Collaborate Disseminate
News has emerged of a “feature” in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn’t help! Continue reading Mysterious “Follina” zero-day hole in Office – here’s what to do!
You’ll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions. Continue reading Apple patches zero-day kernel hole and much more – update now!
Both Google and Mandiant are reporting a significant increase in the number of zero-day vulnerabilities reported in 2021.
Google:
2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020. We’ve tracked publicly known in-the-wild 0-day exploits in this spreadsheet since mid-2014.
While we often talk about the number of 0-day exploits used in-the-wild, what we’re actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild. And that leads into our first conclusion: we believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits…
More Apple zero-days – mobile devices, laptops and desktops affected. Update now! Continue reading Apple pushes out two emergency 0-day updates – get ’em now!
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised…
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised…
CVE-2022-1096 – another mystery in-the-wild 0-day in Chrome… check your version now! Continue reading Google Chrome patches mysterious new zero-day bug – update now
Firefox just published a double-zero-day patch – “remote code execution” combined with “sandbox escape”. Update now! Continue reading Firefox patches two in-the-wild exploits – update now!
Zero-day buses: none for a while, then three at once. Here’s Google joining Apple and Adobe in “zero-day week” Continue reading Google announces zero-day in Chrome browser – update now!
There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it. Continue reading Adobe fixes zero-day exploit in e-commerce code: update now!