#zero-day-vulnerability
#zero-day-vulnerability

Hackers exploited Windows 0-day for 6 months after Microsoft knew of it

Hackers backed by North Korean government exploited a Windows zero-day vulnerability for months

Microsoft's delayed patching of vulnerability may be due to its view on admin-to-kernel security boundaries [ more ]

ReadWrite

3 months ago

U.S. insights company shows ransomware hackers drew in $1bn across 2023

Ransomware hackers extorted $1bn across 2023, a significant increase from the previous year.

The biggest ransomware attack of 2023 was carried out by the CL0P Ransomware Gang, exploiting a 'Zero-Day' vulnerability. [ more ]

Dark Reading

APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide

Four separate cyberattack groups have exploited a zero-day security vulnerability in the Zimbra Collaboration Suite to steal email data and credentials.

The attacks targeted government organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.

The vulnerability was patched in July, but the attacks began before the patch was available. [ more ]

Dark Reading

APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide

Four separate cyberattack groups have exploited a zero-day security vulnerability in the Zimbra Collaboration Suite to steal email data and credentials.

The attacks targeted government organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.

The vulnerability was patched in July, but the attacks began before the patch was available. [ more ]

Theregister

Google patches security bugs in Chrome, exploit out there

Google has issued six security fixes for Chrome, including an emergency patch for a zero-day vulnerability in the Skia graphics library.

Zyxel has also released patches for six vulnerabilities in its networking kit products, including three critical command injection bugs. [ more ]

The Verge

PSA: Update Chrome browser now to avoid an exploit already in the wild

Google released a critical security update for Chrome to patch a zero-day vulnerability.

The vulnerability, CVE-2023-6345, allows hackers to remotely access personal data and deploy malicious code. [ more ]

The Verge

PSA: Update Chrome browser now to avoid an exploit already in the wild

Google released a critical security update for Chrome to patch a zero-day vulnerability.

The vulnerability, CVE-2023-6345, allows hackers to remotely access personal data and deploy malicious code. [ more ]

SecurityWeek

Zimbra Collaboration Suite

Web design

Google Patches Seventh Chrome Zero-Day of 2023

Google has released a security update to address a zero-day vulnerability in the Chrome browser.

The vulnerability (CVE-2023-6345) is an integer overflow bug in the Skia graphics library used in Chrome and other browsers.

Google has patched several other high-severity vulnerabilities with this update. [ more ]

moreChrome

SecurityWeek

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.

The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.

Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]

SecurityWeek

moreZimbra Collaboration Suite

Zimbra Zero-Day Exploited to Hack Government Emails

A Zimbra Collaboration Suite zero-day vulnerability was exploited to steal email data from government organizations in multiple countries.

The exploit, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) bug that requires the user to click on a malicious link.

Google's Threat Analysis Group observed multiple campaigns exploiting the zero-day and linked the attacks to a Russian APT known as Winter Vivern. [ more ]

Engadget

1 week ago

Google just patched the fifth zero-day exploit for Chrome this year

Google issued a security update for Chrome browser to address a zero-day vulnerability, the fifth this year for the company. [ more ]

Ars Technica

1 week ago

Google patches its fifth zero-day vulnerability of the year in Chrome

Google has patched a high-severity zero-day vulnerability in Chrome, marking the fifth update this year to protect against malicious exploits. [ more ]

The Verge

PSA: Update Chrome browser now to avoid an exploit already in the wild

Google released a critical security update for Chrome to patch a zero-day vulnerability.

The vulnerability, CVE-2023-6345, allows hackers to remotely access personal data and deploy malicious code. [ more ]

Dark Reading

Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw

A proof of concept exploit is now available for a critical zero-day vulnerability in Windows SmartScreen technology.

The vulnerability allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts.

Organizations should address this bug promptly to mitigate the risk of phishing attacks and malware distribution. [ more ]

Dark Reading