#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Zero-Day Vulnerability | Breaking Cybersecurity News | The Hacker News

Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware

Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware

Sep 13, 2017
Get ready to install a fairly large batch of security patches onto your Windows computers. As part of its September Patch Tuesday , Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products. The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE). Affected Microsoft products include: Internet Explorer Microsoft Edge Microsoft Windows .NET Framework Skype for Business and Lync Microsoft Exchange Server Microsoft Office, Services and Web Apps Adobe Flash Player .NET 0-Day Flaw Under Active Attack According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild. Here's the list of publically known flaws and their impact: W
Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Next Windows 10 Version May Have Built-in EMET Anti-Exploit Program

Jun 20, 2017
It seems Microsoft is planning to build its EMET anti-exploit tool into the kernel of Windows 10 Creator Update (also known as RedStone 3), which is expected to release in September/October 2017. So you may not have to separately download and install EMET in the upcoming version of the Windows 10. If true, this would be the second big change Microsoft is making in its Windows 10 Fall update after planning to remove SMBv1 to enhance its users security. EMET or Enhanced Mitigation Experience Toolkit, currently optional, is a free anti-exploit toolkit for Microsoft's Windows operating systems designed to boost the security of your computer against complex threats such as zero-day vulnerabilities. " EMET helps protect your computer systems even before new and undiscovered threats are formally addressed by security updates and antimalware software ," Microsoft site reads. Basically EMET detects and prevents buffer overflows and memory corruption vulnerabilities,
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Microsoft Releases Patches for 3 Remaining NSA Windows Exploits

Microsoft Releases Patches for 3 Remaining NSA Windows Exploits

Jun 14, 2017
Did you know… last month's widespread WannaCry ransomware attack forced Microsoft to release security updates against EternalBlue SMB exploit for unsupported versions of Windows, but the company left other three Windows zero-day exploits unpatched? For those unaware, EternalBlue is a Windows SMB flaw that was leaked by the Shadow Brokers in April and then abused by the WannaCry ransomware to infect nearly 300,000 computers in more than 150 countries within just 72 hours on 12th of May. Shortly after WannaCry outbreak, we reported that three unpatched Windows exploits , codenamed " EsteemAudit, " " ExplodingCan ," and " EnglishmanDentist ," were also being exploited by individuals and state-sponsored hackers in the wild. Specially EsteemAudit , one of the dangerous Windows hacking tool that targets remote desktop protocol (RDP) service on Microsoft Windows Server 2003 and Windows XP machines, while ExplodingCan exploits bugs in IIS 6.0 and E
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

May 30, 2017
As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow Brokers is the same hacking group who leaked NSA's built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace . When the Shadow Brokers promised its June 2017 release two weeks ago, the group announced that it would sell new zero-day exploits and hacking tools only to the private members with paid monthly subscription, instead of making them public for everyone. How to Become Member of the 'Wine of Month' Club? Now, just a few minutes ago, the hacking collective has released details about how to participate in the monthly subscription model – or the "Wine of Month Club," as the group called it – to get exclusive access to the
Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)

Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)

May 13, 2017
Update —  After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article " WannaCry Ransomware: Everything You Need To Know Immediately . "  In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Also Read —   Google Researcher Finds Link Between WannaCry Attacks and North Korea . Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW ! WannaCrypt , or also known as WannaCry, is a new ransomware that wreaked havoc across the wo
Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities

Microsoft Issues Patches for Another Four Zero-Day Vulnerabilities

May 10, 2017
As part of this month's Patch Tuesday, Microsoft has released security patches for a total of 55 vulnerabilities across its products, including fixes for four zero-day vulnerabilities being exploited in the wild. Just yesterday, Microsoft released an emergency out-of-band update separately to patch a remote execution bug ( CVE-2017-0290 ) in Microsoft's Antivirus Engine that comes enabled by default on Windows 7, 8.1, RT, 10 and Server 2016 operating systems. The vulnerability, reported by Google Project Zero researchers, could allow an attacker to take over your Windows PC with just an email, which you haven't even opened yet. May 2017 Patch Tuesday — Out of 55 vulnerabilities, 17 have been rated as critical and affect the company's main operating systems, along with other products like Office, Edge, Internet Explorer, and the malware protection engine used in most of the Microsoft's anti-malware products. Sysadmins all over the world should prioriti
Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

Apr 09, 2017
It's 2017, and opening a simple MS Word file could compromise your system. Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office. The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object. When opened, the exploit code gets executed and makes a connection to a remote server controlled by the attacker, from where it downloads a malicious HTML application file (HTA) that's disguised as a document created in Microsoft's RTF (Rich Text Format). The HTA file then gets executed automatically with attackers gaining full code execution on the victim's machine, downloading additional payloads from "different well-known malware families"
Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

Apr 04, 2017
An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities. Dubbed Chrysaor , the Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries. Chrysaor espionage malware, uncovered by researchers at Lookout and Google, is believed to be created by the same Israeli surveillance firm NSO Group Technologies, who was behind the Pegasus iOS spyware initially detected in targeted attacks against human rights activists in the United Arab Emirates last year. NSO Group Technologies is believed to produce the most advanced mobile spyware on the planet and sold them to governments, law enforcement agencies worldwide, as well as dictatorial regimes. The newly discovered Chrysaor spyware has been found installed on fewer than three-dozen Android devices, al
Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

