Software firm is “aware of limited targeted attacks” exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed. A targeted attack is targeting a previously unknown vulnerability in Internet Explorer to corrupt memory and exploit victims’ Windows systems, Microsoft warned in an advisory published on January 17.
This month’s batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild. Today marks the last Patch Tuesday of 2019 and Microsoft’s lightest of the year, with fixes for 36 vulnerabilities including one Windows zero-day flaw that has been exploited in the
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer. Patch Tuesday is back once again, bringing with it 74 security fixes, 61 of which are classified as Important and 13 as Critical, including one Internet Explorer bug under active attack. Microsoft today released fixes for CVEs across Windows,
The fix addresses CVE-2019-13720, a high-severity, use-after-free vulnerability discovered by Kaspersky Lab researchers. Google upped the ante for Halloween frights when it issued a Chrome browser update to patch two vulnerabilities, one of which is a high-severity zero-day being actively exploited in the wild. Chrome version 78.0.3904.87 is for Windows, Mac, and Linux, and it
The ransomware operators targeted an “unquoted path” vulnerability in iTunes for Windows to evade detection and install BitPaymer. Ransomware operators have been seen exploiting a zero-day vulnerability in iTunes for Windows to slip past security tools and infect victims with BitPaymer, researchers report. Back in August, the Morphisec team noticed attackers targeting the network of
At Black Hat USA, Project Zero’s team lead shared details of projects it has accomplished and its influence on the security community. In July 2014, Google announced Project Zero, a research group built to reduce the number of zero-day vulnerabilities used in targeted attacks. Five years later, team lead Ben Hawkes took the Black Hat
Vulnerabilities in VxWorks’ TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices. A series of vulnerabilities in a real-time operating system (RTOS) could leave up to 200 million devices open to exploit. And those devices include everything from network firewalls to
Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild. Microsoft today patched 77 vulnerabilities and issued two advisories as part of its July security update. Two of these bugs are under active attack; six were publicly known at the time fixes were released.
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for. Where do you stand in the debate over whether governments should stockpile vulnerabilities? Some believe that regardless of its utility, the practice of keeping software vulnerabilities secret affects