July 22, 2024 at 10:47AM Summary: The “EvilVideo” zero-day vulnerability in Telegram for Android allowed threat actors to send malicious APK payloads disguised as video files. ESET researchers discovered the flaw and notified Telegram, which released a patch in version 10.14.5. The exploit required multiple steps for execution, reducing the risk of successful attacks. Users … Read more
July 16, 2024 at 12:09PM Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat … Read more
June 12, 2024 at 06:16PM Symantec’s threat hunters suspect Black Basta ransomware gang exploited a Windows privilege escalation bug, CVE-2024-26169, before Microsoft’s patch. Symantec’s analysis suggests the ransomware could have been compiled pre-patch, allowing “at least one group” to exploit the vulnerability as a zero-day. The ransomware gang, tracked as Storm-1811, used social engineering attacks … Read more
June 12, 2024 at 03:13PM Google has released patches for 50 security vulnerabilities affecting its Pixel devices. One flaw, CVE-2024-32896, has been targeted in zero-day attacks and is considered a high-severity issue. The company advises all supported Google devices to accept the 2024-06-05 patch update. Pixel users must go to Settings > Security & privacy … Read more
June 12, 2024 at 12:45PM Symantec reported that a ransomware group possibly exploited a patched Windows privilege escalation vulnerability before Microsoft’s fix. The flaw, tracked as CVE-2024-26169, could allow attackers to obtain System privileges. Symantec found evidence suggesting the Black Basta ransomware group exploited this vulnerability as a zero-day, hitting over 500 organizations globally. Summary … Read more
June 12, 2024 at 05:15AM China-backed threat actors accessed 20,000 Fortinet FortiGate systems globally by exploiting a critical vulnerability, with the operation impacting Western governments, international organizations, and defense companies. The attackers deployed a backdoor to maintain remote access and spread malware, highlighting the increasing trend of targeting edge devices for cyber attacks. For more … Read more
May 29, 2024 at 11:40AM Check Point warns of zero-day vulnerability in Network Security gateway products, exploited by threat actors. Tracked as CVE-2024-24919, it affects various products. Attackers could read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled. Hotfixes are available for impacted versions. Recent attacks targeted VPN devices to … Read more
May 16, 2024 at 05:09AM Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed. From the meeting notes, … Read more
May 10, 2024 at 04:09AM Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability of 2024, which is a high-severity “user after free” issue in the Visuals component. The update addresses potential data leakage, code execution, and crashes. Users are advised to confirm they have the latest version … Read more
April 24, 2024 at 02:09PM Cisco issued a warning about professional, nation state-backed hackers exploiting two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. The campaign, known as ArcaneDoor, aims to exploit software defects in Cisco products, potentially exfiltrate data, and execute commands. Cisco recommended ensuring proper … Read more