Mar 23, 2017
As part of its " Vault 7 " series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices. Dubbed " Dark Matter ," the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA called Embedded Development Branch (EDB) – the same branch that created ' Weeping Angel ' attack – and focused specifically on hacking Mac and iOS firmware. CIA Infects Apple Devices With Unremovable Malware The newly released documents revealed that CIA had also been targeting the iPhone since 2008. The Agency has created a malware that is specially designed to infect Apple firmware in a way that the infection remains active on MacOS and iOS devices even if the operating system has been re-installed. According to Wikileaks, the released documents also gives a c
Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

Mar 22, 2017
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent , the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What's worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called " Application Verifier ," which cannot be patched. Application Verifier is a runtime verification tool that loads DLLs (dynamic link library) into processes for testing purpose, allowing developers quickly detect and fix programming errors in their applications. Unpatchable Microsoft Application Verifier Exploit The vulnerability resides in how this Application Verifier tool handles DLLs. According to the researchers, as part of the process, DLLs are bound to the target processes in a Windows Regist
Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Mar 20, 2017
Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models. The company identified this highest level of vulnerability in its product while analyzing " Vault 7 " — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA). The vulnerability resides in the Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software. If exploited, the flaw ( CVE-2017-3881 ) could allow an unauthenticated, remote attacker to cause a reboot of an affected device or remotely execute malicious code on the device with elevated privileges to take full control of the device, Cisco says in its  advisory . The CMP protocol has been designed to pass around information about switch clusters between cluster members using Telnet or SSH. The vulnerability is in the default configuration of affected Cisco devices,
WikiLeaks Won't Disclose CIA Exploits To Companies Until Certain Demands Are Met

WikiLeaks Won't Disclose CIA Exploits To Companies Until Certain Demands Are Met

Mar 18, 2017
It's been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units. "We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out," WikiLeaks' founder Julian Assange said during a Facebook Live press conference last week. However, it looks like the things aren't that easier for tech companies as they look. After days of waiting, Assange made its first contact with Apple, Microsoft, and Google this week and finally made his intentions clear – no sharing of bugs and vulnerabilities the CIA is or was allegedly taking advantage of until certain demands are met. Multiple anonymous sources familiar with the matter told Motherboard that Assange sent an email to Apple,
Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched

Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched

Feb 22, 2017
Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched. Just last week, Microsoft announced that its February patches would be delayed until March due to a last minute issue, a move that led to Google publishing details of an unpatched Windows bug . However, the software giant emailed a handful of big business to alert them to the incoming patches on Monday, advising them to update their systems as soon as possible. The security patches are now available to all Windows customers over Windows Update, and " No other security updates are scheduled for release until the next scheduled monthly update release on March 14, 2017 ," Microsoft says. Bulletin MS17-005 for Adobe Flash Player addresses remote code execution (RCE) vulnerabilities for some currently supported Windows systems.
Microsoft releases 12 Security Updates; Including 6 Critical Patches

Microsoft releases 12 Security Updates; Including 6 Critical Patches

Dec 14, 2016
For the last Patch Tuesday for this year, Microsoft has released 12 security bulletins, half of which are rated 'critical' as they give attackers remote code execution capabilities on the affected computers. The security bulletins address vulnerabilities in Microsoft's Windows, Office, Internet Explorer and Edge. The first critical security bulletin, MS16-144 , patches a total of 8 security vulnerabilities in Internet Explorer, 3 of which had publicly been disclosed before Microsoft issued patches for them, though the company said they're not being exploited in the wild. The 3 publicly disclosed vulnerabilities include a Microsoft browser information disclosure vulnerability (CVE-2016-7282), a Microsoft browser security feature bypass bug (CVE-2016-7281) and a scripting engine memory corruption vulnerability (CVE-2016-7202) that allow remote code execution on the affected computer. The remaining 5 security flaws include a scripting engine memory corruption b
Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google

Nov 02, 2016
Google's Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe. While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix. Microsoft criticized Google's move, saying that the public disclosure of the vulnerability — which is being exploited in the wild — before the company had time to prepare a fix, puts Windows users at "potential risk." The result? Windows Vista through current versions of Windows 10 is still vulnerable , and now everybody knows about the critical vulnerability. Now, Microsoft said that the company would be releasing a patch for the zero-day flaw on 8th November, as part of its regular round of monthly security updates. Russian Hackers are actively exploiting critical Windows kernel bug Microsoft acknowledged the vulnerability in a blog
Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable

Nov 01, 2016
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready. Yes, the critical zero-day is unpatched and is being used by attackers in the wild. Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix. According to a blog post by Google's Threat Analysis Group, the reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy , companies should patch or publicly report such bugs after seven days. Windows Zero-Day is Actively being Exploited in the Wild The zero-day is a local privilege escalation vulnerability that exists in the Windows operating system kernel. If exploited, the flaw can be used to escape the sandbox protection and execute malicious code on the compromised system.
Cybersecurity Resources