Microsoft fixes Windows AppX Installer exploit, blocks Emotet spread
Microsoft squashes multiple vulnerabilities in its solutions. Among them is critical spoofing vulnerability CVE-2021-43890, frequently exploited for Emotet, Trickbot and Bazaloader attacks.
Microsoft releases a December update fixing various vulnerabilities through no less than 67 patches. In No...
Cybercriminals enhance tactics to exploit zero-day flaws
HP Wolf Security caught exploits of the zero-day CVE-2021-40444 a remote code execution vulnerability in the MSHTML browser engine that can be triggered by opening a malicious Microsoft Office document.
The flaw was caught a week before a patch was released for it. The latest HP Wolf Security Th...
Apple warns for active exploited zero-day vulnerability on Macs
Apple has warned iPhone and Mac users that it is aware of a zero-day bug under active exploit. The company thanked Google for spotting the bug, assigned CVE-2021-30869, which the world's largest ad company seems to have noticed since it impacts the WebKit browser engine.
It is a serious flaw, as...
Apple releases update fixing NSO spyware vulnerabilities
The vulnerabilities affects Macs, iPhones, iPads and Watches.
Apple released an urgent and critical security update for Mac, iPhone, iPad and Watch. The update comes after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware company NSO Group.
The spy...
Google researchers discover new zero-day attack vectors
They found malware campaigns that exploited previously unknown flaws in Google Chrome, Internet Explorer and WebKit.
Google released information this week about four zero-day security vulnerabilities that they found "in the wild" earlier this year. Google's Threat Analysis Group (TAG) and Projec...
Project Zero gives users 30 days to install patches
Google Project Zero has added a 30-day period to the 90-day period in which it releases details of zero-days. The initiative still gives companies 90 days to release patches, but users will then have 30 days to install them.
In a blog post, Project Zero says that the initiative is adjusting its ...
Microsoft closes multiple zero-days in Patch Tuesday
Microsoft has released its monthly series of security updates for its software. During this round of patches, more than one hundred vulnerabilities will be closed, five of which are labelled as zero-days.
Bleeping Computer has posted an overview of all the vulnerabilities on its website. Five of...
Dutch hackers get 200k for finding critical security leaks in Zoom
Two Dutch hackers from Computest Security, Daan Keuper and Thijs Alkemade, have discovered critical security vulnerabilities in the video calling application Zoom. For discovering and reporting these critical security leaks, they will receive a reward of 200,000 dollars.
The security experts of ...
Update patches actively exploited zero-day in Windows
Microsoft has rolled out a new series of updates for Windows. These updates consist mainly of batches for security problems. One of these vulnerabilities has already been exploited.
The bug in question is CVE-2021-1732. It concerns a bug in Win32k which allowed elevated privileges. ZDNet writes ...
Google fixes zero-day vulnerability in Chrome
On Thursday, Google released a Chrome fix for a high-severity security problem in the browser. It is believed that the flaw was being exploited in the wild. The update will roll out in the coming days and weeks, according to Google’s blog post about the issue.
Google has named the vulnerabilit...
Google reports about complex Windows and Android hacking scheme
Google published a report in six parts, detailing how a complex hacking operation detected in early 2020 worked. The campaign targeted Android and Windows devices. The attacks were executed using two exploit servers that targeted different exploit chains, deploying watering hole-style attacks.
O...
Microsoft fixes Defender’s zero-day vulnerability on Patch Tuesday
Microsoft’s latest monthly security patches came out on Patch Tuesday, with the fix for Defender’s zero-day included. January's updates patch a total of 83 vulnerabilities, spread out over a wide range of Microsoft's products. They include cloud-based offerings, the Windows OS, Enterprise Serve...