07 Apr 2020

This Map Shows the Global Spread of Zero-Day Hacking Techniques

Zero-day exploits are being tracked by a global map developed by FireEye, and the company released yesterday an analysis of how these critical vulnerabilities have been exploited worldwide over the past seven years. The publication includes research from Google Project Zero’s database of active zero days. FireEye exposes what countries

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
02 Apr 2020

Two Zoom Zero-Day Flaws Uncovered

Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have

Read More
27 Mar 2020

An Elite Spy Group Used 5 Zero-Days to Hack North Koreans

On Thursday, researchers at Google’s Threat Analysis Group announced that an unknown group of hackers used five zero-day vulnerabilities to hack North Koreans in 2019. Although many North Koreans have extremely limited access to the internet, the ones who do have been targeted by a sophisticated hacking spree that may

Read More
18 Mar 2020

Two Trend Micro zero-days exploited in the wild by hackers

Two zero-days have been discovered in Trend Micro antivirus products, according to the company, who issued a security alert earlier this week. After hackers were able to exploit the zero-days, Trend Micro released patches on Monday that address the two vulnerabilities as well as three similarly critical issues. However, the

Read More
09 Mar 2020

Critical Zoho Zero-Day Flaw Disclosed

The IT help desk ManageEngine software made by Zoho Corp has been compromised by a zero-day vulnerability that enables unauthenticated access to systems, allowing a remote attacker to launch attacks. Zoho has since released an update that addresses the vulnerability after it was discovered by Steven Seeley of Source Incite

Read More
06 Mar 2020

Zoho zero-day published on Twitter

Yesterday, security researchers reported a zero-day vulnerability in a Zoho enterprise product. The zero-day impacts the Zoho ManageEngine Desktop Central, an endpoint management solution. Android smartphones, Linux servers, and Mac/Windows workstations are often all controlled by Zoho ManageEngine Desktop Central. This means that the zero-day could have a large impact

Read More
20 Feb 2020

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up

Read More
24 Jan 2020

Flaws in the U.S. Vulnerabilities Equities Process

Last week, the security community was in a flurry around the disclosure of a severe vulnerability (known as CVE-2020-0601) in Microsoft’s Windows operating system. Notably, it was because the National Security Agency (NSA) tipped off Microsoft, helping the tech giant patch the flaw instead of exploiting it for national security missions. NSA was praised for its cultural shift from offense to defense, however, in my opinion, not all that glitters is gold.

Read More
18 Nov 2019

Tianfu Cup Round-Up: Safari, Chrome, D-Link Routers and Office 365 Successfully Hacked

Chinese white-hat hacking competition, the Tianfu Cup, took place over the weekend as hackers used never-before-seen zero days to compromise popular software. The Tianfu Cup aims to identify vulnerabilities through competition between hacking groups and bears many similarities to the international hacking contest Pwn2Own. The Tianfu Cup was created exclusively

Read More