Collaborate Disseminate
Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won’t be available until January 22.
The post Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days appeared first on SecurityWeek.
Continue reading Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days
Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days.
The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign. A zero-day in the feature allowed the attackers to bypass advanced hardware-based memory protections designed to safeguard device system integrity even after an attacker gained the ability to tamper with memory of the underlying kernel. On most other platforms, once attackers successfully exploit a kernel vulnerability they have full control of the compromised system…
The new Barracuda ESG zero-day CVE-2023-7102 has been used by Chinese hackers to target organizations in the US and APJ region.
The post Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ appeared first on SecurityWeek.
Continue reading Barracuda Zero-Day Used to Target Government, Tech Organizations in US, APJ
Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances.
The post Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day appeared first on Se… Continue reading Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day
Google warns of in-the-wild exploitation of CVE-2023-7024, a new Chrome vulnerability, the eighth documented this year.
The post Google Rushes to Patch Eighth Chrome Zero-Day This Year appeared first on SecurityWeek.
Continue reading Google Rushes to Patch Eighth Chrome Zero-Day This Year
Akamai researchers document more vulnerabilities and patch bypasses leading to zero-click remote code execution in Microsoft Outlook.
The post Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE appeared first on SecurityWeek.
Continue reading Outlook Plays Attacker Tunes: Vulnerability Chain Leading to Zero-Click RCE
New iMessage Contact Key Verification feature in Apple’s iOS and macOS platforms help catch impersonators on its iMessage service.
The post Apple Sets Trap to Catch iMessage Impersonators appeared first on SecurityWeek.
Continue reading Apple Sets Trap to Catch iMessage Impersonators
The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023.
The post Google Patches Seventh Chrome Zero-Day of 2023 appeared first on SecurityWeek.
Continue reading Google Patches Seventh Chrome Zero-Day of 2023
UK and Korea say DPRK state-sponsored hackers targeted governments, defense organizations via supply chain attacks.
The post UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws appeared first on SecurityWeek.
Continue reading UK, Korea Warn of DPRK Supply Chain Attacks Involving Zero-Day Flaws
Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world.
TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available.
The vulnerability was discovered in June. It has been patched…