Category Archives: Zero Day

Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation

Posted on by

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.
The post Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation appeared first on SecurityWeek.
Continue reading Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Posted on by

The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
Continue reading Check Point VPN Attacks Involve Zero-Day Exploited Since April

On the Zero-Day Market

Posted on by

New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“:

Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components…

Continue reading On the Zero-Day Market

Another Chrome Vulnerability

Posted on by

Google has patched another Chrome zero-day:

On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for…

Continue reading Another Chrome Vulnerability

MITRE Hack: China-Linked Group Breached Systems in December 2023

Posted on by

MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023