184 matches found
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
l4j-info Compiling valuable links as I find them documenting C...
CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)
Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...
Ongoing Exploitation of Windows Installer CVE-2021-41379
CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-41379 | Microsoft Advisory | AttackerKB | Scheduled when patched | ASAP when released | December 3, 2021 3:00 PM ET See the Updates section at the end of this post for new informatio...
Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos...
A week in security (Nov 8 – Nov 14)
Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...
Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!
Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could...
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...
A week in security (Sept 6 – Sept 12)
Last week on Malwarebytes Labs Apple delays plans to search devices for child abuse imagery. ProtonMail hands user’s IP address and device info to police, showing the limits of private email. Patch now! Netgear fixes serious smart switch vulnerabilities. Tor vs VPN—What is the difference? Windows...
Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online
Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million...
PuzzleMaker attacks with Chrome zero-day exploit chain
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for...
PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code
In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...
Exploit Details Emerge for Unpatched Microsoft Bug
New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...
Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities...
Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor ," the improved sandbox system for iMessage data was...
New Chrome 0-day Under Active Attacks – Update Your Browser Now
Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security...
Magecart Attack Impacts More Than 10K Online Shoppers
One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information...
'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison
The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed...
Apple Jailbreak Zero-Day Gets a Patch
Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. In its notes for the release, Apple says very little else about the patches overall that it pushed o...
New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5
A hacker team has released a new method to jailbreak iPhones that they claim uses a zero-day exploit that allows them to jailbreak iPhones running iOS 11 through Apple’s most recent version of its mobile operating system – iOS 13.5. Calling it a “big milestone for jailbreaking,” one of its...
New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug
The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version. Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said...