Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- Apple releases emergency update for iPhones, iPads, and Apple Watch
March 27, 2021
Apple has released an emergency update to patch a serious vulnerability (https://support.apple.com/en-us/HT212258) found in iOS, iPadOS, and watchOS. The patches are iOS 14.4.2, iPadOS 14.4.2, and watchOS 7.3.3, respectively. The vulnerability, discovered by Google’s Threat Analysis Group, affects Apple’s WebKit browser engine, and what makes this an urgent update is the fact that the Apple claims that ...
- Hacking group used 11 zero-days to attack Windows, iOS, Android users
March 20, 2021
Project Zero, Google’s zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020. This month’s report showcases the use of seven zero-days ...
- Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors
March 11, 2021
Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — in Microsoft Exchange Server. Microsoft ...
- Microsoft Exchange Servers Face APT Attack Tsunami
March 11, 2021
Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions ...
- Accellion zero-day claims a new victim in cybersecurity company Qualys
March 4, 2021
Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability. The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the ...
- Threat Assessment: Active Exploitation of Four Zero-Day Vulnerabilities in Microsoft Exchange Server
March 4, 2021
On Mar. 2, 2021, Volexity reported in-the-wild-exploitation of four Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065. As a result of these vulnerabilities being exploited, adversaries can access Microsoft Exchange Servers and allow installation of additional tools to facilitate long-term access into victims’ environments. There has also been a report of multiple threat actors leveraging ...