-
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device.
- October 30, 2024
- 01:36 PM
0
-
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely.
- October 29, 2024
- 04:21 PM
1
-
How Black Rifle Coffee slashed offboarding from weeks to minutes
Manual IAM processes slow down IT and introduce risk.
In this webinar, see how Black Rifle Coffee leverages automation to reduce offboarding time from weeks to minutes, save 120 hours of analyst time, and strengthen their security posture - all without adding headcount.
-
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline.
- October 29, 2024
- 03:15 PM
- 0
-
QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition.
- October 29, 2024
- 01:35 PM
- 0
-
Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland
The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices.
- October 26, 2024
- 05:42 AM
- 0
-
QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875.
- October 25, 2024
- 02:57 AM
- 0
-
Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes.
- October 24, 2024
- 10:01 AM
- 0
-
Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant.
- October 24, 2024
- 01:05 AM
- 0
-
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space.
- October 23, 2024
- 02:03 PM
- 0
-
Fortinet warns of new critical FortiManager flaw used in zero-day attacks
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.
- October 23, 2024
- 11:05 AM
- 1
-
Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland
On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes.
- October 23, 2024
- 10:01 AM
- 1
-
Google: 70% of exploited flaws disclosed in 2023 were zero-days
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software.
- October 16, 2024
- 06:12 PM
- 1
-
Malicious ads exploited Internet Explorer zero day to drop malware
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data.
- October 16, 2024
- 09:59 AM
- 3
-
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
- October 09, 2024
- 01:34 PM
- 1
-
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited.
- October 08, 2024
- 02:16 PM
- 2
-
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
- October 08, 2024
- 12:05 PM
- 1
-
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets.
- October 07, 2024
- 02:30 PM
- 0
-
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.
- September 16, 2024
- 03:53 PM
- 0
-
Windows vulnerability abused braille “spaces” in zero-day attacks
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group.
- September 15, 2024
- 02:16 PM
- 2
-
Adobe fixes Acrobat Reader zero-day with public PoC exploit
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit.
- September 11, 2024
- 01:42 PM
- 3
