Archive for the ‘Zero-Day Vulnerability’ Category

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

March 27th, 2020
Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities (CVE-2020-8515) affecting DrayTek Vigor

Posted in cyber security, hacking wireless router, Load Balancer, network security, network switches, Networking devices, Router hacking, Zero-Day Vulnerability | Comments (0)

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

March 23rd, 2020
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. According to Microsoft, both unpatched flaws are being used in limited, targeted attacks and impact all supported versions of the Windows operating system—including Windows 10, 8.1

Posted in hack windows 10, remote code execution, windows font, windows updates, windows Vulnerability, Zero-Day Vulnerability | Comments (0)

Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks

January 18th, 2020
Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote

Posted in cyber security, Internet Explorer, Microsoft Patch Update, Vulnerability, zero-day attack, zero-day exploit, Zero-Day Vulnerability | Comments (0)

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

January 9th, 2020
Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing

Posted in cyber security, Firefox, Firefox browser, hacking news, Mozilla Developers, mozilla security, type confusion vulnerability, Web browser security, Zero-Day Vulnerability | Comments (0)

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

November 3rd, 2019
If you're using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow

Posted in cyber security, Network Device Management, network security, networking, php security, rConfig, remote code execution, Zero-Day Vulnerability | Comments (0)

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

November 1st, 2019
Attention readers, if you are using Chrome on your Windows, Mac, and Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. With the release of Chrome 78.0.3904.87, Google is warning billions of users to install an urgent software update immediately to patch two high severity vulnerabilities, one of which attackers are

Posted in cyber security, Google Chrome, hacking news, Use-After-Free Vulnerabilities, website security, windows security, zero-day attack, Zero-Day Vulnerability | Comments (0)

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

October 4th, 2019
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of

Posted in Android, Android Vulnerability, Cyber Attack, hacking android phone, hacking news, how to hack android, Vulnerability, Zero-Day Vulnerability | Comments (0)

Kaspersky finds Uzbekistan hacking op… because group used Kaspersky AV

October 3rd, 2019
SandCat is a "Pez dispenser" of zero-days, a Kaspersky researcher said, handing over new exploits for free.

Enlarge / SandCat is a "Pez dispenser" of zero-days, a Kaspersky researcher said, handing over new exploits for free. (credit: William Thomas Cain / Getty Images)

A new "threat actor" tied to Uzbekistan's State Security Service has been unmasked by threat researchers at Kaspersky Lab. And the unmasking wasn't very hard to do, since, as Kim Zetter reports for Vice, the government group used Kaspersky antivirus software—which sent binaries of the malware it was developing back to Kaspersky for analysis.

Uzbekistan has not been known for having a cyber-espionage capability. But the Uzbek SSS clearly had a big budget, and according to Kaspersky, the group went to two Israeli companies—NSO Group and Candiru—to buy those capabilities. Unfortunately for the group, it didn't also buy any sort of operational security know-how along with the exploits it used.

The group, labeled SandCat by Kaspersky, was discovered by researchers in October of 2018. The discovery was triggered when a previously identified malware downloader called Chainshot—a tool used by groups attributed to Saudi Arabia and the United Arab Emirates in the past—had been discovered on an infected computer somewhere in the Middle East. But this Chainshot trojan was connected to a different command-and-control network than previous versions and was using a different exploit to initially install.

Read 3 remaining paragraphs | Comments

Posted in Biz & IT, Kaspersky Labs, Policy, Saudi Arabia, state sponsored hacking, UAE, Uzbekistan, Zero-Day Vulnerability | Comments (0)

[Unpatched] Critical 0-Day RCE Exploit for vBulletin Forum Disclosed Publicly

September 24th, 2019
An anonymous hacker today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability in vBulletin—one of the widely used internet forum software, The Hacker News has learned. One of the reasons why the vulnerability should be viewed as a severe issue is not just because it is remotely exploitable, but also doesn't

Posted in hacking news, remote code execution, Software vulnerabilities, vbulletin, vBulletin Forum, zero-day exploit, Zero-Day Vulnerability | Comments (0)

Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours

May 23rd, 2019
Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a

Posted in cyber security, hacking news, Internet Explorer, microsoft, sandbox bypass, windows security, windows Vulnerability, Windows zero-day vulnerability, Zero-Day Vulnerability | Comments (0)