Microsoft closes multiple zero-days in Patch Tuesday
Microsoft has released its monthly series of security updates for its software. During this round of patches, more than one hundred vulnerabilities will be closed, five of which are labelled as zero-days.
Bleeping Computer has posted an overview of all the vulnerabilities on its website. Five of...
Dutch hackers get 200k for finding critical security leaks in Zoom
Two Dutch hackers from Computest Security, Daan Keuper and Thijs Alkemade, have discovered critical security vulnerabilities in the video calling application Zoom. For discovering and reporting these critical security leaks, they will receive a reward of 200,000 dollars.
The security experts of ...
Update patches actively exploited zero-day in Windows
Microsoft has rolled out a new series of updates for Windows. These updates consist mainly of batches for security problems. One of these vulnerabilities has already been exploited.
The bug in question is CVE-2021-1732. It concerns a bug in Win32k which allowed elevated privileges. ZDNet writes ...
Google fixes zero-day vulnerability in Chrome
On Thursday, Google released a Chrome fix for a high-severity security problem in the browser. It is believed that the flaw was being exploited in the wild. The update will roll out in the coming days and weeks, according to Google’s blog post about the issue.
Google has named the vulnerabilit...
Google reports about complex Windows and Android hacking scheme
Google published a report in six parts, detailing how a complex hacking operation detected in early 2020 worked. The campaign targeted Android and Windows devices. The attacks were executed using two exploit servers that targeted different exploit chains, deploying watering hole-style attacks.
O...
Microsoft fixes Defender’s zero-day vulnerability on Patch Tuesday
Microsoft’s latest monthly security patches came out on Patch Tuesday, with the fix for Defender’s zero-day included. January's updates patch a total of 83 vulnerabilities, spread out over a wide range of Microsoft's products. They include cloud-based offerings, the Windows OS, Enterprise Serve...
Update for iOS fixes actively exploited zero-days
In an update for iOS, Apple fixes three zero-day vulnerabilities that were being actively exploited. The leaks were found by Google's Project Zero research group.
In addition to iOS, the vulnerabilities were also present in iPadOS, which is largely the same operating system. The new update fixes...
Google has a fix for their zero-day flaw in Chrome OS and Chrome
Google found out that their latest versions of Chrome and Chrome OS had a zero-day security flaw. Google has a security team that is responsible for finding these vulnerabilities, named Project Zero. They found out that hackers were using the flaw to attack Chrome users.
Google patched the flaw ...
Microsoft releases patch for three active zero-day vulnerabilities
For three zero-day vulnerabilities in different versions of Microsoft Windows, a patch was released this week to tighten security. Should the update not be downloaded and installed immediately, Windows users run the risk that hackers could take over their system.
Two of the three vulnerabilities...
Trend Micro zero-days abused by hackers
Hackers have attempted to exploit two zero-day vulnerabilities in Trend Micro solutions. The company reported this earlier this week in an statement.
The Japanese security firm released patches on Monday to address the two vulnerabilities. The patch resolved three other issues, which were basica...
Hackers are actively using zero-day exploits in WordPress
More than 35 percent of the websites run on WordPress. This huge attack surface is recently being attacked more by hackers, who are trying to exploit certain bugs in plugins. Some of these vulnerabilities are zero-day exploits, weaknesses that are unknown to the creators of the plugins.
Accordin...
New Oracle WebLogic vulnerability found in the wild
Security researchers have found a new zero day vulnerability that has an impact on the Oracle WebLogic server. The vulnerability is currently being abused in the wild. Oracle has been notified, but had released its three monthly security update four days before its discovery.
This means that an upd...