A Walmart press release says it’s jumping aboard the cryptocurrency bus – but is it true? Theranos’s Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?
All this and much mo…
Read More Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood
Microsoft recently released a security update to fix the PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices. A zero-day Windows print spooler vulnerability called PrintNightmare (CVE-2021…
Read More All PrintNightmare Vulnerabilities Were Fixed
Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day flaw actively exploited in targeted attacks. Microsoft Patch Tuesday security updates for September 2021 addressed a high severity zero-day RCE actively exploited in targeted attacks aimed at Microsoft Office and Office 365 on Windows 10 computers. The flaw, tracked as CVE-2021-40444, resides in the MSHTML, […]
The post Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day appeared first on Security Affairs.
Read More Microsoft Patch Tuesday fixes CVE-2021-40444 MSHTML zero-day
Double trouble: two zero-days, patched in the same emergency update. So please don’t delay – patch today!
Read More Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!
Google Chrome 93.0.4577.82 for Windows, Mac, and Linux that addressed eleven security issues, including two zero-days actively exploited. Google released Chrome 93.0.4577.82 for Windows, Mac, and Linux that fixed eleven security issues, including two zero-days vulnerabilities actively exploited in the wild. This is the tenth zero-day vulnerability in Chrome fixed by Google that was exploited […]
The post Google addresses a new Chrome zero-day flaw actively exploited in the wild appeared first on Security Affairs.
Read More Google addresses a new Chrome zero-day flaw actively exploited in the wild
Microsoft warns of a zero-day vulnerability in Internet Explorer that is actively exploited by threat actors using weaponized Office docs. Microsoft warns of a zero-day vulnerability (CVE-2021-40444) in Internet Explorer that is actively exploited by threat actors to hijack vulnerable Windows systems. Microsoft did not share info about the attacks either the nature of the […]
The post Microsoft warns of a zero-day in Internet Explorer that is actively exploited appeared first on Security Affairs.
Read More Microsoft warns of a zero-day in Internet Explorer that is actively exploited
If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges.
Read More Interesting Privilege Escalation Vulnerability
It should be noted that this…
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, June 2021.How was UK Government Building CCTV Leaked?The Sun newspaper published …
Read More Cyber Security Roundup for July 2021
Cisco has addressed a zero-day in the Cisco AnyConnect Secure Mobility Client VPN software, with publicly available proof-of-concept exploit code. Cisco has addressed a zero-day vulnerability in Cisco AnyConnect Secure Mobility Client, tracked as CVE-2020-3556, that was disclosed in November. The availability of a proof-of-concept exploit code for the zero-day was confirmed by the Cisco Product Security […]
The post Cisco fixes AnyConnect Client VPN zero-day disclosed in November appeared first on Security Affairs.
Read More Cisco fixes AnyConnect Client VPN zero-day disclosed in November
What’s in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that.
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021.How not to disclosure a HackUK fashion retailer FatFace angered customers in its h…
Read More Cyber Security Roundup for April 2021
On Monday, cybersecurity researchers connected a series of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to a data breach and extortion campaign orchestrated by the UNC2546 cybercrime group. Threat actors ta…
Read More Accellion Attackers Stole Data and Breached Companies Running FTA Servers
Nowadays, every single organization relies on software and Internet services. This dependence brings along a certain degree of vulnerability. Today’s marketplace businesses are more likely to be disrupted by cybercriminals than real-world crimina…
Read More What Is a Zero-Day Vulnerability?
Just when you thought things were finally going smoothly for a change, the malvertising group widely known as “ScamClub” has made an unfavorable comeback. This time, they exploited a zero-day vulnerability in WebKit-based browsers in order …
Read More New Malvertising Campaign by the ScamClub Group Is Actively Exploiting Zero-Days
At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article:
Read More On Vulnerability-Adjacent Vulnerabilities
Soon after they were spotted, the researchers saw one exploit being used in the wild. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.
More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued multiple security updates: some failed to actually fix the vulnerability being targeted, while others required only slight changes that required just a line or two to change in the hacker’s code to make the exploit work again…
Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 18.104.22.168 is in End-of-life. Today, TIM’s Red Team Research led […]
The post TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server appeared first on Security Affairs.
Read More TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server
Hackers are exploiting a zero-day in SonicWall:
Read More SonicWall Zero-Day
In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.”
In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 series 10.x code. SonicWall is tracking it as SNWLID-2021-0001. The SMA 100 series…
This zero-day bug affects Chrome, as well as Edge and other Chromium-based browsers.
Read More Chrome zero-day browser bug found – patch now!