Cybercriminals enhance tactics to exploit zero-day flaws
HP Wolf Security caught exploits of the zero-day CVE-2021-40444 a remote code execution vulnerability in the MSHTML browser engine that can be triggered by opening a malicious Microsoft Office document.
The flaw was caught a week before a patch was released for it. The latest HP Wolf Security Th... Read more
Apple warns for active exploited zero-day vulnerability on Macs
Apple has warned iPhone and Mac users that it is aware of a zero-day bug under active exploit. The company thanked Google for spotting the bug, assigned CVE-2021-30869, which the world's largest ad company seems to have noticed since it impacts the WebKit browser engine.
It is a serious flaw, as... Read more
Apple releases update fixing NSO spyware vulnerabilities
The vulnerabilities affects Macs, iPhones, iPads and Watches.
Apple released an urgent and critical security update for Mac, iPhone, iPad and Watch. The update comes after researchers with Citizen Lab discovered a zero-day, zero-click exploit from mercenary spyware company NSO Group.
The spy... Read more
Google researchers discover new zero-day attack vectors
They found malware campaigns that exploited previously unknown flaws in Google Chrome, Internet Explorer and WebKit.
Google released information this week about four zero-day security vulnerabilities that they found "in the wild" earlier this year. Google's Threat Analysis Group (TAG) and Projec... Read more
Project Zero gives users 30 days to install patches
Google Project Zero has added a 30-day period to the 90-day period in which it releases details of zero-days. The initiative still gives companies 90 days to release patches, but users will then have 30 days to install them.
In a blog post, Project Zero says that the initiative is adjusting its ... Read more
Microsoft closes multiple zero-days in Patch Tuesday
Microsoft has released its monthly series of security updates for its software. During this round of patches, more than one hundred vulnerabilities will be closed, five of which are labelled as zero-days.
Bleeping Computer has posted an overview of all the vulnerabilities on its website. Five of... Read more
Dutch hackers get 200k for finding critical security leaks in Zoom
Two Dutch hackers from Computest Security, Daan Keuper and Thijs Alkemade, have discovered critical security vulnerabilities in the video calling application Zoom. For discovering and reporting these critical security leaks, they will receive a reward of 200,000 dollars.
The security experts of ... Read more
Update patches actively exploited zero-day in Windows
Microsoft has rolled out a new series of updates for Windows. These updates consist mainly of batches for security problems. One of these vulnerabilities has already been exploited.
The bug in question is CVE-2021-1732. It concerns a bug in Win32k which allowed elevated privileges. ZDNet writes ... Read more
Google fixes zero-day vulnerability in Chrome
On Thursday, Google released a Chrome fix for a high-severity security problem in the browser. It is believed that the flaw was being exploited in the wild. The update will roll out in the coming days and weeks, according to Google’s blog post about the issue.
Google has named the vulnerabilit... Read more
Google reports about complex Windows and Android hacking scheme
Google published a report in six parts, detailing how a complex hacking operation detected in early 2020 worked. The campaign targeted Android and Windows devices. The attacks were executed using two exploit servers that targeted different exploit chains, deploying watering hole-style attacks.
O... Read more