Lucene search
K

154 matches found

The Hacker News
The Hacker News
added 2022/04/13 3:22 a.m.170 views

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities

Microsoft's Patch Tuesday updates for the month of April have addressed a total of 128 security vulnerabilities spanning across its software product portfolio, including Windows, Defender, Office, Exchange Server, Visual Studio, and Print Spooler, among others. 10 of the 128 bugs fixed are rated...

10CVSS0.5AI score0.91316EPSS
Exploits22
hivepro
hivepro
added 2022/03/14 4:24 p.m.231 views

Weekly Threat Digest: 7 – 13 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 538 16 3 42 19 89 The second week of March 2022 witnessed the discovery of 538 vulnerabilities out of which 16...

9.3CVSS0.4AI score0.99999EPSS
Exploits456
Malwarebytes
Malwarebytes
added 2022/01/17 11:39 a.m.18 views

A week in security (January 10 – 16)

Last week on Malwarebytes Labs: Ransomware cyberattack forces New Mexico jail to lock down Some Android users can disable 2G now and why that is a good thing Phishers on the prowl with fake parking meter QR codes Update now: Microsoft patches 97 bugs including 6 zero-days and a wormable one...

0.7AI score
Exploits0
hivepro
hivepro
added 2022/01/12 7:30 a.m.76 views

Microsoft Patch Tuesday fixes critical zero-days along with 97 other flaws

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Microsoft has fixed 97 vulnerabilities, with nine classified as Critical and 88 as Important and among them 6 zero-days. Following are the type of security vulnerabilities reported in multiple Microsoft products: 41 Elevation...

10CVSS1.3AI score0.9279EPSS
Exploits24
ThreatPost
ThreatPost
added 2022/01/11 9:54 p.m.83 views

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days. The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows...

10CVSS9.2AI score0.9279EPSS
Exploits24References22
Qualys Blog
Qualys Blog
added 2021/11/22 3:54 p.m.17 views

Euronet Worldwide: Speedy, Global Response to Threats Reduces Risk

After years of using manual processes and systems to manage its IT inventory and track vulnerabilities, racking up costs, and increasing the complexity of asset and vulnerability management, Euronet Worldwide needed a way to get a single, accurate and timely view of risk exposure at the group...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/11/11 1:7 a.m.206 views

Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities

Microsoft Patch Tuesday – November 2021 Microsoft patched 55 vulnerabilities in their November 2021 Patch Tuesday release, of which six are rated as critical severity and six were previously reported as zero-days. Critical Microsoft Vulnerabilities Patched CVE-2021-42298 - Microsoft Defender Remo...

9.3CVSS9.6AI score0.90388EPSS
Exploits11
ThreatPost
ThreatPost
added 2021/11/09 9:41 p.m.92 views

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...

9.8CVSS9.2AI score0.99999EPSS
Exploits75References20
Qualys Blog
Qualys Blog
added 2021/10/13 2:14 p.m.186 views

Microsoft & Adobe Patch Tuesday (October 2021) – Microsoft 74 Vulnerabilities with 3 Critical, 4 Zero-Days. Adobe 10 Vulnerabilities

Microsoft Patch Tuesday – October 2021 Microsoft patched 74 vulnerabilities in their October 2021 Patch Tuesday release, of which three are rated as critical severity and four were previously reported as zero-days. Critical Microsoft Vulnerabilities Patched CVE-2021-40449 - Win32k Elevation of...

7.2CVSS0.3AI score0.73381EPSS
Exploits11
Malwarebytes
Malwarebytes
added 2021/10/12 4:7 p.m.78 views

Update now! Apple patches another privilege escalation bug in iOS and iPadOS

Apple has released a security update for iOS and iPad that addresses a critical vulnerability reportedly being exploited in the wild. The update has been made available for iPhone 6s and later, iPad Pro all models, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iP...

9.3CVSS9.5AI score0.75994EPSS
Exploits8
The Hacker News
The Hacker News
added 2021/10/01 3:30 a.m.115 views

Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws

Google on Thursday pushed urgent security fixes for its Chrome browser, including a pair of new security weaknesses that the company said are being exploited in the wild, making them the fourth and fifth actively zero-days plugged this month alone. The issues, designated as CVE-2021-37975 and...

9.6CVSS0.2AI score0.70435EPSS
Exploits13
ThreatPost
ThreatPost
added 2021/09/30 10:38 p.m.73 views

Google Emergency Update Fixes Two Chrome Zero Days

Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...

9.6CVSS9.3AI score0.64546EPSS
Exploits4References7
ThreatPost
ThreatPost
added 2021/08/11 3:34 p.m.34 views

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, while the key may be interesting to security researchers, it’s not likely to be of use to any of...

6.6AI score
Exploits0References22
ThreatPost
ThreatPost
added 2021/07/23 12:21 p.m.74 views

Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator VSA platform, affecte...

7.3AI score
Exploits0References8
The Hacker News
The Hacker News
added 2021/05/07 1:20 p.m.53 views

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday by security researcher Axel Persinger, who...

9.8CVSS2.4AI score0.14195EPSS
Exploits6
Malwarebytes
Malwarebytes
added 2021/03/08 1:4 p.m.128 views

A week in security (March 1 – 7)

Last week on Malwarebytes Labs, our podcast featured Eva Galperin who talked to us about defending online anonymity and speech. We wrote about how Ryuk ransomware has developed a worm-like capability, how Exchange servers are attacked by Hafnium zero-days, 21 million free VPN users’ data was...

6.8AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/03/04 7:3 p.m.37 views

Four Microsoft Exchange Zero-Days Exploited by China

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD 3/12: Exchange Online is not affected...

1.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2021/01/20 12:0 p.m.31 views

Sophisticated Watering Hole Attack

Googles Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android: Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers both companies have since patched t...

2AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2021/01/15 2:0 p.m.36 views

Hackers Used Zero-Days to Infect Windows and Android Devices

Google researchers say the campaign, which booby-trapped sites to ensnare targets, was carried out by a “highly sophisticated actor.”...

3.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/09 9:9 a.m.4 views

Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen

FireEye, one of the largest cybersecurity firms in the world, said on Tuesday it became a victim of a state-sponsored attack by a "highly sophisticated threat actor" that stole its arsenal of Red Team penetration testing tools it uses to test the defenses of its customers. The company said it's...

5.8AI score
Exploits0
Rows per page
Query Builder