zero day Archives - IT LinesIT Lines

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

23 Nov, 2020 0-day, Cloud Security, Command injection, CVE-2020-4006, privilege escalation, Security News, security vulnerability, VMware Identity Manager, VMware Workspace One Access, vmware zero-day, Vulnerabilities, zero day 0 Comments 0

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

19 Nov, 2020 apt, Attackers, China, Cicada, domain controller, Exploit, Government, Malware, Microsoft, Microsoft Active Directory, privilege escalation, Security News, threat actors, Vulnerability, zero day, zerologon 0 Comments 0

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, . . . Read more

2 More Google Chrome Zero-Days Under Active Exploitation

12 Nov, 2020 actively exploited, Apple, Browser, chrome, CVE-2020-16013, CVE-2020-16017, freetype, google, Google Project Zero, Linux, Mac, patch, remote attackers, remote code execution, Security Bugs, Security News, stable channel release, Vulnerabilities, Web Security, Windows, zero day, Zero Day Project 0 Comments 0

Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to . . . Read more

S3 Ep5: Chrome, Flash and malware for sale [Podcast]

05 Nov, 2020 Buer, chrome, cybercrime, Exploit, google, Malware, malware as a service, Naked Security Podcast, Security News, Uncategorized, zero day 0 Comments 0

by Paul Ducklin In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair. Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro . . . Read more

Another Chrome zero-day, this time on Android – check your version!

04 Nov, 2020 Android, chrome, Chromium, CVE-2020-16010, Exploit, google, Google Chrome, Security News, Vulnerability, zero day 0 Comments 0

Another week, another Chrome zero-day, this time on your phone.

Oracle Solaris Zero-Day Attack Revealed

03 Nov, 2020 bluekeep, CVE-2020-14871, Exploit, Hacks, Malware, Oracle, oracle solaris, Security News, SLAPSTICK, unc1945, Vulnerabilities, zero day 0 Comments 0

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw. A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that . . . Read more

Two Chrome Browser Updates Plugs Holes Actively Targeted by Exploits

03 Nov, 2020 Android, Browser, Bug Bounty, chrome, google, Google Project Zero, Google Threat Analysis Group, Javascript, Mobile Security, remote code execution, Security News, Security Researchers, Security Update, Vulnerabilities, zero day 0 Comments 0

Patches for both the Chrome desktop and Android browser address high-severity flaws with known exploits available in the wild.

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

02 Nov, 2020 7-day disclosure, Buffer Overflow, Bug, crash, CVE-2020-17087, Exploit, Google Project Zero, in the wild, ioctl, Kernel, Local Privilege Escalation, Proof-of-Concept, Sandbox escape, Security News, security vulnerability, Vulnerabilities, Windows, Windows 10, zero day 0 Comments 0

Google Project Zero disclosed the bug before a patch becomes available from Microsoft.

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

30 Oct, 2020 apt, Attackers, Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, domain controller, Exploit, Government, Hacks, Microsoft, Microsoft Active Directory, patch, privilege escalation, Security News, threat actors, Vulnerabilities, Vulnerability, zero day, zerologon 0 Comments 0

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed . . . Read more

S3 Ep3: Cryptography, hacking and pwning Chrome [Podcast]

23 Oct, 2020 crypto, Cryptography, cybercrime, google, Google Chrome, Naked Security Podcast, podcast, Security News, Vulnerability, zero day 0 Comments 0

Listen to the latest Naked Security podcast!

What's Your IT Question?

All posts in zero day