patch – TFun dot org

Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)

29/11/2022RedOne

A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog. About CVE-2021-35587 CVE-2021-35587 was discovered by security researchers “Jang” (Nguyen Jang) […]

Firefox fixes fullscreen fakery flaw – get the update now!

16/11/2022RedOne

What’s so bad about a web page going fullscreen without warning you first?

Microsoft fixes many zero-days under attack

08/11/2022RedOne

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They […]

Mise à jour des serveurs : mieux vaut se poser les bonnes questions

05/10/2022RedOne

Il n’est pas rare de constater dans certaines entreprises que la mise à jour des serveurs est un sujet qui a été longtemps délaissé et dans le pire des cas, durant plusieurs années… La conséquence de cet oubli ? Une exposition accrue aux cyberattaques qui peut être d’autant plus coûteuse. A l’image des postes de travail, […]

Chrome fixes zero-day security hole reported anonymously – update now!

05/09/2022RedOne

This time, the crooks got there first – only 1 security hole patched, but it’s a zero-day.

Firefox 104 is out – no critical bugs, but update anyway

26/08/2022RedOne

Two trust-spoofing bugs were the main culprits this month – but neither one was a zero-day.

Avast découvre une faille dans Google Chrome utilisée pour cibler des journalistes

26/07/2022RedOne

Avast a récemment découvert une vulnérabilité de type « zero-day » dans Google Chrome (CVE-2022-2294) lorsqu’elle a été exploitée dans la nature dans le but d’attaquer les utilisateurs d’Avast au Moyen-Orient de manière très ciblée via un logiciel espion provenant d’Israël. Plus précisément, l’équipe Avast Threat Intelligence a découvert qu’au Liban, des journalistes figuraient parmi les parties […]

Firefox 102 fixes address bar spoofing security hole

29/06/2022RedOne

Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft’s “Follina” saga.

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

01/06/2022RedOne

After an intriguing month of Firefox releases, here’s one with a bit less drama, probably to the collective relief of Mozilla’s coders.

Apple patches zero-day kernel hole and much more – update now!

17/05/2022RedOne

You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.