Google launched a preview version of a service called Advanced API Security aimed at helping organizations combat growing threats targeting application programming interfaces (APIs). The goal of the service, built on the API management platform Apige…
Tag: Zero Day
Exploits, Global Security News
Hackers Used Mitel Zero-Day Flaw To Target VOIP Appliances
by BALAJI N •
On Linux-based Mitel MiVoice VOIP appliances, hackers have used zero-day exploits to hack into the systems. These attempts appear to be the beginning of a larger ransomware attack in which they are attempting to get initial access. The most critical or…
Uncategorized
DogWalk zero-day Windows bug receives patch – but not from Microsoft
by Graham Cluley •
A Windows zero-day vulnerability dubbed “DogWalk” has not received an official patch yet from Microsoft, but that hasn’t stopped others from offering free fixes to protect users.
Read more in my article on the Hot for Security blog.
Security Vendor News
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
by Paul Ducklin •
Latest episode – listen (or read) now!
Malware Indicators (IoCs), Vulnerabilities
A Severe Zero-Day Vulnerability Riddles Microsoft Office
by Abeerah Hashim •
Researchers discovered a security issue affecting Microsoft Office that could allow remote code execution attacks.…
A Severe Zero-Day Vulnerability Riddles Microsoft Office on Latest Hacking News.
Security Bloggers, Security Vendor News
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022
by Andrew Swoboda •
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also …
Security Vendor News
Atlassian announces 0-day hole in Confluence Server – update now!
by Paul Ducklin •
Zero-day announced – here’s what you need to know
Global IT News
Atlassian advises users to disable or limit internet access to Confluence collaboration software
by Jim Love •
Users of Atlassian’s Confluence collaboration software have been warned to either restrict internet access to the software or to disable it due to a critical vulnerability. As of midnight EDT on June 2nd, the company has no patch or fix for the issue, nor has it given a timeframe for delivery. An advisory from Atlassian […]
The post Atlassian advises users to disable or limit internet access to Confluence collaboration software first appeared on IT World Canada.
Security Vendor News
Mysterious “Follina” zero-day hole in Office – here’s what to do!
by Paul Ducklin •
News has emerged of a “feature” in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn’t help!
Europe, Global Security News, North America
Zero-day Exploit Discoveries Hit Record Numbers in 2021
by Christian Wiens •
The number of zero-day exploit discoveries hit record numbers in 2021, according to Google Project Zero. Instances of “in-the-wild 0-days” were up nearly double versus 2020, when only 25 0-day exploits were detected. In 2021, the total was 58.
The post…
Security Vendor News
Apple patches zero-day kernel hole and much more – update now!
by Paul Ducklin •
You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
Europe, Global Security News, North America, Vulnerabilities
CISA Adds Five ‘New’ Exploits to KEV Catalog, Including 2014’s Heartbleed Vulnerability
by Curtis Kang •
On May 4, 2022, the Cybersecurity & Infrastructure Security Agency (CISA) added five “new” vulnerabilities to the Known Exploited Vulnerabilities (KEV) Catalog. Three of the entries were originally disclosed in 2014, including the infamous Heartble…
Europe, Global Security News, North America, Vulnerabilities
CISA’s Joint Cybersecurity Advisory: Protecting Your Organization From Vulnerabilities – and 29,000 Other Known Exploits
by Curtis Kang •
Some of the world’s leading cybersecurity authorities banded together to co-author the Joint Cybersecurity Advisory: 2021 Top Routinely Exploited Vulnerabilities, where they provided details on CVE vulnerabilities that have been routinely exploited by …
Europe, Global Security News, North America, Vulnerabilities
Zero-Day Vulnerabilities Are on the Rise
by Bruce Schneier •
Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021.
Google:
2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began trac…
Malware Indicators (IoCs), Vulnerabilities
New iPhone Zero-Click Bug Exploited In Pegasus Attacks Against Catalans
by Abeerah Hashim •
The Citizen Lab has uncovered another iPhone zero-click bug that NSO exploited to deploy their…
New iPhone Zero-Click Bug Exploited In Pegasus Attacks Against Catalans on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Google Fixed The Third Chrome Zero-Day Bug In 2022
by Abeerah Hashim •
Continuing the legacy of the previous year, Google has addressed numerous serious flaws this year…
Google Fixed The Third Chrome Zero-Day Bug In 2022 on Latest Hacking News.
Europe, Global Security News, North America, Vulnerabilities
4 Steps to Getting CVEs Published
by Karl Sigler •
One of the most frustrating problems as a newcomer to the security research field can be trying to navigate the process of getting common vulnerabilities and exposures (CVEs) published. After all, you just want to share your newly discovered vulnerabi…
Europe, Global Security News, North America, Vulnerabilities
Another Log4Shell? Not Quite-But Spring4Shell is Serious
by Teri Robinson •
As more details emerge on a Spring4Shell, a recently discovered remote code execution (RCE) flaw affecting Spring Framework, security researchers are urging affected users to immediately implement a patch issued by Spring. Spring’s popularity am…
Security Bloggers, Security Vendor News
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022
by Dylan D'Silva •
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve als…
Europe, Global Security News, North America, Vulnerabilities
VRT Zero-day Security Advisory
by Digital Defense by HelpSystems •
The post VRT Zero-day Security Advisory appeared first on Digital Defense.
The post VRT Zero-day Security Advisory appeared first on Security Boulevard.
