Search results for Zero Day Exploitation | Breaking Cybersecurity News | The Hacker News

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023 but an increase from 63 the year before. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for mobile devices compared to what we observed last year," the Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker news. "Exploit chains made up of multiple zero-day vulnerabilities continue to be almost exclusively (~90%) used to target mobile devices." While Microsoft Windows accounted for 22 of the zero-day flaws exploited in 2024, Apple's Safari had three, iOS had two, Android had seven, Chrome had seven, and Mozilla Firefox had one flaw that were abused during the same period. Three of the seven zero-days ...

Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10 , the anonymous hacker going by online alias "SandboxEscaper" has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft's Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows 10 zero-day exploit for a local privilege escalation bug in Task Scheduler utility, SandboxEscaper claimed to have discovered four more zero-day bugs, exploits for two has now been publicly released. AngryPolarBearBug2 Windows Bug One of the latest Microsoft zero-day vulnerabilities resides in the Windows Error Reporting service that can be exploited using a discretionary access control list (DACL) operation—a mechanism that identifies users and groups that are assigned or denied access permissions to a securable object. Upon successful exploitation, an attacker can del...

NSS Labs issued the report titled " The Known Unknowns " to explain the dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for " cyber conflict " to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided to give more info to the readers on cyber arsenals of governments. Governments consider the use of cyber weapons as a coadiuvant to conventional weapons, these malicious application could be used for sabotage or for cyber espionage, they could be used to hit a specifically designed software (e.g. SCADA within a critical infrastructure ) or they could be used for large scale operations infecting thousand of machines exploiting zero-day in common application ( e.g. Java platform, Adobe software ). The zero-day flaw are the most important component for the design of an efficient cyber weapon, governments have recently created dedic...

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The  findings  come from threat intelligence firm Mandiant, which noted that desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (six) accounted for the most exploited product types. Of the 55 zero-day bugs, 13 are estimated to have been abused by cyber espionage groups, with four others exploited by financially motivated threat actors for ransomware-related operations. Commercial spyware vendors were linked to the exploitation of three zero-days. Among state-sponsored groups, those attributed to China have emerged as...

Microsoft confirmed a new Zero Day critical vulnerability in its browser Internet Explorer . Flaw affects all versions of Internet Explorer, starting with IE version 6 and including IE version 11. In a Security Advisory ( 2963983 ) released yesterday, Microsoft acknowledges a zero-day Internet Explorer vulnerability ( CVE-2014-177 6) is being used in targeted attacks by APT groups, but the currently active attack campaigns are targeting IE9, IE10 and IE11. INTERNET EXPLORER 0-DAY VULNERABILITY (CVE-2014-1776) According to Advisory, Internet Explorer is vulnerable to Remote Code Execution, which resides ' in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. ' Microsoft said. Microsoft Investigation team is currently working with FireEye Security experts, and dubbed the ongoing targeted campaign as " Operation Clandestine Fox ". In a blogpost , FireEye explained that an attacker c...

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization ( NATO ), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year. ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability ( CVE-2014-4114 ) to target government leaders and institutions for nearly five years. The recently detected Russian hacking group is dubbed as " Sandworm Team " by iSIGHT Partners because it found references to the Frank Herbert's " Dune " science fiction series in the malici...

As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations' networks. Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations. Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim's entire system. According to the res...

The Recent Cyber Attack that exposed 400GB of corporate data belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player. Security researchers at Trend Micro claim that the leaked data stolen from Hacking Team , an Italian company that sells surveillance software to government agencies, contains a number of unpatched and unreported Adobe flaws. Hacking Team has Unpatched Flash Bug  While analyzing the leaked data dump, researchers discovered at least three software exploits – two for Adobe Flash Player and one for Microsoft's Windows kernel. Out of two, one of the Flash Player vulnerabilities, known as Use-after-free vulnerability with CVE-2015-0349 , has already been patched. However, the Hacking Team described the other Flash Player exploit, which is a zero-day exploit with no CVE number yet, as "the most beautiful Flash bug for ...

