Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 3
47 résultats taggé vulnerability  ✕
Apple patches are out – old iPhones get an old zero-day fix at last! https://nakedsecurity.sophos.com/2023/01/24/apple-patches-are-out-old-iphones-get-an-old-zero-day-fix-at-last/
24/01/2023 08:57:50
QRCode
archive.org
thumbnail

Don’t delay, especially if you’re still running an iOS 12 device… please do it today!

nakedsecurity EN 2023 vulnerability apple cve-2022-42856 exploit ios ios-12 ipados zero-day
New GTA Online exploit now allows cheaters to ban your account https://rockstarintel.com/new-gta-online-exploit-now-lets-cheaters-to-ban-your-account
22/01/2023 15:39:01
QRCode
archive.org
thumbnail

a new Grand Theft Auto: Online exploit now allows cheaters to ban or delete peoples online profile and edit their stats

rockstarintel EN 2023 game vulnerability exploit GTA Online
Zoom Patches High Risk Flaws on Windows, MacOS Platforms https://www.securityweek.com/zoom-patches-high-risk-flaws-windows-macos-platforms
11/01/2023 09:23:06
QRCode
archive.org

Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.

securityweek EN 2023 CVE-2022-36930 CVE-2022-36929 CVE-2022-36927 patch-tuesday zoom zoom-rooms windows macos video-conferencing video-messaging privilege-escalation vulnerability
Jenkins discloses dozens of zero-day bugs in multiple plugins https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/
05/01/2023 08:28:08
QRCode
archive.org
thumbnail

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.

bleepingcomputer EN 2023 CSRF Jenkins Vulnerability XSS Zero-Day Security
Hacker claims to be selling Twitter data of 400 million users https://www.bleepingcomputer.com/news/security/hacker-claims-to-be-selling-twitter-data-of-400-million-users/
27/12/2022 13:11:04
QRCode
archive.org
thumbnail

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.

bleepingcomputer EN 2022 Twitter threat API vulnerability ransom
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems https://thehackernews.com/2022/12/critical-ping-vulnerability-allows.html
06/12/2022 08:35:38
QRCode
archive.org
thumbnail

he maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution.

The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service.

thehackernews EN 2022 Ping Vulnerability FreeBSD CVE-2022-23093
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
05/12/2022 11:31:28
QRCode
archive.org
thumbnail

In October of this year, we received a report from ngocnb and khuyenn from GiaoHangTietKiem JSC covering a SQL injection vulnerability in WordPress. The bug could allow an attacker to expose data stored in a connected database. This vulnerability was recently addressed as CVE-2022-21661 ( ZDI-22-020

zerodayinitiative EN 2022 CVE-2022-21661 SQL-injection vulnerability WordPress
Google pushes emergency Chrome update to fix 8th zero-day in 2022 https://www.bleepingcomputer.com/news/security/google-pushes-emergency-chrome-update-to-fix-8th-zero-day-in-2022/
25/11/2022 11:29:34
QRCode
archive.org
thumbnail

Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.

bleepingcomputer Google Google-Chrome Vulnerability Web-Browser Zero-Day patch CVE-2022-3723 CVE-2022-3075 CVE-2022-2856 CVE-2022-2294 CVE-2022-1364 CVE-2022-1096 CVE-2022-0609
Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security https://nakedsecurity.sophos.com/2022/11/16/firefox-fixes-fullscreen-fakery-flaw-get-the-update-now/
17/11/2022 09:01:42
QRCode
archive.org
thumbnail

What’s so bad about a web page going fullscreen without warning you first?

nakedsecurity EN 2022 CVE-2022-45407 CVE-2022-4540 firefox mozilla vulnerability firefox patch vulnerability
Compromising Plesk via its REST API https://fortbridge.co.uk/research/compromising-plesk-via-its-rest-api/
12/11/2022 22:38:00
QRCode
archive.org
thumbnail

