Zero Day – Page 20 – WindowsTechs.com

US Blacklists NSO Group

Posted on November 4, 2021 by Bruce Schneier

The Israeli cyberweapons arms manufacturer — and human rights violator, and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside f… Continue reading US Blacklists NSO Group→

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

Posted on October 27, 2021 by Paul Ducklin

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey. Continue reading Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices→

S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]

Posted on October 14, 2021 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep54: Another 0-day, double Apache patch, and Fight The Phish [Podcast]→

Instead of waiting until zero-day exploits to happen, how to preemptively find zero-day vulnerabilities in order to deter zero-day exploits?

Posted on October 8, 2021 by Nathan Aw

Instead of waiting until zero-day exploits to happen, how to preemptively find zero-day vulnerabilities in order to deter zero-day exploits? There has to be a better way.

Continue reading Instead of waiting until zero-day exploits to happen, how to preemptively find zero-day vulnerabilities in order to deter zero-day exploits?→

S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]

Posted on September 30, 2021 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep52: Let’s Encrypt, Outlook leak, and VMware exploit [Podcast]→

The Proliferation of Zero-days

Posted on September 24, 2021 by Bruce Schneier

The MIT Technology Review is reporting that 2021 is a blockbuster year for zero-day exploits:

One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of hacking tools.

Powerful groups are all pouring heaps of cash into zero-days to use for themselves — and they’re reaping the rewards.

At the top of the food chain are the government-sponsored hackers. China alone is suspected to be responsible for nine zero-days this year, says Jared Semrau, a director of vulnerability and exploitation at the American cybersecurity firm FireEye Mandiant. The US and its allies clearly possess some of the most …

Continue reading The Proliferation of Zero-days→

STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

Posted on September 23, 2021 by Paul Ducklin

It wasn’t dead, just resting. Continue reading STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now→

Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood

Posted on September 16, 2021 by Graham Cluley

A Walmart press release says it’s jumping aboard the cryptocurrency bus – but is it true? Theranos’s Elizabeth Holmes goes on trial, and have you updated your Apple gadgets to protect against the latest NSO Group spyware attack?

All this and much mo… Continue reading Smashing Security podcast #243: Breaking news, Apple zero-clicks, and bad blood→

Future of binary exploitation

Posted on September 15, 2021 by Francisco Linan

I’m starting to learn about binary exploitation and 0day development. I have learned about stackoverflows, ASLR, DEP, stack cookies and so on… But then I came across this video:
https://www.youtube.com/watch?v=o_hk9nh8S1M
I was very moti… Continue reading Future of binary exploitation→

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

Posted on September 14, 2021 by Paul Ducklin

Double trouble: two zero-days, patched in the same emergency update. So please don’t delay – patch today! Continue reading Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!→