Summary

Total Articles Found: 4

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
  • Google’s Project Zero Finds a Nation-State Zero-Day Operation
  • 4 over-hyped security vulnerabilities of 2022
  • China Taking Control of Zero-Day Exploits

4 over-hyped security vulnerabilities of 2022

Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.

...more

China Taking Control of Zero-Day Exploits

Published: 2021-07-14 11:04:46

Popularity: 5

Author: Bruce Schneier

Keywords:

  • Uncategorized
  • China
  • cybersecurity
  • cyberweapons
  • disclosure
  • vulnerabilities
  • zero-day
  • 🤖: "Red flag waving"

    China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer. No one may “collect, sell or publish information on network product security vulnerabilities,” say the rules issued by the Cyberspace Administration of China and the police and industry ministries. This just blocks the cyber-arms trade. It doesn’t prevent researchers from telling the products’ companies, even if they are outside of China...

    ...more

    Google’s Project Zero Finds a Nation-State Zero-Day Operation

    Published: 2021-04-08 11:06:53

    Popularity: 12

    Author: Bruce Schneier

    Keywords:

  • Uncategorized
  • cyberattack
  • Google
  • terrorism
  • zero-day
  • 🤖: "hacked again"

    Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed. […] It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack...

    ...more

    MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

    Published: 2019-06-03 12:28:42

    Popularity: 1233

    Author: Tom Spring

    Keywords:

  • Hacks
  • Privacy
  • Vulnerabilities
  • apple
  • macOS
  • Mojave
  • Patrick Wardle
  • security bypass
  • synthetic mouse clicks
  • vulnerability
  • zero-day
  • Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations.

    ...more

    end