Experimental News Clipping Site

Tag: zero-day

  • Hacker News: RomCom exploits Firefox and Windows zero days in the wild

    by

    system automation
    in

    Source URL: https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ Source: Hacker News Title: RomCom exploits Firefox and Windows zero days in the wild Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed analysis of critical zero-day vulnerabilities discovered in Mozilla products, specifically Firefox, Thunderbird, and the Tor Browser, which are being exploited by a Russia-aligned cyber…

  • Slashdot: Russia-Linked Hackers Exploited Firefox, Windows Bugs In ‘Widespread’ Hacking Campaign

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/27/0228241/russia-linked-hackers-exploited-firefox-windows-bugs-in-widespread-hacking-campaign?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Russia-Linked Hackers Exploited Firefox, Windows Bugs In ‘Widespread’ Hacking Campaign Feedly Summary: AI Summary and Description: Yes Summary: The report highlights the discovery of two zero-day vulnerabilities exploited by the RomCom hacking group, posing significant risks to Firefox and Windows users in North America and Europe. This incident underscores…

  • Slashdot: Thousands of Palo Alto Networks Firewalls Compromised This Week After Critical Security Hole

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/25/063246/thousands-of-palo-alto-networks-firewalls-compromised-this-week-after-critical-security-hole?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Thousands of Palo Alto Networks Firewalls Compromised This Week After Critical Security Hole Feedly Summary: AI Summary and Description: Yes Summary: The text highlights a significant security breach involving Palo Alto Networks firewalls, where attackers exploited critical vulnerabilities to deploy malware and remotely control the devices. This incident serves…

  • Hacker News: The Nearest Neighbor Attack

    by

    system automation
    in

    Source URL: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/ Source: Hacker News Title: The Nearest Neighbor Attack Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the Nearest Neighbor Attack, a novel cyber-espionage technique utilized by the Russian APT group GruesomeLarch to access targets remotely via compromised Wi-Fi networks of nearby organizations. It highlights the importance of strengthening…

  • Slashdot: Apple Says Mac Users Targeted in Zero-Day Cyberattacks

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/20/181206/apple-says-mac-users-targeted-in-zero-day-cyberattacks?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple Says Mac Users Targeted in Zero-Day Cyberattacks Feedly Summary: AI Summary and Description: Yes Summary: Apple’s recent security updates address critical zero-day vulnerabilities affecting Intel-based Mac systems that were under active attack, highlighting the importance of timely patch management and awareness of state-sponsored cyber threats. Detailed Description: Apple’s…

  • The Register: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/google_ossfuzz/ Source: The Register Title: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed Feedly Summary: OSS-Fuzz is making a strong argument for LLMs in security research Google’s OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities,…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

  • The Register: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/ Source: The Register Title: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer Feedly Summary: No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet’s Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.… AI…

  • The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/palo_alto_networks_patches/ Source: The Register Title: Palo Alto Networks tackles firewall-busting zero-days with critical patches Feedly Summary: Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.… AI Summary and…

  • Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…