Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. Source link
Tag: exploit
Facebook patches Messenger audio snooping bug – update now! – Naked Security
Modern telephony is full of anachronisms. For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up. But […]
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies
Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. Source link
Chrome, Flash and malware for sale [Podcast] – Naked Security
In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care […]
Another Chrome zero-day, this time on Android – check your version! – Naked Security
Two weeks ago, the big “zero-day” news concerned a bug in Chrome. We advised everyone to look for a Chrome or Chromium version number ending in .111, given that the previous mainstream version turned out […]
Oracle Solaris Zero-Day Attack Revealed
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw. Source link
Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Source link
Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug
Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Source link
Chrome zero-day in the wild – patch now! – Naked Security
Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome […]
How Automation Helps You Exploit the Value in Big Data
By Simon Shah While the benefits of working with big data are well established, the continuing growth of unstructured data is overwhelming many organizations. That’s because they have little idea of how to manage and […]
Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE
The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. Source link
Windows “Ping of Death” bug revealed – patch now! – Naked Security
Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. […]
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks. Source link
Feds Hit with Successful Cyberattack, Data Stolen
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Zerologon – hacking Windows servers with a bunch of zeros – Naked Security
The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everyone else talks about logging in, but on Windows you’ve always very definitely […]
Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw. Source link
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Monday’s CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. Source link
Cisco Warns of Active Exploitation of Flaw in Carrier-Grade Routers
Multiple flaws in system software that causes errors in packet handling could allow an attacker to consume memory and crash devices. Source link
Google Fixes High-Severity Chrome Browser Code Execution Bug
The high-severity flaw, which was patched in the latest version of Google’s Chrome browser, could allow code execution. Source link
IBM AI-Powered Data Management Software Subject to Simple Exploit
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
‘EmoCrash’ Exploit Stoppered Emotet For 6 Months
A researcher developed a killswitch exploiting a buffer overflow in Emotet - preventing the malware from infecting systems for six months. Source link
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug. Source link
Black Hat 2020: ‘Zero-Click’ MacOS Exploit Chain Uses Microsoft Office Macros
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft’s malicious macros protections to infect MacOS users. Source link
Apple’s latest updates are out for iPhones and Macs – get them now! – Naked Security
When it comes to updates, Apple doesn’t do “predictable”. Other organisations such as Microsoft, Mozilla and Adobe are well-known for publishing updates not only frequently but also regularly. Indeed, with those companies, you don’t just […]