Zero Day

tripwire.com

A Zoom zero-day exploit is up for sale for $500,000

There are reportedly two zero-day vulnerabilities present in the latest versions of Zoom for Windows and macOS – and exploits for the unpatched flaws are being actively hawked to anyone who might be prepared to pay.

Read more in my article on the Tripwire State of Security blog.

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

Running Adobe Flash? You need to read this today

Two critical security vulnerabilities, being actively exploited by online criminals, have been discovered in Adobe Flash.

There has been a patch released for one of them, but not the other one…

Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks.

Google’s Project Zero – Targeting zero-day vulnerabilities

Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software.

welivesecurity.com

Patch Tuesday will fix zero-day flaw that meant just previewing an Outlook email could infect your computer

It’s one thing to have a security hole that relies upon users visiting an infected website, or opening a dodgy attachment – but it’s quite a different level of threat when simply *previewing* a message in your email client infects your computer.

Read more in my article on the We Live Security blog.

VBulletin denies hackers’ claims of zero-day exploit in forum software

Zero-day or not zero-day?

Hackers and victim disagree.

But one thing is clear. If the organisation that *makes* the software can’t keep its own installations secure, what hope do other sites have?

Zero-day targeted attacks via boobytrapped Word documents. Microsoft releases temporary fix

A previously unknown TIFF remote code execution vulnerability is being exploited by hackers in targeted attacks.

Microsoft has released a temporary workaround to protect users.

Zero-day Internet Explorer flaw to be finally patched by Microsoft on Patch Tuesday

Be sure to keep your eyes open for when the patches become available – and roll them out across your computers as soon as possible. If you don’t, you run the risk of malicious hackers turning their attention to your network next.

Zero day IE flaw exploited in targeted attacks. Microsoft releases temporary fix

Microsoft has released an emergency workaround for users of Internet Explorer, to protect against a “limited number” of targeted internet attacks.

Zero-day exploit in Apple’s iOS operating system “sold for $500,000”

The shady world of the vulnerability researchers who find serious security holes in software, and sell them to the highest bidder.

Firefox hit by critical zero-day vulnerability

Mozilla has issued a warning that its popular Firefox browser contains a critical vulnerability that is being actively exploited by cybercriminals to distribute malware.

Patch Tavis Day

Read more in my article at Naked Security.

Microsoft to release emergency Internet Explorer patch on Tuesday

Read more in my article at Naked Security.

Protecting against the Internet Explorer zero day vulnerability

Read more in my article at Naked Security.

Danger! Internet Explorer zero-day vulnerability – no patch yet

Read more in my article at Naked Security.