Zero Day Initiative Archives - Cyber Security Minute

Critical “10-out-of-10” Linux kernel SMB hole – should you worry?

Issued by: Naked Security

Just before the Christmas weekend – in fact, at about the same time that beleaguered password management service LastPass was admitting that, yes, your password vaults were stolen by criminals after all – we noticed a serious-sounding Linux kernel vulnerability that hit the news. The alerts came from Trend Micro’s Zero Day Initiative (ZDI), probably…

Vulnerabilities

Microsoft Confirms Exploitation of Two Exchange Server Zero-Days

Issued by: Security Week

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…

Network Security

Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own

Issued by: Security Week

Pwn2Own Miami 2022 is scheduled to take place on January 25-27, 2022, and it has four main target categories: control server, OPC UA server, data gateway, and human-machine interface (HMI). In the control server category, participants can earn up to $20,000 for hacking Iconics Genesis64 and Inductive Automation Ignition products. In the OPC UA category,…

Application Security

The November 2016 Security Update Review

Issued by: Trend Micro Blog

Adobe released two updates this month. The more critical of the two patches addresses nine CVEs in the Flash player. This comes just two weeks after Adobe issued an emergency Flash update to fix an issue currently being exploited. We’ll see this exploit later in a Windows update, too. Today’s Flash update is not being…