News • Insights • Analysis
Cyber-security firm the NCC Group said on Sunday that it detected active exploitation attempts against a zero-day vulnerability in SonicWall networking devices. Details about the nature of the vulnerability have not been made public to prevent other threat actors from Read More …
Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively Read More …
Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and Read More …
Microsoft addressed a Critical RCE vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. We are reminding our customers that beginning with the February 9, 2021 Security Update release we will be enabling Domain Controller enforcement mode by default. Read More …
Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Read More …
Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that Read More …
A free micropatch fixing a local privilege escalation (LPE) vulnerability in Microsoft’s Windows PsExec management tool is now available through the 0patch platform. PsExec is a fully interactive telnet-replacement that allows system admins to execute programs on remote systems. PsExec Read More …
Flash Player will reach its end of life (EOL) on January 1, 2021, after always being a security risk to those who have used it over the years. Over the years, multiple zero-day and critical vulnerabilities [1, 2, 3, 4] Read More …
At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app, an academic research group said today. Citizen Read More …
Hewlett Packard Enterprise (HPE) has disclosed a zero-day bug in the latest versions of its proprietary HPE Systems Insight Manager (SIM) software for Windows and Linux. While security updates are not yet available for this remote code execution (RCE) vulnerability, Read More …
