Tag: zero-day
-
Check Point Unveils New AI-Powered Network Security Software Amidst Rising Global Threats
Today, Check Point Software has unveiled its new Check Point Quantum Firewall Software R82 (R82), as well as additional innovations for the Infinity Platform. The R82 delivers new AI-powered engines to prevent against zero-day threats including phishing, malware, and domain name system (DNS) exploits. It also includes new architectural changes and innovations that drive DevOps…
-
‘Water Barghest’ Sells Hijacked IoT Devices for Proxy Botnet Misuse
by
in SecurityNews
Tags: botnet, cyber, cybercrime, espionage, group, iot, marketplace, router, vulnerability, zero-dayAn elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/water-barghest-sells-hijacked-iot-devices-proxy-botnet-misuse
-
Palo Alto Networks customers grapple with another actively exploited zero-day
by
in SecurityNewsThe security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE;entry and patch came 10 days later. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/palo-alto-networks-pan-os-firewall-zero-day/733336/
-
Apple Confirms Zero Day Attacks Hitting macOS Systems
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36616/Apple-Confirms-Zero-Day-Attacks-Hitting-macOS-Systems.html
-
Apple addressed two actively exploited zero-day vulnerabilities
by
in SecurityNewsApple released security updates for iOS, iPadOS, macOS, visionOS, and Safari browser to address two actively exploited zero-day flaws. Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. The vulnerability CVE-2024-44309 is a cookie management issue…
-
Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)
by
in SecurityNewsApple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that >>may have been actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/cve-2024-44309-cve-2024-44308/
-
Oracle Patches Exploited Agile PLM Zero-Day
by
in SecurityNewsOracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild. The post Oracle Patches Exploited Agile PLM Zero-Day appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/oracle-patches-exploited-agile-plm-zero-day/
-
Microsoft KI und Cloud: Neues Bug-Bounty-Event mit 4 Millionen US-Dollar Prämie
by
in SecurityNewsEntdecken Sicherheitsforscher beim neuen Zero-Day-Quest-Event Lücken in Microsoft-Produkten, winken hohe Geldprämien. First seen on heise.de Jump to article: www.heise.de/news/Microsoft-KI-und-Cloud-Neues-Bug-Bounty-Event-mit-4-Millionen-US-Dollar-Praemie-10077677.html
-
Apple Notfall-Sicherheitsupdate: Intel-basierte Mac-Systeme in Gefahr
by
in SecurityNewsApple schließt kritische Sicherheitslücken in macOS mit Notfall-Sicherheitsupdates. Jetzt handeln und vor Zero-Day-Angriffen schützen! First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/apple-notfall-sicherheitsupdate-intel-basierte-mac-systeme-in-gefahr-304500.html
-
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
by
in SecurityNewsApple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.The flaws are listed below -CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web contentCVE-2024-44309 – A cookie management…
-
Apple says Mac users targeted in zero-day cyberattacks
by
in SecurityNewsApple said the security update for Macs, iPhones, and iPads is “recommended for all users.” First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/19/apple-says-mac-users-targeted-in-zero-day-cyberattacks/
-
China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer
by
in SecurityNewsNo word on when or if the issue will be fixed First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/
-
Apple fixes two zero-days used in attacks on Intel-based Macs
by
in SecurityNewsApple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/
-
Apple Confirms Zero-Day Attacks Hitting macOS Systems
by
in SecurityNewsApple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. The post Apple Confirms Zero-Day Attacks Hitting macOS Systems appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
-
Microsoft launches ‘Zero Day Quest’ competition to enhance cloud and AI security
by
in SecurityNewsThe tech giant is upping the bounties attached to several popular systems. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-launches-zero-day-quest-competition-to-enhance-cloud-and-ai-security/
-
Fortinet VPN zero-day leveraged in new Chinese credential theft campaign
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/fortinet-vpn-zero-day-leveraged-in-new-chinese-credential-theft-campaign
-
Palo Alto sounds alarm over PAN-OS zero-day attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/palo-alto-sounds-alarm-over-pan-os-zero-day-attacks
-
Apple Confirms Zero-Day Attacks Hitting Intel-based Macs
by
in SecurityNewsApple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. The post Apple Confirms Zero-Day Attacks Hitting Intel-based Macs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/apple-confirms-zero-day-attacks-hitting-intel-based-macs/
-
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/
-
Microsoft announces Zero Day Quest hacking event with big rewards
by
in SecurityNewsMicrosoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/microsoft-zero-day-quest-hacking-event/
-
China-linked actor’s malware DeepData exploits FortiClient VPN zero-day
by
in SecurityNewsChinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a…
-
Palo Alto Networks tackles firewall-busting zero-days with critical patches
by
in SecurityNewsAmazing that these two bugs got into a production appliance, say researchers First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/palo_alto_networks_patches/
-
Palo Alto Sounds Alarm Over PAN-OS Zero Day Attacks
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36613/Palo-Alto-Sounds-Alarm-Over-PAN-OS-Zero-Day-Attacks.html
-
Microsoft launches Zero Day Quest hacking event with $4 million in rewards
by
in SecurityNewsMicrosoft announced today at its Ignite annual conference in Chicago, Illinois, that it’s expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-launches-zero-day-quest-hacking-event-with-4-million-in-rewards/
-
Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek
Palo Alto Networks has released patches and CVEs for the firewall zero-days exploited in what the company calls Operation Lunar Peek. The post Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-patches-firewall-zero-day-exploited-in-operation-lunar-peek/
-
PAN-OS Firewall Vulnerability Under Active Exploitation IoCs and Patch Released
by
in SecurityNewsPalo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild.To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface…
-
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
by
in SecurityNewsChinese threat actors use a custom post-exploitation toolkit named ‘DeepData’ to exploit a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client that steal credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/
-
WhatsApp zero-day exploited by NSO Group post lawsuit
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/whatsapp-zero-day-exploited-by-nso-group-post-lawsuit
-
Palo Alto Networks patches two firewall zero-days used in attacks
by
in SecurityNewsPalo Alto Networks has finally released security updates for an actively exploited zero-day vulnerability in its Next-Generation Firewalls (NGFW). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/
-
Palo Alto Networks Patches Critical Zero-Day Firewall Bug
by
in SecurityNewsThe security vendor’s Expedition firewall appliance’s PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls