-
Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild.
- November 01, 2019
- 07:20 AM
0
-
Cloudflare Now Blocks the vBulletin RCE CVE-2019-16759 Exploit
This week a zero-day vBulletin remote code execution vulnerability and exploit was publicly disclosed and is being used by bad actors to attack vBulletin forums. Cloudflare has now created a special rule that will prevent this exploit from working on vBulletin sites behind Cloudflare's service.
- September 29, 2019
- 11:11 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Botnet Uses Recent vBulletin Exploit to Block Other Hackers
A botnet has been detected utilizing the recently disclosed vBulletin exploit to secure vulnerable servers so that they cannot be used by other attackers. This allows the botnet to grow their army of compromised servers without fear that other attackers will utilize the same server.
- September 26, 2019
- 03:00 AM
- 1
-
vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch
A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years.
- September 25, 2019
- 10:37 AM
- 1
-
Public BlueKeep Exploit Module Released by MetaSploit
A public exploit module for the BlueKeep Windows vulnerability has been added today to the open-source Metasploit penetration testing framework, developed by Rapid7 in collaboration with the open-source community.
- September 06, 2019
- 01:40 PM
- 0
-
Glupteba Malware Uses Bitcoin Blockchain to Update C2 Domains
A new variant of the Glupteba malware dropper is using the Bitcoin blockchain to fetch command and control (C2) server domains from Bitcoin transactions marked with OP_RETURN script opcodes.
- September 04, 2019
- 02:03 PM
- 0
-
Zerodium Makes Android Zero Days More Expensive Than iOS
Exploit broker Zerodium has updated the payouts for eligible zero-day Android and iOS exploits, with rewards for Android 0days having surpassed the ones for iOS for the first time since 2015 when the company was founded.
- September 03, 2019
- 10:29 AM
- 0
-
Google Warns iPhone Users of Data-Stealing Malware Attacks
Five privilege escalation exploit chains actively used to compromise iOS devices have been discovered in the wild by Google's Threat Analysis Group (TAG) and Project Zero teams earlier this year.
- August 30, 2019
- 01:49 PM
- 0
-
Cisco Warns of Public Exploit Code for Critical Switch Flaws
Cisco updated the security advisories for three vulnerabilities patched in early August warning customers that its Product Security Incident Response Team (PSIRT) team is aware of public exploit code being available.
- August 22, 2019
- 04:22 PM
- 0
-
iOS 12.4 Jailbreak Released After Apple Unpatches Older Bug
iOS security researcher Pwn20wnd released a public jailbreak for the latest stable iOS version after Apple reintroduced a vulnerability patched in iOS 12.3, previously exploited to jailbreak iOS 12.2.
- August 19, 2019
- 02:16 PM
- 0
-
New Echobot Botnet Variant Uses Over 50 Exploits to Propagate
A new variant of Echobot botnet has been spotted to include over 50 exploits leading to remote code execution (RCE) vulnerabilities in various Internet-of-Things devices.
- August 06, 2019
- 01:04 PM
- 0
-
BlueKeep RCE Exploit Module Added to Penetration Testing Tool
Security outfit Immunity has included a fully working BlueKeep exploit in their CANVAS automated pentesting utility with the release of version 7.23, on July 23.
- July 25, 2019
- 05:17 PM
- 0
-
Bad McAfee Exploit Prevention Update Blocked Windows Logins
An update for the McAfee Endpoint Security (ENS) security software was released today that caused major headaches for system administrators all over the world as it prevented users from being able to login to their computers.
- July 10, 2019
- 05:46 PM
- 2
-
Firefox 0-day Used in Targeted Attacks Against Cryptocurrency Firms
The employees of Coinbase and other cryptocurrency firms were the target of an attack utilizing a recent Firefox zero-day and malware payloads in order to gain access to victim's computers, networks, and sensitive information.
- June 20, 2019
- 11:50 AM
- 0
-
Microsoft Issues Warning on Spam Campaign Using Office Exploits
Microsoft has issued a warning Friday night about an active spam campaign targeting European languages that is utilizing an exploit that could infect users simply by opening the attached document.
- June 07, 2019
- 10:24 PM
- 0
-
Attackers Stitch Together Frankenstein Campaign Using Free Tools
Threat actors behind a highly-targeted series of cyber attacks spanning from January to April 2019 have been seen employing malicious tools built using freely available components to infect victims with malware designed to harvest credentials.
- June 04, 2019
- 01:30 PM
- 0
-
BlackSquid Uses 7 Exploits to Infect Web Servers with Miners
A newly discovered cryptomining threat targeting web servers, network drives, and removable drives comes filled to the brim with exploits and precautions against analysis tools and environments.
- June 03, 2019
- 08:59 PM
- 0
-
Nansh0u Miner Attack Infects 50K MS-SQL, PHPMyAdmin Servers
More than 50,000 MS-SQL and PHPMyAdmin were compromised by Chinese hackers and used to surreptitiously mine for TurtleCoin as part of a large-scale cryptojacking campaign dubbed Nansh0u.
- May 29, 2019
- 11:47 AM
- 0
-
Two More Windows 10 Zero-Day PoC Exploits Released, Brings Total to 4
After releasing exploit code for three zero-day vulnerabilities in Windows 10 over the past 48 hours, security researcher and exploit developer SandboxEscaper today has published two more, bypass for the CVE-2019-0841 patch and LPE PoC exploit dubbed InstallerBypass.
- May 23, 2019
- 01:02 PM
- 2
-
PoC Exploits Released for Two More Windows Vulnerabilities
Right on the heels of a privilege escalation zero-day vulnerability for Windows 10 released yesterday, the same researcher has released two more zero-day vulnerabilities
- May 23, 2019
- 03:30 AM
- 2
