Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers
August 29, 2022
A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in versions 7.0.0 to 8.3.0 of the software, inclusive. Luckily there are no ...
- CISA releases 7 Industrial Control Systems Advisories
August 22, 2022
CISA has released 7 Industrial Control Systems (ICS) advisories on August 23, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-235-01 ARC Informatique PcVue ICSA-22-235-02 Delta Industrial Automation DIALink ICSA-22-235-03 myScada Pro ICSA-22-235-05 Measuresoft ScadaPro Server ICSA-22-235-06 ...
- Apple releases Safari 15.6.1 to fix zero-day bug used in attacks
August 18, 2022
Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. The zero-day patched today (CVE-2022-32893) is an out-of-bounds write issue in WebKit that could allow a threat actor to execute code remotely on a vulnerable device. “Processing maliciously crafted web content may lead to ...
- Apple security updates fix 2 zero-days used to hack iPhones, Macs
August 17, 2022
Apple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively ...
- Google, Apple squash exploitable browser bugs
August 17, 2022
Google has issued 11 security fixes for desktop Chrome, including one bug that has an exploit for it out in the wild. That high-severity vulnerability, tracked as CVE-2022-2856, is an improper input validation bug, and as per usual, Google doesn’t release many details about it until the bulk of Chrome users are updated and the code ...
- Three vulnerabilities in HDF5 file format could lead to remote code execution
August 16, 2022
Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5 gif2h5 tool that’s normally used to convert a GIF file to the HDF5 format, commonly used to store large amounts of ...