Zero Day – Page 22 – WindowsTechs.com

Details of the REvil Ransomware Attack

Posted on July 8, 2021 by Bruce Schneier

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details:

This weekend’s attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the Kaseya Agent Monitor to gain administrative control over the target’s network. After writing a base-64-encoded payload to a file named agent.crt the dropper executed it.

[…]

The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.” By digitally signing their malware, attackers are able to suppress many security warnings that would otherwise appear when it’s being installed. Cybereason said that the certificate appears to have been used exclusively by REvil malware that was deployed during this attack…

Continue reading Details of the REvil Ransomware Attack→

PrintNightmare zero day exploit for Windows is in the wild – what you need to know

Posted on July 1, 2021 by Graham Cluley

Proof-of-concept code has been accidentally released for a zero-day vulnerability in Windows Print Spooler, in the mistaken belief that Microsoft had patched it.

D’oh! Continue reading PrintNightmare zero day exploit for Windows is in the wild – what you need to know→

PrintNightmare, the zero-day hole in Windows – here’s what to do

Posted on June 30, 2021 by Paul Ducklin

All bugs are equal. But some bugs ar emore equal than others. Continue reading PrintNightmare, the zero-day hole in Windows – here’s what to do→

Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now!

Posted on June 10, 2021 by Paul Ducklin

Patch early. Patch often. Patch now! Continue reading Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now!→

Apple Patches Zero-Day XCSSET Exploit

Posted on May 26, 2021 by Teri Robinson

By the time Apple patched a zero-day vulnerability in macOS 11.4 that bypasses the Transparency Consent and Control (TCC) framework, it was being exploited by attackers using XCSSET malware. Jamf researchers dissecting the malware and its exploitation… Continue reading Apple Patches Zero-Day XCSSET Exploit→

Apple patches dangerous security holes, one in active use – update now!

Posted on May 25, 2021 by Paul Ducklin

It’s three weeks since last time. Now it’s this time, so patch now! Continue reading Apple patches dangerous security holes, one in active use – update now!→

S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]

Posted on May 6, 2021 by Paul Ducklin

Latest episode – listen now! (And please share with your friends.) Continue reading S3 Ep31: Apple zero-days, Flubot scammers and PHP supply chain bug [Podcast]→

Apple products hit by fourfecta of zero-day exploits – patch now!

Posted on May 4, 2021 by Paul Ducklin

Don’t delay. Get these updates today. Continue reading Apple products hit by fourfecta of zero-day exploits – patch now!→

Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick

Posted on April 20, 2021 by Paul Ducklin

What’s in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that. Continue reading Firefox 88 patches bugs and kills off a sneaky JavaScript tracking trick→

Proof of concept for ZDI-21-341 ZDI-CAN-12060

Posted on April 20, 2021 by pro neon

Are there any currently known working proof of concept for ZDI-21-341
ZDI-CAN-12060?
Resources:
https://www.zerodayinitiative.com/advisories/ZDI-21-341/
https://vulners.com/zdi/ZDI-20-126

Continue reading Proof of concept for ZDI-21-341 ZDI-CAN-12060→