Collaborate Disseminate
Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an u… Continue reading Iranian APT, Equifax, & Crowdfense – Hack Naked News #210
Researchers at Google have found previously unkown vulnerabilities – one in Google Chrome and the other in Microsoft Windows – that they say attackers have been exploiting in tandem. Both zero-day vulnerabilities could allow hackers to escape the “sandboxes” that software programs use as safeguards against malicious activity. The vulnerability in Chrome, the web’s most popular browser, affects Chrome’s FileReader API, and could allow an attacker to carry out remote code execution. The Windows vulnerability, which Google researchers had been exploited on Windows 7, could give a hacker the ability to escalate privileges on a certain Windows kernel driver, letting the attacker break out of a security sandbox. Google has released a patch for the Chrome vulnerability, while Microsoft is still working on its own, according to Clement Lecigne, a researcher with Google’s Threat Analysis Group. “The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser […]
The post Google researchers uncover two zero-days affecting Chrome, Windows appeared first on CyberScoop.
Continue reading Google researchers uncover two zero-days affecting Chrome, Windows
The FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks. Continue reading FruityArmor APT Group Used Recently Patched Windows Zero Day