Tag: zero-day
-
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE Zero-Day in Supply Chain Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/
-
SolarWinds Web Help Desk Vulnerability Allows Remote Code Execution
A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their investigation into a previous security flaw. CVE-2024-28988: Java Deserialization Flaw The vulnerability stems from a…
-
64 betroffene Chipsätze in Millionen von Geräte Day-Schwachstelle in Qualcomm-Prozessoren
First seen on security-insider.de Jump to article: www.security-insider.de/qualcomm-bestaetigt-behebt-zero-day-schwachstelle-mobilen-prozessoren-a-256ed4b1e8ca9ecfe268378879f3e0e8/
-
70% of exploited flaws disclosed in 2023 were zero-days
Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-70-percent-of-exploited-flaws-disclosed-in-2023-were-zero-days/
-
Zero-day flaw behind Rackspace breach still a mystery
More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613555/Zero-day-flaw-behind-Rackspace-breach-still-a-mystery
-
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all sizes. A zero-day vulnerability is a security flaw in software that is unknown to the vendor and remains unpatched at the time of discovery. Attackers exploit these flaws before any defensive measures can be implemented,…
-
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws
Suspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/serious-adversaries-circle-ivanti-csa-flaws
-
Nation-state actor exploited three Ivanti CSA zero-days
An alleged nation-state actor exploited three zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) in recent attacks. Fortinet FortiGuard Labs researchers warn that a suspected nation-state actor has been exploiting three Ivanti Cloud Service Appliance (CSA) zero-day issues to carry out malicious activities. The three vulnerabilities exploited by the threat actor are: “an advanced adversary…
-
Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft
NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric… First seen on hackread.com Jump to article: hackread.com/zero-day-flaws-ev-chargers-to-shutdowns-data-theft/
-
Researchers Win $70K for Reporting Zero-Day Flaws in EV Chargers
NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric… First seen on hackread.com Jump to article: hackread.com/researchers-win-reporting-ev-chargers-zero-day-flaws/
-
Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days. The post Chinese State Hackers Main Suspect in Recent Ivanti CSA Zero-Day Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-csa-zero-day-exploitation-attributed-to-state-sponsored-hackers/
-
Recent Firefox Zero-Day Exploited Against Tor Browser Users
Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox. The post Recent Firefox Zero-Day Exploited Against Tor Browser Users appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/
-
Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration
A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions.That’s according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to…
-
THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 – Oct 13)
Hey there, it’s your weekly dose of “what the heck is going on in cybersecurity land” and trust me, you NEED to be in the loop this time. We’ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin it’s full of stuff they don’t 🤫 want you to know.So…
-
Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/13/week-in-review-microsoft-fixes-two-exploited-zero-days-soc-teams-are-losing-trust-in-security-tools/
-
Critical Mozilla Firefox Zero-Day Allows Code Execution
The bug is already being exploited in the wild, but Firefox has provided patches for those who may be vulnerable. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/critical-mozilla-firefox-zero-day-code-execution
-
Zero-Day-Lücke in Qualcomm-Mobilprozessoren bereits vereinzelt angegriffen
Etliche Snapdragon-Chips für Android-Geräte weisen eine als kritisch eingestufte Sicherheitslücke auf. Sie wurde schon vereinzelt und gezielt ausgenutzt. First seen on heise.de Jump to article: www.heise.de/news/Zero-Day-Luecke-in-Qualcomm-Mobilprozessoren-bereits-vereinzelt-angegriffen-9977340.html
-
Trio of Ivanti CSA zero-day vulnerabilities under exploit threat
The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-zero-day-vulnerabilities-exploitation/729354/
-
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.” An attacker was able to achieve code execution in the…
-
Firefox 131 Update Patches Exploited Zero-Day Vulnerability
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36458/Firefox-131-Update-Patches-Exploited-Zero-Day-Vulnerability.html
-
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/10/cve-2024-9680/
-
Microsoft adressiert Zero-Day-Schwachstellen
Im aktuellen Patch-Tuesday-Update nimmt sich Microsoft fünf Zero-Day-Schwachstellen an, darunter zwei, die bereits aktiv ausgenutzt werden. First seen on csoonline.com Jump to article: www.csoonline.com/de/a/microsoft-adressiert-zero-day-schwachstellen
-
Android-Geräte in Gefahr: Zero-Day-Lücke in Qualcomm-Chips wird aktiv ausgenutzt
Die Lücke betrifft zahlreiche Qualcomm-Produkte, darunter verbreitete 5G-Modems und Snapdragon-SoCs. Einen Patch erhält vermutlich nicht jeder. First seen on golem.de Jump to article: www.golem.de/news/android-geraete-in-gefahr-zero-day-luecke-in-qualcomm-chips-wird-aktiv-ausgenutzt-2410-189708.html
-
Zero-Day-Exploit zeigt beunruhigenden Trend – Immer mehr Angriffe auf Internetanbieter
First seen on security-insider.de Jump to article: www.security-insider.de/-cyberangriffe-internet-service-provider-sicherheitsluecken-praevention-a-aad01b7bab0c01a0ecf080a5b3b28ecc/
-
Patch Tuesday: Microsoft Fixes Management Console RCE Zero-Day
First seen on scworld.com Jump to article: www.scworld.com/brief/patch-tuesday-microsoft-fixes-management-console-rce-zero-day
-
Ivanti zero-day vulnerabilities exploited in chained attack
The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366613041/Ivanti-zero-day-vulnerabilities-exploited-in-chained-attack
-
Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities
On October 10, 2024, Microsoft released its latest round of security updates as part of the monthly Patch Tuesday. This month’s update addresses a total of 118 vulnerabilities, including five zero-days, two of which are actively being exploited. These vulnerabilities impact various Microsoft products, making it crucial for organizations to apply patches promptly and review…
-
Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.”An attacker was able to achieve code execution in the content process by exploiting a use-after-free…
-
Ivanti CSA Customers Targeted in New Zero Day Attacks
Attackers Chain Three Security Flaws with Patched Admin Bypass Vulnerability. Internet appliance maker Ivanti warned customers Tuesday that attackers are actively exploiting new vulnerabilities in Cloud Services Appliance instances by chaining three security flaws with a zero-day patched in September. The company advised customers to update to version 5.0. First seen on govinfosecurity.com Jump to…
-
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/