After hundreds of companies were attacked with a 0-day vulnerability in MOVEit Transfer, the developer of this file transfer management product, Progress Software, promised to regularly release patches to provide a “predictable, simple, and transparent bug fixing process.” The first such package included patches for three vulnerabilities, including a critical one. MOVEit Vulnerabilities – The… Continue reading MOVEit Transfer Fixes a New Critical Vulnerability
Tag: 0-day
The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Information security experts have discovered that the aCropalypse vulnerability, which allows restoring the original image edited on a Google Pixel device (using the Markup tool), is turning into a 0-day for Windows. Let me remind you that we also wrote that YouTube Video Causes Pixel Smartphones to Reboot, and also that Information Security Specialists Discovered… Continue reading The aCropalypse Vulnerability Poses a Threat Not Only to Pixel, but Also to Windows
Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
Although Microsoft still hasn’t fixed the ProxyNotShell vulnerabilities found in Exchange last month, the company is now investigating a report of a new 0-day bug that is being used to compromise Exchange servers. Hackers are exploiting this bug to deploy the LockBit ransomware. Let me remind you that we also wrote that ProxyToken Vulnerability Allows… Continue reading Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It
0-day Vulnerability in WordPress BackupBuddy Plugin Attacked Over 5 million Times
Wordfence analysts have discovered that a fresh 0-day vulnerability in the popular WordPress plugin, BackupBuddy, which has been installed about 140,000 times, is under active attack. Since August 26, 2022, there have been about 5,000,000 hack attempts. The BackupBuddy plugin allows users to backup their entire WordPress installation right from the dashboard, including theme files,… Continue reading 0-day Vulnerability in WordPress BackupBuddy Plugin Attacked Over 5 million Times
Stores Are under Attack due to 0-Day Vulnerability in PrestaShop
Hackers exploit a 0-day vulnerability in the open-source e-commerce platform PrestaShop and introduce web skimmers to websites designed to steal sensitive information. Last Friday, the PrestaShop team issued an urgent warning, urging the administrators of the approximately 300,000 stores using the software to be more vigilant about security as attacks were discovered targeting the platform.… Continue reading Stores Are under Attack due to 0-Day Vulnerability in PrestaShop
Chrome 0-day Vulnerability Used to Attack Candiru Malware
Avast has discovered that DevilsTongue spyware, created by Israeli company Candiru, exploited a 0-day vulnerability in Google Chrome to spy on journalists and others in the Middle East. The vulnerability in question is the CVE-2022-2294 bug, which was fixed by Google and Apple engineers earlier this month. Let me remind you that we also wrote… Continue reading Chrome 0-day Vulnerability Used to Attack Candiru Malware
CloudMensis Malware Attacks MacOS Users
ESET experts have discovered the CloudMensis malware, which is used to create backdoors on devices running macOS and subsequently steal information. The malware received its name due to the fact that it uses pCloud, Dropbox and Yandex.Disk cloud storages as control servers. Let me remind you that we also wrote that Vulnerability in macOS Leads… Continue reading CloudMensis Malware Attacks MacOS Users
0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years
Google Project Zero researcher Maddie Stone published a study on 0-day vulnerabilities in 2022 on GitHub called “0-day In-the-Wild Exploitation in 2022…so far”. According to Stone, 9 of the 18 exploited zero-day vulnerabilities are variants of previously patched vulnerabilities. In many cases, the attacks were not sophisticated, and the attacker could have exploited the vulnerability… Continue reading 0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years
Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster
Hackers are actively exploiting the critical 0-day Follina vulnerability, which Microsoft is in no hurry to fix. Researchers warn that European governments and municipalities in the US have been targeted by a phishing campaign using malicious RTF documents. Let me remind you that the discovery of Follina became known at the end of May, although… Continue reading Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster
Chinese Hackers Attack Fresh 0-day Follina Vulnerability
Experts have warned that Chinese hackers are already actively exploiting a 0-day vulnerability in Microsoft Office known as Follina to remotely execute malicious code on vulnerable systems. Let me remind you that the discovery of Follina became known a few days ago, although the first researchers discovered the bug back in April 2022, but then… Continue reading Chinese Hackers Attack Fresh 0-day Follina Vulnerability