Zero Day | SC Media

Zero Day

Automating for Endless zero-days

By Derek Manky, chief of security insights & global threat alliances, Fortinet The number of vulnerabilities available to cybercriminals continues to accelerate. But according to one recent report, of the over 100,000 vulnerabilities published to the CVE list, less than 6 percent were actually exploited in the wild. The challenge is that predicting which vulnerability…

Microsoft warns of attacks leveraging Word zero-day, releases temp fix

Researchers report vulnerability in Microsoft Word’s online video feature


Researchers at Israel-based cyberattack simulation company Cymulate are claiming to have found a vulnerability in Microsoft Word’s online video feature that can allow malicious actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code. In a company press release, Cymulate warns that the unpatched zero-day flaw requires no special configuration to reproduce and potentially affects…


Four zero-days found, patched in Arcserve UDP platform


Digital Defense VRT has revealed for zero-day vulnerabilities in Arcserve Unified Data Protection platform. ZeroDay The issues found were an unauthenticated sensitive Information disclosure via /gateway/services/EdgeServiceImpl, an unauthenticated XXE in /management/UdpHttpService, an unauthenticated sensitive information disclosure via /UDPUpdates/Config/FullUpdateSettings.xml and a Reflected cross-site scripting flaw via /authenticationendpoint/domain.jsp. The two unauthenticated information disclosures and the external entity…


Zero day found in NUUO video software allowing camera takeover


Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution, allowing the video feed to be viewed and altered by unauthorized people. Tenable recommends those affected to update to NUUO NVRMini2 v. 3.9.1. The flaws, dubbed Peekaboo, were discovered by…

Patch Tuesday August 2018: Microsoft corrects two actively exploited zero-day bugs

Microsoft Corporation today released a series of Patch Tuesday updates, issuing fixes for 60 flaws, two of which have reportedly been actively exploited as zero-days. Collectively, the repairs address bugs found in Internet Explorer, Microsoft Edge, Windows, Microsoft Office (and Office Services and Web Apps), ChakraCore, Adobe Flash Player, .NET Framework, Microsoft Exchange Server, Microsoft SQL…

PDF exploit built to combine zero-day Windows and Adobe Reader bugs

A privilege escalation vulnerability that was patched last week in Microsoft Windows and an Adobe Reader remote code execution bug that was fixed yesterday in a product update were both jointly targeted by a PDF-based zero-day exploit prior to their discovery, researchers from ESET reported today. In a blog post describing the dual exploit, Anton Cherepanov,…

Next post in Vulnerabilities