Compromising Plesk via its REST API, CSRF, CORS misconfiguration, add db user, add backdoor, add secret token, cookieless CSRF

fortbridge EN 2022 Plesk REST misconfiguration CSRF Vulnerability
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049) https://breakdev.org/zip-motw-bug-analysis/
12/11/2022 22:36:48
QRCode
archive.org
thumbnail

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

breakdev EN 2022 CVE-2022-41049 Windows Mark-of-the-Web Bypass Vulnerability analysis
SHA-3 Buffer Overflow https://mouha.be/sha-3-buffer-overflow/
24/10/2022 07:03:47
QRCode
archive.org

Over the past few months, I’ve been coordinating the disclosure of a new vulnerability that I’ve found. Today is the disclosure date, so I am excited that I can finally talk about what I’ve been working on! The vulnerability has been assigned CVE-2022-37454 and bug reports are available for Python, PHP, PyPy, SHA3 for Ruby, and XKCP.

mouha.be EN 2022 CVE-2022-37454 SHA-3 Buffer-Overflow vulnerability XKCP
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability
24/10/2022 07:01:03
QRCode
archive.org
thumbnail

n April, VMware patched a vulnerability CVE-2022-22954. It causes server-side template injection because of the lack of sanitization on parameters “deviceUdid” and “devicetype”. It allows attackers to inject a payload and achieve remote code execution on VMware Workspace ONE Access and Identity Manager. FortiGuard Labs published Threat Signal Report about it and also developed IPS signature in April.

fortinet EN 2022 VMware CVE-2022-22954 vulnerability Campaigns deviceUdid devicetype
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1 https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
22/10/2022 18:41:21
QRCode
archive.org
thumbnail

Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published an out-of-band patch for Cobalt Strike which stated that there was potential for Remote Code Execution (RCE).

securityintelligence EN 2022 RCE Cobalt-Strike HelpSystems Vulnerability Analysis
On Bypassing eBPF Security Monitoring https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
13/10/2022 11:05:20
QRCode
archive.org

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions. Such a paradigm shift in the latest monitoring technologies is being driven by a variety of reasons

doyensec doyensecurity EN 2022 vulnerability exploit eBPF bypass research
Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910) https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
08/10/2022 22:24:01
QRCode
archive.org
thumbnail

Read how macOS vulnerability in Archive Utility could lead to the execution of an unsigned and unnotarized application without displaying security prompts.

jamf EN 2022 Archive Utility macOS vulnerability CVE-2022-32910 Gatekeeper bypass
CVE-2022-41352 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis
07/10/2022 10:22:03
QRCode
archive.org
thumbnail

On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…

attackerkb EN 2022 CVE-2022-41352 Zimbra vulnerability
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server https://gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
30/09/2022 09:27:43
QRCode
archive.org
thumbnail

Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.

gteltsc.vn EN 2022 Microsoft-Exchange Exchange 0-day RCE vulnerability campaign IoCs
Microsoft Issues Out-of-Band Patch for Flaw Allowing Lateral Movement, Ransomware Attacks https://www.securityweek.com/microsoft-issues-out-band-patch-flaw-allowing-lateral-movement-ransomware-attacks
25/09/2022 18:08:50
QRCode
archive.org

Microsoft this week released an out-of-band security update for its Endpoint Configuration Manager solution to patch a vulnerability that could be useful to malicious actors for moving around in a targeted organization’s network.

The vulnerability is tracked as CVE-2022-37972 and it has been described by Microsoft as a medium-severity spoofing issue. The tech giant has credited Brandon Colley of Trimarc Security for reporting the flaw.

Microsoft EN 2022 CVE-2022-37972 Endpoint-Configuration-Manager patch vulnerability
Unpatched 15-year old Python bug allows code execution in 350k projects https://www.bleepingcomputer.com/news/security/unpatched-15-year-old-python-bug-allows-code-execution-in-350k-projects/
25/09/2022 12:01:06
QRCode
archive.org
thumbnail

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.

bleepingcomputer Code-Execution Path-Traversal Python Vulnerability CVE-2007-4559
page 1 / 3
1033 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio