Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor

Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor...

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web she...

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws CVE-2022-41040, CVE-2022-41082 that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Serv...

Finding 0-days with Jackalope

ARCHIVED STORY Finding 0-days with Jackalope By Douglas McKee · September 16, 2021 Overview On March 21st, 2021, the McAfee Enterprise Advanced Threat Research ATR team released several vulnerabilities it discovered in the Netop Vision Pro Education software, a popular schooling software used by...

Patch Tuesday - June 2021

It is another low volume Patch Tuesday this month as Microsoft releases fixes for 50 vulnerabilities. This should not diminish the importance of speedily applying the updates. 6 of the vulnerabilities being patched this month are 0-days under active exploitation CVE-2021-31955, CVE-2021-31956,...

Hackers used macOS 0-days to bypass privacy features, take screenshots

By Deeba Ahmed Apple has also issued patches for macOS Catalina, iOS, Mojave, watchOS, iPad, and the Safari browser security loopholes. This is a post from HackRead.com Read the original post: Hackers used macOS 0-days to bypass privacy features, take screenshots...

This Week in Security News: BEC Attacks and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the prevalence and impact of BEC attacks. Also, find out how botnet malware can perform remote code execution, DDoS attacks and...

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

It's Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49...

BWT EP5 - It Has Been 0-days Since This Term was Abused

Beers with Talos Episode 5 "It Has Been 0-days Since This Term was Abused" is now availableListen here:Listen via iTunesListen directly on the Talos Podcasts page.Episode Notes:The crew talks about the potential of Samba echoing WannaCry and blocking SMB ports but you already did that, RIGHT?. We...

Google Withdraws Pwn2Own Sponsorship, Sets Aside $1 Mil. For Prizes

Google threw down the gloves on their Chromium Blog yesterday with an announcement that they would pay out up to $1 million in prize money for Chrome exploits at CanSecWest this year. The blogpost also announces that Google will no longer sponsor or officially participate in Pwn2Own because of a...

Hackers to release 0-days in comics

Hackers to release 0-days in comics Hackers frequently disclose vulnerabilities in various products, but taking it to a whole new level, now hackers and malware coders are planning to release actual 0-days through their own comic books. The Malware conference, Malcon announced it on their groups...

Ryan Naraine on the Koobface Expose and SCADA 0-Day Disclosures

Dennis Fisher talks with long-lost Threatpost editor Ryan Naraine about the intricacies of the disclosure of the identities of the alleged Koobface gang members, whether we’ll see more of that kind of action and whether the recent trend toward disclosing 0-days in SCADA systems will continue...

Mediacoder 2011 RC3 m3u Buffer Overflow Exploit

Exploit for windows platform in category local exploits view source print? Exploit Title: Mediacoder 2011 RC3 0-days Exploit Google Dork: -- Date: 20 / 3 / 2011 Author: Oh Yaw Theng Software Link: http://www.mediacoderhq.com/getfile.htm?site=filemirror.s7icky.com&file=MediaCoder2011-RC3-5072.exe...

Mediacoder 2011 RC3 - '.m3u' Local Buffer Overflow

Exploit Title: Mediacoder 2011 RC3 0-days Exploit Google Dork: -- Date: 20 / 3 / 2011 Author: Oh Yaw Theng Software Link: http://www.mediacoderhq.com/getfile.htm?site=filemirror.s7icky.com&file=MediaCoder2011-RC3-5072.exe Version: 2011 RC3 Tested on: Windows XP SP2 CVE : -- !/usr/bin/python...

MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow Exploit(SEH)

Exploit for windows platform in category local exploits ============================================================= MediaCoder-0.7.5.4797.exe 0-days Buffer Overflow ExploitSEH ============================================================= Exploit Title: MediaCoder-0.7.5.4797.exe 0-days Buffer...

MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow (SEH)

Exploit for windows platform in category local exploits ====================================================== MediaCoder-0.7.5.4796.exe 0-days Buffer Overflow SEH ====================================================== Date: 04 / 12 / 2010 Author: Oh Yaw Theng Software Link:...

MediaCoder 0.7.5.4795 Buffer Overflow

Exploit Title: MediaCoder-0.7.5.4795.exe 0-days Buffer Overflow SEH Date: 02 / 12 / 2010 Author: Oh Yaw Theng Software Link: http://www.mediacoderhq.com/mirrors.htm?file=MediaCoder-0.7.5.4795.exe Version: v0.7.5.4795 Latest Version !! Tested on: Microsoft Windows XP SP2 CVE : N / A The vendor is...

Mediacoder 0.7.5.4797 - '.m3u' Local Buffer Overflow (SEH)

Exploit Title: MediaCoder-0.7.5.4795.exe 0-days Buffer Overflow SEH Date: 02 / 12 / 2010 Author: Oh Yaw Theng Software Link: http://www.mediacoderhq.com/mirrors.htm?file=MediaCoder-0.7.5.4795.exe Version: v0.7.5.4795 Latest Version !! Tested on: Microsoft Windows XP SP2 CVE : N / A The vendor is...