Microsoft OneDrive for macOS Local Privilege Escalation

In this blog post, we will share the details of a vulnerability Offensive Security discovered in the XPC service of Microsoft OneDrive. Although Microsoft secured these services reasonably well, we…

Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery

December’s Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities. Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot…

Unpatched Windows Zero-Day Allows Privileged File Access

A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug. An unpatched Windows security vulnerability could allow information disclosure…

30% of Android Smartphones Impacted by Mediatek Vulnerabilities

Researchers have discovered four Mediatek vulnerabilities that, if successfully exploited would have permitted malicious hackers to perform a series of actions like Android phone calls eavesdropping, commands execution and increased…

A New Microsoft Windows Installer Zero-day Is Exploited

Abdelhamid Naceri, a security researcher, made the zero-day in question public. He identified the flaw through an examination of the CVE-2021-41379 fix. It appears that the problem was not properly…

Attackers Actively Target Windows Installer Zero-Day

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month. Attackers are actively exploiting a Windows Installer zero-day vulnerability that…

Avast Q3’21 Threat Report

Avast –  Avast –  Latest Avast Q3’21 Threat Report reveals elevated risk for ransomware and RAT attacks, rootkits and exploit kits return. Foreword The threat landscape is a fascinating environment…

Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial Fix

Researchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft. A partially unpatched security bug in Windows that could allow…

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said. The launch of a standing offer to pay for Windows virtual private network (VPN) software zero-day exploits came to…

New Linux kernel memory corruption bug causes full system compromise

Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel. In 2017, MacAfee researchers disclosed a memory corruption bug inside the Linux kernel’s UDP…