A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search
Tag: 0-day vulnerability
F5 warns of critical BIG-IP RCE vulnerability
F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability
Lapsus$ hack group stole the source codes of Microsoft products
The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server. Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various… Continue reading Lapsus$ hack group stole the source codes of Microsoft products
Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Security firm Volexity has warned that a previously unknown Chinese hack group is exploiting a 0-day vulnerability in Zimbra’s collaborative software. According to official statistics, more than 200,000 enterprises in 140 countries around the world use Zimbra, including more than 1,000 government and financial institutions. The researchers write that using the 0-day vulnerability, attackers gain… Continue reading Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Google Chrome fixed second 0-day vulnerability in two weeks
Google developers have released Chrome version 86.0.4240.183 for Windows, Mac and Linux, which fixed 10 different problems. The update also includes a patch for a 0-day vulnerability in Google Chrome, which hackers are already actively using. The bug was identified as CVE-2020-16009 and was discovered by the Threat Analysis Group (TAG), Google’s internal security team… Continue reading Google Chrome fixed second 0-day vulnerability in two weeks
Google Project Zero discovered a 0-day vulnerability in the Windows kernel
Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks. The vulnerability is related to the operation of… Continue reading Google Project Zero discovered a 0-day vulnerability in the Windows kernel
Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products
Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems. Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the… Continue reading Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products