Microsoft is rolling out a series of fixes for 0-day Secure Boot bug
According to Microsoft's planning, the entire bug fix process will take a year to complete.
This week Ars Technica reported on Microsoft's latest plan to eliminate a serious vulnerability affecting the boot process on various types of Windows machines. The vulnerability can be exploited by a pie... Read more
Pwn2Own event yields 27 zero-days
Security researchers managed to discover as many as 27 zero-days in major enterprise software during the three days of the Pwn2Own Vancouver 2023 event. Zero-days were found in Windows 11, Ubuntu and macOS, among others, as well as in Oracle and VMware products and Tesla's firmware.
The various ... Read more
New phishing threats exploit zero-day vulnerabilities in Windows
Recent phishing attacks use a zero-day Windows vulnerability to drop the Qbot malware without displaying Windows' usual security warnings, BleepingComputer reports.
When users download files from an 'untrusted' remote location, such as an Internet website or an email attachment, Windows adds a s... Read more
Cybercriminals hack Microsoft Exchange servers with zero-days
Microsoft confirms that cybercriminals are exploiting two zero-day vulnerabilities in Exchange Server 2013, 2016 and 2019.
The vulnerabilities allow cybercriminals to conduct remote code execution attacks. The bugs were discovered by GTSC. The security company published a mitigation guide. The ... Read more
Google issues another update to fix a zero-day in Chrome
Google issued an update to the Stable channel of its Chrome browser on Wednesday containing a patch for a vulnerability currently in the wild.
According to Google's alert, CVE-2022-2856 is a remedy for "insufficient validation of untrusted input in Intents." Intents often convey data from one pr... Read more
Cato Networks fixes zero-day vulnerability in Microsoft Office
Cato Networks developed a workaround for a zero-day vulnerability recently found in Microsoft Office. Customers of Cato Networks are immune to the vulnerability.
Cato Networks provides a Secure Access Service Edge service (SASE). The service has two components. First, it connects customers' appl... Read more
Microsoft fixes Windows AppX Installer exploit, blocks Emotet spread
Microsoft squashes multiple vulnerabilities in its solutions. Among them is critical spoofing vulnerability CVE-2021-43890, frequently exploited for Emotet, Trickbot and Bazaloader attacks.
Microsoft releases a December update fixing various vulnerabilities through no less than 67 patches. In No... Read more
Cybercriminals enhance tactics to exploit zero-day flaws
HP Wolf Security caught exploits of the zero-day CVE-2021-40444 a remote code execution vulnerability in the MSHTML browser engine that can be triggered by opening a malicious Microsoft Office document.
The flaw was caught a week before a patch was released for it. The latest HP Wolf Security Th... Read more
Apple warns for active exploited zero-day vulnerability on Macs
Apple has warned iPhone and Mac users that it is aware of a zero-day bug under active exploit. The company thanked Google for spotting the bug, assigned CVE-2021-30869, which the world's largest ad company seems to have noticed since it impacts the WebKit browser engine.
It is a serious flaw, as... Read more
Apple releases update fixing NSO spyware vulnerabilities
The vulnerabilities affects Macs, iPhones, iPads and Watches.
Apple released an urgent and critical security update for Mac, iPhone, iPad and Watch. The update comes after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware company NSO Group.
The spy... Read more