What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in zero day

S3 Ep23: Hafnium happenings, I see you, and Pythonic poison [Podcast]

by Paul Ducklin Getting to grips with the HAFNIUM gang/vulnerabilities/exploits/webshells/attacks. Why it’s important to think before you share those home-based selfies. What you need to know about social engineering. How (not!) to prove a point when you’re a programmer. With Kimberly Truong and Paul Ducklin. Intro and outro music by . . . Read more

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Chrome zero-day browser bug found – patch now!

by Paul Ducklin Google, whose Project Zero bug-hunting team is often surprisingly vocal when describing and discussing software vulnerabilities, has taken a very quiet approach to a just-patched bug in its Chrome browser. In this case, the low-key announcement is understandable, because the patch fixes a hole that cybercrooks are . . . Read more

Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE. Four nation-state-backed advanced persistent threats (APTs) hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said. The attack, carried out in . . . Read more

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more

Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes

While 2021 will present evolving threats and new challenges, it will also offer new tools and technologies that will we hope shift the balance towards the defense. Predicting the future is always an iffy proposition.  There’s the Nostradamus route, making predictions so cryptic and vague they could mean just about . . . Read more

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, . . . Read more