#zero-day vulnerability
#zero-day vulnerability

Information security

Volt Typhoon is wreaking havoc again - this time on US internet providers

A high-severity zero-day vulnerability in Versa Networks' software was exploited by a Chinese threat group to access US internet providers. [ more ]

kasperskycontenthub.com

2 years ago

Information security

Google Patches Chrome's Fifth Zero-Day of the Year

Google patched the fifth zero-day vulnerability in Chrome for 2022, highlighting issues with insufficient validation of untrusted input in Intents. [ more ]

TechCrunch

Privacy professionals

Zero-day flaw in Check Point VPNs is 'extremely easy' to exploit | TechCrunch

Attackers exploiting zero-day vulnerability in Check Point VPN products to access corporate networks. [ more ]

ComputerWeekly.com

Information security

Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday | Computer Weekly

The critical vulnerability on Microsoft SharePoint Server and two zero-day flaws in Windows should be addressed immediately by administrators. [ more ]

Ars Technica

Information security

Hackers infect ISPs with malware that steals customers' credentials

High-severity zero-day vulnerability exploited by hackers affects US ISPs, enabling credential theft and ongoing compromise of customers.

Threat actors gain remote administrative control over ISP infrastructure, allowing sophisticated attacks on customer credentials. [ more ]

TechRepublic

4 weeks ago

Information security

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Volt Typhoon exploited a zero-day vulnerability affecting Versa Director servers, prompting urgent security responses from managed service providers. [ more ]

ITPro

Information security

Volt Typhoon is wreaking havoc again - this time on US internet providers

A high-severity zero-day vulnerability in Versa Networks' software was exploited by a Chinese threat group to access US internet providers. [ more ]

kasperskycontenthub.com

2 years ago

Information security

Google Patches Chrome's Fifth Zero-Day of the Year

Google patched the fifth zero-day vulnerability in Chrome for 2022, highlighting issues with insufficient validation of untrusted input in Intents. [ more ]

TechCrunch

Privacy professionals

Zero-day flaw in Check Point VPNs is 'extremely easy' to exploit | TechCrunch

Attackers exploiting zero-day vulnerability in Check Point VPN products to access corporate networks. [ more ]

ComputerWeekly.com

Information security

Critical SharePoint, Qakbot-linked flaws focus of May Patch Tuesday | Computer Weekly

The critical vulnerability on Microsoft SharePoint Server and two zero-day flaws in Windows should be addressed immediately by administrators. [ more ]

morecybersecurity

#zero-day-vulnerability

The Hacker News

Tech industry

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches

Microsoft disclosed a zero-day vulnerability in Office affecting specific versions, with a temporary fix in place and a final patch expected soon.

The vulnerability could allow unauthorized disclosure of sensitive information in a web-based attack scenario where the user is tricked into opening a malicious file.

Microsoft has outlined mitigation strategies for the zero-day vulnerability, including blocking TCP 445/SMB outbound traffic. [ more ]

Ars Technica

Information security

Google patches its fifth zero-day vulnerability of the year in Chrome

Google has patched a high-severity zero-day vulnerability in Chrome, marking the fifth update this year to protect against malicious exploits. [ more ]

Engadget

Information security

Google just patched the fifth zero-day exploit for Chrome this year

Google issued a security update for Chrome browser to address a zero-day vulnerability, the fifth this year for the company. [ more ]

ITPro

Information security

Thousands of Fortinet's FortiGate edge devices were exposed in a Chinese-backed hacking campaign

A cyber espionage campaign targeting Fortinet's FortiGate devices, named Coathanger, may be more widespread than initially thought. [ more ]

The Hacker News

Tech industry

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Breaches

Microsoft disclosed a zero-day vulnerability in Office affecting specific versions, with a temporary fix in place and a final patch expected soon.

The vulnerability could allow unauthorized disclosure of sensitive information in a web-based attack scenario where the user is tricked into opening a malicious file.

Microsoft has outlined mitigation strategies for the zero-day vulnerability, including blocking TCP 445/SMB outbound traffic. [ more ]

Ars Technica

Information security

Google patches its fifth zero-day vulnerability of the year in Chrome

Google has patched a high-severity zero-day vulnerability in Chrome, marking the fifth update this year to protect against malicious exploits. [ more ]

Engadget

Information security

Google just patched the fifth zero-day exploit for Chrome this year

Google issued a security update for Chrome browser to address a zero-day vulnerability, the fifth this year for the company. [ more ]

ITPro

morezero-day-vulnerability

Information security

Thousands of Fortinet's FortiGate edge devices were exposed in a Chinese-backed hacking campaign

A cyber espionage campaign targeting Fortinet's FortiGate devices, named Coathanger, may be more widespread than initially thought. [ more ]

#Google

Theregister

9 months ago

Information security

Google patches security bugs in Chrome, exploit out there

Google has issued six security fixes for Chrome, including an emergency patch for a zero-day vulnerability in the Skia graphics library.

Zyxel has also released patches for six vulnerabilities in its networking kit products, including three critical command injection bugs. [ more ]

SecurityWeek

Web design

Google Patches Seventh Chrome Zero-Day of 2023

Google has released a security update to address a zero-day vulnerability in the Chrome browser.

The vulnerability (CVE-2023-6345) is an integer overflow bug in the Skia graphics library used in Chrome and other browsers.

Google has patched several other high-severity vulnerabilities with this update. [ more ]

Theregister

9 months ago

Information security

Google patches security bugs in Chrome, exploit out there

Google has issued six security fixes for Chrome, including an emergency patch for a zero-day vulnerability in the Skia graphics library.

Zyxel has also released patches for six vulnerabilities in its networking kit products, including three critical command injection bugs. [ more ]

SecurityWeek

Web design

Google Patches Seventh Chrome Zero-Day of 2023

Google has released a security update to address a zero-day vulnerability in the Chrome browser.

The vulnerability (CVE-2023-6345) is an integer overflow bug in the Skia graphics library used in Chrome and other browsers.

Google has patched several other high-severity vulnerabilities with this update. [ more ]

moreGoogle

The Verge

9 months ago

Information security

PSA: Update Chrome browser now to avoid an exploit already in the wild

Google released a critical security update for Chrome to patch a zero-day vulnerability.

The vulnerability, CVE-2023-6345, allows hackers to remotely access personal data and deploy malicious code. [ more ]

Dark Reading

Privacy professionals

Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw

A proof of concept exploit is now available for a critical zero-day vulnerability in Windows SmartScreen technology.

The vulnerability allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts.

Organizations should address this bug promptly to mitigate the risk of phishing attacks and malware distribution. [ more ]

SecurityWeek