Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- Update Chrome – Google patches actively exploited zero-day vulnerability
January 18, 2024
Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up ...
- Ivanti vulnerabilities now actively exploited in massive numbers
January 17, 2024
The researchers that discovered the active exploitation are warning that these attacks are now very widespread. The fact that there are no patches available and users were asked to apply a workaround and monitor their network traffic for suspicious activity, may have contributed to the slow response to the sounded alarms. Almost 7000 devices remain vulnerable ...
- Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
January 10, 2024
Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used virtual private network appliance sold by Ivanti, researchers said Wednesday. Ivanti reported bare-bones details concerning the zero-days in posts published on Wednesday that urged customers to follow mitigation ...
- Operation Triangulation: The last (hardware) mystery
December 27, 2023
Today, on December 27, 2023, Boris Larin, Leonid Bezvershenko, and Georgy Kucherin delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of long-term research into Operation Triangulation, conducted with their colleagues, Igor Kuznetsov, Valentin ...
- How Outlook notification sounds can lead to zero-click exploits
December 21, 2023
An Akamai researcher has found two vulnerabilities in Windows that can be combined to achieve a full, zero-click remote code execution (RCE) in Outlook. Both vulnerabilities were responsibly disclosed to Microsoft and addressed in the August 2023 and October 2023 patch Tuesdays, so the researcher felt it was no problem to disclose their findings. The first ...
- A Log4Shell Retrospective – Overblown and Exaggerated
December 18, 2023
Two years ago, CVE-2021-44228 sent the security industry into a panic. The vulnerability, better known as Log4Shell, had security professionals working overtime through the holidays hunting down vulnerable log4j libraries. At the time, there was fear and confusion around what software was affected, which were exploitable, and where attackers would attack next. The reality was that ...