Browsing tag
Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-patched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-seen backdoor on compromised machines. “Based on our findings, we believe […]
Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as CVE-2021-37975 and CVE-2021-37976, are part of a total of four patches, […]
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group’s Pegasus surveillance tool to target iPhone users. Chief among them is […]
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders,” […]
A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to […]
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (DIVD) […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for […]
A malvertising group known as “ScamClub” exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug (CVE-2021–1801) that allowed malicious parties to bypass the iframe sandboxing policy in the […]
Researchers found a new footprint about the recent BitPaymer ransomware campaign that was exploited the Apple iTunes for Windows Zero-day vulnerability to attacker public and private sectors across the U.S. Threat actors took advantage of a zero-day vulnerability that resides in the Bonjour Updater that comes packaged with iTunes for Windows and abused the unquoted […]
Researchers from Google project zero uncovered a critical zero-day vulnerability that affected at least 18 Android models including Samsung, Moto, Huawei, Pixel, Xiaomi and more. Some of the depth pieces of evidence show that the vulnerability is being exploited in wide and gives complete access to the Vulnerable Android devices. An Android zero-day exploit that […]
Preventing zero-day attack, one of a developer’s worst nightmares. In this guide, we’ll tackle the A to Zs of these attacks. Keeping your software bug-free and challenging to compromise is one of the biggest challenges that you will ever face as a developer. For every person that wants to see you succeed in this world, […]
Mozilla has issued a warning of a zero-day flaw in Firefox browser that is currently being exploited in the wild. But the good news is that an emergency patch has been released for the same so you should update your browser now! The vulnerability was discovered by Google’s Project Zero security team and it is […]
Trend Micro’s Zero Day Initiative (ZDI) vulnerability research contest Pwn2Own 2019 Successfully started its first-day contest and the team of researchers earned $240,000 in the first day alone for the successful zero-day Submissions. Trend Micro announced $1 million in cash and prizes through the contest for the researchers who submit the zero days the specific […]
Hackers exploiting zero-day vulnerabilities in Counter-Strike 1.6 game client to infect player’s devices by using a malicious gaming server and downloads malware into their devices. The Counter-Strike game was decades old but still have a huge fan database, according to researchers, 20,000 players using official CS 1.6 clients. The official game client contains two unpatched […]
The IT security researchers at TrustWave have discovered critical zero-day vulnerabilities in video conferencing products developed by Lifesize which, if exploited by attackers can cause a great deal of damage. Lifesize is an audio and video telecommunication firm based in the United States with offices in Africa, Europe, and the Middle East. Its products are used by […]
APT group widely exploiting the new Adobe flash 0day vulnerability via MS word document and the vulnerability allows attackers to execute the malicious flash object into victims machine. Attackers mainly targeting Russian state healthcare clinic through the crafted document that contains several pages in order to forge employee to open it and exploiting this Flash 0day vulnerability. Distributing […]
A Microsoft Zero-day vulnerability that existing in Microsoft JET Database Engine has been crossed zero-day Initiative (ZDI) 120 days disclosure deadline and now it released in public. ZDI initially reported this zero-day flow to Microsoft on May 8, 2018, since then Microsoft acknowledged the vulnerability and started working on it to provide the patch for […]
Newly discovered CHAINSHOT Malware attack using Adobe Flash 0-day vulnerability that carried by several Weaponized documents along with the encrypted malware payload. Researchers successfully cracked the 512-bit RSA key and decrypted the payload also the attack contains the several steps that follow each and every steps input. Attackers using the new toolkit that performed as […]
Malicious Hackers created a malware with an exploit for an unpatched Microsoft Zero-day flaw that was revealed a few days before by Belgium security researcher in Twitter. Microsoft Windows OS from Windows 7 to Windows 10 and Windows Server 2016 systems have been affected by this Local Privilege Escalation flow in Advanced Local Procedure Call […]
A new zero-day exploit for Windows VBScript Engine discovered that belongs to North Korean cyber criminals gang called Darkhotel which is the same gang behind another Zero-day flaw “double kill” that affected IE browser. This new zero-day attack spotted in July by security researchers from Trend Micro that helps to exploit the code execution vulnerability in […]
New Internet Explorer Zero-day remote code execution vulnerability has been discovered that allows an attacker could execute arbitrary code and take the complete control of the infected system. Once the attacker successfully exploits this zero-day vulnerability then they could take control of an affected system and if the victims logged in with administrative user rights then […]