Tag: zero-day
-
Zero-Day Breach at Rackspace Sparks Vendor Blame Game
A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day. The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/zero-day-breach-at-rackspace-sparks-vendor-blame-game/
-
Third Party Zero-Day Bug Exploited in Rackspace Systems
Rackspace Scrambles to Patch Zero Day Dashboard Bug. Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/third-party-zero-day-bug-exploited-in-rackspace-systems-a-26425
-
Third-party zero-day leveraged to breach certain Rackspace servers
First seen on scworld.com Jump to article: www.scworld.com/brief/third-party-zero-day-leveraged-to-breach-certain-rackspace-servers
-
Third-Party Zero-Day Leveraged to Target Rackspace Users
Tags: zero-dayFirst seen on scworld.com Jump to article: www.scworld.com/brief/third-party-zero-day-leveraged-to-target-rackspace-users
-
Rackspace monitoring data stolen in ScienceLogic zero-day attack
Tags: attack, breach, cloud, data, data-breach, exploit, monitoring, threat, tool, vulnerability, zero-dayCloud hosting provider Rackspace suffered a data breach exposing “limited” customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/
-
Rackspace Internal Monitoring Web Servers Hit By Zero Day
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36415/Rackspace-Internal-Monitoring-Web-Servers-Hit-By-Zero-Day.html
-
Zero Day Exploit bei Rackspace
Cyberkriminelle konnten offenbar interne Monitoring-Server des IT-Dienstleisters Rackspace kompromittieren. First seen on csoonline.com Jump to article: www.csoonline.com/de/a/zero-day-exploit-bei-rackspace
-
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/27/cups-vulnerabilities/
-
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog…
-
Zero-Day Vulnerabilities in Automatic Tank Gauge Systems
Hackers Could Cause Tanks to Overfill and Disable Leak Detection. Industrial control systems made by different manufacturers for monitoring fuel storage tanks including those used in everyday gas stations contain critical zero-days that could convert them into targets for cyberattacks that cause physical damage. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/zero-day-vulnerabilities-in-automatic-tank-gauge-systems-a-26387
-
Multiple 0-Day Flaws in Automated Tank Gauge Systems Threaten Critical Infrastructure
Tags: cyber, cybersecurity, exploit, flaw, infrastructure, malicious, threat, vulnerability, zero-dayCybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks across various critical infrastructures. These vulnerabilities in six ATG systems from five vendors pose significant threats to public safety and economic stability. The flaws could potentially be exploited by malicious actors…
-
Raptor Train Botnet Infects 260,000 Devices Globally
Chinese Botnet Targets US Critical Infrastructure and Taiwan. A Chinese state-sponsored botnet called Raptor Train has infected more than 260,000 IoT and office network devices to target critical infrastructure globally. The hackers used zero-days and known vulnerabilities to compromise more than 20 different types of devices to expand their botnet. First seen on govinfosecurity.com Jump…
-
PoC Exploit Released for CVE-2024-7965 Zero-Day Chrome Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browser. This vulnerability explicitly targets the V8 JavaScript engine and is exclusive to ARM64 architectures. The release of this PoC has raised concerns within the cybersecurity community, highlighting a potential avenue for exploitation in widely used devices.…
-
‘Void Banshee’ Exploits Second Microsoft Zero-Day
Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/void-banshee-exploits-second-microsoft-zero-day
-
Windows spoofing flaw exploited in earlier zero-day attacks
Microsoft reveals that CVE-2024-43461, which was disclosed in September’s Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366610775/Windows-spoofing-flaw-exploited-in-earlier-zero-day-attacks
-
Google-Studie: Mehr ausgenutzte Zero-Days im Jahr 2023 gegenüber 2022
Der Bericht hebt einige der Erfolge und Fortschritte der Branche hervor, weist aber auch darauf hin, dass das Tempo der Entdeckung und Ausnutzung von … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/google-studie-mehr-ausgenutzte-zero-days-im-jahr-2023-gegenueber-2022/a36913/
-
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/
-
Internet Explorer wird für Zero-Day-Spoofing-Angriffe missbraucht
Die Angreifer verwenden spezielle Windows-Internet-Verknüpfungsdateien (.url-Erweiterungen), die den ausgedienten Internet Explorer (IE) aufriefen, um… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/internet-explorer-wird-fuer-zero-day-spoofing-angriffe-missbraucht/a37795/
-
Winter Vivern nutzt Zero-Day-Schwachstelle in Roundcube Webmail-Servern aus
First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/winter-vivern-nutzt-zero-day-schwachstelle-in-roundcube-webmail-servern-aus/
-
Microsoft corrects six zero-days for August Patch Tuesday
Admins can address most of the zero-days with a cumulative update, but of more concern is the lack of patches for two vulnerabilities demonstrated at … First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366603155/Microsoft-corrects-six-zero-days-for-August-Patch-Tuesday
-
August Patch Tuesday proves busy with six zero-days to fix
First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366603064/August-Patch-Tuesday-proves-busy-with-six-zero-days-to-fix
-
Volt Typhoon exploiting Versa Director zero-day flaw
First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366609294/Volt-Typhoon-exploiting-Versa-Director-zero-day-flaw
-
CISA und Fortinet warnen vor FortiOS Zero-Day Sicherheitslücken
Die amerikanische Sicherheitsbehörde CISA und Fortinet warnen Nutzer von FortiOS vor einer Sicherheitslücke, die von Kriminellen bereits aktiv ausgenu… First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/cisa-und-fortinet-warnen-vor-fortios-zero-day-sicherheitslucken
-
Windows 0-day was exploited by North Korea to install advanced rootkit
First seen on arstechnica.com Jump to article: arstechnica.com/
-
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
First seen on arstechnica.com Jump to article: arstechnica.com/
-
Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024
Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. MSHTML is a platform used by Internet Explorer. Although…
-
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML a software component used by various apps for rendering render web pages on Windows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
-
Windows MSHTML Zero-Day Vulnerability Exploited In The Wild
Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8. Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro, After Effects, Audition, and Media Encoder. Adobe prioritizes these updates for deployment due to their…