Google Project Zero – WindowsTechs.com

Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan

Posted on June 23, 2022 by AJ Vicens

The campaign is just the latest example of the increasingly sophisticated world of private zero-day exploit development, researchers said.

The post Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan appeared first on CyberScoop.

Continue reading Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan→

Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says

Posted on April 19, 2022 by AJ Vicens

There were 58 total. The good news: Detection and disclosure of zero-day exploits have increased, the research team says.

The post Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says appeared first on CyberScoop.

Continue reading Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says→

Project Zero researchers see promising trends in vulnerability fixes

Posted on February 10, 2022 by AJ Vicens

Big tech vendors generally are remediating serious bugs faster than they were three years ago, according to a new report from Google’s Project Zero. The data — while limited to vulnerabilities the group itself reported between January 2019 and December 2021, and influenced by what the group’s researchers have chosen to pursue — offers “a number of promising trends,” according to Ryan Schoen of Project Zero. “Vendors are fixing almost all of the bugs that they receive, and they generally do it within the 90-day deadline plus the 14-day grace period when needed,” he wrote. In 2021 there was not “a single 90 day deadline exceeded,” which could be because responsible disclosure policies are becoming more standard across the industry, “and vendors are more equipped to react rapidly to reports with differing deadlines,” he wrote. Under the team’s vulnerability disclosure policy, it privately tells a vendor about a bug first, […]

The post Project Zero researchers see promising trends in vulnerability fixes appeared first on CyberScoop.

Continue reading Project Zero researchers see promising trends in vulnerability fixes→

Bad patching practices are a breeding ground for zero-day exploits, Google warns

Posted on February 3, 2021 by Sean Lyngaas

Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability. The clients expect that software update to keep attackers from stealing sensitive information. But new data from Google’s elite hacking team, Project Zero, suggests that assumption is misplaced. One in four “zero-day,” or previously unknown, software exploits that the Google team tracked in 2020 might have been avoided “if a more thorough investigation and patching effort were explored,” Project Zero researcher Maddie Stone said Wednesday. In some cases, the attackers only changed a line or two of code to turn their old exploit into a new one. Many of the zero-day exploits were for popular internet browsers like Chrome, Firefox or Safari, exposing an array of users around the world. Project Zero’s sample size is modest, covering just 24 exploits in all. But the data points to a need for greater […]

The post Bad patching practices are a breeding ground for zero-day exploits, Google warns appeared first on CyberScoop.

Continue reading Bad patching practices are a breeding ground for zero-day exploits, Google warns→

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

Posted on January 15, 2021 by Richi Jennings

Google revealed a novel, complex, well-engineered campaign of targeted attacks. But there are more questions than answers.
The post Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom? appeared first on Security Boulevard.
Continue reading Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?→

Windows Zero-Day Still Circulating After Faulty Fix

Posted on December 24, 2020 by Tara Seals

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. Continue reading Windows Zero-Day Still Circulating After Faulty Fix→

An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’

Posted on December 2, 2020 by Joe Warminsky

If there’s one thing to read this week about Apple security, it’s researcher Ian Beer’s massive, spirited and highly detailed account of how he developed a powerful tool for breaking into nearby iPhones. The piece, “An iOS zero-click radio proximity exploit odyssey,” earned Beer high praise for his persistence in working out the attack, as well as thorough reporting of how he did it. He posted the magnum opus Tuesday on the blog for Google Project Zero, the tech giant’s team of zero-day hunters. Beer — known as one of the most skilled iOS hackers around — makes some things clear up top: The vulnerability was reported to Apple before the company launched coronavirus contact-tracing technology on iPhones in May. And no one should ever be lulled into a false sense of security, he says, when it comes to mobile devices. “The takeaway from this project should not be: no one will […]

The post An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’ appeared first on CyberScoop.

Continue reading An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’→

Category Archives: Google Project Zero