Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 2
30 résultats taggé bug  ✕
Veeam warns of critical RCE bug in Service Provider Console https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/
07/12/2024 09:55:40
QRCode
archive.org
thumbnail

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.

bleepingcomputer EN 2024 RCE bug DRaaS VSPC Veeam
Cisco warns of continued exploitation of 10-year-old ASA bug https://www.scworld.com/news/cisco-warns-of-continued-exploitation-of-10-year-old-asa-bug
07/12/2024 09:54:14
QRCode
archive.org
thumbnail

Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.
In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.

scworld EN 2024 10-year-old ASA bug Cisco CVE-2014-2120
Okta security bug affects those with really long usernames https://www.theregister.com/2024/11/04/why_the_long_name_okta/
13/11/2024 11:36:19
QRCode
archive.org
thumbnail

Mondays are for checking months of logs, apparently, if MFA's not enabled

theregister EN 2024 Okta bug AD/LDAP Delegated Authentication DelAuth
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown) https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/
13/11/2024 10:53:50
QRCode
archive.org
thumbnail

This one is a privesc bug yielding SYSTEM privileges for any VDI user, which is actually a lot worse than it might initially sound since that’s SYSTEM privileges on the server that hosts all the applications and access is ‘by design’ - allowing an attacker to impersonate any user (including administrators) and monitor behaviour, connectivity.

watchtowr EN Citrix Virtual Apps bug VDI exploit
Cisco fixes bug under exploit in brute-force attacks https://www.theregister.com/2024/10/24/cisco_bug_brute_force/?is=e4f6b16c6de31130985364bb824bcb39ef6b2c4e902e4e553f0ec11bdbefc118
28/10/2024 08:41:07
QRCode
archive.org
thumbnail

Who doesn't love abusing buggy appliances, really?

theregister EN 2024 cisco ASA CVE-2024-20481 Firepower VPN RAVPN bug brute-force
CVE-2024-31227: Finding a DoS Vulnerability in Redis https://docs.axelmierczuk.io/posts/cve-2024-31227
09/10/2024 20:11:10
QRCode
archive.org

A case study on advanced fuzzing techniques for network services.

axelmierczuk EN 2024 redis CVE-2024-31227 DoS case-study bug
Critical SonicWall SSLVPN bug exploited in ransomware attacks https://www.bleepingcomputer.com/news/security/critical-sonicwall-sslvpn-bug-exploited-in-ransomware-attacks/
10/09/2024 08:23:13
QRCode
archive.org
thumbnail

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks.

bleepingcomputer EN 2024 SonicWall SSLVPN bug CVE-2024-40766
Microsoft Copilot Studio Vulnerability Led to Information Disclosure https://www.securityweek.com/microsoft-copilot-studio-vulnerability-led-to-information-disclosure/
24/08/2024 12:38:26
QRCode
archive.org

A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports.

The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.

securityweek EN 2024 Microsoft Copilot Studio Vulnerability information disclosure bug CVE-2024-38206
Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms https://techcrunch.com/2024/08/08/security-bugs-in-ransomware-leak-sites-helped-save-six-companies-from-paying-hefty-ransoms/?ref=news.risky.biz
12/08/2024 11:19:46
QRCode
archive.org
thumbnail

The vulnerabilities allowed one security researcher to peek inside the leak sites without having to log in.

techcrunch EN 2024 Atropos.ai web bug leak-site ransomware
CrowdStrike blames a test software bug for Windows wipeout https://www.theregister.com/2024/07/24/crowdstrike_validator_failure/
25/07/2024 09:14:32
QRCode
archive.org
thumbnail

CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.

A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.

theregister EN 2024 Windows CrowdStrike bug incident PIR preliminary-post-incident-review
Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump https://therecord.media/progress-software-elevates-severity-bug
27/06/2024 08:42:58
QRCode
archive.org
thumbnail

The company updated an advisory about a bug affecting the MOVEit tool, warning a “newly identified vulnerability in a third-party component" had elevated the risks.

therecord.media EN 2024 MOVEit Transfer CVE-2024-5806 bug exploited
Security bug allows anyone to spoof Microsoft employee emails https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/
19/06/2024 08:47:58
QRCode
archive.org
thumbnail

A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

techcrunch EN 2024 microsoft researcher bug email phishing
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities https://www.sonarsource.com/blog/joomla-multiple-xss-vulnerabilities/
27/02/2024 18:42:43
QRCode
archive.org
thumbnail
  • Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla.
  • The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726.
  • Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link.
  • The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences.
  • The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions.
    • Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.
sonarsource EN 2024 Joomla PHP Bug CVE-2024-21726
ChatGPT «devient fou», OpenAI s’explique https://www.ictjournal.ch/news/2024-02-22/chatgpt-devient-fou-openai-sexplique
22/02/2024 22:00:25
QRCode
archive.org
thumbnail

Durant plusieurs heures, ChatGPT a présenté un comportement inattendu, générant des réponses illogiques et des créa

ictjournal FR CH 2024 ChatGPT inattendu illogiques bug
Qualcomm chip vulnerability enables remote attack by voice call https://www.scmagazine.com/news/qualcomm-chip-vulnerability-enables-remote-attack-by-voice-call
03/01/2024 18:15:51
QRCode
archive.org
thumbnail

The critical bug that could lead to a remote attack via voice call is one of 26 vulnerabilities affecting hundreds of Qualcomm chipsets.

scmagazine EN 2024 critical bug Qualcomm voice-call chip vulnerability CVE-2023-33025
Intel fixes high-severity CPU bug that causes “very strange behavior” https://arstechnica.com/security/2023/11/intel-fixes-high-severity-cpu-bug-that-causes-very-strange-behavior/
16/11/2023 06:30:27
QRCode
archive.org
thumbnail

Among other things, bug allows code running inside a VM to crash hypervisors.

arstechnica EN 2023 reptar Intel CPU CVE-2023-23583 bug
CIA exposed to intelligence interception due to X's URL bug https://www.theregister.com/2023/10/18/cia_x_url_bug/
19/10/2023 12:20:35
QRCode
archive.org
thumbnail

Musk's mega-app-in-waiting goes from chopping headlines to profile URLs
An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence.

Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.

theregister EN 2023 X McSheehan Pad Telegram CIA URL bug Twitter
Nearly every AMD CPU since 2017 vulnerable to Inception bug https://www.theregister.com/2023/08/09/amd_inception/
10/08/2023 09:59:43
QRCode
archive.org
thumbnail

AMD processor users, you have another data-leaking vulnerability to deal with: like Zenbleed, this latest hole can be to steal sensitive data from a running vulnerable machine.

theregister EN 2023 CVE-2023-20569 AMD CPU processor bug Inception
WordPress plugin installed on 1 million+ sites logged plaintext passwords https://arstechnica.com/security/2023/07/wordpress-plugin-installed-on-1-million-sites-logged-plaintext-passwords
15/07/2023 14:00:20
QRCode
archive.org
thumbnail

AIOS bills itself as an "all-in-one" security solution. A just-fixed bug undermined that.

arstechnica EN 2023 WordPress plugin AIOS bug plaintext passwords
Microsoft Teams vulnerability allows attackers to deliver malware to employees https://www.helpnetsecurity.com/2023/06/23/microsoft-teams-deliver-malware/
28/06/2023 09:33:31
QRCode
archive.org
thumbnail

Security researchers have found a bug that could allow attackers to deliver malware directly into employees' Microsoft Teams inbox.

helpnetsecurity EN 2023 Microsoft Teams bug malware
page 1 / 2
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio