Google reports about complex Windows and Android hacking scheme
Google published a report in six parts, detailing how a complex hacking operation detected in early 2020 worked. The campaign targeted Android and Windows devices. The attacks were executed using two exploit servers that targeted different exploit chains, deploying watering hole-style attacks.
O...
Microsoft fixes Defender’s zero-day vulnerability on Patch Tuesday
Microsoft’s latest monthly security patches came out on Patch Tuesday, with the fix for Defender’s zero-day included. January's updates patch a total of 83 vulnerabilities, spread out over a wide range of Microsoft's products. They include cloud-based offerings, the Windows OS, Enterprise Serve...
Update for iOS fixes actively exploited zero-days
In an update for iOS, Apple fixes three zero-day vulnerabilities that were being actively exploited. The leaks were found by Google's Project Zero research group.
In addition to iOS, the vulnerabilities were also present in iPadOS, which is largely the same operating system. The new update fixes...
Google has a fix for their zero-day flaw in Chrome OS and Chrome
Google found out that their latest versions of Chrome and Chrome OS had a zero-day security flaw. Google has a security team that is responsible for finding these vulnerabilities, named Project Zero. They found out that hackers were using the flaw to attack Chrome users.
Google patched the flaw ...
Microsoft releases patch for three active zero-day vulnerabilities
For three zero-day vulnerabilities in different versions of Microsoft Windows, a patch was released this week to tighten security. Should the update not be downloaded and installed immediately, Windows users run the risk that hackers could take over their system.
Two of the three vulnerabilities...
Trend Micro zero-days abused by hackers
Hackers have attempted to exploit two zero-day vulnerabilities in Trend Micro solutions. The company reported this earlier this week in an statement.
The Japanese security firm released patches on Monday to address the two vulnerabilities. The patch resolved three other issues, which were basica...
Hackers are actively using zero-day exploits in WordPress
More than 35 percent of the websites run on WordPress. This huge attack surface is recently being attacked more by hackers, who are trying to exploit certain bugs in plugins. Some of these vulnerabilities are zero-day exploits, weaknesses that are unknown to the creators of the plugins.
Accordin...
New Oracle WebLogic vulnerability found in the wild
Security researchers have found a new zero day vulnerability that has an impact on the Oracle WebLogic server. The vulnerability is currently being abused in the wild. Oracle has been notified, but had released its three monthly security update four days before its discovery.
This means that an upd...
Zero-day in Windows gives attackers full control over PC
A bug in the Windows kernel is actively exploited in cyber attacks to completely take over an affected system. The zero-day leak was discovered and patched by Microsoft last week.
The leak was discovered by Kaspersky Lab researchers and was also abused in the wild before Microsoft was notified. The ...
Google researcher finds zero day in TP-Link routers
Google security engineer Matthew Garrett has revealed a zero day vulnerability in TP-Link's SR20 smart home routers. The company would not have responded when the investigator revealed the vulnerability to them.
The error is an arbitrary code execution (ACE) error in TP-Link SR20 routers. These are ...
Chrome update solves zero-day; immediate update recommended
Google has announced that a patch that it rolled out to web browser Chrome on March 1 solves a zero-day exploit that has been actively exploited. Updating your browser immediately is therefore very important. There are not many details about the update and the exploit.
A zero-day is a vulnerability ...
Zero-day in Chrome is used to collect information via PDFs
Security company EdgeSpot has discovered PDF documents that take advantage of a zero-day leak in Google Chrome's PDF viewer to collect information.
EdgeSpot has discovered two different sets of PDF files, one of which was distributed in October 2017 and the other in September 2018.
The first batch ...