Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week. (Read more...) ]]> 2022-08-24T11:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/08/chromeos-vulnerability-found-by-microsoft www.secnews.physaphae.fr/article.php?IdArticle=6510028 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Categories: Exploits and vulnerabilitiesCategories: NewsTags: Zimbra Tags: ZVS Tags: cve-2022-27925 Tags: web shell Tags: cve-2022-37042 Tags: authentication Tags: RCE Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers (Read more...) ]]> 2022-08-11T13:00:00+00:00 https://www.malwarebytes.com/blog/news/2022/08/thousands-of-zimbra-mail-servers-backdoored-in-large-scale-attack www.secnews.physaphae.fr/article.php?IdArticle=6280693 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A researcher has found a serious vulnerability in the muhttpd webserver that is used in millions of routers and modems. A patch is available but ISPs are often slow to push out firmware updates. ]]> 2022-08-01T17:31:40+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/08/millions-of-arris-routers-are-vulnerable-to-path-traversal-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=6081114 False Vulnerability None 5.0000000000000000 Malwarebytes Labs - MalwarebytesLabs July's Patch Tuesday gives us a lot of important security updates. Most prominently, a known to be exploited vulnerability in Windows CSRSS. ]]> 2022-07-13T12:21:53+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-july-patch-tuesday-patches-include-fix-for-exploited-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=5694449 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Google has patched a vulnerability in Chrome which was being exploited in the wild. Make sure you're using the latest version. ]]> 2022-07-05T13:56:04+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/07/update-now-chrome-patches-another-zero-day-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=5563072 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs 2022-06-30T15:25:24+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/amazon-photos-vulnerability-could-have-given-attackers-access-to-user-files-and-data/ www.secnews.physaphae.fr/article.php?IdArticle=5472597 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs 2022-06-14T12:38:13+00:00 https://blog.malwarebytes.com/malwarebytes-news/2022/06/introducing-malwarebytes-vulnerability-assessment-for-oneview-how-to-check-for-common-vulnerabilities-and-exposures-cves/ www.secnews.physaphae.fr/article.php?IdArticle=5143458 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Researchers at MIT have published details about an attack that uses a flaw in the M1 security feature pointer authentication codes. ]]> 2022-06-14T09:53:27+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/dont-panic-unpatchable-mac-vulnerability-discovered/ www.secnews.physaphae.fr/article.php?IdArticle=5141465 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A vulnerability in Atlassian Confluence was found by performing an incident response investigation on a compromised server. The vulnerability is not yet patched. ]]> 2022-06-03T14:41:58+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/06/unpatched-atlassian-confluence-vulnerability-is-actively-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=4952645 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs 2022-05-30T18:09:26+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/microsoft-office-zero-day-follina-its-not-a-bug-its-a-feature-its-a-bug/ www.secnews.physaphae.fr/article.php?IdArticle=4897060 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs At least one group of threat actors is using the recently patched vulnerability in F5 BIG-IP to wipe the file system of vulnerable devices. ]]> 2022-05-12T12:51:25+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/f5-big-ip-vulnerability-is-now-being-used-to-disable-servers/ www.secnews.physaphae.fr/article.php?IdArticle=4594051 False Vulnerability,Threat None None Malwarebytes Labs - MalwarebytesLabs 2022-05-11T14:36:23+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-microsoft-releases-patches-including-one-for-actively-exploited-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=4594053 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Only a few days after the release of the patch for a vulnerability in F5 BIG-IP, exploits were developed and are now being deployed. ]]> 2022-05-09T15:39:17+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2022/05/update-now-exploits-are-active-for-f5-big-ip-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=4594059 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Update your Chrome browser to its latest version-86.0.4240.111-to protect yourself from a vulnerability that Google says is being actively exploited. Categories: Exploits and vulnerabilities Tags: 86.0.4240.111browser exploitChrome vulnerabilityCVE-2020-15999FreeTypeFreeType 2.10.4FreeType zero-day (Read more...) ]]> 2020-10-26T10:58:14+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/10/google-patches-exploited-zero-day-bug-that-affects-chrome-users/ www.secnews.physaphae.fr/article.php?IdArticle=1996734 False Vulnerability None 5.0000000000000000 Malwarebytes Labs - MalwarebytesLabs This tech support scam is being spread via Facebook links and uses several redirection mechanisms to avoid detection. Categories: Cybercrime Social engineering Tags: cross-site scriptingtech support scamTSSvulnerabilityxss (Read more...) ]]> 2020-10-21T20:41:32+00:00 https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=1989724 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs CVSS, or Common Vulnerability