Zero Day | SC Media

Zero Day

Flashpoint: Our site was not dishing malware

Flashpoint came out swinging today against an independent researcher who reported that the security company’s public-facing website was serving malware. In what Flashpoint called an “after action report,” the company denied the website was itself infected with malware, but did admit that on April 12-13 the WordPress Yuzo Related Posts plugin used on the site…

Nearly one billion Chrome users vulnerable to exploit patched in later versions

Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome. Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation…

GoogleChromeUpdate

Chrome updated to combat an exploited zero day

Google is recommending all Chrome users immediately update their browser in order to fix a zero-day issue that is being exploited in the wild in combination with another vulnerability found in Windows. Together, the two bugs could enable a security sandbox escape. The Chrome fix was issued on March 1 and patched via an auto-update…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft issues out-of-band patch for exploited memory corruption bug in Internet Explorer

Microsoft Corporation yesterday released an emergency patch for a remote code execution vulnerability in Internet Explorer that attackers have been actively exploiting in the wild. Designated CVE-2018-8653, the zero-day memory corruption bug results from the mishandling of objects in memory by the JScript component of Internet Explorer’s scripting engine, according to an official advisory from Microsoft, as…

Automating for Endless zero-days

By Derek Manky, chief of security insights & global threat alliances, Fortinet The number of vulnerabilities available to cybercriminals continues to accelerate. But according to one recent report, of the over 100,000 vulnerabilities published to the CVE list, less than 6 percent were actually exploited in the wild. The challenge is that predicting which vulnerability…

Microsoft warns of attacks leveraging Word zero-day, releases temp fix

Researchers report vulnerability in Microsoft Word’s online video feature

Researchers at Israel-based cyberattack simulation company Cymulate are claiming to have found a vulnerability in Microsoft Word’s online video feature that can allow malicious actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code. In a company press release, Cymulate warns that the unpatched zero-day flaw requires no special configuration to reproduce and potentially affects…

ZeroDay

Four zero-days found, patched in Arcserve UDP platform

Digital Defense VRT has revealed for zero-day vulnerabilities in Arcserve Unified Data Protection platform. ZeroDay The issues found were an unauthenticated sensitive Information disclosure via /gateway/services/EdgeServiceImpl, an unauthenticated XXE in /management/UdpHttpService, an unauthenticated sensitive information disclosure via /UDPUpdates/Config/FullUpdateSettings.xml and a Reflected cross-site scripting flaw via /authenticationendpoint/domain.jsp. The two unauthenticated information disclosures and the external entity…

ZeroDay

Zero day found in NUUO video software allowing camera takeover

Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution, allowing the video feed to be viewed and altered by unauthorized people. Tenable recommends those affected to update to NUUO NVRMini2 v. 3.9.1. The flaws, dubbed Peekaboo, were discovered by…

Next post in Security News