Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by...
Read moreNew episode - listen now! (And find out what HAFNIUM really stands for.)
Read moreMore on the Chinese Zero-Day Microsoft Exchange Hack
March 10 2021
Nick Weaver has an excellent post on the Microsoft Exchange hack:
The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand...
Read more
Webshells explained, with some (safe) examples you can try at home if you want to learn more.
Read moreBeginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation...
Read moreBeginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation...
Read moreFour Microsoft Exchange Zero-Days Exploited by China
March 4 2021Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. EDITED TO ADD (3/12): Exchange Online is not affected.
Read moreIt's déjà vu all over again! New month, new Chrome zero-day bug being exploited in the wild.
Read moreMicrosoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products....
Read moreOn Vulnerability-Adjacent Vulnerabilities
February 15 2021
At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors...
Read more
Recent Comments