zero-day – Page 3 – SSL and internet security news

Paragon: Yet Another Cyberweapons Arms Manufacturer

August 3, 2021 infossl

cyberweapons, encryption, patching, privacy, Security technology, smartphones, spyware, surveillance, Uncategorized, zero-day

Forbes has the story: Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get … Read More “Paragon: Yet Another Cyberweapons Arms Manufacturer” »

Details of the REvil Ransomware Attack

July 8, 2021 infossl

cyberattack, malware, ransomware, russia, Security technology, supply chain, Uncategorized, vulnerabilities, zero-day

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s … Read More “Details of the REvil Ransomware Attack” »

Google’s Project Zero Finds a Nation-State Zero-Day Operation

April 8, 2021 infossl

cyberattack, google, Security technology, terrorism, Uncategorized, zero-day

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to … Read More “Google’s Project Zero Finds a Nation-State Zero-Day Operation” »

More on the Chinese Zero-Day Microsoft Exchange Hack

March 10, 2021 infossl

china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

Four Microsoft Exchange Zero-Days Exploited by China

March 4, 2021 infossl

china, microsoft, patching, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Powered by WPeMatico

On Vulnerability-Adjacent Vulnerabilities

February 15, 2021 infossl

exploits, incentives, patching, Security technology, Uncategorized, zero-day

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they were spotted, the researchers saw one … Read More “On Vulnerability-Adjacent Vulnerabilities” »