154 matches found
Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered
Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing...
Vulnerabilities fixed in Apple iOS and iPadOS
Vulnerabilities have been fixed in Apple iOS and iPadOS, including three 0-day vulnerabilities. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Increased user...
Tenda Router Zero-Days Emerge in Spyware Botnet Campaign
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. In addition to denial-of-service DoS attacks, this variant also has remote-access trojan RAT and spyware capabilities. According to 360Netlab, the botnet is unusual in a few ways. For one, on the RAT...
This Week in Security News: Microsoft Patches 120 Vulnerabilities, Including Two Zero-Days and Trend Micro Brings DevOps Agility and Automation to Security Operations Through Integration with AWS Solutions
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about one of Microsoft’s largest Patch Tuesday updates ever, including fixes for 120 vulnerabilities and two zero-days. Also, learn abo...
News Wrap: Nintendo Account Hacks, Apple Zero Days, NFL Security
For the week ended April 24, Threatpost editors discuss the hottest cybersecurity news stories, including: Apple zero days disclosed in the iPhone iOS that researchers say have been exploited for years. Meanwhile, Apple has pushed back and said there’s no evidence to support such activity. Ninten...
This Week in Security News: Security Researcher Discloses Four IBM Zero-Days After Company Refused to Patch and Trend Micro Integrates with Amazon AppFlow
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about a security researcher who has published details about four zero-day vulnerabilities impacting an IBM security product after the...
Russian Hackers Went After San Francisco International Airport
Plus: Windows zero days, Covid-19 spam, and more of the week's top security news...
Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday , and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely. Microsoft today released the latest batch of software security updates for a...
An Elite Spy Group Used 5 Zero-Days to Hack North Koreans
South Korea is a prime suspect for exploiting the secret software vulnerabilities in a sophisticated espionage campaign...
This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how fileless malware abuses PowerShell. Also, read how Trend Micro researchers are pulling back the curtain on the cybercriminal...
News Wrap: IoT Radio Telnet Backdoor And 'SimJacker' Active Exploit
Threatpost editors break down the biggest news stories of this week ended Sept. 13, including: Researchers warning that more than one billion mobile users are at risk from a SIM card flaw being currently exploited by threat actors A Telnet backdoor opened more than 1 million Imperial Dabman IoT...
Apple Claims Google is Spreading FUD Over Patched iPhone Bugs
Apple has called out Google for promoting a “false impression” about iOS vulnerabilities the iPhone maker said it fixed in February. It claims Google is unnecessarily panicking Apple customers. On Aug. 29, Ian Beer of Google’s Project Zero published a blog post that took a “very deep dive” into 1...
Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days
Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 milli...
Unprecedented new iPhone malware discovered
A post by Ian Beer of Google Project Zero released late yesterday evening sent the security community reeling. According to Beer, a small set of websites had been hacked in February and were being used to attack iPhones, infecting them with malware. These sites, which see thousands of visitors pe...
Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...
Jobberbase 2.0 - (subscribe) SQL Injection Exploit
Exploit for php platform in category web applications !/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is...
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
Microsoft’s August Patch Tuesday release contains updates for 93 CVEs, including 29 that are rated critical in severity. The highest priority of these include four critical remote code-execution RCE vulnerabilities in Remote Desktop Services RDS and a critical RCE flaw in Microsoft Word. Also, tw...
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?
ARCHIVED STORY IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? By Steve Povolny · April 18, 2019 Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we...
Improved Fallout EK comes back after short hiatus
Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...
Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup
Microsoft has rolled out its August Patch Tuesday fixes, addressing 19 critical vulnerabilities, including fixes for two zero-day vulnerabilities that are under active attack. Overall, the company patched a total of 60 flaws, spanning Microsoft Windows, Edge, Internet Explorer IE, Office, .NET...