Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks – Tempemail

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. “These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed Continue Reading

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents – Tempemail

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Continue Reading

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack – Tempemail

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with “high confidence” to a threat actor operating out of China. In mid-July, the Texas-based company remedied a remote code execution flaw (CVE-2021-35211) that was rooted Continue Reading

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers – Tempemail

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Continue Reading

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices – Tempemail

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week Continue Reading

Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms – Tempemail

Microsoft on Tuesday disclosed that the latest string of attacks targeting SolarWinds Serv-U managed file transfer service with a now-patched remote code execution (RCE) exploit is the handiwork of a Chinese threat actor dubbed “DEV-0322.” The revelation comes days after the Texas-based IT monitoring software maker issued fixes for the Continue Reading

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly – Tempemail

U.S. technology firm Kaseya, which is firefighting the largest ever supply-chain ransomware strike on its VSA on-premises product, ruled out the possibility that its codebase was unauthorizedly tampered with to distribute malware. While initial reports raised speculations that the ransomware gang might have gained access to Kaseya’s backend infrastructure and Continue Reading

REvil Used 0-Day in Kaseya Ransomware Attack, Demands $70 Million Ransom – Tempemail

Amidst the massive supply-chain ransomware attack that triggered an infection chain compromising thousands of businesses on Friday, new details have emerged about how the notorious Russia-linked REvil cybercrime gang may have pulled off the unprecedented hack. The Dutch Institute for Vulnerability Disclosure (DIVD) on Sunday revealed it had alerted Kaseya Continue Reading

SonicWall Left a VPN Flaw Partially Unpatched Amidst 0-Day Attacks – Tempemail

A critical vulnerability in SonicWall VPN appliances that was believed to have been patched last year has been now found to be “botched,” with the company leaving a memory leak flaw unaddressed, until now, that could permit a remote attacker to gain access to sensitive information. The shortcoming was rectified Continue Reading

Update‌ ‌Your Chrome Browser to Patch Yet Another 0-Day Exploit‌ed ‌in‌-the‌-Wild – Tempemail

Google has rolled out yet another update to Chrome browser for Windows, Mac, and Linux to fix four security vulnerabilities, including one zero-day flaw that’s being exploited in the wild. Tracked as CVE-2021-30554, the high severity flaw concerns a use after free vulnerability in WebGL (aka Web Graphics Library), a Continue Reading