Search cyberveille.decio.ch

Found 33 bookmarks

Custom sorting

Fortinet discloses second firewall auth bypass patched in January

Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices.

#bleepingcomputer #Actively-Exploited #Authentication-Bypass #Fortinet #FortiOS #FortiProxy #Zero-Day

·bleepingcomputer.com·Feb 12, 2025

Fortinet discloses second firewall auth bypass patched in January

Apple fixes this year’s first actively exploited zero-day bug

Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.

#bleepingcomputer #EN #2025 #Actively-Exploited #Apple #iOS #iPhone #Zero-Day

·bleepingcomputer.com·Jan 28, 2025

Apple fixes this year’s first actively exploited zero-day bug

Ivanti warns of three more CSA zero-days exploited in attacks

American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.

#bleepingcomputer #EN #2024 #Bypass #Ivanti #Code #Command #Actively #Remote #Services #Exploited #Injection #Execution #Security #Zero-Day #CSA #Cloud #Appliance #CVE-2024-9379 #CVE-2024-9380 #CVE-2024-9381

·bleepingcomputer.com·Oct 8, 2024

Ivanti warns of three more CSA zero-days exploited in attacks

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

#bleepingcomputer #EN #2024 #Your #Lazarus #Own #BYOVD #Driver #Zero-Day #Vulnerability #Bring #CVE-2024-38193 #Group #Microsoft

·bleepingcomputer.com·Aug 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit

Google fixes Android kernel zero-day exploited in targeted attacks

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks.

#bleepingcomputer #EN #2024 #Android #Google #Kernel #Zero-Day #CVE-2024-36971

·bleepingcomputer.com·Aug 6, 2024

Google fixes Android kernel zero-day exploited in targeted attacks

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

#bleepingcomputer #EN #2024 #0-day #Computer #APK #EvilVideo #Telegram #Mobile #Zero-Day #InfoSec #Android #Vulnerability

·bleepingcomputer.com·Jul 23, 2024

Telegram zero-day allowed sending malicious Android APKs as videos

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches.

#bleepingcomputer #EN #2024 #China #Cisco #Command-Injection #Malware #NX-OS #Root #Switch #Velvet-Ant #Zero-Day

·bleepingcomputer.com·Jul 1, 2024

Cisco warns of NX-OS zero-day exploited to deploy custom malware

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

#bleepingcomputer #EN #2024 #Authentication-Bypass #D-Link #Exploit #Proof-of-Concept #Remote-Command-Execution #Router #Vulnerability #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·May 14, 2024

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

MITRE says state hackers breached its network via Ivanti zero-days

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.

#bleepingcomputer #EN #2024 #Breach #Ivanti #MITRE #Zero-Day #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Apr 21, 2024

MITRE says state hackers breached its network via Ivanti zero-days

Google fixes two Pixel zero-day flaws exploited by forensics firms

Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.

#bleepingcomputer #EN #2024 #Android #Forensics #Google #Google-Pixel #Mobile #Pixel #Vulnerability #Zero-Day #GrapheneOS

·bleepingcomputer.com·Apr 3, 2024

Google fixes two Pixel zero-day flaws exploited by forensics firms

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

#bleepingcomputer #EN #2024 #Google #Google-TAG #Mandiant #Spyware #Zero-Day #2023

·bleepingcomputer.com·Mar 27, 2024

Google: Spyware vendors behind 50% of zero-days exploited in 2023

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car.

#bleepingcomputer #EN #2024 #Competition #Exploit #Hacking #Linux #Pwn2Own #Tesla #Windows #Windows-11 #Zero-Day

·bleepingcomputer.com·Mar 21, 2024

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

The biggest cybersecurity and cyberattack stories of 2023

2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.

#bleepingcomputer #EN #2023 #Cyberattack #Cybercrime #Data-Breach #Law-Enforcement #Zero-Day #retrospective

·bleepingcomputer.com·Jan 3, 2024

The biggest cybersecurity and cyberattack stories of 2023

New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.

#bleepingcomputer #EN #2023 #Microsoft #Exchange #RCE #zero-day #ZDI

·bleepingcomputer.com·Nov 4, 2023

New Microsoft Exchange zero-days allow RCE, data theft attacks

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.

#bleepingcomputer #EN #2023 #Cisco #IOS-XE #Zero-Day #CVE-2023-20273

·bleepingcomputer.com·Oct 21, 2023

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Hackers exploit critical flaw in WordPress Royal Elementor plugin

A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.

