Patched WinRAR Bug Still Under Active Attack – Thanks to No Auto-Updates

Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, Read More …

The fourth horseman: CVE-2019-0797 vulnerability

The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to Read More …

Hide yo’ kids, hide yo’ clouds: Zerodium offering big bucks for cloud zero-days

Exploit vendor Zerodium announced today plans to pay a whopping $500,000 for zero-days in popular cloud technologies like Microsoft’s Hyper-V and (Dell) VMware’s vSphere. Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors –software that lets Read More …

New macOS zero-day allows theft of user passwords

A German security researcher has published a video over the weekend showing a new zero-day affecting Apple’s macOS desktop operating system. In an interview to German tech site Heise, Linus Henze, the security researcher, says the vulnerability allows a malicious app running Read More …

Hackers are going after Cisco RV320/RV325 routers using a new exploit

Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises. ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco Read More …

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage Read More …

Adobe Issues Emergency Patches for Two Critical Flaws in Acrobat and Reader

Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the company’s Acrobat and Reader for both the Windows and macOS operating systems. Though the San Jose, California-based software company did not give details about the vulnerabilities, it did Read More …

Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak

On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Read More …

For the fourth month in a row, Microsoft patches Windows zero-day used in the wild

Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day Read More …