Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog. About CVE-2021-35587 CVE-2021-35587 was discovered by security researchers “Jang” (Nguyen Jang) […]

Continue Reading

Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They […]

Continue Reading

Avast découvre une faille dans Google Chrome utilisée pour cibler des journalistes

Avast a récemment découvert une vulnérabilité de type « zero-day » dans Google Chrome (CVE-2022-2294) lorsqu’elle a été exploitée dans la nature dans le but d’attaquer les utilisateurs d’Avast au Moyen-Orient de manière très ciblée via un logiciel espion provenant d’Israël. Plus précisément, l’équipe Avast Threat Intelligence a découvert qu’au Liban, des journalistes figuraient parmi les parties […]

Continue Reading