Microsoft rushes out patch for Internet Explorer zero‑day

There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

PowerPool malware exploits ALPC LPE zero-day vulnerability

Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability

Translating power grid security concerns into action

On the heels of our recent investigations into threats against critical infrastructure like power grids, transportation and other systems that we count on every day, public agencies and private parties alike wonder if we can trust the power grid (see this selection of WeLiveSecurity articles). I was recently invited to speak at a Lexington Institute Capitol Hill … More Translating power grid security concerns into action

Adobe warns of Flash zero-day vulnerability, being actively exploited by online criminals

As I write this, if you’re running Adobe Flash on your Windows, Mac, Linux or Chrome OS computer you’re potentially at risk. Adobe has issued a security advisory, warning of an as-yet unpatched critical security hole in its popular Flash player software that is reported to being actively exploited by criminals in the wild. No … More Adobe warns of Flash zero-day vulnerability, being actively exploited by online criminals