Items tagged with Zero-Day
Microsoft Exchange has quite a storied history of security vulnerabilities and breaches given its widespread usage in the corporate world. While there has not been much news regarding Exchange for a while, the Zero Day Initiative has found four vulnerabilities that, while not absolutely critical, could still pose a...
Read more...
Last month, Apple pushed multiple security updates for its products due to vulnerabilities that could lead to the Triangulation spyware being put on your device. Now, the Cupertino-based company has rolled out another Rapid Security Response (RSR) but has since pulled it back due to flaws with the...
Read more...
Heads up to anyone who's running Google's Chrome browser—and a lot of people are, going by its massive market share—there's another actively-exploited zero-day vulnerability compromising its security. That's a bit of a big deal when you consider there are billions of Chrome installs. Fortunately, Google has pushed out...
Read more...
Dangerous zero-day vulnerabilities found in Samsung Exynos modems have been discovered encompassing Samsung Galaxy phones, Google Pixel 6s and 7s, select wearables, and more. Here's what to expect, the steps to take, and find out if your device(s) is affected.
Google's Project Zero found eighteen zero-day...
Read more...
Chrome is the most popular browser on the planet (in terms of market share) with billions of a users, and the unwanted side effect of that immense popularity in the tech space is it attracts bad actors. Such is the reason for the latest browser update—it comes with a warning from Google that one of the security...
Read more...
Do you use BQE Software's BillQuick? If you do, go update it—immediately. Huntress ThreatOps identified nine zero-day vulnerabilities in BillQuick Web Suite, a time and billing software that the publisher claims is in use by over 400,000 users worldwide.
The most serious vulnerability is an all-too-common SQL...
Read more...
Heads up, Microsoft has issued a patch for what security researchers had dubbed a "highly sophisticated" zero-day vulnerability in Windows that hackers could use to target Office 365 and Office 2019 users. It is available as a standalone release, and also as part of this month's cumulative Patch Tuesday update, which...
Read more...
Have you updated your Chrome browser lately? Assuming you use Chrome, now would be a good time to force the issue, as the latest update brings with it patches for nearly a dozen security flaws, including a pair of zero-day vulnerabilities that Google says are actively being exploited in the wild. So, yeah, take two...
Read more...
Security researchers say they discovered and reported to Microsoft a "highly sophisticated" zero-day attack vector in Windows that targets Office 365 and Office 2019 users. In some cases, simply opening an infected document would be enough to compromise a PC. Furthermore, there does not yet exist a patch, though one...
Read more...
Companies like Microsoft and others are potentially getting more time to fix zero-day vulnerabilities before Google's Project Zero team discloses them to the public, as part of a new policy change for 2021. At the same time, end users can potentially expect zero-day security patches to arrive quicker and be more...
Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as...
Read more...
Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product. The patch plugs a hole that was being abused in the wild by hackers. Sophos says that it learned of the zero-they exploit on Wednesday of last week, after receiving a report from one of its...
Read more...
Earlier this week, it was reported that a zero-day exploit has been running in the wild that targets the iOS Mail app. First discovered by the researchers at ZecOps, the vulnerability has been labeled as "zero-click" because it allegedly needs no intervention from the user to attack an iPhone or iPad running even the...
Read more...
If you're an Apple iPhone or iPad owner that uses the native Mail app for emailing purposes (and that probably includes a marjory of iOS users), we have a word of caution for you. The folks over at ZecOps have uncovered a vulnerability in the app that is currently active in the wild, pending a fix from...
Read more...
It is big news when a major vulnerability is discovered and exploited in Windows, because there is the potential to do a lot of harm. We saw this when WannaCry crippled UK hospitals for a short time (fortunately, it was mitigated rather quickly). Now, you may not have heard of VxWorks, a real-time operating system...
Read more...
SandboxEscaper is at it again, releasing another zero-day exploit into the wild without giving Microsoft a heads up before publication. If you recall, SandboxEscaper doesn't think too highly Microsoft and has published other zero-day vulnerabilities affecting the company's software dating back to the summer of...
Read more...
Although Microsoft is hoping for a big browser comeback with the Chromium-based version of the Microsoft Edge browser, there’s another browser in the company’s repertoire that many people have already forgotten about. Of course, we’re talking about the “undead” Internet Explorer.
Internet Explorer has a long...
Read more...
Microsoft has released an emergency patch to fix a critical vulnerability discovered in Internet Explorer. If left unpatched, an attacker could exploit the security hole to remotely execute malicious code on a victim's PC when visiting a compromised website. Listed as CVE-2018-8653, the flaw affects all supported...
Read more...
It's been a rough October for Microsoft and its Windows 10 operating system. Now, to add insult to injury, another zero-day flaw has been published via Twitter. SandboxEscaper, who also published a zero-day Windows vulnerability via the social media platform back in late August, disclosed this latest exploit.
The...
Read more...
A former security researcher decided to go out with a bang after apparently deciding to retire from the security game and blog about traveling instead. Known on Twitter as SandboxEscaper, the researcher revealed in a tweet a zero-day vulnerability affecting Windows rather than submitting a bug report to...
Read more...
A vulnerability researcher at Google is giving props to Microsoft for issuing a quick fix to what he described as a "crazy bad" remote code exploit in the company's malware protection engine. He also said it was the worst of its kind in recent memory, and that is because prior to the patch, a remote attacker could...
Read more...
