Zero Day | SC Media

Zero Day

Microsoft Patch Tuesday: Two zero days and 17 critical vulnerabilities addressed

Microsoft’s September Patch Tuesday offering contained 80 updates with 17 being rated critical including taking care of two zero days actively exploited in the wild. Overall, 57 CVEs were issued for Windows 10 and 29 CVEs for the older Microsoft operating systems and Office and SharePoint also received some updates. CVE-2019-1214 and CVE-2019-1215 are zero…

Selling zero-days to governments takes some business savvy, says former bug broker

Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in…

antivirus

Researchers disclose five unpatched bugs in Comodo Antivirus

Researchers at Tenable have disclosed five unpatched vulnerabilities in Comodo Antivirus, which reportedly will be patched by Monday of next week. The most significant of the zero-days appears to be CVE-2019-3969, a local privilege escalation condition that results from an flawed verification mechanism in the CmdAgent.exe process file. “A local process can bypass the signature…

Huawei responds to allegations of NSA hacking

Huawei products riddled with backdoors, zero days and critical vulnerabilities

Huawei’s problems keep piling up as a security firm specializing in IoT devices found numerous vulnerabilities across the company’s entire product line. Finite State said it scanned more than 1.5 million files embedded within nearly 10,000 firmware images supporting 558 products looking for risks including hard-coded backdoor credentials, unsafe use of cryptographic keys, indicators of…

Flashpoint: Our site was not dishing malware

Flashpoint came out swinging today against an independent researcher who reported that the security company’s public-facing website was serving malware. In what Flashpoint called an “after action report,” the company denied the website was itself infected with malware, but did admit that on April 12-13 the WordPress Yuzo Related Posts plugin used on the site…

Nearly one billion Chrome users vulnerable to exploit patched in later versions

Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome. Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation…

GoogleChromeUpdate

Chrome updated to combat an exploited zero day

Google is recommending all Chrome users immediately update their browser in order to fix a zero-day issue that is being exploited in the wild in combination with another vulnerability found in Windows. Together, the two bugs could enable a security sandbox escape. The Chrome fix was issued on March 1 and patched via an auto-update…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft issues out-of-band patch for exploited memory corruption bug in Internet Explorer

Microsoft Corporation yesterday released an emergency patch for a remote code execution vulnerability in Internet Explorer that attackers have been actively exploiting in the wild. Designated CVE-2018-8653, the zero-day memory corruption bug results from the mishandling of objects in memory by the JScript component of Internet Explorer’s scripting engine, according to an official advisory from Microsoft, as…

Next post in Security News