Articles about Zero Day

The final quarter of 2021 saw a 356 percent growth in the number of attacks where the infection vectors were CVE or zero day vulnerabilities compared to Q3.

The latest Threat Landscape report from Kroll shows CVE/zero day exploitation accounted for 26.9 percent of initial access cases over the period, indicating that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit appears.

Continue reading →

Unpatched vulnerabilities remain the most prominent attack vectors exploited by ransomware groups, according to a new report.

The study by Ivanti, produced in conjunction with Cyber Security Works, shows 65 new vulnerabilities tied to ransomware last year, representing a 29 percent growth compared to the previous year and bringing the total number of vulnerabilities associated with ransomware to 288.

Continue reading →

Once again, micro-patching firm 0patch has beaten Microsoft to the punch, releasing an unofficial patch for a zero-day vulnerability in Windows.

This time around we're talking about CVE-2021-24084, a local privilege escalation (LPE) zero-day vulnerability in Windows' Mobile Device Management service. The flaw affects Windows 10 version 1809 and later, and Microsoft is yet to release an official patch of its own. Not wanting to leave systems at risk of attack, 0patch stepped in to help out users by offering up a free fix.

Continue reading →

A security researcher has revealed a serious vulnerability affecting Windows 10, Windows 11 and Windows Server. By exploiting the vulnerability, an attacker would be able to easily gain administrative privileges on a victim's system.

The discovery and revelation were made by Abdelhamid Naceri, during his research on a Microsoft patch for another vulnerability tracked as CVE-2021-41379. He was able to bypass the patch for the Windows Installer Elevation of Privilege Vulnerability and also discovered another serious zero-day for which he has shared a proof-of-concept exploit.

Continue reading →

Cybercriminals exploited the new CVE-2021-40444 remote code execution zero-day a week before the patch was issued on September 14, according to the latest report from HP Wolf Security.

Researchers also saw scripts that automated the creation of the exploit on Github on the 10th, making it easier for less-sophisticated attackers to use the exploit against vulnerable organisations.

Continue reading →

A worrying security flaw has been discovered in Razer Synapse software which can be exploited to gain administrator privileges in Windows 10. What is particularly concerning about this vulnerability -- aside from the fact that there is no patch available yet -- is that exploitation is possible by simply plugging in a Razer mouse, keyboard or dongle.

Pretty much the only thing that isn't disturbing about this security hole is that it is a local privilege escalation (LPE) vulnerability, meaning an attacker would need physical access to a system to exploit it. Nonetheless, the zero-day can be taken advantage of by anyone splashing out a few bucks on a cheap Razer peripheral.

Continue reading →

Public key infrastructure (PKI) and digital certificates are essential to achieving zero trust architecture according to 96 percent of North American enterprises.

However, only 39 percent use PKI as part of their zero trust security strategy today according to a survey from Pulse Research and PKI as-a-Service (PKIaaS) company Keyfactor.

Continue reading →

When Donald Rumsfeld gave a briefing about the Iraq WMD program in 2002 (Iraqi Weapons of Mass Destruction were a major justification for the second invasion) he said "There are known knowns. There are things we know we know. We also know there are known unknowns. That is to say, we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know."

At the time, many mocked this word-salad as the Secretary of State for Defense delivering an over-complicated and evasive way of admitting that they had no evidence of WMDs in Iraq -- not yet at least. Even so, there is some undeniable logic in accepting that there can be unknown unknowns, and not just in the field of counter intelligence but in cyber security too.

Continue reading →

This Patch Tuesday -- the second Tuesday of February, yesterday -- Microsoft released fixes for a slew of Windows 10 flaws. Included among a total of 56 vulnerabilities is a critical zero-day which was being actively exploited to gain admin privileges on victims' systems.

But the fix for CVE-2021-1732 (Windows Win32k Elevation of Privilege Vulnerability) is just one of 11 fixes for critical bugs this month. In addition, Microsoft has fixed two Moderate vulnerabilities, as well as 43 that are marked as Important.

Continue reading →

A serious security vulnerability has been discovered in Chrome, forcing Google to push out an emergency update to the browser. Affecting the Windows, Mac and Linux versions of Chrome, the high severity vulnerability is being tracked as CVE-2021-21148.

Described as a "heap buffer overflow in V8", it is being actively exploited in the wild, although few details of the exploit are available. Because of the severity of the vulnerability, Google has released a fix and is urging everyone to install it.

Continue reading →

Last month, security researchers at Google's Project Zero released details of a zero-day vulnerability in Windows that was being actively exploited.

Hacklers were taking advantage of a Windows Kernel Cryptography Driver security flaw (CVE-2020-117087) to gain elevated privileges in Windows 7, 8, and 10, as well as Windows Server 2008 and higher. As part of yesterday's Patch Tuesday release, Microsoft has now issued a fix for the vulnerability.

Continue reading →

Following the discovery of an SQL injection vulnerability in its XG Firewall product, Sophos has released an emergency patch to protect users against hackers.

The vulnerability affects both physical and virtual XG Firewall units, and signs of attacks were first noticed last week. Attackers exploiting the vulnerability on unpatched firewalls would be able to access all local usernames and hashed passwords of any local user accounts, including local device admins, user portal accounts, and accounts used for remote access.

Continue reading →

Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.

Continue reading →

Both the Windows and macOS versions of Zoom have critical, unpatched security vulnerabilities that could be exploited by hackers to target users and spy on calls and meetings.

Security experts say -- despite not having seen the actual code for the exploits -- that the Windows version of Zoom is affected by an RCE (Remote Code Execution) described as being "perfect for industrial espionage". The zero-days have been offered for sale for $500,000.

Continue reading →

Microsoft's monthly Patch Tuesday security updates are always important, but the ones released this week are particularly important. Not only do the fixes address numerous zero-day vulnerabilities, but the security flaws they fix were being actively exploited.

In all, Microsoft has plugged 113 CVE-numbered vulnerabilities this month. 17 of these are marked as being critical, and 96 as important.

Continue reading →