Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day
On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not
Google exposes malicious exploits targeting Windows and Android users
Due to Google’s Project Zero, zero-day vulnerabilities and bugs that could infect systems with malware can be uncovered. The project has unveiled a group of vulnerabilities that could have affected a large amount of customers had they not been discovered and patched. Two malicious servers were discovered hoping to pursue
Researchers Uncover 89 Zero-Days in CMS Platforms
Popular content management system (CMS) platforms may be vulnerable to a plethora of cyber threats, according to security researchers. Recently, a team at Comparitech investigated the recent surge in web defacement attacks, eventually leading to the discovery of 89 zero-day vulnerabilities in CMS platforms. In July 2019, there were roughly
Zoom Addresses Vanity URL Zero-Day
Check Point security and Zoom announced on Thursday that a new zero-day has been discovered within the “Vanity URL” feature on Zoom, which allows companies to create their own meeting domain. Through exploiting this zero-day, attackers could pose as a company employee, and then use socially engineered conversation to extract
Attackers exploit 0-day code-execution flaw in the Sophos firewall
Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday. The
This Map Shows the Global Spread of Zero-Day Hacking Techniques
Zero-day exploits are being tracked by a global map developed by FireEye, and the company released yesterday an analysis of how these critical vulnerabilities have been exploited worldwide over the past seven years. The publication includes research from Google Project Zero’s database of active zero days. FireEye exposes what countries
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an
Two Zoom Zero-Day Flaws Uncovered
Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have
An Elite Spy Group Used 5 Zero-Days to Hack North Koreans
On Thursday, researchers at Google’s Threat Analysis Group announced that an unknown group of hackers used five zero-day vulnerabilities to hack North Koreans in 2019. Although many North Koreans have extremely limited access to the internet, the ones who do have been targeted by a sophisticated hacking spree that may
Two Trend Micro zero-days exploited in the wild by hackers
Two zero-days have been discovered in Trend Micro antivirus products, according to the company, who issued a security alert earlier this week. After hackers were able to exploit the zero-days, Trend Micro released patches on Monday that address the two vulnerabilities as well as three similarly critical issues. However, the