Tag: zero-day
-
Microsoft fixes 6 zero-days under active attack
by
in SecurityNewsAugust 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/13/microsoft-zero-days-under-attack/
-
New Windows SmartScreen bypass exploited as zero-day since March
by
in SecurityNewsToday, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection w… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/
-
Microsoft Tackles 9 Zero-Day Exploits in August 2024 Patch Tuesday Update
by
in SecurityNewsMicrosoft has released its August 2024 Patch Tuesday update, addressing multiple vulnerabilities across its software ecosystem. This month’s update fe… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-august-2024-patch-tuesday/
-
New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
by
in SecurityNewsA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning … First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/new-zero-day-flaw-in-apache-ofbiz-erp.html
-
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disc… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/
-
August Patch Pileup: Microsoft’s Zero-Day Doozy Dump
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/august-2024-patch-tuesday-richixbw/
-
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
by
in SecurityNewsMicrosoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-warns-of-six-windows-zero-days-being-actively-exploited/
-
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits
by
in SecurityNewsMicrosoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation i… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/microsoft-issues-patches-for-90-flaws.html
-
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
by
in SecurityNewsA new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week…. First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/12/cve-2024-38200/
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
by
in SecurityNewsIntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Five zero-days impacts EoL Cisco Small Business IP Phones. Replace them with newer models asap!
by
in SecurityNewsCisco warns of critical remote code execution zero-day vulnerabilities impacting end-of-life Small Business SPA 300 and SPA 500 series IP phones. Cisc… First seen on securityaffairs.com Jump to article: securityaffairs.com/166811/uncategorized/zero-days-eof-small-business-ip-phones.html
-
Cisco warns of critical RCE zero-days in end of life IP phones
by
in SecurityNewsCisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/
-
Zero Day Inititave findet Lücken in Deep Sea Electronics DSE855 Day-Schwachstellen in Embedded Device
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/trend-micro-zdi-bericht-dse855-schwachstellen-a-d8ad58d9815c0f76ef3861a7e18b215f/
-
>>Perfect<< Windows downgrade attack turns fixed vulnerabilities into zero-days
by
in SecurityNewsA researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were ful… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/08/windows-downgrade-attack/
-
Microsoft discloses Office zero-day, still working on a patch
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-discloses-office-zero-day-still-working-on-a-patch/
-
RCE possible with critical Apache OFBiz zero-day
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-possible-with-critical-apache-ofbiz-zero-day
-
SEC ends probe into MOVEit attacks impacting 95 million people
by
in SecurityNewsThe SEC concludes its investigation into Progress Software’s handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed d… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sec-ends-probe-into-moveit-attacks-impacting-95-million-people/
-
Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities
by
in SecurityNewsEvery software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat acto… First seen on gbhackers.com Jump to article: gbhackers.com/windows-zero-day-downgrade/
-
Check Point sheds light on Windows MSHTML zero-day flaw
by
in SecurityNewsA Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far ba… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366593234/Check-Point-sheds-light-on-Windows-MSHTML-zero-day-flaw
-
Feds Drop Probe Into Progress Software Over MOVEit Zero-Day
by
in SecurityNewsClop Ransomware Group Exploited Flaw to Steal Data Pertaining to 95M Individuals. Progress Software said the U.S. Securities and Exchange Commission h… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/feds-drop-probe-into-progress-software-over-moveit-zero-day-a-25983
-
Microsoft fixes 2 zero-days in massive July Patch Tuesday
by
in SecurityNewsMicrosoft disclosed and patched a whopping 142 vulnerabilities in a busy Patch Tuesday that included two zero-day flaws under active exploitation in t… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366593052/Microsoft-fixes-2-zero-days-in-massive-July-Patch-Tuesday
-
Hyper-V zero-day stands out on a busy Patch Tuesday
by
in SecurityNewsFirst seen on computerweekly.com Jump to article: www.computerweekly.com/news/366592779/Hyper-V-zero-day-stands-out-on-a-busy-Patch-Tuesday
-
Google says Android zero-day was exploited in the wild
by
in SecurityNewsFirst seen on therecord.media Jump to article: therecord.media/android-zero-day-google-fix-august-patch
-
Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Why a strong patch management strategy is essential … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/04/week-in-review-vmware-esxi-zero-day-exploited-sms-stealer-malware-targeting-android-users/
-
>>Patchless Patching<< for Zero Days: Qualys Advances Vulnerability Management
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/qualys-rolls-out-patchless-patching-asserts-advantages-for-mssps
-
Japanese space agency spotted zero-day attacks while cleaning up raid on M365
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/11/jaxa_m365_zeroday_attacks/
-
kvmCTF: Google’s $250K Bounty for KVM Zero-Day Vulnerabilities
by
in SecurityNewsIn October 2023, Google announced the launch of kvmCTF, a new vulnerability reward program (VRP) designed to improve the security of the Kernel-based … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/kvmctf-googles-250k-bounty-for-kvm-zero-day-vulnerabilities/
-
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
by
in SecurityNewsRansomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/30/cve-2024-37085-exploited/
-
MoveIt Transfer vulnerability targeted amid disclosure drama
by
in SecurityNewsProgress Software’s MoveIt Transfer is under attack again, just one year after a Clop ransomware actor exploited a different zero-day MoveIt flaw agai… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366591974/MoveIt-Transfer-vulnerability-targeted-amid-disclosure-drama