A week in security (December 31, 2018 – January 6, 2019)

Last week on Labs, we looked back at 2018 as the year of data breaches, homed in on pre-installed malware on mobile devices, and profiled a malicious duo, Vidar and GandCrab. Other cybersecurity news 2019's first data breach: It took less than 24 hours. An unauthorized third-party downloaded 30,0...

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer IE Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google's Threat Analysis Grou...

Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim hcsshim library that could allow remote attackers to run malicious code on Windows computers. Windows Host Compute Service Shim hcsshim i...

Fixing the Meltdown and Spectre vulnerabilities

Two days ago, Graz University of Technology published a paper describing a pair of attacks on common microprocessors. The underlying vulnerability affects Intel, AMD, and ARM processors. All contemporary microprocessors pre-execute instructions. In other words, the vulnerability bypasses address...

Apple Announces Emergency Patch to Fix High Sierra Login Bug

Apple said on Wednesday that it will rush an emergency patch to users that fixes an embarrassing login bug in its High Sierra operating system. The patch is expected to be pushed out by Apple sometime Wednesday, according to a company spokesperson. The serious High Sierra login bug surfaced...

Emergency Apple Patch Fixes High Sierra Password Hint Leak

Apple rushed out an emergency patch Thursday that fixed an incredulous bug in its shiny new High Sierra operating system that revealed APFS volume passwords via the password hint feature. Brazilian researcher Matheus Mariano of Leet Tech found the bug and privately disclosed it to Apple. He said...

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...

Mozilla Patches Pwn2Own Zero Day in Firefox

Mozilla was quick to patch a zero day vulnerability identified in the Firefox browser at the Pwn2Own hacking competition last week. The company remedied the issue just shy of 24 hours of being made aware of the flaw, pushing out the updated version 52.0.1 of the browser late Friday. Asa Dotzler,...

Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!

Microsoft is once again facing embarrassment for not patching a vulnerability on time. Yes, Google's Project Zero team has once again publicly disclosed a vulnerability with POC exploit affecting Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows...

iOS 9.3.5 emergency release behind the truth:NSO using the iPhone 0day without clicking on a remote compromised iPhone（8 on 2 6 May 1 3:4 1 Update-bug warning-the black bar safety net

! According to the Washington Post reported, many people think that their iPhone is absolutely safe, but the latest research shows that Apple's mobileoperating systemin iOS over the years always the presence of three previously unknown“zero-day exploit”, in fact Apple users are always in danger...

Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor. One of the world's most invasive software weapon distributors, called the NSO Group, h...

Adobe Flash Player is really into a hopeless situation-vulnerability and early warning-the black bar safety net

! Adobe Flash Player can be smoothly applied to a variety of platforms, but it is also because its application is broad and its own vulnerability, causing it to always be hackers of all ages, this time is no exception. For a long time, hackers always like to use some of the underground network to...

Adobe to issue Emergency Patch for Critical Flash Player Vulnerability

Adobe has been one of the favorite picks of the Hackers to mess with any systems devoid of any operating systems, as Flash Player is a front runner in all the browsers. Hackers have already been targeting Flash Player for long by exploiting known vulnerabilities roaming in the wild. Despite Adobe...

Emergency Java Patch Re-Issued for 2013 Vulnerability

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...

Android Rooting Application Emergency Patch

A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws...

Oracle Issues Emergency Java Update for Windows

The US-based software maker Oracle delivered an unusual out-of-box emergency patch for Java in an effort to fix a during-installation flaw on the Windows platforms. The successful exploitation of the critical vulnerability, assigned CVE-2016-0603, could allow an attacker to trick an unsuspecting...

Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

'Ridiculous' Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

If you have installed Trend Micro's Antivirus on your Windows computer, then Beware. Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software. The Popular antivirus maker and security firm...

Patch now! Adobe releases Emergency Security Updates for Flash Player

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches. Adobe released an out-of-band security update on Monday to address Nineteen 19 vulnerabilities in its Flash Player, including one CVE-2015-8651 that is being exploited in the wild. All the programmin...

Juniper ScreenOS Backdoor Password

Researchers from two security firms have uncovered the password guarding one of the backdoors discovered in Juniper Networks’ ScreenOS, the operating system behind its NetScreen enterprise-grade firewalls. Fox-IT and Rapid7 found the secret code, which was disguised to look like debug code, said...