3 liens privés
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Risk of ‘significant data loss’ for on-prem customers
Experts warn of a critical zero-day vulnerability, tracked as CVE-2023-42115, in all versions of Exim mail transfer agent (MTA) software.
Cisco discloses a new vulnerability (CVE-2023-20109) in IOS Software and IOS XE Software with the potential for remote code execution.
En sécurité informatique, que valent les identificateurs CVE et les évaluations CVSS ? - LinuxFr.org
En sécurité informatique, que valent les identificateurs CVE et les évaluations CVSS ?
Hackers are actively exploiting the latest Fortinet's FortiOS and FortiProxy flaw, targeting government, manufacturing, and critical infrastructure.
The loader, which was documented by Morphisec last month, is designed to check the system's graphic card to determine if it's running on a virtual machine or in a sandbox environment, and ultimately launch the Aurora information stealer malware.
The campaign, per Malwarebytes, has claimed 585 victims over the past two months, with the threat
What is SMBGhost SMBGhost (CVE-2020-0796) is a vulnerability affecting SMB 3.1, and more precisely one of its decompression function. As SMB 3.1 added support for data compression in order to save bandwidth, it added a decompression function presenting an integer overflow resulting in multiple subsequent buffer overflows. Those buffer overflows are exploitable in a way […]
Latest Research by our Team
Un défaut de contrôle des données saisies par l’utilisateur dans OpenSSH permet à un attaquant non authentifié, en envoyant des requêtes spécifiquement forgées, de téléverser sa clé SSH privée
Yesterday Microsoft dropped a patch for a vulnerability found by @hexnomad@infosec.exchange. It’s a great vuln, in theory allowing code execution over ICMP. It also sounds really scary, as it’s a…
Un défaut dans le module SNMPv2 de puces ASUS ASMB8 iKVM permet à un attaquant distant et non authentifié, en envoyant des requêtes spécifiquement forgées, d’exécuter du code arbitraire sur le système en tant que root.
Apple has released urgent security updates to address a new zero-day vulnerability discovered in WebKit, which attackers are exploiting in the wild.