Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities. While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been categorized as high-severity remote code execution vulnerabilities and given CVE IDs. Vulnerabilities Discovered The first […]
Continue Reading
A security flaw in the Galaxy Store allows attackers to trigger remote code execution on affected smartphones. The now patched vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue. Vulnerability Details The […]
Continue ReadingCisco issued a warning of active exploitation attempts targeting two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows. The security flaws are tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), which allows the attacker to copy malicious files to arbitrary locations with system-level privileges. Both the vulnerabilities are dated […]
Continue ReadingTrail of Bits researcher Andreas Kellas recently disclosed a 22-Years-Old SQLite bug which has been tracked as “CVE-2022-35737.” The SQLite database library has been found to contain this vulnerability that has a high severity level. In October 2000 several code changes were made which led to the occurrence of this high-severity vulnerability. Threat actors could […]
Continue ReadingMany people are concerned about an RCE flaw in the Apache Commons Text library. They believe that this RCE flaw may turn out to be the next successive “Log4shell” flaw. The new RCE flaw in Apache Commons Text is tracked as CVE-2022-42889 and the flaw has been dubbed “Text4Shell.” The GitHub security analyst Alvaro Munoz […]
Continue ReadingThe ISC (Internet Systems Consortium) released a security patch this week in an attempt to address six vulnerabilities that could allow remote attackers to take control of BIND DNS servers. In total, four of the six vulnerabilities were rated as ‘high severity’ due to their denial of service (DoS) nature. Vulnerabilities Here below we have […]
Continue ReadingCISA’s bug catalog has been updated with a new vulnerability related to Java deserialization, which has been exploited in the wild by malicious threat actors. As this vulnerability affects multiple Zoho ManageEngine products that are affected. CVE-2022-35405 has been assigned to this vulnerability and is exploitable via low-complexity attacks that do not require the interaction […]
Continue ReadingThe cybersecurity researchers at Trellix have recently identified a 15-year-old Python bug that has been found to potentially impact 350,000 open-source repositories. There is a possibility that this bug could lead to the execution of code. This 15-year-old Python bug was disclosed in 2007 and has been tracked as CVE-2007-4559. Despite this, no patch was […]
Continue ReadingIt has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner. In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party […]
Continue ReadingTwo critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab. There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access […]
Continue Reading