Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw

Posted onJune 7, 2019

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for Read More …

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Posted onJune 3, 2019June 5, 2019

A researcher has revealed a zero-day flaw in Apple’s Mojave operating system tied to the way the OS verifies apps. The bug allows attackers to sneak past macOS security measures and run whitelisted apps that have been manipulated to run Read More …

Zebrocy’s Multilanguage Malware Salad

Posted onJune 3, 2019June 7, 2019

Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back Read More …

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Posted onMay 15, 2019May 20, 2019

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in Read More …

Update WhatsApp now: Bug lets snoopers put spyware on your phone with just a call

Posted onMay 14, 2019

WhatsApp has disclosed a serious vulnerability in the messaging app that gives snoops a way to remotely inject Israeli spyware on iPhone and Android devices simply by calling the target. The bug, detailed in a Monday Facebook advisory for CVE-2019-3568, is Read More …

Mysterious hacker has been selling Windows 0-days to APT groups for three years

Posted onMay 1, 2019May 2, 2019

For the past three years, a mysterious hacker has been selling Windows zero-days to at least three cyber-espionage groups, as well as cyber-crime gangs, researchers from Kaspersky Lab have told ZDNet. The hacker’s activity reinforces recent assessments that some government-backed cyber-espionage Read More …

Old-school cruel: Dodgy PDF email attachments enjoying a renaissance

Posted onApril 19, 2019April 23, 2019

The last few months have seen a big increase in malware attacks using PDF email attachments, according to security firm SonicWall. “Increasingly, email, Office documents and now PDFs are the vehicle of choice for malware and fraud in the cyber Read More …

New zero-day vulnerability CVE-2019-0859 in win32k.sys

Posted onApril 15, 2019April 18, 2019

CVE-2019-0859 is a Use-After-Free vulnerability that is presented in the CreateWindowEx function. During execution CreateWindowEx sends the message WM_NCCREATE to the window when it’s first created. By using the SetWindowsHookEx function, it is possible to set a custom callback that Read More …

Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data

Posted onApril 2, 2019

On March 30th, security researcher James Lee disclosed information on two zero-day vulnerabilities present in current versions of Microsoft Edge and Internet Explorer. These vulnerabilities make it possible for confidential information to be shared between websites. A flaw in the same-origin policy Read More …

Cisco Patches High-Severity Flaws in IP Phones

Posted onMarch 21, 2019March 25, 2019

The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem. Cisco Systems is urging customers to update several models of their Read More …

Cyber Security Review

Unique content I Global reach I Direct mailing and online

Zero-Day