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few days after Microsoft revealed the Microsoft Zero-day CVE-2013-3906 , a Zero-day vulnerability in Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. Microsoft graphics component zero-day vulnerability allows attackers to install a malware via infected Word documents and target Microsoft Office users running on Windows Vista and Windows Server 2008. Recently reported new Internet Explorer zero-day vulnerability detected by FireEye affects the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, but according the experts it can be easily changed to leverage other languages. Experts at FireEye ...

The corporate data leaked in the recent cyber attack on the infamous surveillance software firm Hacking Team has revealed that the Adobe Flash zero-day (CVE-2015-5119) exploit has already been added to several exploit kits. Security researchers at Trend Micro have discovered evidences of the Adobe Flash zero-day (CVE-2015-5119) exploit being used in a number of exploit kits before the vulnerability was publicly revealed in this week's data breach on the spyware company. The successful exploitation of the zero-day Flash vulnerability could cause a system crash, potentially allowing an attacker to take full control of the affected system. Adobe Flash Zero-Day Targeted Japan and Korea According to the researchers, the zero-day exploit, about which the rest of the world got access on Monday, was apparently used in limited cyber attacks on South Korea and Japan . "In late June, [Trend Micro] learned that a user in Korea was the attempted target of various ...

A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that's already under active exploitation in the wild. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server that powers over 100,000 websites on the Internet, including Fortune 500 and Alexa Top 1 million companies websites and forums. In September last year, a separate anonymous security researcher publicly disclosed a then-zero-day RCE vulnerability in vBulletin , identified as CVE-2019-16759 , and received a critical severity rating of 9.8, allowing attackers to execute malicious commands on the remote server without requiring any authentication to log into the forum. A day after the disclosure of CVE-2019-16759, the vBulletin team released security patches that resolved the issue, but it t...

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. The advisory comes from Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. The two vulnerabilities, which are formally yet to be assigned CVE identifiers, are being  tracked  by the Zero Day Initiative as  ZDI-CAN-18333  (CVSS score: 8.8) and  ZDI-CAN-18802  (CVSS score: 6.3). GTSC said that successful exploitation of the flaws could be abused to gain a foothold in the victim's systems, enabling adversaries to drop web shells and carry out lateral movements across the compromised network. "We detected web shells, mostly obfuscated, being dropped to Exchange servers," the company  noted . "Using the user-agent, we detected that t...

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group , a cybercrime group likely of Vietnamese origin that's known to be active since at least 2010. "XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities," cybersecurity firm Intezer said in a report published in collaboration with Solis Security. "Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics." The vulnerabilities in question are listed below - CVE-2024-57968 (CVSS score: 9.9) - An unrestricted upload of f...

Oh Microsoft, How could you do this to your own Internet Explorer? Microsoft had kept hidden a critical Zero-Day vulnerability of Internet explorer 8 from all of us, since October 2013. A Critical zero-day Internet Explorer vulnerability ( CVE-2014-1770 ), which was discovered by Peter 'corelanc0d3r' Van Eeckhoutte in October 2013 just goes public today by the Zero Day Initiative (ZDI) website . Zero Day Initiative is a program for rewarding security researchers for responsibly disclosing vulnerabilities. ZDI reportedly disclosed the vulnerability to Microsoft when it was first identified by one of its researchers, on which Microsoft responded 4 month later on February 2014 and confirmed the flaw, but neither the Microsoft patch the vulnerability nor it disclosed any details about it. But due to ZDI’s 180 days public notification policy, they are obligated to publicly disclosed the details of a Zero-Day vulnerability. ZDI warned Microsoft several days ago ab...

The China-linked threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking group is now targeting IT solutions like remote management tools and cloud applications to obtain a foothold. "After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks where they can then abuse a variety of deployed applications, including Microsoft services and others, to achieve their espionage objectives," the tech giant said in a report published today. The adversarial collective is assessed to be "well-resourced and technically efficient," swiftly putting to use exploits for zero-day vulnerabil...