Zero-day hackers exploit security vulnerabilities in software that the developers of that software are often completely oblivious about.
Imagine scrolling through your social media feed when a notification pops up, seemingly from a trusted friend. It contains a funny meme or a scandalous news story, but the link takes you to a different website. Clicking it feels harmless, a momentary distraction.
Read more…
Source: RTE News
Related:
- Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report
July 26, 2022
Software vulnerabilities remain a key avenue of initial access for attackers according to the 2022 Unit 42 Incident Response Report. While this underscores the need for organizations to operate with a well-defined patch management strategy, we’ve observed that attackers are increasingly quick to exploit high-profile zero-day vulnerabilities, further increasing the time pressure on organizations when ...
- CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
July 25, 2022
Rootkits are malware implants which burrow themselves in the deepest corners of the operating system. Although on paper they may seem attractive to attackers, creating them poses significant technical challenges and the slightest programming error has the potential to completely crash the victim machine. In our APT predictions for 2022, we noted that despite these ...
- Atlassian reveals critical flaws in almost everything it makes and touches
July 21, 2022
Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.” One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a specially crafted ...
- Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response
July 14, 2022
WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings together government and industry leaders to review and assess significant cybersecurity events to better protect ...
- Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
July 13, 2022
Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in October 2021. A fix for this vulnerability, now identified as CVE-2022-26706, was included in ...
- Security advisory accidentally exposes vulnerable systems
July 6, 2022
A security advisory for a vulnerability (CVE) published by MITRE has accidentally been exposing links to remote admin consoles of over a dozen vulnerable IP devices since at least April 2022. BleepingComputer became aware of this issue yesterday after getting tipped off by a reader who prefers to remain anonymous. The reader was baffled on seeing ...