Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- The fourth horseman: CVE-2019-0797 vulnerability
March 13, 2019
The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. ...
- Google reveals Chrome zero-day under active attacks
March 6, 2019
Google revealed yesterday that a patch for Chrome last week was actually a fix for a zero-day that was under active attacks. The attacks exploited CVE-2019-5786, a security flaw and the only patch included in the Chrome 72.0.3626.121 version, released last Friday, March 1, 2019. According to an update to its original announcement and a tweet from Google Chrome’s security lead, ...
- Hide yo’ kids, hide yo’ clouds: Zerodium offering big bucks for cloud zero-days
March 5, 2019
Exploit vendor Zerodium announced today plans to pay a whopping $500,000 for zero-days in popular cloud technologies like Microsoft’s Hyper-V and (Dell) VMware’s vSphere. Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors –software that lets a single “host” server create and run one or more virtual “guest” operating systems. Virtualization software is ...
- New macOS zero-day allows theft of user passwords
February 6, 2019
A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system. In an interview to German tech site Heise, Linus Henze, the security researcher, says the vulnerability allows a malicious app running on a macOS system to get access to passwords stored inside the Keychain –the password management ...
- Hackers are going after Cisco RV320/RV325 routers using a new exploit
January 27, 2019
Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises. ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities. The vulnerabilities are: CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details ...
- Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever
January 8, 2019
Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications. Zerodium—a startup by the infamous French-based company Vupen that buys and sells ...