CVE-2018-4990 – Adobe Reader Double Free (Zero Day) vulnerability alert!

Credit to Author: Prashant Kadam| Date: Wed, 16 May 2018 13:10:48 +0000

The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions…

Read more

Adobe Reader zero-day discovered alongside Windows vulnerability

Credit to Author: Jérôme Segura| Date: Tue, 15 May 2018 18:44:14 +0000

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape.

Categories:

Tags:

(Read more…)

The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs.

Read more

Internet Explorer zero-day: browser is once again under attack

Credit to Author: Jérôme Segura| Date: Thu, 10 May 2018 19:58:00 +0000

Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years.

Categories:

Tags:

(Read more…)

The post Internet Explorer zero-day: browser is once again under attack appeared first on Malwarebytes Labs.

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 04 May 2018 12:00:08 +0000

When I was little, I discovered the joy of jumping on the bed. While it was fun to jump on the bed, I wanted to make it more challenging so I started to imitate the ski jumpers I had seen during the 1976 Winter Olympics and jump from my parents’ dresser to the bed. I…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 30, 2018 appeared first on .

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 23, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 27 Apr 2018 12:00:45 +0000

I was having dinner with friends recently and one of the newer members of the group asked me what I did for a living. I told him that I worked for a cybersecurity company and his reply was, “I don’t need to worry about security – I have a MacBook.” I thought that at any…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of April 23, 2018 appeared first on .

Read more

An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)

Credit to Author: Quick Heal Security Labs| Date: Wed, 07 Feb 2018 13:59:42 +0000

Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in…

Read more

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

Credit to Author: Pradeep Kulkarni| Date: Sat, 03 Feb 2018 09:39:38 +0000

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe the in wild attack is targeted and it impacts limited windows users….

Read more

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

Credit to Author: Pradeep Kulkarni| Date: Fri, 13 Oct 2017 09:14:57 +0000

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable…

The post CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.

Read more

CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

Credit to Author: Pavankumar Chaudhari| Date: Thu, 14 Sep 2017 09:28:34 +0000

The recent zero-day vulnerability in .NET Framework vulnerability CVE-2017-8759 enables attackers to perform a Remote Code Execution on the targeted machine. This vulnerability is found to be exploited in the wild through email spam messages loaded with malicious RTF files as an attachment. Microsoft has released a security update on…

The post CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.

Read more

PSA: New Microsoft Word 0day used in the wild

Credit to Author: Jérôme Segura| Date: Wed, 13 Sep 2017 22:49:19 +0000

Read more about the latest Microsoft Word Zero-Day and how to protect yourself against it.

Categories:

Tags:

(Read more…)

The post PSA: New Microsoft Word 0day used in the wild appeared first on Malwarebytes Labs.

Read more

OWASP Top Ten – Boring security that pays off

Credit to Author: William Tsing| Date: Thu, 04 May 2017 16:00:28 +0000

OWASP recently published a draft list of the top 10 security vulnerabilities of 2017. While intended for developers seeking to code more secure applications, the top 10 list is based on actual survey data of threats seen in the wild and serves as a great starting point for organizations struggling with security priorities. Let’s take a look and see how long they’ve been around prior to publication.

Categories:

Tags:

(Read more…)

The post OWASP Top Ten – Boring security that pays off appeared first on Malwarebytes Labs.

Read more