Google reveals details on active vulnerability affecting Windows 10, 7

By Waqas
Google Project Zero has disclosed a Windows 0day vulnerability that lets attackers to escape Chrome sandboxes and run malware on Windows.
This is a post from HackRead.com Read the original post: Google reveals details on active vulnerability a… Continue reading Google reveals details on active vulnerability affecting Windows 10, 7

Zoom Hacked Accounts, North Korean Hackers, Facebook Senior Pictures

In episode 117 for April 20th 2020: More problems for Zoom with tens of thousands of compromised credentials and zero-day exploits, the $5 million dollar reward for information on North Korean hackers, and why it might not be the best idea to post your… Continue reading Zoom Hacked Accounts, North Korean Hackers, Facebook Senior Pictures

Zyxel 0day Affects its Firewall Products, Too

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. Continue reading Zyxel 0day Affects its Firewall Products, Too

Zyxel Fixes 0day in Network Storage Devices

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.

Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale. Continue reading Zyxel Fixes 0day in Network Storage Devices

Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program

This is your Shared Security Weekly Blaze for March 11th 2019 with your host, Tom Eston. In this week’s episode: a new Google Chrome Zero-Day, how Facebook uses your phone number, and the shutdown of the NSA’s phone data collection program…. Continue reading Google Chrome Zero-Day, Facebook Phone Number Privacy, NSA Phone Data Collection Program

Zerodium offers $2 million for iOS zero-days

A startup company famous for purchasing zero-day exploits is increasing its bounties to anyone who discovers one in Apple operating systems or popular messaging technologies. Zerodium on Monday announced it will pay up to $2 million for remote iOS jailbreaks, $1 million for information that allows remote code execution in WhatsApp, iMessage, or texting apps, and $500,000 for Google Chrome exploits. The bounties are up from $1.5 million, $500,000, and $200,000, respectively. Such price increases are in part a reflection of tighter security in popular technology, Zerodium founder Chaouki Bekrar told CyberScoop in 2017. “The price that Zerodium puts on a product is always an indication of the security of that product; the higher the price, the better is the security of the product,” he said. While many companies offer bug bounties for their own products, Zerodium offers a different service. The Washington-based firm pays for original research that it […]

The post Zerodium offers $2 million for iOS zero-days appeared first on CyberScoop.

Continue reading Zerodium offers $2 million for iOS zero-days

Zerodium offers $2 million for iOS zero-days

A startup company famous for purchasing zero-day exploits is increasing its bounties to anyone who discovers one in Apple operating systems or popular messaging technologies. Zerodium on Monday announced it will pay up to $2 million for remote iOS jailbreaks, $1 million for information that allows remote code execution in WhatsApp, iMessage, or texting apps, and $500,000 for Google Chrome exploits. The bounties are up from $1.5 million, $500,000, and $200,000, respectively. Such price increases are in part a reflection of tighter security in popular technology, Zerodium founder Chaouki Bekrar told CyberScoop in 2017. “The price that Zerodium puts on a product is always an indication of the security of that product; the higher the price, the better is the security of the product,” he said. While many companies offer bug bounties for their own products, Zerodium offers a different service. The Washington-based firm pays for original research that it […]

The post Zerodium offers $2 million for iOS zero-days appeared first on CyberScoop.

Continue reading Zerodium offers $2 million for iOS zero-days