#bleepingcomputer #EN #2023 #WordPress #Zero-Day #Elementor #0-Day #CVE-2023-5360

·bleepingcomputer.com·Oct 17, 2023

Hackers exploit critical flaw in WordPress Royal Elementor plugin

Sony confirms data breach impacting thousands in the U.S.

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

#bleepingcomputer #EN #2023 #Clop #Data-Breach #Data-Leak #MOVEit #MOVEit-Transfer #Ransomware #Sony #Zero-Day

·bleepingcomputer.com·Oct 4, 2023

Sony confirms data breach impacting thousands in the U.S.

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.

#bleepingcomputer #EN #2023 #Actively-Exploited #Android #Mobile #Qualcomm #Vulnerability #Zero-Day #GPU #Adreno

·bleepingcomputer.com·Oct 3, 2023

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Cisco urges admins to fix IOS software zero-day exploited in attacks

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild.

#bleepingcomputer #Cisco #Warning #Zero-Day #Security #InfoSec #Computer-Security #CVE-2023-20109

·bleepingcomputer.com·Oct 2, 2023

Cisco urges admins to fix IOS software zero-day exploited in attacks

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.

#bleepingcomputer #EN #2023 #Apple #Apple-Watch #Code-Execution #iOS #iPhone #Mac #watchOS #Zero-Day

·bleepingcomputer.com·Sep 7, 2023

Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.

#bleepingcomputer #Ivanti #Actively-Exploited #Authentication-Bypass #MobileIron #Warning #Zero-Day #0-day

·bleepingcomputer.com·Aug 21, 2023

Ivanti warns of new actively exploited MobileIron zero-day bug

Apple releases emergency update to fix zero-day exploited in attacks

Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #CVE-2023-37450 #Apple #iOS #iPad #iPhone #Mac #macOS #Rapid-Security-Response #Zero-Day

·bleepingcomputer.com·Jul 12, 2023

Apple releases emergency update to fix zero-day exploited in attacks

Apple fixes three new zero-days exploited to hack iPhones, Macs

Apple has addressed three new zero-day vulnerabilities exploited in attacks to hack into iPhones, Macs, and iPads.

#bleepingcomputer #EN #2023 #Apple #iOS #iPhone #Mac #macOS #WebKit #Zero-Day

·bleepingcomputer.com·May 23, 2023

Apple fixes three new zero-days exploited to hack iPhones, Macs

Google Chrome emergency update fixes first zero-day of 2023

Google has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year.

#bleepingcomputer #EN #2023 #0-day #vulnerability #Emergency-Update #Chrome #Browser #Zero-Day

·bleepingcomputer.com·Apr 16, 2023

Google Chrome emergency update fixes first zero-day of 2023

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

The Clop ransomware gang claims to be behind recent attacks that exploited a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, saying they stole data from over 130 organizations.

#bleepingcomputer #EN #2023 #Clop #ransomware #GoAnywhere #zero-day

·bleepingcomputer.com·Feb 19, 2023

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

Jenkins discloses dozens of zero-day bugs in multiple plugins

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched.

#bleepingcomputer #EN #2023 #CSRF #Jenkins #Vulnerability #XSS #Zero-Day #Security

·bleepingcomputer.com·Jan 5, 2023

Jenkins discloses dozens of zero-day bugs in multiple plugins

Cisco discloses high-severity IP phone zero-day with exploit code

Cisco has disclosed today a high-severity zero-day vulnerability affecting the latest generation of its IP phones and exposing them to remote code execution and denial of service (DoS) attacks.

#bleepingcomputer #EN #2022 #Cisco #Denial-of-Service #DoS #RCE #Remote-Code-Execution #Zero-Day #CVE-2022-20968

·bleepingcomputer.com·Dec 12, 2022

Cisco discloses high-severity IP phone zero-day with exploit code

Google pushes emergency Chrome update to fix 8th zero-day in 2022

Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.

#bleepingcomputer #Google #Google-Chrome #Vulnerability #Web-Browser #Zero-Day #patch #CVE-2022-3723 #CVE-2022-3075 #CVE-2022-2856 #CVE-2022-2294 #CVE-2022-1364 #CVE-2022-1096 #CVE-2022-0609

·bleepingcomputer.com·Nov 25, 2022

Google pushes emergency Chrome update to fix 8th zero-day in 2022

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day

#bleepingcomputer #EN #2023 #Clop #ransomware #GoAnywhere #zero-day

·bleepingcomputer.com·Feb 19, 2023

Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day