Collaborate Disseminate
A trio of top brass for Mandiant shared the emerging advanced tactics, techniques and procedures that they see troubling cyber professionals.
The post What keeps CISOs up at night? Mandiant leaders share top cyber concerns appeared first on CyberScoop.
Continue reading What keeps CISOs up at night? Mandiant leaders share top cyber concerns
An updated emergency directive includes instructions on how to bring affected devices back online securely.
The post CISA orders Ivanti devices targeted by Chinese hackers be disconnected appeared first on CyberScoop.
Continue reading CISA orders Ivanti devices targeted by Chinese hackers be disconnected
Michael Duffy, associate director for capacity building in CISA’s cybersecurity division, says that global zero-day exploits are “really affecting the federal government networks.”
The post CISA sees increase in zero-day exploitation, official says appeared first on CyberScoop.
Continue reading CISA sees increase in zero-day exploitation, official says
Google says it has deployed patches for zero-day vulnerabilities that a Spanish tech company may have used to develop spyware.
The post Google reveals Spanish IT firm’s links to spyware targeting Chrome, Firefox and Microsoft Defender appeared first on CyberScoop.
2021 accounts for more than 40% of the zero-day exploits undertaken in the last decade.
The post Zero-day attacks surged in 2021, Mandiant says appeared first on CyberScoop.
Continue reading Zero-day attacks surged in 2021, Mandiant says
There were 58 total. The good news: Detection and disclosure of zero-day exploits have increased, the research team says.
The post Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says appeared first on CyberScoop.
Five zero-days found in Aethon TUG robots included one that could allow an attacker to control the machines, Cynerio said.
The post Hospital hallway robots get patches for potentially serious bugs appeared first on CyberScoop.
Continue reading Hospital hallway robots get patches for potentially serious bugs
Big tech vendors generally are remediating serious bugs faster than they were three years ago, according to a new report from Google’s Project Zero. The data — while limited to vulnerabilities the group itself reported between January 2019 and December 2021, and influenced by what the group’s researchers have chosen to pursue — offers “a number of promising trends,” according to Ryan Schoen of Project Zero. “Vendors are fixing almost all of the bugs that they receive, and they generally do it within the 90-day deadline plus the 14-day grace period when needed,” he wrote. In 2021 there was not “a single 90 day deadline exceeded,” which could be because responsible disclosure policies are becoming more standard across the industry, “and vendors are more equipped to react rapidly to reports with differing deadlines,” he wrote. Under the team’s vulnerability disclosure policy, it privately tells a vendor about a bug first, […]
The post Project Zero researchers see promising trends in vulnerability fixes appeared first on CyberScoop.
Continue reading Project Zero researchers see promising trends in vulnerability fixes
Suspected foreign government-backed hackers infected websites belonging to a Hong Kong-based media outlet and a pro-democracy group in a bid to install malware on visitors’ Apple devices, Google researchers say. Google’s Threat Analysis Center discovered the watering hole attack in August, which relied on a previously unreported backdoor, or zero-day flaw. “Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code,” Google’s Eyre Hernandez wrote in a blog post on Thursday. While Google didn’t attribute the attackers to a specific nation, China has long been suspected of conducting cyber-espionage and sowing disinformation aimed at democracy advocates in Hong Kong. The hackers relied on a previously known vulnerability in macOS Catalina to set up the backdoor, Google said. Apple patched the zero-day flaw on Sept. 23. The backdoor […]
The post Likely state-based hackers infected Hong Kong websites to spy on Apple users, Google says appeared first on CyberScoop.
Google Chrome has issued emergency updates for two zero-day flaws that attackers are exploiting, the second pair for the browser in a month. It’s been a record year for such flaws, which previously unknown to the vendor. Chrome itself has caught 12 zero-days to date in 2021 compared to eight in all of 2020, according to Google’s Project Zero “0day in the Wild” database, which tracks zero-days. By many measurements, Chrome is the world’s most popular browser, with one report putting its user count at nearly 3.3 billion. That makes it a lucrative target for hackers. There doesn’t appear to be just one answer for the rise in zero-days in 2021, even as more people seem to invest in hacking techniques. Defenders are also improving their own detection skills. “Google is aware the exploits” for the two flaws “exist in the wild,” the company wrote on Thursday. Google otherwise didn’t […]
The post Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities appeared first on CyberScoop.