zero-day – SSL and internet security news

Critical Vulnerability in libwebp Library

September 27, 2023 infossl

chrome, Chrome OS, ios, operating systems, Security technology, Uncategorized, vulnerabilities, zero-day

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code … Read More “Critical Vulnerability in libwebp Library” »

Microsoft Secure Boot Bug

May 17, 2023 infossl

microsoft, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs … Read More “Microsoft Secure Boot Bug” »

Hacks at Pwn2Own Vancouver 2023

March 27, 2023 infossl

adobe, cars, hacking, Security technology, Uncategorized, windows, zero-day

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. The first to fall was Adobe … Read More “Hacks at Pwn2Own Vancouver 2023” »

Apple Patches iPhone Zero-Day

December 16, 2022 infossl

apple, ios, iphone, patching, Security technology, Uncategorized, zero-day

The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.” News: Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug. WebKit bugs are often exploited when a … Read More “Apple Patches iPhone Zero-Day” »

Clever — and Exploitable — Windows Zero-Day

June 1, 2022 infossl

microsoft, patching, Security technology, Uncategorized, windows, zero-day

Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild. Here’s the advisory, which includes a work-around until a patch is available. Powered by WPeMatico

Zero-Day Vulnerabilities Are on the Rise

April 27, 2022 infossl

hacking, malware, ransomware, Security technology, Uncategorized, vulnerabilities, zero-day

Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021. Google: 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark … Read More “Zero-Day Vulnerabilities Are on the Rise” »

Chrome Zero-Day from North Korea

March 31, 2022 infossl

chrome, hacking, North Korea, Security technology, Uncategorized, zero-day

North Korean hackers have been exploiting a zero-day in Chrome. The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on … Read More “Chrome Zero-Day from North Korea” »

New DeadBolt Ransomware Targets NAT Devices

January 26, 2022 infossl

cyberattack, encryption, ransomware, Security technology, Uncategorized, zero-day

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension. Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a … Read More “New DeadBolt Ransomware Targets NAT Devices” »

More Log4j News

December 16, 2021 infossl

data protection, patching, Security technology, Uncategorized, vulnerabilities, zero-day

Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by … Read More “More Log4j News” »

MacOS Zero-Day Used against Hong Kong Activists

November 12, 2021 infossl

activism, apple, china, cybersecurity, exploits, google, hacking, Security technology, Uncategorized, zero-day

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected. From an article: Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised … Read More “MacOS Zero-Day Used against Hong Kong Activists” »