Archive for the ‘Zero day’ Category

EXPLOIT CODE TO HACK LEXMARK PRINTERS AND PHOTOCOPIERS PUBLISHED, USES ZERO DAY VULNERABILITIES

The American corporation Lexmark International, Inc. is a privately owned business that specializes in the production of laser printers and other image goods. The researcher found that the product is susceptible to two vulnerabilities, either of which can be exploited by an adversary to copy file data from a source path to a destination path […]

Leave a Comment

Multiple Zero-Day Vulnerabilities in Antivirus and Endpoint Let Attackers Install Data Wipers

Next-Generation Wiper Tool Aikido is the wiper tool that has been developed by the Or Yair of SafeBreach Labs, and the purpose of this wiper is to defeat the opponent by using their own power against them. As a consequence, this wiper can be run without being given privileges. In addition, it is also capable of wiping […]

Leave a Comment

Spyware Vendor Variston Exploited Chrome, Firefox and Windows 0-days

A Barcelona-based company, a spyware vendor named Variston IT, is exploiting flaws under the guise of a custom cybersecurity solutions provider. On 30th November, Google’s Threat Analysis Group (TAG) reported that a Barcelona-based company, actually a spyware vendor, named Variston IT has been exploiting n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender under the guise of a […]

Leave a Comment

An Unofficial Patch Has Been Released for Actively Exploited Windows MoTW Zero-Day

There is an unofficial patch from 0patch for a Zero-Day flaw in Microsoft Windows that allows bypassing the MotW (Mark-of-the-Web) protections that are built into the operating system and at moment it’s actively exploited. By utilizing files signed with malformed signatures, this zero-day flaw is able to bypass MotW protections. Various legacy Windows versions as […]

Leave a Comment

Over 900 Servers Hacked Using a Critical Zimbra Zero-day Flaw

The cybersecurity company Kaspersky detected almost 900 servers being compromised by sophisticated attackers leveraging the critical Zimbra Collaboration Suite (ZCS), which at the time was a zero-day without a patch for nearly 1.5 months. “We investigated the threat and was able to confirm that unknown APT groups have actively been exploiting this vulnerability in the […]

Leave a Comment

State-Sponsored Hackers Used MS Exchange 0-Day Bugs to Attack At least 10 Orgs

In August 2022, hackers launched a limited wave of attacks that targeted at least 10 organizations around the world.  There are two newly disclosed zero-day vulnerabilities being exploited by the hackers in these attacks in order to gain access to and compromise Exchange servers in these attacks. Chopper web shell was installed during these attacks […]

Leave a Comment

New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a CVE […]

Leave a Comment

New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a CVE […]

Leave a Comment

Chrome and Edge fix zero-day security hole – update now!

Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild… …the Google programmers announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows. The release notes confirm, in the clipped and frustrating […]

Leave a Comment

URGENT! Apple slips out zero-day update for older iPhones and iPads

Our much-loved iPhone 6+, now nearly eight years old but in pristine, as-new condition until a recent UDI (unintended dismount incident, also known as a bicycle prang, which smashed the screen but left the device working fine otherwise), hasn’t received any security updates from Apple for almost a year. The last update we received was back […]

Leave a Comment

Chrome browser gets 11 security fixes with 1 zero-day – update now!

The latest update to Google’s Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that “an exploit [for this vulnerability] exists in the wild”, making it a zero-day hole. The name zero-day is a reminder […]

Leave a Comment

Microsoft: We Don’t Want to Zero-Day Our Customers

The head of Microsoft’s Security Response Center defends keeping its initial vulnerability disclosures sparse — it is, she says, to protect customers. Jai Vijayan BLACK HAT USA — Las Vegas — A top Microsoft security executive today defended the company’s vulnerability disclosure policies as providing enough information for security teams to make informed patching decisions […]

Leave a Comment

Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited

Microsoft confirms ‘DogWalk’ zero-day vulnerability has been exploited Microsoft has published a fix for a zero-day bug discovered in 2019 that it originally did not consider a vulnerability. The tech giant patched CVE-2022-34713 – informally known as “DogWalk” – on Tuesday, noting in its advisory that it has already been exploited. According to Microsoft, exploitation of the […]

Leave a Comment

Candiru surveillance spyware DevilsTongue exploited Chrome Zero-Day to target journalists

The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which was fixed by Google on July 4, […]

Leave a Comment

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

Apple has disgorged its latest patches, fixing more than 50 CVE-numbered security vulnerabilities in its range of supported products. The relevant security bulletins, update numbers, and where to find them online are as follows: APPLE-SA-2022-07-20-1: iOS 15.6 and iPadOS 15.6, details at HT213346 APPLE-SA-2022-07-20-2: macOS Monterey 12.5, details at HT213345 APPLE-SA-2022-07-20-3: macOS Big Sur 11.6.8, details at HT213344 APPLE-SA-2022-07-20-4: Security Update 2022-005 Catalina, details at HT213343 APPLE-SA-2022-07-20-5: tvOS […]

Leave a Comment

Seven zero-days in 2021 developed commercially and sold to governments

Google: Seven zero-days in 2021 developed commercially and sold to governments Google’s Threat Analysis Group (TAG) released a new report on Thursday chronicling an Italian spyware vendor selling technology used on victims in Italy and Kazakhstan. The report mirrors another from cybersecurity company Lookout that was published last week covering “Hermit” – a brand of surveillanceware developed […]

Leave a Comment

Microsoft shared workarounds for the Microsoft Office zero-day dubbed Follina

Microsoft released workarounds for a recently discovered zero-day vulnerability, dubbed Follina, in the Microsoft Office productivity suite. Microsoft has released workarounds for a recently discovered zero-day vulnerability, dubbed Follina and tracked as  CVE-2022-30190  (CVSS score 7.8), in the Microsoft Office productivity suite. “On Monday May 30, 2022, Microsoft issued  CVE-2022-30190  regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability.” reads […]

Leave a Comment

Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks

A zero-day vulnerability in uClibc and uClibc-ng, a popular C standard library, could enable a malicious actor to launch DNS poisoning attacks on vulnerable IoT devices. The bug, tracked as ICS-VU-638779, which has yet to be patched, could leave users exposed to attack, researchers have warned. DNS poisoning In a DNS poisoning attack, the target domain name […]

Leave a Comment

Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring

An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io […]

Leave a Comment

CISA urges to fix actively exploited Firefox zero-days by March 21

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added recently disclosed Firefox zero-days to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added two critical security vulnerabilities in Mozilla firefox, tracked as  CVE-2022-26485  and  CVE-2022-26486 , to its Known Exploited Vulnerabilities Catalog. The US agency has ordered federal civilian agencies to address […]

Leave a Comment