yaracroft @venom@nanao.cybtex.fr

APSB22-02 - Adobe Illustrator : This update resolves an important and a moderate vulnerability that could lead to privilege escalation. #adobe #vuln #software #cyber #threats #informatique

https://helpx.adobe.com/security/products/illustrator/apsb22-02.html

APSB22-05 - Adobe InDesign : Successful exploitation could lead to arbitrary code execution and privilege escalation. #adobe #vuln #software #cyber #threats #informatique

https://helpx.adobe.com/security/products/indesign/apsb22-05.html

💥 High severity flaw in the KCodes NetUSB kernel module used by a large number of network device vendors and affecting millions of end user router devices. Attackers could remotely exploit this vulnerability to execute code in the kernel. #vuln #networks #devices #firmware #cyber #threats #informatique

https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/

8 different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service (DoS) conditions, information leaks and remote code execution (RCE) in various web applications, researchers are warning #vuln #web #software #cyber #threats #informatique

https://threatpost.com/url-parsing-bugs-dos-rce-spoofing/177493/

WordPress 5.8.3 Security Release This security release features four (4) security fixes. (CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, CVE-2022-21664) #vuln #wordpress #informatique

https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

🔥 CVE-2021-38674 - Vulnerability in QVPN Service lead RCE #vuln #qnap #vpn #network #storage #informatique

https://www.qnap.com/en/security-advisory/qsa-21-61

CVE-2021-38674 - Reflected XSS Vulnerability in TFTP Server (QTS, QuTS hero, QuTScloud) #vuln #qnap #network #storage #informatique

https://www.qnap.com/en/security-advisory/qsa-21-63

CVE-2021-44228 - Affected Vendor & Software List #vuln #informatique

https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md

CVE-2021-42392 : The JNDI Strikes Back – Unauthenticated RCE in H2 Database Console. H2 is a very popular open-source Java SQL database. Notes: newer versions of Java contain the trustURLCodebase mitigation that will not allow remote codebases to be loaded naively via JNDI. However, this mitigation is not bulletproof.. #vuln #software #java #storage #sql #database #cyber #threats #informatique

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/

A Romanian vulnerability researcher has discovered more than 70 cache poisoning vulnerabilities in combinations of cloud applications and content delivery networks (CDNs) that could be used for denial-of-service attacks on the applications. #vuln #ddos #cloud #software #applications #cyber #threats #informatique

https://youst.in/posts/cache-poisoning-at-scale/

WordPress 5.8.3 - Security Release #vuln #software #cms #blog #wordpress #informatique

https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/

Trend Micro Security « Predictions » for 2022

1. Cloud Threats
2. Ransomware Threats
3. Vulnerability Exploits
4. Commodity Attacks
5. IoT Threats
6. Supply Chain Attacks

#cyber #iot #threats #cloud #ransomware #vuln #report #supply #informatique

https://documents.trendmicro.com/assets/rpt/rpt-toward-a-new-momentum-trend-micro-security-predictions-for-2022.pdf

Log4Shell - Scanning: Lessons learned #vuln #cyber #threats #informatique

https://zero.bs/log4shell-scanning-lessons-learned.html

L'agence fédérale américaine du commerce (FTC) gonfle ses muscles afin de créer un rapport de force en menaçant d'utiliser toute son autorité légale pour poursuivre en justice les entreprises qui ne protégent pas les données des consommateurs contre l'exposition à des vulnérabilités connues #usa #government #vuln #cyber #threats #informatique

https://www.lemondeinformatique.fr/actualites/lire-failles-dans-log4j-la-ftc-brandit-la-menace-de-poursuites-85340.html

« The attack surfaces are multiplying all over the place and the consequences of these attacks are hard to imagine yet » ( Stuart E. Madnick, professor of IS&T at MIT ) #cyber #iot #software #hardware #outage #disruptive #networks #vuln #malware #threats #internet #informatique

https://www.zdnet.com/article/your-cybersecurity-training-needs-improvement-because-hacking-attacks-are-only-getting-worse/

CVE-2021-44832 - IBM Cloud APM v8.1.4.0 Server installs a vulnerable Online Help application. #vuln #ibm #cloud #software #threats #informatique

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-log4j-cve-2021-44832-affects-the-ibm-performance-management-product/

CVE-2021-20047 - SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order Hijacking vulnerability. Successful exploitation via a local attacker could result in RCE in the target system. #vuln #vpn #windows #software #threats #informatique

http://www.cyberis.co.uk/blog/CVE-2021-20047

Google Chrome - This update includes 37 security fixes. #vuln #google #chrome #internet #browser #software #informatique

https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

Security patch for the HarmonyOS #vuln #huawei #phones #software #informatique

https://www.huaweicentral.com/january-2022-harmonyos-mobile-security-patch-details-released/