Security Vendor News
Apple pushes out two emergency 0-day updates – get ’em now!
by Paul Ducklin •
More Apple zero-days – mobile devices, laptops and desktops affected. Update now!
Europe, Global Security News, North America
Chrome Zero-Day from North Korea
by Bruce Schneier •
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate org…
Security Vendor News
Google Chrome patches mysterious new zero-day bug – update now
by Paul Ducklin •
CVE-2022-1096 – another mystery in-the-wild 0-day in Chrome… check your version now!
Malware Indicators (IoCs), Vulnerabilities
Latest Google Chrome Update Fixed Another Zero-Day Flaw
by Abeerah Hashim •
Heads up Chrome users! Google has just pushed another update to its Chrome browser, once…
Latest Google Chrome Update Fixed Another Zero-Day Flaw on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft Patch Tuesday March Addressed 71 Bugs Including 3 Zero-Day
by Abeerah Hashim •
The Redmond giant’s monthly scheduled updates have arrived this week. With March Patch Tuesday, Microsoft…
Microsoft Patch Tuesday March Addressed 71 Bugs Including 3 Zero-Day on Latest Hacking News.
Security Vendor News
Firefox patches two in-the-wild exploits – update now!
by Paul Ducklin •
Firefox just published a double-zero-day patch – “remote code execution” combined with “sandbox escape”. Update now!
Security Vendor News
Fundamentally Changing Network Security with Inline Deep Learning
by Lee Klarich •
These new attacks can both be detected and stopped before they compromise a target with inline deep learning.
The post Fundamentally Changing Network Security with Inline Deep Learning appeared first on Palo Alto Networks Blog.
Security Vendor News
Google announces zero-day in Chrome browser – update now!
by Paul Ducklin •
Zero-day buses: none for a while, then three at once. Here’s Google joining Apple and Adobe in “zero-day week”
Security Vendor News
Adobe fixes zero-day exploit in e-commerce code: update now!
by Paul Ducklin •
There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it.
Malware Indicators (IoCs), Vulnerabilities
Adobe Warns Users Of A Critical Magento Zero-Day Vulnerability Under Attack
by Abeerah Hashim •
Adobe has just fixed a critical zero-day bug in the Magento platform, alerting users to…
Adobe Warns Users Of A Critical Magento Zero-Day Vulnerability Under Attack on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Researchers Found Zimbra Zero-Day XSS Vulnerability Under Attack
by Abeerah Hashim •
Researchers have found active phishing campaigns exploiting a zero-day vulnerability in the Zimbra email platform.…
Researchers Found Zimbra Zero-Day XSS Vulnerability Under Attack on Latest Hacking News.
Malware Indicators (IoCs), Vulnerabilities
Microsoft February Patch Tuesday Addresses 51 Bugs Including A Zero-Day
by Abeerah Hashim •
As scheduled, the monthly Patch Tuesday updates from Microsoft have arrived for February containing a…
Microsoft February Patch Tuesday Addresses 51 Bugs Including A Zero-Day on Latest Hacking News.
Security Vendor News
Stop Zero-Day Threats in Zero Time with Nebula
by Amelia Albanese •
Nebula is the latest upgrade of our industry-leading PAN-OS software. Now you can stop 48% more zero-day threats – 6x faster.
The post Stop Zero-Day Threats in Zero Time with Nebula appeared first on Palo Alto Networks Blog.
Security Bloggers, Security Vendor News
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 31, 2022
by Andrew Swoboda •
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve …
Security Vendor News
S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]
by Paul Ducklin •
Latest episode – listen now!
Exploits, Global Security News
Google Details Two Zero-Click Bugs in Zoom Clients That Let Attackers Execute Malicious Code
by Parkavi •
Two zero-click bugs in Zoom clients have been detected recently by the security analyst Natalie Silvanovich of Google’s Project Zero that enables the threat actors to execute malicious code. By exploiting these security flaws, the attackers targe…
Malware Indicators (IoCs), Vulnerabilities
Microsoft January Patch Tuesday Addresses 96 Vulnerabilities
by Abeerah Hashim •
Microsoft January Patch Tuesday update bundle has arrived with significant security fixes. Specifically, it includes…
Microsoft January Patch Tuesday Addresses 96 Vulnerabilities on Latest Hacking News.
Security Vendor News
2021 in Review, Part 2: 5 Top Cybersecurity Stories
by Bruce Lynch •
Ransomware may have dominated headlines in 2021, but it’s only one of many threats security teams must protect against. We’re taking a look back at 5 top cybersecurity stories of 2021 that practitioners wanted to learn more about. 5. The State of Security in eCommerce Why you should learn more about this The global pandemic […]
The post 2021 in Review, Part 2: 5 Top Cybersecurity Stories appeared first on Blog.
Exploits, Security Bloggers, Security Vendor News, Vulnerabilities
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
by Yonatan Striem-Amit •
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart.
The previous version of the Vaccine used the Log4Shell vulnerability to remove the JN…
Malware Indicators (IoCs)
Another Apache Log4j Bug Discovered – Patch Released – Update (Once Again!)
by Abeerah Hashim •
After the disastrous Log4j vulnerability disrupted the online world, another vulnerability surfaced online. It turns…
Another Apache Log4j Bug Discovered – Patch Released – Update (Once Again!) on Latest Hacking News.