October 8, 2019
Via: Security WeekMicrosoft has released a new set of security patches for a zero-day vulnerability in Internet Explorer that was initially addressed on September 23. The initial updates introduced some printing issues, but the new ones also appear to be buggy. Tracked […]
Threats & Malware, Vulnerabilities
September 24, 2019
Via: Help Net SecurityMicrosoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. CVE-2019-1367 is […]
April 17, 2019
Via: Threat PostA just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover. Discovered by Vasily Berdnikov and Boris Larin of Kaspersky […]
Threats & Malware, Vulnerabilities
April 17, 2019
Via: Hot for SecurityYou might think that any security issues with Internet Explorer shouldn’t be much of a problem anymore. After all, most computer users have moved on to more modern alternative browsers like Chrome, Brave, Firefox, Safari, or Microsoft Edge. And even […]
March 8, 2019
Via: Security AffairsGoogle this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver […]
October 10, 2018
Via: Threat PostA zero-day vulnerability tied to the Window’s Win32k component is under active attack, warns Microsoft. Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability […]
September 18, 2018
Via: Threat PostFirmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on […]
September 12, 2018
Via: Security WeekMicrosoft’s Patch Tuesday updates for September 2018 address over 60 vulnerabilities, including a zero-day disclosed by a researcher and exploited shortly after by a threat actor. The actively exploited flaw, identified as CVE-2018-8440, was disclosed on August 27 by a […]
June 1, 2018
Via: Security AffairsA North Korea-linked APT group tracked as Andariel Group, leveraged an ActiveX zero-day vulnerability in targeted attacks against South Korean entities. According to a report published by South Korean cyber-security firm AhnLab, the Andariel Group is a division of the […]
May 22, 2018
Via: Security AffairsResearchers from security firm Qihoo 360 Netlab reported that cybercriminals are continuing to target the Dasan GPON routers, they recently spotted threat actors using another new zero-day flaw affecting the same routers and recruit them in their botnet. At the […]
May 16, 2018
Via: Security WeekResearchers at ESET recently came across a malicious PDF file set up to exploit two zero-day vulnerabilities affecting Adobe Reader and Microsoft Windows. The malicious document leverages a privilege escalation flaw in Windows (CVE-2018-8120) and a remote code execution vulnerability […]
Network security, Vulnerabilities
May 11, 2018
Via: Dark ReadingVulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab. Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems […]
December 29, 2017
Via: Threat PostExploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be […]
October 17, 2017
Via: SecurelistKaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor in a responsible manner and provide all the details required for a fix. On October 10, 2017, […]
October 3, 2017
Via: Security WeekZero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites. The firm’s investigation revealed […]
December 2, 2016
Via: Threat PostThe Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users. “The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there […]
November 18, 2016
Via: Symantec ConnectA newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions […]
November 7, 2016
Via: Naked SecurityEarlier this week, the headlines flashed with news that Google had disclosed a vulnerability to Microsoft that allows local privilege escalation in Windows 10. This vulnerability is a zero-day, meaning these vulnerabilities did not have an immediate fix, and by making […]
July 5, 2016
Via: Security WeekA researcher has discovered a zero-day firmware vulnerability that can be exploited by malicious hackers to disable security features on Lenovo, HP and likely other PCs. Researcher Dmytro Oleksiuk revealed last week that he had identified a privilege escalation vulnerability […]
October 14, 2015
Via: hackerResearchers at Trustwave spotted a zero-day #exploit in the Magmi plugin for the #magento e-commerce platform that can be used by an attacker to access #credentials and potentially gain complete control of the a user’s Magento database. The vulnerability exists […]