#zero-day vulnerabilities

[ follow ]
#zero-day-vulnerabilities
ITPro
4 weeks ago
Information security

Nearly half of EMEA data breaches were due to internal blunders in 2023

Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]
ITPro
1 month ago
Information security

Flawed Cisco firewalls used to target government networks

A state-affiliated cyber espionage campaign, ArceneDoor, exploited two Cisco zero-day vulnerabilities to infiltrate government networks. [ more ]
New Relic
1 month ago
DevOps

Lowering potential impact of zero-day vulnerabilities with New Relic

Zero-day vulnerabilities are dangerous as they allow attackers to exploit unknown flaws before developers can patch them.
Traditional security measures like signature-based detection systems are often ineffective against zero-day threats, highlighting the need for advanced monitoring tools. [ more ]
ComputerWeekly.com
2 months ago
Privacy professionals

Cyber spies, not cyber criminals, behind most zero-day exploitation | Computer Weekly

Government-backed threat actors are more likely to exploit zero-day vulnerabilities than financially motivated cyber criminals.
Chinese operators exploited the highest number of zero-days among major state hacking operations hostile to Western countries. [ more ]
Theregister
2 months ago
Web development

Mozilla fixes $100,000 Firefox zero-days from Pwn2Own event

Mozilla swiftly patched Firefox zero-days demonstrated at Pwn2Own competition.
The vulnerabilities, rated 'critical,' were exploited by Manfred Paul and fixed in Firefox 124.0.1. [ more ]
Theregister
2 months ago
Apple

Apple remains tight-lipped about latest iPhone, iPad 0-days

Apple released security patches for two zero-day vulnerabilities affecting iOS and iPadOS.
Both vulnerabilities required attackers to have kernel read and write capabilities to bypass memory protections and were fixed with improved validation. [ more ]
morezero-day-vulnerabilities
Iapp
3 months ago
EU data protection

Ransomware hackers were paid more than $1.1B in 2023

Ransomware groups received over $1.1 billion in payments in 2023 for selling back stolen data.
Hackers targeted high-profile institutions and critical infrastructure using zero-day vulnerabilities. [ more ]
Ars Technica
6 months ago
Information security

Google researchers report critical zero-days in Chrome and all Apple OSes

Researchers from Google's Threat Analysis Group have discovered three high-severity zero-day vulnerabilities in Apple OSes and the Chrome browser.
Apple has released security updates to fix two vulnerabilities in WebKit, which could have been exploited in earlier versions of iOS. [ more ]
Ars Technica
6 months ago
Privacy professionals

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Miscreants are actively exploiting two new zero-day vulnerabilities to create a hostile botnet used in DDoS attacks.
The zero-day vulnerabilities allow for the remote execution of malicious code when affected devices use default administrative credentials. [ more ]
ComputerWeekly.com
6 months ago
Information security

November Patch Tuesday heralds five new MS zero-days | Computer Weekly

Microsoft has issued fixes for five zero-day vulnerabilities, three of which have already been exploited in the wild.
The vulnerabilities range across a smaller number of products than usual, with just over 60 issues resolved in total.
The exploited zero-days include a security feature bypass in Windows SmartScreen, an elevation of privilege vulnerability, and a vulnerability in Windows Cloud Files Mini Filter Driver. [ more ]
Dark Reading
6 months ago
Privacy professionals

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Chinese state-sponsored actors are increasingly exploiting novel vulnerabilities in public-facing devices.
85% of known zero-day vulnerabilities exploited by Chinese state-sponsored groups since 2021 have targeted public-facing appliances.
Organizations should consider limited visibility and support for traditional security solutions when procuring network appliances. [ more ]
[ Load more ]