Zero Day | SC Media

Zero Day

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

By

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft issues out-of-band patch for exploited memory corruption bug in Internet Explorer

By

Microsoft Corporation yesterday released an emergency patch for a remote code execution vulnerability in Internet Explorer that attackers have been actively exploiting in the wild. Designated CVE-2018-8653, the zero-day memory corruption bug results from the mishandling of objects in memory by the JScript component of Internet Explorer’s scripting engine, according to an official advisory from Microsoft, as…

Automating for Endless zero-days

By Derek Manky, chief of security insights & global threat alliances, Fortinet The number of vulnerabilities available to cybercriminals continues to accelerate. But according to one recent report, of the over 100,000 vulnerabilities published to the CVE list, less than 6 percent were actually exploited in the wild. The challenge is that predicting which vulnerability…

Microsoft warns of attacks leveraging Word zero-day, releases temp fix

Researchers report vulnerability in Microsoft Word’s online video feature

By

Researchers at Israel-based cyberattack simulation company Cymulate are claiming to have found a vulnerability in Microsoft Word’s online video feature that can allow malicious actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code. In a company press release, Cymulate warns that the unpatched zero-day flaw requires no special configuration to reproduce and potentially affects…

ZeroDay

Four zero-days found, patched in Arcserve UDP platform

By

Digital Defense VRT has revealed for zero-day vulnerabilities in Arcserve Unified Data Protection platform. ZeroDay The issues found were an unauthenticated sensitive Information disclosure via /gateway/services/EdgeServiceImpl, an unauthenticated XXE in /management/UdpHttpService, an unauthenticated sensitive information disclosure via /UDPUpdates/Config/FullUpdateSettings.xml and a Reflected cross-site scripting flaw via /authenticationendpoint/domain.jsp. The two unauthenticated information disclosures and the external entity…

ZeroDay

Zero day found in NUUO video software allowing camera takeover

By

Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution, allowing the video feed to be viewed and altered by unauthorized people. Tenable recommends those affected to update to NUUO NVRMini2 v. 3.9.1. The flaws, dubbed Peekaboo, were discovered by…

Patch Tuesday August 2018: Microsoft corrects two actively exploited zero-day bugs

Microsoft Corporation today released a series of Patch Tuesday updates, issuing fixes for 60 flaws, two of which have reportedly been actively exploited as zero-days. Collectively, the repairs address bugs found in Internet Explorer, Microsoft Edge, Windows, Microsoft Office (and Office Services and Web Apps), ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL…

Next post in Vulnerabilities