zero-day Archives - Page 2 of 5 - Cyber Security Minute

Apple releases iOS 16 update to fix CVE-2023-42824 on older devices

Issued by: Security Affairs

Apple has released iOS 16.7.1 and iPadOS 16.7.1 to address the recently disclosed zero-day CVE-2023-42824. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting…

Vulnerabilities

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

Issued by: SecurityWeek

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Vulnerabilities

Apple fixed the 17th zero-day flaw exploited in attacks

Issued by: Security Affairs

Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. The vulnerability is a privilege escalation issue that resides in the Kernel, it was addressed with improved checks. “A local attacker may be able to elevate their privileges. Apple is aware…

Vulnerabilities

Trend Micro Patches Zero-Day Endpoint Vulnerability

Issued by: Dark Reading

Trend Micro has released an advisory covering a critical zero-day flaw — tracked as CVE-2023-41179 — that affects Apex One, Apex One SaaS, and Worry-Free Business Security. The vulnerability can be exploited for arbitrary code execution, and it revolves around the “products’ ability to uninstall third-party security software.” The advisory, written in Japanese, details how…

Malware & Threats

Zero Day Summer: Microsoft Warns of Fresh New Software Exploits

Issued by: SecurityWeek

As part of its scheduled batch of Patch Tuesday security fixes, Redmond’s security response team flagged the two zero-days — CVE-2023-36761 and CVE-2023-36802 — in the “exploitation detected” category and urged Windows sysadmins to urgently apply available fixes. The most serious of the two bugs is described as a privilege escalation flaw in Microsoft Streaming…

Application Security

Google Fixes Chrome Zero-Day Exploited in the Wild

Issued by: DataBreach Today

Google released a fix on Monday for a Chrome zero-day. Like the three before it, this fourth Chrome zero-day vulnerability found in 2023 allows an attacker to remotely target a vulnerable version of the browser. An attacker could exploit the vulnerability to execute arbitrary code, mishandle the data in the browser’s memory and eventually crash…

Malware & Threats

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Issued by: Security Affairs

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. An unauthenticated, remote attacker can exploit the vulnerability to conduct a brute force attack in an attempt to identify valid username and password combinations…

Mobile Security

Google addressed an actively exploited zero-day in Android

Issued by: Security Affairs

Google released September 2023 Android security updates that address tens of vulnerabilities, including a zero-day flaw tracked as CVE-2023-35674 that was actively exploited in the wild. This high-severity vulnerability CVE-2023-35674 resides in the Framework component, a threat actor could exploit the issue to escalate privileges without requiring user interaction or additional execution privileges. “There are…

News

Victims Sue Financial Firms Over MOVEit Data Breaches

Issued by: DataBreach Today

Financial services firms affected by the mass attack on MOVEit file-sharing software are among the latest to face lawsuits from affected individuals. One such lawsuit, filed against Prudential, wants the firm to pay for 10 years of identity theft monitoring service since stolen Social Security numbers cannot be replaced. So far 998 organizations are known…

Vulnerabilities

Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications

Issued by: Dark Reading

After vulnerabilities were found in the TETRA communications protocol that powers industrial control systems globally, researchers have revealed new research showing multiple additional zero-day vulnerabilities in a Motorola base station and system chip. Both are required to run and decrypt the TETRA communications algorithm, potentially exposing sensitive information. TETRA, or Terrestrial Trunked Radio, is a…