Collaborate Disseminate
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
The post Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge appeared … Continue reading Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge
Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware.
The post Microsoft Patches Two Zero-Days Exploited for Malware Delivery appeared first on SecurityWeek.
Continue reading Microsoft Patches Two Zero-Days Exploited for Malware Delivery
Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.
The post Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz appeared first on SecurityWeek.
Continue reading Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest.
The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek.
Continue reading Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own
Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns.
The post Google Report: Despite Surge in Zero-Day Attacks, Exploit Mi… Continue reading Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working
Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild.
The post Apple Blunts Zero-Day Attacks With iOS 17.4 Update appeared first on SecurityWeek.
Continue reading Apple Blunts Zero-Day Attacks With iOS 17.4 Update
North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit.
The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek.
Continue reading Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.
The post Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers appeared first on SecurityWeek.
Continue reading Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Microsoft says a newly patched Exchange Server vulnerability (CVE-2024-21410) has been exploited in attacks.
The post Microsoft Warns of Exploited Exchange Server Zero-Day appeared first on SecurityWeek.
Continue reading Microsoft Warns of Exploited Exchange Server Zero-Day
CVE-2024-21412, one of the security bypass zero-days fixed by Microsoft with Patch Tuesday updates, exploited by Water Hydra (DarkCasino).
The post Windows Zero-Day Exploited in Attacks on Financial Market Traders appeared first on SecurityWeek.
Continue reading Windows Zero-Day Exploited in Attacks on Financial Market Traders