Collaborate Disseminate
While Microsoft is still working on fixing a recently disclosed privilege escalation vulnerability in Windows, security firm ACROS Security has stepped in to provide a temporary patch for the flaw. The unofficial fix is available through 0patch.com, a… Continue reading Unofficial Patch Available for Latest Windows Zero-Day Exploit
A previously unknown vulnerability that allows attackers to obtain SYSTEM privileges on Windows computers has been publicly disclosed. Someone with the username SandboxEscaper posted a link to a proof-of-concept exploit on Twitter and then deleted the… Continue reading Someone Dropped a Windows Zero-Day Exploit on GitHub
In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Continue reading Delving deep into VBScript
Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild.
… Continue reading Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal
What’s the first step toward prioritizing security vulnerabilities? Know which open source components developers use in their code and monitor them for alerts using SAST tools.
The post How to Prioritize Security Vulnerabilities in SecDevOps appeared first on Security Intelligence.
Continue reading How to Prioritize Security Vulnerabilities in SecDevOps
Adobe Systems released a security update for Flash Player to fix four vulnerabilities, including one that was discovered in an attack targeting individuals and organizations from the Middle East. Two of the patched vulnerabilities, CVE-2018-4945 and C… Continue reading Flash Update Fixes Zero-Day Flaw Used in Targeted Attack
If you have already uninstalled Flash player, well done! But if you haven’t, here’s another great reason for ditching it.
Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being explo… Continue reading Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit
The latest version of the RIG exploit kit, a tool used by cybercriminals to launch large-scale drive-by download attacks, is exploiting an Internet Explorer vulnerability that was patched by Microsoft last month after being found in targeted cyberespi… Continue reading RIG Exploit Kit Starts Using IE Zero-Day Flaw Patched in May
When Lincoln Healthcare experiences a watering hole attack, security operations center (SOC) director Malcolm Gerhard is tasked with developing a swift cybersecurity incident response. Will he succeed?
The post The Hack React: Testing a SOC Director’s Cybersecurity Incident Response appeared first on Security Intelligence.
Continue reading The Hack React: Testing a SOC Director’s Cybersecurity Incident Response
Researchers from Chinese internet security firm Qihoo 360 have uncovered a sophisticated targeted attack which, according to them, exploits an unpatched vulnerability in Microsoft’s Internet Explorer browser. The company made the announcement in… Continue reading Internet Explorer Zero-Day Exploit Reportedly Exploited in Targeted Attacks