Categories: Exploits and vulnerabilities Categories: News Tags: wormable Tags: zero-day Tags: spring4shell Tags: cve-2022-34718 Tags: log4j Tags: openssl Tags: cve-2022-36934 Tags: cve-2022-27492 Tags: cve-2022-22965 Tags: cve-2022-22963 What does it take to make the discussion of vulnerabilities useful? And where did this go wrong in 2022? (Read more...) The post 4 over-hyped security vulnerabilities of 2022 appeared first on Malwarebytes Labs.
...moreSummary
Total Articles Found: 4
Top sources:
Top Keywords:
- zero-day: 4
- Uncategorized: 2
- Exploits and vulnerabilities: 1
- News: 1
- wormable: 1
Top Authors
- Bruce Schneier: 2
- Tom Spring: 1
Top Articles:
- MacOS Zero-Day Allows Trusted Apps to Run Malicious Code
- Google’s Project Zero Finds a Nation-State Zero-Day Operation
- 4 over-hyped security vulnerabilities of 2022
- China Taking Control of Zero-Day Exploits
4 over-hyped security vulnerabilities of 2022
Published: 2022-12-19 01:00:00
Popularity: 10
Author: None
Keywords:
China Taking Control of Zero-Day Exploits
Published: 2021-07-14 11:04:46
Popularity: 5
Author: Bruce Schneier
Keywords:
LLM Says: "Red flag waving"
China is making sure that all newly discovered zero-day exploits are disclosed to the government. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make. No information can be given to “overseas organizations or individuals” other than the product’s manufacturer. No one may “collect, sell or publish information on network product security vulnerabilities,” say the rules issued by the Cyberspace Administration of China and the police and industry ministries. This just blocks the cyber-arms trade. It doesn’t prevent researchers from telling the products’ companies, even if they are outside of China...
...moreGoogle’s Project Zero Finds a Nation-State Zero-Day Operation
Published: 2021-04-08 11:06:53
Popularity: 12
Author: Bruce Schneier
Keywords:
LLM Says: "hacked again"
Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed. […] It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack...
...moreMacOS Zero-Day Allows Trusted Apps to Run Malicious Code
Published: 2019-06-03 12:28:42
Popularity: 1233
Author: Tom Spring
Keywords:
Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations.
...more