Scoring System, provides developers, testers, and security professionals with a standardized process to assess vulnerabilities. Categories: Malwarebytes news Tags: attack complexityattack vectorbug bountycommon vulnerability scoring systemCVSSCVSS 3.1FIRSTForum of Incident Response and Security Teamsprivileges requiredsoftware vulnerabilitystandardizationuser interaction (UI)vulnerabilitiesvulnerability (Read more...) ]]> 2020-05-13T15:30:00+00:00 https://blog.malwarebytes.com/malwarebytes-news/2020/05/how-cvss-works-characterizing-and-scoring-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=1707079 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A newly-discovered vulnerability in iOS Mail can be used to attack an iPhone remotely using a malicious e-mail message, even if you're running the latest version of iOS (13.4.1). Categories: Mac Tags: AppleApple mailiOSiOS mailiOS mail bugiOS mail vulnerabilityiOS vulnerabilitymailmaildvulnerabilityzero-day vulnerability (Read more...) ]]> 2020-04-22T17:54:33+00:00 https://blog.malwarebytes.com/mac/2020/04/ios-mail-bug-allows-remote-zero-click-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1670344 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs After a vulnerability in a popular business VPN solutions was discussed at length and an easy to use exploit is availbale, organizations still fail to apply the patch. What's up? Categories: Business Tags: cybercriminalsexploitexploit kitsexploitspatchpatchingpulsevpnvulnerabilitiesvulnerability (Read more...) ]]> 2019-10-18T16:36:36+00:00 https://blog.malwarebytes.com/business-2/2019/10/pulse-vpn-patched-their-vulnerability-but-businesses-are-trailing-behind/ www.secnews.physaphae.fr/article.php?IdArticle=1411529 False Vulnerability None 4.0000000000000000 Malwarebytes Labs - MalwarebytesLabs The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems. Categories: Malwarebytes news Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL (Read more...) ]]> 2019-09-12T15:00:00+00:00 https://blog.malwarebytes.com/malwarebytes-news/2019/09/everything-you-need-to-know-about-the-heartbleed-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=1322345 True Vulnerability None None Malwarebytes Labs - MalwarebytesLabs The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems. Categories: Exploits and vulnerabilities Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL (Read more...) ]]> 2019-08-30T16:16:00+00:00 https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/08/everything-you-need-to-know-about-the-heartbleed-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=1295847 False Vulnerability None 3.0000000000000000 Malwarebytes Labs - MalwarebytesLabs Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk? Categories: Awareness Tags: AppleblackberrybluetoothCiscoCVE-2019-9506iOSKey Negotiation of BluetoothKNOB attackmacOSman-in-the-middle attackmicrosoftmitmret hatwatchoswindows (Read more...) ]]> 2019-08-21T15:56:04+00:00 https://blog.malwarebytes.com/awareness/2019/08/bluetooth-vulnerability-can-be-exploited-in-key-negotiation-of-bluetooth-knob-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=1276671 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs Upset by their inability to access potentially vital evidence for criminal investigations, the federal government has, for years, pushed to convince tech companies to build backdoors that will, allegedly, only be used by law enforcement agencies. The problem, cybersecurity researchers say, is that those backdoors can easily be exploited by criminals. Categories: Privacy Tags: AppleAttorney GeneralbackdoorClipper ChipDepartment of Justiceencryptionfbigolden keyGoogleiMessageiOS 8iPhonelawful interceptluggageNational Security AgencyNSAsignalTransportation Security AdministrationTSAwhatsappWilliam Barr (Read more...) ]]> 2019-08-09T16:10:02+00:00 https://blog.malwarebytes.com/privacy-2/2019/08/backdoors-are-a-security-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=1252991 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild? Categories: Exploits Threat analysis Tags: CVE-2018-16858exploitlibreofficeopenofficepythonrce (Read more...) ]]> 2019-02-06T17:16:05+00:00 https://blog.malwarebytes.com/threat-analysis/2019/02/new-critical-vulnerability-open-source-office-suites/ www.secnews.physaphae.fr/article.php?IdArticle=1020153 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A roundup of the security news from September 24–30 including phishing, Apple woes, a vulnerability in the wild, e-commerce attacks, phone spam, and a massive Facebook breach. Categories: Security world Week in security Tags: CVECVE-2018-8373facebookGooglriPhoneXSLojaxMagecartmicrosoftMojavemutagen astronomyosxphishingport of san diegoquasar ratsafari extensionssms phishingtelegramTV licensingunwanted calls (Read more...) ]]> 2018-10-01T16:44:02+00:00 https://blog.malwarebytes.com/security-world/2018/10/a-week-in-security-september-24-30/ www.secnews.physaphae.fr/article.php?IdArticle=827122 False Vulnerability None None Malwarebytes Labs - MalwarebytesLabs A threat actor implements a newer vulnerability exploited in Internet Explorer to serve up the Quasar RAT and diversify the portfolio of attacks. Categories: Exploits Threat analysis Tags: anti exploitCVE-2018-8174CVE-2018-8373exploitIndicators of compromiseIOCIOCspastebinpatchQuasarratremote administration toolvirustotalvulnerabilitiesvulnerability (Read more...) ]]> 2018-09-26T17:13:02+00:00 https://blog.malwarebytes.com/threat-analysis/2018/09/buggy-implementation-of-cve-2018-8373-used-to-deliver-quasar-rat/ www.secnews.physaphae.fr/article.php?IdArticle=825469 False Vulnerability,Threat None None