November Patch Tuesday heralds five new MS zero-days | Computer Weekly
Microsoft has issued fixes for five zero-day vulnerabilities, three of which have already been exploited in the wild.
The vulnerabilities range across a smaller number of products than usual, with just over 60 issues resolved in total.
The exploited zero-days include a security feature bypass in Windows SmartScreen, an elevation of privilege vulnerability, and a vulnerability in Windows Cloud Files Mini Filter Driver. [ more ]
Nearly half of EMEA data breaches were due to internal blunders in 2023
Almost half of EMEA data breaches are internal. Human error is a significant factor. Zero-day vulnerabilities are increasing, with ransomware exploiting them. [ more ]
Lowering potential impact of zero-day vulnerabilities with New Relic
Zero-day vulnerabilities are dangerous as they allow attackers to exploit unknown flaws before developers can patch them.
Traditional security measures like signature-based detection systems are often ineffective against zero-day threats, highlighting the need for advanced monitoring tools. [ more ]
Apple remains tight-lipped about latest iPhone, iPad 0-days
Apple released security patches for two zero-day vulnerabilities affecting iOS and iPadOS.
Both vulnerabilities required attackers to have kernel read and write capabilities to bypass memory protections and were fixed with improved validation. [ more ]
Tesla hackers win big at first Pwn2Own automotive hack fest
Researches at the Zero Day Initiative's automotive-focused Pwn2Own event discovered 49 vehicle-related zero day vulnerabilities, receiving over $1.3 million in rewards.
French security outfit Synacktiv won $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem and finding a sandbox escape in Tesla's infotainment system. [ more ]