Items tagged with Zero-Day
Chrome is the most popular browser on the planet (in terms of market share) with billions of a users, and the unwanted side effect of that immense popularity in the tech space is it attracts bad actors. Such is the reason for the latest browser update—it comes with a warning from Google that one of the security...
Read more...
Do you use BQE Software's BillQuick? If you do, go update it—immediately. Huntress ThreatOps identified nine zero-day vulnerabilities in BillQuick Web Suite, a time and billing software that the publisher claims is in use by over 400,000 users worldwide.
The most serious vulnerability is an all-too-common SQL...
Read more...
Heads up, Microsoft has issued a patch for what security researchers had dubbed a "highly sophisticated" zero-day vulnerability in Windows that hackers could use to target Office 365 and Office 2019 users. It is available as a standalone release, and also as part of this month's cumulative Patch Tuesday update, which...
Read more...
Have you updated your Chrome browser lately? Assuming you use Chrome, now would be a good time to force the issue, as the latest update brings with it patches for nearly a dozen security flaws, including a pair of zero-day vulnerabilities that Google says are actively being exploited in the wild. So, yeah, take two...
Read more...
Security researchers say they discovered and reported to Microsoft a "highly sophisticated" zero-day attack vector in Windows that targets Office 365 and Office 2019 users. In some cases, simply opening an infected document would be enough to compromise a PC. Furthermore, there does not yet exist a patch, though one...
Read more...
Companies like Microsoft and others are potentially getting more time to fix zero-day vulnerabilities before Google's Project Zero team discloses them to the public, as part of a new policy change for 2021. At the same time, end users can potentially expect zero-day security patches to arrive quicker and be more...
Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as...
Read more...
Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product. The patch plugs a hole that was being abused in the wild by hackers. Sophos says that it learned of the zero-they exploit on Wednesday of last week, after receiving a report from one of its...
Read more...
Earlier this week, it was reported that a zero-day exploit has been running in the wild that targets the iOS Mail app. First discovered by the researchers at ZecOps, the vulnerability has been labeled as "zero-click" because it allegedly needs no intervention from the user to attack an iPhone or iPad running even the...
Read more...
If you're an Apple iPhone or iPad owner that uses the native Mail app for emailing purposes (and that probably includes a marjory of iOS users), we have a word of caution for you. The folks over at ZecOps have uncovered a vulnerability in the app that is currently active in the wild, pending a fix from...
Read more...
It is big news when a major vulnerability is discovered and exploited in Windows, because there is the potential to do a lot of harm. We saw this when WannaCry crippled UK hospitals for a short time (fortunately, it was mitigated rather quickly). Now, you may not have heard of VxWorks, a real-time operating system...
Read more...
SandboxEscaper is at it again, releasing another zero-day exploit into the wild without giving Microsoft a heads up before publication. If you recall, SandboxEscaper doesn't think too highly Microsoft and has published other zero-day vulnerabilities affecting the company's software dating back to the summer of...
Read more...
Although Microsoft is hoping for a big browser comeback with the Chromium-based version of the Microsoft Edge browser, there’s another browser in the company’s repertoire that many people have already forgotten about. Of course, we’re talking about the “undead” Internet Explorer.
Internet Explorer has a long...
Read more...
Microsoft has released an emergency patch to fix a critical vulnerability discovered in Internet Explorer. If left unpatched, an attacker could exploit the security hole to remotely execute malicious code on a victim's PC when visiting a compromised website. Listed as CVE-2018-8653, the flaw affects all supported...
Read more...
It's been a rough October for Microsoft and its Windows 10 operating system. Now, to add insult to injury, another zero-day flaw has been published via Twitter. SandboxEscaper, who also published a zero-day Windows vulnerability via the social media platform back in late August, disclosed this latest exploit.
The...
Read more...
A former security researcher decided to go out with a bang after apparently deciding to retire from the security game and blog about traveling instead. Known on Twitter as SandboxEscaper, the researcher revealed in a tweet a zero-day vulnerability affecting Windows rather than submitting a bug report to...
Read more...
A vulnerability researcher at Google is giving props to Microsoft for issuing a quick fix to what he described as a "crazy bad" remote code exploit in the company's malware protection engine. He also said it was the worst of its kind in recent memory, and that is because prior to the patch, a remote attacker could...
Read more...
As always, be wary of opening email attachments, especially from untrusted sources. Security outfits FireEye and McAfee have both observed malicious Microsoft Office RTF documents in the wild that are exploiting a zero-day vulnerability in Microsoft Windows and Office that has not yet been patched. The samples...
Read more...
When WikiLeaks revealed the Central Intelligence Agency’s (CIA’s) hacking arsenal to the world, it was made clear that the agency is capable of snooping on Samsung Smart TVs thanks to various security exploits. However, it’s not just Samsung Smart TVs that are susceptible, a new report suggests that a number of...
Read more...
Newer versions of Windows, including Windows 10 are vulnerable right now to a new Server Message Block (SMB) zero-day exploit that has been shown as a proof-of-concept. The vulnerability was first demonstrated by @PythonResponder and requires a user to connect to a SMBv3 server for a successful attack.
Given the...
Read more...
Microsoft has often said that Windows 10 offers the best security features and malware protection of any Windows OS to date. In case anyone doubts that claim, the Redmond outfit explained how Windows 10 with the Anniversary Update installed was able to thwart a pair of potentially dangerous zero-day exploits months...
Read more...
