Samsung Zero-Day Vuln Under Active Exploit, Google Warns

October 22, 2024 at 05:38PM A critical zero-day vulnerability (CVE-2024-44068) in Samsung’s mobile processors allows arbitrary code execution. Discovered in the m2m scaler driver, it received an 8.1 CVSS score and was patched in October 2024. Reported by Google researchers, it includes privilege escalation and anti-forensic measures. **Meeting Takeaways:** 1. **Discovery of Vulnerability**: A zero-day … Read more

Qualcomm patches high-severity zero-day exploited in attacks

October 7, 2024 at 02:35PM Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service, caused by a use-after-free weakness. The vulnerability, reported by Google Project Zero and Amnesty International Security Lab, has been exploited in targeted attacks. Qualcomm urges immediate update deployment and has also fixed another severe … Read more

Rackspace monitoring data stolen in ScienceLogic zero-day attack

October 1, 2024 at 03:35PM Rackspace experienced a data breach due to a zero-day vulnerability in ScienceLogic’s third-party tool. ScienceLogic promptly developed a patch and distributed it to impacted customers. The breach exposed limited customer monitoring data, leading Rackspace to rotate credentials and inform customers. The impact on customers and potential exploitation attempts remains unknown. … Read more

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest

September 17, 2024 at 03:21PM VMware, owned by Broadcom, released critical-severity patches for two vulnerabilities in its vCenter Server. One vulnerability, CVE-2024-38812, poses a major risk of remote code execution, while the other, CVE-2024-38813, is a privilege escalation vulnerability. The flaws impact vCenter Server and Cloud Foundation versions, and patches are the only known solution. … Read more

Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day

September 16, 2024 at 09:36PM Microsoft has confirmed that a recently patched Internet Explorer vulnerability, CVE-2024-43461, was exploited as a zero-day before it was fixed. The flaw allowed malicious actors to hide the true file-type extension of a downloaded file, enabling the execution of malicious code. This exploit was used by the Void Banshee gang … Read more

Adobe patches Acrobat bug, neglects to mention whole zero-day, exploit thing

September 12, 2024 at 02:38PM Adobe’s patch for a remote code execution bug in Acrobat downplays the severity of a vulnerability, failing to mention it is considered a zero-day with a proof-of-concept exploit. Despite a CVSS base score of 7.8, a warning highlights its critical nature. Adobe has confirmed the need for a secondary fix. … Read more

Google fixes ninth Chrome zero-day exploited in attacks this year

August 22, 2024 at 11:22AM Google released a new emergency security update for Chrome to patch a zero-day vulnerability exploited in attacks. The high-severity CVE-2024-7971 vulnerability in Chrome’s V8 JavaScript engine was reported by Microsoft researchers. The update (128.0.6613.84/.85) will be automatically rolled out to users, and manual updates can be initiated through the Chrome … Read more

Google fixes ninth Chrome zero-day exploited in attacks this year

August 21, 2024 at 05:44PM Today, Google issued a new emergency security update for Chrome to address a zero-day vulnerability, marking the ninth such exploit targeted in attacks this year. Based on the meeting notes, it seems that today Google has released a new emergency security update for Chrome to address a zero-day vulnerability, which … Read more

Windows driver zero-day exploited by Lazarus hackers to install rootkit

August 19, 2024 at 11:37PM The North Korean Lazarus hacking group exploited a zero-day flaw in Windows AFD.sys driver to install the FUDModule rootkit on targeted systems. Microsoft fixed the flaw (CVE-2024-38193) in August 2024, along with seven other zero-day vulnerabilities. Gen Digital warned about the activities and targeting of the notorious group, which is … Read more

Google Patches Android Zero-Day Exploited in Targeted Attacks

August 6, 2024 at 04:00AM Google announced its August 2024 Android security patches, including a high-severity zero-day vulnerability, CVE-2024-36971, in the kernel that could be exploited for remote code execution. Other updates address over 40 vulnerabilities, many with ‘high severity’ ratings, in components like framework, system, Arm, Imagination Technologies, MediaTek, and Qualcomm. Wear OS patches … Read more

By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.
×