Exploit Archives - IT LinesIT Lines

Facebook patches Messenger audio snooping bug – update now!

20 Nov, 2020 Exploit, Facebook, Facebook Messenger, Privacy, Security News, Vulnerability 0 Comments 0

by Paul Ducklin Modern telephony is full of anachronisms. For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up. But when was the last time you saw, let alone used, a phone . . . Read more

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

19 Nov, 2020 apt, Attackers, China, Cicada, domain controller, Exploit, Government, Malware, Microsoft, Microsoft Active Directory, privilege escalation, Security News, threat actors, Vulnerability, zero day, zerologon 0 Comments 0

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, . . . Read more

S3 Ep5: Chrome, Flash and malware for sale [Podcast]

05 Nov, 2020 Buer, chrome, cybercrime, Exploit, google, Malware, malware as a service, Naked Security Podcast, Security News, Uncategorized, zero day 0 Comments 0

by Paul Ducklin In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair. Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro . . . Read more

Another Chrome zero-day, this time on Android – check your version!

04 Nov, 2020 Android, chrome, Chromium, CVE-2020-16010, Exploit, google, Google Chrome, Security News, Vulnerability, zero day 0 Comments 0

Another week, another Chrome zero-day, this time on your phone.

Oracle Solaris Zero-Day Attack Revealed

03 Nov, 2020 bluekeep, CVE-2020-14871, Exploit, Hacks, Malware, Oracle, oracle solaris, Security News, SLAPSTICK, unc1945, Vulnerabilities, zero day 0 Comments 0

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw. A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that . . . Read more

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

02 Nov, 2020 7-day disclosure, Buffer Overflow, Bug, crash, CVE-2020-17087, Exploit, Google Project Zero, in the wild, ioctl, Kernel, Local Privilege Escalation, Proof-of-Concept, Sandbox escape, Security News, security vulnerability, Vulnerabilities, Windows, Windows 10, zero day 0 Comments 0

Google Project Zero disclosed the bug before a patch becomes available from Microsoft.

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

30 Oct, 2020 apt, Attackers, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, domain controller, Exploit, Government, Hacks, Microsoft, Microsoft Active Directory, patch, privilege escalation, Security News, threat actors, Vulnerabilities, Vulnerability, zero day, zerologon 0 Comments 0

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed . . . Read more

Chrome zero-day in the wild – patch now!

21 Oct, 2020 Bug, chrome, Chromium, Exploit, google, Google Chrome, Security News, Vulnerability, zero day 0 Comments 0

by Paul Ducklin Do you browse with Google Chrome or a related product such as Chromium? If so, please check that your auto-updater is working and that you have the latest version. A trip to the About Chrome or About Chromium dialog should give the version identifier 86.0.4240.111. That’s the . . . Read more

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

14 Oct, 2020 Cloud Security, Craig Young, critical bug, CVE-2020-5135, Denial of Service, DoS, Exploit, Network Security Appliance, pre-authentication, RCE, remote code execution, Security News, security vulnerability, SonicWall, stack-based buffer overflow, Tripwire, trivial, vpn portal, Vulnerabilities, Web Security, worm 0 Comments 0

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Windows “Ping of Death” bug revealed – patch now!

14 Oct, 2020 CVE-2020-16899, Exploit, IPv6, Microsoft, patch tuesday, ping of death, Security News, Vulnerability 0 Comments 0

by Paul Ducklin Every time that critical patches come out for any operating system, device or app that we think you might be using, you can predict in advance what we’re going to say. Patch early, patch often. After all, why risk letting the crooks sneak in front of you . . . Read more

What's Your IT Question?

All posts in Exploit