#zero-day-vulnerabilities
#zero-day-vulnerabilities

Cyber spies, not cyber criminals, behind most zero-day exploitation | Computer Weekly

Government-backed threat actors are more likely to exploit zero-day vulnerabilities than financially motivated cyber criminals.

Chinese operators exploited the highest number of zero-days among major state hacking operations hostile to Western countries. [ more ]

Theregister

1 month ago

Web development

Mozilla fixes $100,000 Firefox zero-days from Pwn2Own event

Mozilla swiftly patched Firefox zero-days demonstrated at Pwn2Own competition.

The vulnerabilities, rated 'critical,' were exploited by Manfred Paul and fixed in Firefox 124.0.1. [ more ]

New Relic

2 months ago

DevOps

A deep dive into zero-day vulnerability alerts with New Relic APM

Staying ahead of security threats is a necessity, not just a best practice.

New Relic APM enables developers to create zero-day vulnerability alerts and enhance security postures. [ more ]

TechRepublic

2 months ago

Top 4 Ivanti Competitors and Alternatives for 2024

Zero-day vulnerabilities in Ivanti Secure VPN discovered

Consider alternative VPN solutions due to security risks [ more ]

ComputerWeekly.com

Microsoft patches two zero-days for Valentine's Day | Computer Weekly

Microsoft has patched two actively exploited zero-day vulnerabilities in its February Patch Tuesday.

The vulnerabilities bypass security features and are being used by cybercriminal groups to deliver malware. [ more ]

TechRepublic

Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems

Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, enabling unauthorized remote code execution and system compromise.

The vulnerabilities are being actively exploited by a Chinese nation-state threat actor called UTA0178. [ more ]

Ars Technica

4 months ago

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Unknown threat actors are actively exploiting two zero-day vulnerabilities in Ivanti Connect Secure, a widely used VPN appliance.

The vulnerabilities allow attackers to bypass two-factor authentication and execute malicious code inside networks. [ more ]

morevpn

zero-day vulnerabilities

Ars Technica

5 months ago

Google researchers report critical zero-days in Chrome and all Apple OSes

Researchers from Google's Threat Analysis Group have discovered three high-severity zero-day vulnerabilities in Apple OSes and the Chrome browser.

Apple has released security updates to fix two vulnerabilities in WebKit, which could have been exploited in earlier versions of iOS. [ more ]

Ars Technica

5 months ago

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Miscreants are actively exploiting two new zero-day vulnerabilities to create a hostile botnet used in DDoS attacks.

The zero-day vulnerabilities allow for the remote execution of malicious code when affected devices use default administrative credentials. [ more ]

ComputerWeekly.com

6 months ago

November Patch Tuesday heralds five new MS zero-days | Computer Weekly

Microsoft has issued fixes for five zero-day vulnerabilities, three of which have already been exploited in the wild.

The vulnerabilities range across a smaller number of products than usual, with just over 60 issues resolved in total.

The exploited zero-days include a security feature bypass in Windows SmartScreen, an elevation of privilege vulnerability, and a vulnerability in Windows Cloud Files Mini Filter Driver. [ more ]

Dark Reading

6 months ago

morezero-day vulnerabilities

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Chinese state-sponsored actors are increasingly exploiting novel vulnerabilities in public-facing devices.

85% of known zero-day vulnerabilities exploited by Chinese state-sponsored groups since 2021 have targeted public-facing appliances.

Organizations should consider limited visibility and support for traditional security solutions when procuring network appliances. [ more ]

ITPro

2 weeks ago

Nearly half of EMEA data breaches were due to internal blunders in 2023

Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]

Theregister

4 months ago

China-backed attackers blamed for Ivanti zero-day exploits

Chinese nation-state attackers are actively exploiting zero-day vulnerabilities in Ivanti security products.

The vulnerabilities in Ivanti Connect Secure (ICS) and Policy Secure allow for code execution and bypass authentication. [ more ]

New Relic

1 month ago

DevOps

Lowering potential impact of zero-day vulnerabilities with New Relic

Zero-day vulnerabilities are dangerous as they allow attackers to exploit unknown flaws before developers can patch them.

Traditional security measures like signature-based detection systems are often ineffective against zero-day threats, highlighting the need for advanced monitoring tools. [ more ]

Theregister

2 months ago

Apple

Apple remains tight-lipped about latest iPhone, iPad 0-days

Apple released security patches for two zero-day vulnerabilities affecting iOS and iPadOS.

Both vulnerabilities required attackers to have kernel read and write capabilities to bypass memory protections and were fixed with improved validation. [ more ]

Iapp

EU data protection

Ransomware hackers were paid more than $1.1B in 2023

Ransomware groups received over $1.1 billion in payments in 2023 for selling back stolen data.

Hackers targeted high-profile institutions and critical infrastructure using zero-day vulnerabilities. [ more ]

The Verge

The ransomware business is booming, even as enforcers shut down some major players

Ransomware attacks increased in 2023, with a 49% increase in victims reported by ransomware leak sites.

Zero-day vulnerabilities and attacks on software systems contributed to the increase in ransomware attacks. [ more ]

Theregister