What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in zero day

Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs

Volt Typhoon, a Chinese state-sponsored hacking group, has been caught exploiting a zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers. CVE-2024-39717 was added to CISA’s “Known Exploited Vulnerabilities Catalog” on Aug. 23 after Lumen Technologies discovered its active exploitation. Data from Censys shows . . . Read more

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more

S3 Ep144: When threat hunting goes down a rabbit hole

by Paul Ducklin SING US A CYBERSECURITY SONG Why your Mac’s calendar app says it’s JUL 17. One patch, one line, one file. Careful with that {axe,file}, Eugene. Storm season for Microsoft. When typos make you sing for joy. No audio player below? Listen directly on Soundcloud. With Doug Aamoth . . . Read more

Zimbra Collaboration Suite warning: Patch this 0-day right now (by hand)!

by Paul Ducklin Popular collaboration product Zimbra has warned customers to apply a software patch urgently to close a security hole that it says “could potentially impact the confidentiality and integrity of your data.” The vulnerability is what’s known as an XSS bug, short for cross-site scripting, whereby performing an . . . Read more

Urgent! Apple fixes critical zero-day hole in iPhones, iPads and Macs

by Paul Ducklin The second-ever Apple Rapid Security Response just came out. That’s where the very latest versions of macOS, iOS and iPadOS get emergency patches that: Don’t take as long for Apple to build, test and publish as a full version update would. Don’t take as long to download . . . Read more

S3 Ep141: What was Steve Jobs’s first job?

by Paul Ducklin PONG FOR ONE!? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop . . . Read more

Apple patch fixes zero-day kernel hole reported by Kaspersky – update now!

by Paul Ducklin Right at the start of June 2023, well-known Russian cybersecurity outfit Kaspersky reported on a previously unknown strain of iPhone malware. Most notable about the original story was its strapline: Targeted attack on [Kaspersky] management with the Triangulation Trojan. Although the company ultimately said, “We’re confident that . . . Read more