Browsing tag
Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free vulnerability in the kernel that can be exploited for local privilege […]
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is […]
The Cyberspace Administration of China (CAC) has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The “Regulations on the Management of Network Product Security Vulnerability” are expected to go into effect […]
Two of the zero-day Windows flaws rectified by Microsoft as part of its Patch Tuesday update earlier this week were weaponized by an Israel-based company called Candiru in a series of “precision attacks” to hack more than 100 journalists, academics, activists, and political dissidents globally. The spyware vendor was also formally identified as the commercial […]
SolarWinds, the Texas-based company that became the epicenter of a massive supply chain attack late last year, has issued patches to contain a remote code execution flaw in its Serv-U managed file transfer service. The fixes, which target Serv-U Managed File Transfer and Serv-U Secure FTP products, arrive after Microsoft notified the IT management and […]
Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that’s being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a JavaScript API for rendering interactive […]
Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed. Wordfence’s threat intelligence team, which discovered the flaw, said it reported the issue to the plugin’s developer […]
Google on Wednesday updated its May 2021 Android Security Bulletin to disclose that four of the security vulnerabilities that were patched earlier this month by Arm and Qualcomm may have been exploited in the wild as zero-days. “There are indications that CVE-2021-1905, CVE-2021-1906, CVE-2021-28663 and CVE-2021-28664 may be under limited, targeted exploitation,” the search giant […]
Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. The weaknesses all concern WebKit, the browser engine which powers Safari and other third-party web browsers in iOS, allowing an adversary […]
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye’s Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity […]
Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as “limited and targeted,” Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to […]
Google has discovered a new Android zero-vulnerability that allows hackers to gain unauthorized access to various Android smartphones. This discovery has been made by Google’s Project Zero team. New Android Zero-Day Vulnerability It is suggested that the Android vulnerability rests in Android device’s Linux kernel code, which provides cybercriminals root access to Android smartphones. On […]
Regardless of its usage, any software implementation can present serious security errors. A researcher in vulnerability testing that remains anonymous for the time has revealed details about zero-day vulnerability in vBulletin, the most widely used Internet forum creation software nowadays. The problem is that it appears that the person in charge of publishing this information […]
According to Matt Miller, a security engineer with the Microsoft Security Response Center, many zero-day vulnerabilities are ineffective against the newest versions of Windows 10. Miller analyzed zero-day attacks from 2015 to 2019 — focusing on how exploitation attacks have become less frequent since the release of Windows 10. The report concluded that over 40% […]
Mozilla has issued a warning of a zero-day flaw in Firefox browser that is currently being exploited in the wild. But the good news is that an emergency patch has been released for the same so you should update your browser now! The vulnerability was discovered by Google’s Project Zero security team and it is […]
According to the latest Kaspersky Lab Report, a Windows Zero-Day vulnerability is serving as a backdoor for hackers to take control of users’ PCs. The latest exploit utilizes a use-after-free attack and has a technical name CVE-2019-0895. The exploit is found in win32k.sys and grants hackers Local Privilege meaning they’re able to access resources usually outside of users’ capabilities. How Windows Zero-Day Vulnerability Works? A normal […]
CounterStrike is an old favorite game for veteran first-person shooters fans, its popularity remains at a very relevant and competitive level even after 2 decades. But Dr. Web has issued a warning for all CounterStrike gamers, as it was recently discovered that around 39% of publicly accessible CounterStrike 1.6 servers were designed to harm gamers. […]
The flaw requires being combined with a Chrome browser exploit Network security and ethical hacking specialists from the International Institute of Cyber Security recommend Windows operating system users to upgrade to version 10 to protect against a critical vulnerability that has already been exploited in the wild. Unidentified threat actors have combined an unpatched local privilege escalation exploit […]
This is the fourth zero-day vulnerability in Windows revealed in December 2018 A cybersecurity researcher has revealed the code to exploit critical zero-day vulnerability present in the Windows operating system, the fourth security error of this class presented during the last month of 2018. According to specialists from the International Institute of Cyber Security, this […]
In its Patch Tuesday updates for December, Microsoft has once again fixed, for the fourth month in a row, a zero-day bug that was continuously being exploited in the wild. The Patch Tuesday updates (Patch Tuesday is the name given to Microsoft’s monthly security patches) for December has fixed 39 vulnerabilities across a large set […]
The flaw, still unpatched, allows an attacker to delete any type of file on a machine, including system data A cybersecurity and digital forensics researcher has published a proof-of-concept for a zero-day vulnerability in Windows functional on fully patched Windows 10 machines. Exploiting the vulnerability would allow an attacker to delete any type of file on the […]