Aug 31, 2024Ravie LakshmananRootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit. The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of … [Read more...] about North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
ZeroDay
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Jun 19, 2024NewsroomCybercrime / Crypto Security Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken's Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received … [Read more...] about Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
May 29, 2024NewsroomEnterprise Security / Vulnerability Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. "The vulnerability … [Read more...] about Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
What You Need to Know About the Critical PAN-OS Zero-Day
UPDATE: It has been confirmed that disabling telemetry will not block this exploit. Applying a patch as soon as possible is the most effective remediation for this vulnerability. Patches for 8 of the 18 vulnerable versions have been released; patches for the remaining vulnerable versions are expected by April 19th. CrowdStrike is constantly working to protect our customers from … [Read more...] about What You Need to Know About the Critical PAN-OS Zero-Day
Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Jan 31, 2024NewsroomVulnerability / Zero Day Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect … [Read more...] about Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years
Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing zero-day vulnerabilities to complete … [Read more...] about Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Jan 20, 2024NewsroomNetwork Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The … [Read more...] about CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Chinese Hackers Exploited New Zero-Day in Barracuda’s ESG Appliances
Dec 27, 2023NewsroomZero-Day / Email Security Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway (ESG) appliances to deploy backdoor on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and open-source library … [Read more...] about Chinese Hackers Exploited New Zero-Day in Barracuda’s ESG Appliances
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
Oct 25, 2023NewsroomThreat Intelligence / Vulnerability The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu Faou … [Read more...] about Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
Oct 21, 2023NewsroomZero-Day / Vulnerability Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices. Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside … [Read more...] about Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices