Zero-days

Scammers exploit Firefox bug and post scary warning message

• Frank Crast
• November 5, 2019
• Vulnerabilities & Exploits / Zero-days

Fraudsters are actively exploiting a bug in Firefox that causes the browser to freeze with a warning message the victim computer is running a pirated version of Windows.

Continue Reading

Chrome security update fixes zero-day exploited in the wild

• Frank Crast
• November 1, 2019
• Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

Google has released a new security update for Chrome browser 78.0.3904.87 for Windows, Mac and Linux. There are reports of one of those vulnerabilities CVE-2019-13720 being exploited in the wild.

Continue Reading

Hacker publishes vBulletin zero-day exploit

• Frank Crast
• September 25, 2019
• Vulnerabilities & Exploits / Zero-days

An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software. vBulletin is used on over 100,000 social websites.

Continue Reading

Microsoft issues out-of-band patches (Critical IE CVE-2019-1367 exploited in wild)

• Frank Crast
• September 24, 2019
• Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

Microsoft has released out-of-band patches for Internet Explorer and Microsoft Defender products. The IE zero-day bug is marked critical and is actively exploited in the wild.

Continue Reading

phpMyAdmin zero-day vulnerability (CVE-2019-12922)

• Frank Crast
• September 23, 2019
• Application Security / Vulnerabilities & Exploits / Zero-days

A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.

Continue Reading

Microsoft September 2019 Security Updates

• Frank Crast
• September 11, 2019
• Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

Microsoft issued the September 2019 Security Updates that include 79 unique vulnerability fixes, 17 of those rated critical. In addition, two of the patches address two 0-day Privileged Escalation vulnerabilities CVE-2019-1214 and CVE-2019-1215.

Continue Reading

iOS exploit chains discovered in the wild

• Frank Crast
• August 31, 2019
• Malware / Mobile Security / Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

A group of hackers have been using compromised websites to launch watering hole attacks against iPhone users who visit the websites. The attacks also use five different exploit chains and exploit 0-day vulnerabilities that don't require any user interaction.

Continue Reading

Firefox security update fixes critical zero-day flaw abused in the wild

• Frank Crast
• June 19, 2019
• Security Updates & Patches / Vulnerabilities & Exploits / Zero-days

Mozilla has released a security update that fixes a critical vulnerability in Firefox 67.0.3 and Firefox ESR 60.7.1.

Continue Reading

Home router TP-Link Zero-day vulnerability

• Frank Crast
• March 29, 2019
• Vulnerabilities & Exploits / Zero-days

A security researcher released details on a new zero-day vulnerability that impacts the TP-Link All-in-One SR20 Smart Home Router and Hub.

Continue Reading

New Windows zero-day vulnerability POC

• Frank Crast
• December 20, 2018
• Vulnerabilities & Exploits / Zero-days

A security researcher going by the name of SandboxEscaper has published online a new proof-of-concept (POC) for a new zero-day vulnerability that impacts Windows systems.

Continue Reading