If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results of this research at the Black Hat Europe Briefings, the audience appeared to be completely unaware (embarrassed, even) that the DDS drives railways, autonomous cars,…

The exploited vulnerabilities include CVE-2021-37975, a high-severity use-after-free bug in the V8 engine, and CVE-2021-37976, a medium-severity information leak issue in the core. Both were reported last week. “Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild,” the Internet search giant says. Now rolling out to Windows, Mac and Linux users…

Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices. The plugin provides various other customization options as well. This week, Wordfence discovered that threat actors are targeting an unpatched critical vulnerability in Fancy Product Designer. The…

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…

For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have been shared about the attacks and about the flaw itself, apart from the short description that says it’s a type confusion flaw in V8, the JavaScript…

When Every Attack Is a Zero Day

The collective efforts of hackers have fundamentally changed the cyber defense game. Today, adversarial automation is being used to create and launch new attacks at such a rate and volume that every strain of malware must now be considered a zero day and every attack considered an advanced persistent threat. That’s not hyperbole. According to…

Flash zero-day being exploited in targeted attacks

A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions for the following operating systems: Windows Mac Linux Chrome OS According to Adobe, an exploit…

Backdoor Uploaded to WordPress Sites via eCommerce Plugin Zero-Day

A zero-day vulnerability in an ecommerce plugin for WordPress has been exploited by cybercriminals to upload backdoors to affected websites, researchers warned. The ideal scenario for profit-driven hackers is to find and exploit security holes in plugins installed on hundreds of thousands or millions of websites. However, targeting a large number of less popular applications…