Archive for the ‘Zero day’ Category

China Taking Control of Zero-Day Exploits

Countdown to #ZeroDay: #Stuxnet and the Launch of the World’s First #DigitalWeapon

Leave a Comment

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member […]

Leave a Comment

Critical 0day in the Fancy Product Designer WordPress plugin actively exploited

Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked as CVE-2021-24370, in the Fancy Product Designer WordPress plugin is actively exploited in the wild. Fancy Product Designer is a premium plugin that allows customers to design and customize any kind of product in their online stores, it is […]

Leave a Comment

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. […]

Leave a Comment

Microsoft says China-backed hackers are exploiting Exchange zero-days

Leave a Comment

A threat actor exploited 11 zero-day flaws in 2020 campaigns

Google researchers observed two separate waves of attacks that took place in February and October 2020, respectively. Threat actors set up malicious sites in a series of watering hole attacks that were redirecting visitors to exploit servers hosting exploit chains for Android, Windows, and iOS devices. “In October 2020, Google Project Zero discovered seven 0-day […]

Leave a Comment

Exchange Servers targeted via zero-day exploits, have yours been hit?

Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines. Source: The zero-day bugs affecting Exchange Servers

Leave a Comment

Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper

Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim. The absence of access controls, brute-force protection, and multi-factor authentication in the Gaper app mean attackers could potentially exfiltrate sensitive personal data and use that data to achieve full account takeover within just […]

Leave a Comment

Chrome zero-day browser bug found

Leave a Comment

Google: Proper patching would have prevented 25% of all zero-days found in 2020

Google said today that a quarter of all the zero-day vulnerabilities discovered being exploited in the wild in 2020 could have been avoided if vendors had patched their products correctly. The company, through its Project Zero security team, said it detected 24 zero-days exploited by attackers in 2020. Six of these were variations of vulnerabilities disclosed in […]

Leave a Comment

Google patches two more Chrome zero-days

Google has now patched five Chrome zero-days in three weeks. Source: Google patches two more Chrome zero-days | ZDNet URGENT Google Chrome Zero Day flaw security update Zer0 Days

Leave a Comment

Expert disclosed two Zero-Day flaws in Microsoft browsers

A 20-year-old security researcher publicly disclosed details and proof-of-concept exploits for two zero-day vulnerabilities in Microsoft web browsers. Source: Expert disclosed two Zero-Day flaws in Microsoft browsers Zero Day Vulnerability titles

Leave a Comment

Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch

A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system. Source: Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch

Leave a Comment