Hacker, Threats & Malware, Vulnerabilities
June 5, 2023
Via: Help Net SecurityThe zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many […]
Threats & Malware, Vulnerabilities
May 26, 2023
Via: The Hacker NewsEmail protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company’s Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been […]
Threats & Malware, Vulnerabilities
May 10, 2023
Via: The Hacker NewsMicrosoft has rolled out Patch Tuesday updates for May 2023 to address 38 security flaws, including one zero-day bug that it said is being actively exploited in the wild. Trend Micro’s Zero Day Initiative (ZDI) said the volume is the […]
Threats & Malware, Vulnerabilities
April 20, 2023
Via: The Hacker NewsFortra, the company behind Cobalt Strike, shed light on a zero-day remote code execution (RCE) vulnerability in its GoAnywhere MFT tool that has come under active exploitation by ransomware actors to steal sensitive data. The high-severity flaw, tracked as CVE-2023-0669 […]
Threats & Malware, Vulnerabilities
April 19, 2023
Via: The Hacker NewsGoogle on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics […]
April 13, 2023
Via: The Hacker NewsGoogle on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation. “While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they’re known and fixed, which […]
Threats & Malware, Vulnerabilities
March 21, 2023
Via: The Hacker NewsAs many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 […]
Threats & Malware, Vulnerabilities
March 14, 2023
Via: Help Net SecurityIt’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023-23397 is a critical EoP vulnerability in Microsoft Outlook that is […]
January 20, 2023
Via: The Hacker NewsA suspected China-nexus threat actor exploited a recently patched vulnerability in Fortinet FortiOS SSL-VPN as a zero-day in attacks targeting a European government entity and a managed service provider (MSP) located in Africa. Telemetry evidence gathered by Google-owned Mandiant indicates […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
December 14, 2022
Via: Security WeekApple announced on November 30 that an advisory for iOS 16.1.2 would be released in the coming days. The advisory was published two weeks later, on Patch Tuesday, and it’s unclear why the tech giant waited for so long to […]
Threats & Malware, Vulnerabilities
October 28, 2022
Via: The Hacker NewsGoogle on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan […]
Threats & Malware, Vulnerabilities
December 9, 2021
Via: Help Net SecuritySonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although there’s currently no evidence of these bugs being exploited in active attacks, threat actors […]
Threats & Malware, Vulnerabilities
April 12, 2021
Via: CSO OnlineZero day definition A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. The name ultimately derives from the world of digital content piracy: if […]
Threats & Malware, Vulnerabilities
March 3, 2021
Via: Hot for SecurityA new zero-day vulnerability has been discovered in the popular web browser Chrome, with Google noting that the flaw is being exploited by malicious actors. Users should install the updated version of the browser containing the patch as soon as […]
Threats & Malware, Vulnerabilities
March 3, 2021
Via: DataBreach TodayMicrosoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server, one of the most widely used pieces of enterprise infrastructure. The company says it believes the flaws have been exploited by a China-based group […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
June 2, 2020
Via: Security WeekTracked as CVE-2020-9859, the vulnerability was found in the iOS kernel and it can allow an application to achieve unsandboxed, kernel-level code execution. An exploit for the issue was added to the unc0ver 5.0 jailbreak utility, which was released to […]
April 23, 2020
Via: Security WeekAccording to ZecOps, the vulnerabilities have existed since iOS 6, a version released in 2012. The company reported its findings to Apple in February and March, and notified the tech giant of attacks exploiting the flaws. The vendor has patched […]
Application security, Security, Threats & Malware, Vulnerabilities
January 9, 2020
Via: Help Net SecurityMozilla has patched a Firefox zero-day vulnerability (CVE-2019-17026) that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. About CVE-2019-17026 A day after Mozilla released […]
December 13, 2019
Via: Help Net SecurityAmid significant increases in both malware and network attacks, multiple Apache Struts vulnerabilities – including one used in the devastating Equifax data breach – appeared for the first time on WatchGuard’s list of most popular network attacks in Q3 2019. […]
December 11, 2019
Via: Dark ReadingThis month’s batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild. The last Patch Tuesday of 2019 is also Microsoft’s lightest of the year, with fixes […]