-
New Zero-Day Exploit for Bug in Windows 10 Task Scheduler
Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft's monthly cycle of security updates.
- May 21, 2019
- 09:29 PM
1
-
BlueKeep Remote Desktop Exploits Are Coming, Patch Now!
Security researchers have created exploits for the remote code execution vulnerability in Microsoft's Remote Desktop Services, tracked as CVE-2019-0708 and dubbed BlueKeep, and hackers may not be far behind.
- May 20, 2019
- 09:44 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Public 10KBLAZE Exploits May Impact 90% of SAP Production Systems
Roughly 90% out of an estimated total of 1,000,000 SAP production systems could currently be at risk of being hacked by threat actors which can use a series of publicly released critical exploits dubbed 10KBLAZE to attack misconfigured SAP installations.
- May 02, 2019
- 09:39 AM
- 0
-
Sodinokibi Ransomware Being Installed on Exploited WebLogic Servers
Attackers are exploiting a recently disclosed WebLogic vulnerability to install a new ransomware called Sodinokibi. As this vulnerability is trivial to exploit, it is important that server admins install the patch immediately in order to prevent infections or unauthorized access.
- April 30, 2019
- 08:01 PM
- 0
-
Demo Exploit Code Available for Privilege Escalation Bug in Windows
Proof-of-concept exploit code for a privilege escalation vulnerability affecting Windows operating system has been published today, soon after Microsoft rolled out its monthly batch of security patches.
- April 10, 2019
- 03:35 AM
- 0
-
Microsoft's April 2019 Patch Tuesday Fixes 74 Vulnerabilities
Today is Microsoft's April 2019 Patch Tuesday, which means Windows admins are getting ready to pull their hair out while testing the new patches and security updates released by Microsoft. Included in this month's updates are fixes for two vulnerabilities that have been spotted being actively exploited in the wild.
- April 09, 2019
- 02:13 PM
- 0
-
Qt5-Based GUI Apps Susceptible to Remote Code Execution
Through a little known command line argument, applications that configure custom protocol handlers and are are developed using the Qt5 graphical user interface framework can be exposed to a remote code execution vulnerability.
- April 05, 2019
- 02:58 PM
- 2
-
80% of the Top Exploited Vulnerabilities Targeted Microsoft in 2018
Eight out of the top ten vulnerabilities exploited by cybercriminals as part of phishing, exploit kits, or RAT attacks during 2018 targeted Microsoft's software products, continuing a trend started in 2017.
- March 19, 2019
- 11:10 AM
- 0
-
New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices
A new Mirai variant comes with eleven new exploits, the enterprise WePresent WiPG-1000 Wireless Presentation system and the LG Supersign TV being the most notable new devices being targeted.
- March 18, 2019
- 11:54 AM
- 0
-
Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug
A code execution vulnerability in WinRAR generated over a hundred distinct exploits in the first week since its disclosure, and the number of exploits keeps on swelling.
- March 15, 2019
- 12:13 PM
- 1
-
Google Chrome Update Patches Zero-Day Actively Exploited in the Wild
Google updated the release announcement for the Chrome web browser version 72.0.3626.121 with a warning that the 0day patched in the release is being actively exploited in the wild.
- March 06, 2019
- 12:58 PM
- 0
-
Hackers Revive Microsoft Office Equation Editor Exploit
Hackers used specially-crafted Microsoft Word documents during the last few months to abuse an Integer Overflow bug that helped them bypass sandbox and anti-malware solutions and exploit the Microsoft Office Equation Editor vulnerability patched 15 months ago.
- March 06, 2019
- 08:00 AM
- 0
-
Cloudflare Deploys Firewall Rule to Block New Drupal Exploits
Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudflare using Web Application Firewall (WAF) rules designed to protect its customers' websites from being compromised.
- March 05, 2019
- 07:15 PM
- 0
-
Windows 10 IoT Core Test Interface Lets Attackers Take Over Devices
Embedded and IoT cable-connected devices running Microsoft's Windows 10 IoT Core are exposed to remote command execution attacks with SYSTEM privileges that require no authentication, with the help of an open source RAT tool released on GitHub.
- March 04, 2019
- 02:13 PM
- 0
-
Researcher Declines to Share Zero-Day macOS Keychain Exploit with Apple
Security researcher Linus Henze demoed a zero-day macOS exploit impacting the Keychain password management system which can store passwords for applications, servers, and websites, as well as sensitive information related to banking accounts.
- February 06, 2019
- 03:03 PM
- 0
-
Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks
A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates.
- November 14, 2018
- 07:50 AM
- 0
-
Retracted: New Microsoft Edge Browser Zero-Day RCE Exploit in the Works
Details are about to emerge about a zero-day remote code execution vulnerability in the Microsoft Edge web browser, as two researchers plan to reveal a proof-of-concept and publish a general write up. Microsoft has not been told the details of this vulnerability.
- November 04, 2018
- 11:14 AM
- 0
-
Libssh CVE-2018-10933 Scanners & Exploits Released - Apply Updates Now
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices.
- October 22, 2018
- 06:31 PM
- 0
-
jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew
Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited.
- October 19, 2018
- 10:43 AM
- 1
-
Fallout Exploit Kit Pushing the SAVEfiles Ransomware
Last week the Fallout Exploit kit was distributing the GandCrab ransomware. This week, it has started to distribute a new ransomware called SAVEfiles, for lack of a better name, through malvertising campaigns.
- September 14, 2018
- 06:11 PM
- 0
