Tag: zero day

ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by RomCom APT group

November 26, 2024

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit. ESET researchers discovered a previously unknown vulnerability, CVE-2024-9680, in Mozilla products, exploited in the wild by APT group RomCom. Further analysis revealed another zero-day vulnerability in … More ESET Research discovers Mozilla and Windows zero day & zero click vulnerabilities exploited by RomCom APT group

ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability

August 30, 2024

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). The vulnerability was being exploited by APT-C-60, allegedly a South Korea-aligned cyberespionage group, to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the faulty code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities are … More ESET Research: Spy group exploits WPS Office zero day; analysis uncovers a second vulnerability

TikTok Zero Day Hack Is Taking Over Celebrity and Brand Accounts

June 10, 2024

Recently, malicious code has infiltrated TikTok, compromising the official accounts of celebrities and brands. Notable victims allegedly include CNN, Paris Hilton, and Sony According to Forbes* the attack spreads via direct messages (DMs) within the TikTok app, without requiring any user interaction beyond opening the message. Although the affected accounts don’t seem to be posting … More TikTok Zero Day Hack Is Taking Over Celebrity and Brand Accounts

What’s behind the record‑high number of zero days?

May 3, 2022

Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity. Zero-day vulnerabilities have always had something of a special reputation in the cybersecurity space. These software bugs are exploited for attacks before the flaw is known to the software vendor and so before a … More What’s behind the record‑high number of zero days?

Google: Better patching could have prevented 1 in 4 zero‑days last year

February 9, 2021

Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google. Google’s Project Zero team revealed that a quarter of zero-day exploits detected in 2020 could have been prevented had the vendors issued proper patches for the underlying security flaws. In its Year in Review bloggpost, the … More Google: Better patching could have prevented 1 in 4 zero‑days last year