Lucene search
K

553 matches found

The Hacker News
The Hacker News
added 2021/06/10 4:14 a.m.460 views

New Chrome 0-Day Bug Under Active Attacks – Update Your Browser ASAP!

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update it immediately to the latest version Google released earlier today. The internet services company has rolled out an urgent update to the browser to address 14 newly discovered...

8.8CVSS9.1AI score0.70435EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.185 views

CVE-2021-26419

Scripting Engine Memory Corruption Vulnerability Recent assessments: architect00 at May 14, 2021 10:33am UTC reported: Details The vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the jscript9.dll library, which is used to execute javascript. Possible attack...

8.8CVSS9AI score0.24188EPSS
In wildExploits3References3
Intel
Intel
added 2021/05/11 12:0 a.m.98 views

Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method

Summary: Updated Recommendations Section 04/04/2018 Today a team of security researchers disclosed several software analysis methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from many types of computing devices with many different vendors’...

5.6CVSS5.8AI score0.84172EPSS
Exploits3
GithubExploit
GithubExploit
added 2021/05/07 4:48 p.m.245 views

Exploit for Use After Free in Google Android

CVE-2019-2215 CVE-2019-2215 POC for kernel 3.18 Based on Madd...

7.8CVSS7.4AI score0.72105EPSS
Exploits27
Metasploit
Metasploit
added 2021/04/16 5:42 p.m.327 views

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller ADC, aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload. Module Options msf use exploit/freebsd/http/citrixdirtraversalrce msf exploitcitrixdirtraversalrce show...

9.8CVSS9.9AI score0.99999EPSS
Exploits48
ThreatPost
ThreatPost
added 2021/04/16 12:57 p.m.81 views

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Known for discovering a number of high-profile zero days—in Google’s own...

6.8AI score
Exploits0References11
GoogleProjectZero
GoogleProjectZero
added 2021/04/15 12:0 a.m.23 views

Policy and Disclosure: 2021 Edition

Posted by Tim Willis, Project Zero At Project Zero, we spend a lot of time discussing and evaluating vulnerability disclosure policies and their consequences for users, vendors, fellow security researchers, and software security norms of the broader industry. We aim to be a vulnerability research...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/04/08 11:6 a.m.53 views

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Googles Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by "Western government operatives actively conducting a counterterrorism operation": The exploits, which went back to early 202...

0.4AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/03/18 12:0 a.m.175 views

In-the-Wild Series: October 2020 0-day discovery

Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android,...

9.6CVSS8.5AI score0.5063EPSS
Exploits8
0day.today
0day.today
added 2021/03/12 12:0 a.m.70 views

F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write Vulnerability

Big IP's Traffic Management Microkernels TMM URI normalization incorrectly handles invalid IPv6 hostnames allowing for information disclosure and an out-of-bounds write condition. F5 Big IP - TMM urinormalizehost infoleak and out-of-bounds write Big IP's Traffic Management Microkernels TMM URI...

9.8CVSS9.3AI score0.61064EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/03/11 12:0 a.m.254 views

F5 Big IP TMM uri_normalize_host Information Disclosure / Out-Of-Bounds Write

F5 Big IP - TMM urinormalizehost infoleak and out-of-bounds write Big IP's Traffic Management Microkernels TMM URI normalization incorrectly handles invalid IPv6 hostnames: When urinormalizehost is called with a hostname of the form \u"abcdef\u", urinorminet6 is called with the substring abcdef a...

9.6AI score0.61064EPSS
Exploits3
Schneier on Security
Schneier on Security
added 2021/02/15 12:14 p.m.50 views

On Vulnerability-Adjacent Vulnerabilities

At the virtual Enigma Conference, Googles Project Zeros Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they...

Exploits0
The Hacker News
The Hacker News
added 2021/02/01 7:14 a.m.6 views

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.39 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor," the improved sandbox system for iMessage data was...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.4 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor ," the improved sandbox system for iMessage data was...

5.9AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/20 3:21 p.m.147 views

Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms

Google Project Zero researcher Natalie Silvanovich outlined what she believes is a common theme when it comes to serious vulnerabilities impacting leading chat platforms. The research, published Tuesday, identifies a common denominator within chat platforms, called “calling state machine”, which...

7.2AI score
Exploits0References14
Schneier on Security
Schneier on Security
added 2021/01/20 12:0 p.m.31 views

Sophisticated Watering Hole Attack

Googles Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers both companies have since patched t...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 11:16 a.m.7 views

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/20 11:16 a.m.41 views

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incomi...

0.1AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/01/12 12:0 a.m.182 views

Introducing the In-the-Wild Series

This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, head to the bottom of this post. At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this...

8.8CVSS8.8AI score0.78808EPSS
Exploits9
Rows per page
Query Builder