Zero-Days Archives - Cyber Security Minute

Threat Actor May Have Accessed Sensitive Info on CISA Chemical App

Issued by: Dark Reading

An unknown threat actor may have accessed critical information on US chemical facilities by compromising the US Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) earlier this year. Data the adversary may have accessed includes the types and quantities of chemicals stored at different facilities, facility-specific security vulnerability assessments, site security plans,…

Vulnerabilities

Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days

Issued by: SecurityWeek

The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, affect fully patched Internet-facing Ivanti Connect Secure VPN appliances (formerly known as Pulse Secure) and were caught during in-the-wild zero-day exploitation. Ivanti, a company that has struggled with major security problems, released pre-patch mitigations for the new vulnerabilities but said comprehensive fixes will be released on a staggered…

Vulnerabilities

Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation

Issued by: The Hacker News

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws, three are rated Critical, 13 are rated High, and one is rated Medium in severity. “There are indications from Google Threat Analysis Group and Google Project Zero…

Vulnerabilities

It’s Raining Zero-Days in Cyberspace

Issued by: DataBreach Today

Last year was another bonanza in zero-days for Chinese state hackers, say security researchers in a report predicting a permanent uptick in nation-state exploitation of yet-unpatched vulnerabilities. Data taken from original research by cybersecurity firm Mandiant and from open-source reporting suggests zero-day exploitation is generally trending upward despite fluctuation from year to year in the…

Vulnerabilities

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Issued by: Help Net Security

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

Vulnerabilities

Microsoft Confirms Exploitation of Two Exchange Server Zero-Days

Issued by: Security Week

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…