June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more
June 11, 2024 at 12:28PM Dutch Military Intelligence and Security Service (MIVD) warned of the significant impact of a Chinese cyber-espionage campaign. Exploiting a critical vulnerability in FortiOS/FortiProxy, Chinese hackers infected 14,000 devices, targeting governments, organizations, and defense industry. They deployed a remote access trojan malware, giving them permanent access to systems and breaching at … Read more
June 6, 2024 at 09:40AM Zero-day vulnerability in Check Point VPN products, CVE-2024-24919, is being exploited at an alarming rate since disclosure. GreyNoise reports exploitation allows access to sensitive data, lateral movement, and domain privileges. Over 10,000 exploitation attempts logged, with 781 unique IP addresses. Users are advised to apply available mitigations immediately. Key takeaways … Read more
May 29, 2024 at 09:34AM Check Point releases hotfixes for VPN zero-day exploited in attacks targeting remote access to firewalls and corporate networks. The vulnerability (CVE-2024-24919) affects Check Point Security Gateways and impacts various product versions. Security updates have been issued, and installation instructions provided. A remote access validation script is available to review results … Read more
May 24, 2024 at 05:36AM Google has released a new emergency security update for Chrome to address the eighth actively exploited zero-day vulnerability. Tracked as CVE-2024-5274, the high-severity ‘type confusion’ flaw in V8, Chrome’s JavaScript engine, can lead to crashes and data corruption. The fix is available for Windows and Mac, with updates for Linux … Read more
May 22, 2024 at 06:30AM Google announced the release of Chrome 125 update addressing six vulnerabilities, including four high-severity bugs reported by external researchers. The update resolves issues such as use-after-free flaw, type confusion bug in V8 JavaScript engine, and heap buffer overflow problems. Google has paid out bug bounty rewards ranging from $5,000 to … Read more
May 16, 2024 at 08:57AM A new zero-day vulnerability has been disclosed for Google Chrome, marking the third such bug revealed within a week. Google has released an emergency fix for the high-severity flaw (CVE-2024-4947) affecting Mac, Windows, and Linux. This type-confusion weakness in the Chrome V8 JavaScript engine can lead to browser crashes and … Read more
May 15, 2024 at 04:24AM In May 2024, Microsoft’s Patch Tuesday updates addressed 61 security flaws, including two zero-days actively exploited. A Critical flaw in the Windows MSHTML Platform and an Important one in the Desktop Window Manager were exploited in attacks. The vulnerabilities require urgent fixes to prevent widespread exploitation. Other vendors have also … Read more
May 14, 2024 at 03:43PM Microsoft released security updates addressing 60 vulnerabilities, including an actively exploited zero-day bug called CVE-2024-30051 with a severity score of 7.8/10. They also warned of CVE-2024-30040 allowing attackers to execute code in Microsoft 365, and CVE-2024-30044 for remote code execution in Microsoft Sharepoint, urging admins to take immediate action. From … Read more
May 14, 2024 at 02:23PM Microsoft has addressed a zero-day vulnerability, CVE-2024-30051, which allowed for privilege escalation through a heap-based buffer overflow in the Desktop Window Manager (DWM) core library on vulnerable Windows systems, facilitating delivery of QakBot and other malware. Kaspersky and other security researchers confirmed the exploitation and reported it to Microsoft. QakBot … Read more