#zero_day

CVE-2022-28104: Security Bulletins | Foxit Software

Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.

3 years ago

#sql #xss #vulnerability #web #ios #android #mac #windows #google #microsoft #linux #cisco #dos #js #git #java #intel #rce #perl #pdf #buffer_overflow #auth #ibm #zero_day #firefox #wifi #ssl

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched

3 years ago

The Hacker News

Open in Source

#vulnerability #web #ios #android #mac #google #linux #git #intel #backdoor #asus #samsung #zero_day #chrome #The Hacker News

QNAP Urges Users to Update NAS Devices to Prevent Deadbolt Ransomware Attacks

Taiwanese network-attached storage (NAS) devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. The intrusions are said to have targeted TS-x51 series and TS-x53 series appliances running on QTS 4.3.6 and QTS 4.4.1, according to its product security incident response team. "QNAP urges all NAS users to check and update QTS to the latest version as

3 years ago

The Hacker News

Open in Source

#vulnerability #zero_day #The Hacker News

Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

By Waqas Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also… This is a post from HackRead.com Read the original post: Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

3 years ago

HackRead

Open in Source

#vulnerability #windows #apple #microsoft #amazon #ubuntu #linux #oracle #rce #samsung #xiaomi #zero_day #chrome #firefox

Spyware Vendors Target Android With Zero-Day Exploits

New research from Google's Threat Analysis Group outlines the risks Android users face from the surveillance-for-hire industry.

3 years ago

Wired

Open in Source

#vulnerability #web #ios #android #mac #apple #google #git #asus #zero_day

How Pwn2Own Made Bug Hunting a Real Sport

From a scrappy contest where hackers tried to win laptops, Pwn2Own has grown into a premier event that has helped normalize bug hunting.

3 years ago

DARKReading

Open in Source

#vulnerability #web #ios #mac #windows #apple #google #microsoft #java #vmware #buffer_overflow #zero_day #chrome #firefox

The Industry Must Better Secure Open Source Code From Threat Actors

Build security in up front to secure open source code at the foundational level. Apply security controls, have engineering teams test, do code review, and use attacker-centric behavioral analytics to mitigate threats.

3 years ago

DARKReading

Open in Source

#vulnerability #web #log4j #zero_day

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

3 years ago

CVE

Open in Source