Pierluigi Paganini
August 28, 2018
A security researcher has publicly disclosed the details of zero-day privilege escalation vulnerability affecting all Microsoft’s Windows operating systems A security researcher who handles the Twitter account @SandboxEscaper has disclosed the details of zero-day privilege escalation vulnerability affecting Microsoft’s Windows operating systems that could be exploited by a local attacker or malicious program to obtain system privileges on […]
Pierluigi Paganini
July 03, 2018
Microsoft published technical details of 2 zero-days that have been recently discovered after someone uploaded a weaponized PDF file to VirusTotal. Security researchers from Microsoft have published technical details of two zero-day vulnerabilities that have been recently discovered after someone uploaded a weaponized PDF file to VirusTotal. The two issues were addressed by Microsoft with […]
Pierluigi Paganini
June 07, 2018
Adobe has recently fixed several vulnerabilities, including the CVE-2018-5002 Flash Zero-Day exploited in targeted attacks in the Middle East Adobe has released security updates for Flash Player that address four vulnerabilities, including a critical issue (CVE-2018-5002) that has been exploited in targeted attacks mainly aimed at entities in the Middle East. The CVE-2018-5002 vulnerability, reported by researchers at […]
Pierluigi Paganini
June 03, 2018
Cyber criminals recently added the code for the CVE-2018-8174 Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. Crooks recently added the code for an Internet Explorer zero-day vulnerability to the infamous RIG exploit kit. The Internet Explorer zero-day vulnerability, tracked as CVE-2018-8174, was first discovered a few weeks ago, it affects VBScript implemented in Internet Explorer and Microsoft […]
Pierluigi Paganini
June 01, 2018
A North Korea-linked APT group, tracked as Andariel Group, leveraged an ActiveX zero-day vulnerability in targeted attacks against South Korean entities. According to a report published by South Korean cyber-security firm AhnLab, the Andariel Group is a division of the dreaded Lazarus APT Group, it already exploited ActiveX vulnerabilities in past attacks The attackers exploited at […]
Pierluigi Paganini
May 31, 2018
Dmitri Kaslov, a security researcher at Telspace Systems, discovered a vulnerability in the JScript component of the Windows operating system that can be exploited by an attacker to execute malicious code on a target computer. Kaslov disclosed the zero-day flaw through the Trend Micro Zero-Day Initiative (ZDI) back in January, then ZDI experts reported it […]
Pierluigi Paganini
May 22, 2018
Security experts from Qihoo 360 Netlab discovered the operators behind the TheMoon botnet are now leveraging a zero-day exploit to target GPON routers. Researchers from security firm Qihoo 360 Netlab reported that cybercriminals are continuing to target the Dasan GPON routers, they recently spotted threat actors using another new zero-day flaw affecting the same routers and recruit them in […]
Pierluigi Paganini
May 09, 2018
Microsoft has released the May 2018 Patch Tuesday that addresses more than 60 vulnerabilities, including two Windows zero-day flaws that can be exploited for remote code execution and privilege escalation. Microsoft May 2018 Patch Tuesday includes security patches for 67 vulnerabilities, including two zero-days that have already been exploited in the wild by threat actors. The […]
Pierluigi Paganini
April 20, 2018
Security researchers at the 360 Core Security observed an APT group exploiting a zero-day vulnerability in IE, dubbed âdouble playâ. The flaw is still unfixed. Security researchers at the 360 Core Security uncovered a zero-day vulnerability in IE, dubbed âdouble playâ, that was triggered by weaponized MS Office documents. The experts have been observing an APT group targeting a […]
Pierluigi Paganini
February 15, 2018
Bitmessage developers have issued an emergency update for the PyBitmessage client that patches a critical remote code execution vulnerability that has been exploited in attacks. Bitmessage development team has rolled out an emergency patch to address a zero-day vulnerability in the PyBitmessage client for Bitmessage, which a Peer-to-Peer (P2P) communications protocol used to send encrypted […]
