What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in zero day

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, . . . Read more

2 More Google Chrome Zero-Days Under Active Exploitation

Browser users are once again being asked to patch severe vulnerabilities that can lead to remote code execution. Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to . . . Read more

S3 Ep5: Chrome, Flash and malware for sale [Podcast]

by Paul Ducklin In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of “malware-as-a-service“, and the malware risks from image search. Also (oh! no!), why you should take care before you pair. Presenters: Kimberly Truong, Doug Aamoth and Paul Ducklin. Intro . . . Read more

Oracle Solaris Zero-Day Attack Revealed

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw. A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that . . . Read more

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed . . . Read more