ZDI Archives - Cyber Security Minute

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Issued by: Naked Security

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably…

Malware & Threats, Vulnerabilities

This Week in Security News – February 4, 2022

Issued by: Trend Micro Blog

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the Samba vulnerability discovered by Trend Micro. Also, read about the White House’s warning of Russian hacks as tensions with Ukraine grow. The Samba Vulnerability: What is…

Vulnerabilities

Trend Micro Patches Critical Vulnerability in Server Protection Solution

Issued by: Security Week

Tracked as CVE-2021-36745 and featuring a CVSS score of 9.8, the security hole could be exploited by remote attackers to completely bypass authentication on a vulnerable system. The enterprise-grade real-time malware detection solution provides virus, spyware and rootkit protection for servers, while also automating security operations. Also packing cleanup capabilities, the software features support for…

Vulnerabilities

White Hats Earn $440,000 for Hacking Microsoft Products on First Day of Pwn2Own 2021

Issued by: Security Week

The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), said there were seven attempts on the first day and five of them were successful. A team called Devcore earned $200,000 for taking complete control of a Microsoft Exchange server by chaining authentication bypass and local privilege escalation vulnerabilities. A researcher who uses the online moniker…

Vulnerabilities

Critical Firefox Vulnerability Can Allow Code Execution If Chained With Other Bugs

Issued by: Security Week

In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…