Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that, […]
React to this headline:
Defenders must adapt to shrinking exploitation timelines Read More »
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console
React to this headline:
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”
React to this headline:
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect
React to this headline:
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream
React to this headline:
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) 2024-08-22 at 12:01 By Zeljka Zorz A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript and WebAssembly engine developed by Google
React to this headline:
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) Read More »
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free
React to this headline:
Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability
React to this headline:
Microsoft fixes 6 zero-days under active attack Read More »
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) 2024-08-12 at 13:31 By Zeljka Zorz A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interaction to be
React to this headline:
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) Read More »
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests
React to this headline:
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s
React to this headline:
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li
React to this headline:
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a
React to this headline:
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical
React to this headline:
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) 2024-05-24 at 10:46 By Zeljka Zorz For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability
React to this headline:
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) Read More »
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) 2024-05-16 at 12:01 By Zeljka Zorz For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly
React to this headline:
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) Read More »
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that
React to this headline:
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap
React to this headline:
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.
React to this headline:
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a
React to this headline:
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »