Microsoft Releases Advisory on Zero-Day Vulnerability CVE-2020-0674, Workaround Provided

On January 17, Microsoft published an advisory (ADV200001) warning users about CVE-2020-0674, a remote code execution (RCE) vulnerability involving Microsoft’s Internet Explorer (IE) web browser. A patch has not yet been released as of the time of writing — however, Read More …

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day Read More …

Android: New StrandHogg vulnerability is being exploited in the wild

Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. In a comprehensive report published today, Read More …

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows. According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are Read More …

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Read More …

Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies

Chinese cyberspies have developed malware that alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that can let hackers connect to any account by using a “magic password.” Furthermore, as an added benefit, the backdoor also hides user Read More …

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Read More …