Category: zero-day

Auto Added by WPeMatico

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Posted on By infossl
cyberattack, google, Security technology, terrorism, Uncategorized, zero-day

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to … Read More “Google’s Project Zero Finds a Nation-State Zero-Day Operation” »

More on the Chinese Zero-Day Microsoft Exchange Hack

Posted on By infossl
china, cybersecurity, hacking, microsoft, patching, Security technology, Uncategorized, zero-day

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »

On Vulnerability-Adjacent Vulnerabilities

Posted on By infossl
exploits, incentives, patching, Security technology, Uncategorized, zero-day

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they were spotted, the researchers saw one … Read More “On Vulnerability-Adjacent Vulnerabilities” »