Collaborate Disseminate
Microsoft has recently released its MSRC Researcher Recognition Program Award Winners that basically covers several key areas of vulnerability research categories that are basically targeting a variety of Microsoft-based online platforms products and s… Continue reading Microsoft Releases Its MSRC Researcher Recognition Program Award Winners – An Analysis
Piling more on NSO Group’s legal troubles, Apple is suing it:
The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.
NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.
More news:
Apple’s legal complaint provides new information on NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. …
Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.
From an article:
Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report…
Continue reading MacOS Zero-Day Used against Hong Kong Activists
I just don’t think it’s possible to create a hack-proof computer system, especially when the system is physically in the hands of the hackers. The Sony Playstation 5 is the latest example:
Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend, with the hacking group Fail0verflow claiming to have managed to obtain PS5 root keys allowing them to decrypt the console’s firmware.
[…]
The two exploits are particularly notable due to the level of access they theoretically give to the PS5’s software. Decrypted firmware which is possible through Fail0verflow’s keys would potentially allow for hackers to further reverse engineer the PS5 software and potentially develop the sorts of hacks that allowed for things like installing Linux, emulators, or even pirated games on …
The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits:
One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools.
Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards.
At the top of the food chain are the government-sponsored hackers. China alone is suspected to be responsible for nine zero-days this year, says Jared Semrau, a director of vulnerability and exploitation at the American cybersecurity firm FireEye Mandiant. The US and its allies clearly possess some of the most …
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
Apple patched the vulnerability; everyone needs to update their OS immediately.
News articles on the exploit.
Continue reading Zero-Click iMessage Exploit
Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government.
These are particularly scary exploits, since they don’t require to victim to do anything, li… Continue reading Zero-Click iPhone Exploits
Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday. The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software. Security fixes have been available since May 25, but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and Cyber Command, a U.S. military unit, urged users to update their software after researchers discovered at least one public exploit for the vulnerability. “Please patch immediately!” the command tweeted on Saturday. VMware itself issued an urgent advisory telling clients to apply the patch on May 25. As corporations and government agencies increasingly use cloud computing to consolidate data, the value of flaws in code built by VMware and other vendors has only grown. Bad Packets, a […]
The post US Cyber Command, CISA warn of hackers exploiting critical VMware flaw appeared first on CyberScoop.
Continue reading US Cyber Command, CISA warn of hackers exploiting critical VMware flaw
Every month Microsoft releases software updates to fix vulnerabilities across the company’s vast line of technology products. The ritual, known as Patch Tuesday, often involves security experts urging users to update their software, and researchers gaining some public recognition after months of quietly working to mitigate the flaws. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, though, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits. The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for 47% of the exploits that forum users requested, according to Trend […]
The post Market for software exploits is often focused on Microsoft flaws, years-old technology appeared first on CyberScoop.
The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Digital Defense, Inc..
The post 10 Exploits Cybersecurity Professionals are Concerned About appeared first on Security Boulevard.
Continue reading 10 Exploits Cybersecurity Professionals are Concerned About