Zero Day News, Articles and Updates

Def Con presenter: 'Synthetic clicks' exploit can help attackers install malware on Macs

A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.

Former CIA software engineer id'ed as suspect in Vault 7 leaks

Joshua Adam Schulte has not yet been charged with leaking classified information but is being held in the Metropolitan Correctional Center in New York after being indicted for possession of child pornography.

Patch Tuesday: Microsoft mends RCE bug reportedly exploited by cyber espionage group

Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.

Zero-Day vulnerability found in two Schneider Electric ICS products

Tenable Security researchers have revealed a Zero Day flaw in two Schneider Electric industrial controller that if exploited could give an attacker an attack the ability to remotely execute code with high privileges.

North Korea's APT37 hacking group expands its reach and ups its game, warns researchers

Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.

Cryptominers and malspam up while zero days and ransomware decline

Malicious actors kept busy late last year adding new weapons to their arsenal while placing others on the backburner as they attempted to profit from new honey holes like cryptocurrency mining and boosting the amount of old favorites like malspam.

macOS Zero Day details exposed by researcher

An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.

APT28 joins BlackOasis in exploiting latest Adobe Flash vulnerability

APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

Zerodium offers up $1 million bounty for Tor zero day

Zero-day-acquisition firm Zerodium reported it will a total of $1 million for zero day exploits found for the Tor browser on Tails Linux and Windows.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure

The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.

Foxit Reader zero-day flaws found, remain unpatched

The Zero Day Initiative is taking the makers of the Foxit free PDF reader to task for failing to fix two zero-day vulnerabilities that would allow a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.

Shadow Brokers threatens monthly leak of more NSA tools to monthly subscribers

The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

Microsoft tool exploit DoubleAgent can turn antivirus software into your worst enemy

Researchers from Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft's Windows Application Verifier debugging tool.

Third party develops temporary patch for Microsoft flaw that Google disclosed

Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.

Proton RAT malware not a positive development for Mac users

Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.

WordPress secretly patches severe bug that can lead to site content modification

WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.

'Magic String' of characters could have compromised WebEx extension users

A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.

Hacker claims to have exploited zero day

A hacker claims to have broken into the FBI's website and leaked data onto a Pastebin account, though the agency denies the claim.

Critical code execution flaw in PHPMailer took two patches to fix

Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.

Sofacy APT doubles down on its 'DealersChoice' Flash exploit campaign

Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.

Report disputes Microsoft's "low volume spear phishing" claim

A new security report casts doubt on Microsoft's attempts to downplay a zero-day exploit used by the Russian APT group.