Tag Archives: zero-day vulnerability

Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit

Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot.

Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian

Unpatched Microsoft Word Flaw is Being Used to Spread Dridex Banking Trojan

If you are a regular reader of The Hacker News, you might be aware of an ongoing cyber attack — detected in the wild by McAfee and FireEye — that silently installs malware on fully-patched computers by exploiting an unpatched Microsoft Word vulnerability in all current versions of Microsoft Office.

Now, according to security firm Proofpoint, the operators of the Dridex malware started

Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild

It’s 2017, and opening a simple MS Word file could compromise your system.

Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.

The Microsoft Office zero-day attack, uncovered by researchers

Google just discovered a dangerous Android Spyware that went undetected for 3 Years

An Android version of one of the most sophisticated mobile spyware has been discovered that remained undetected for at least three years due to its smart self-destruction capabilities.

Dubbed Chrysaor, the Android spyware has been used in targeted attacks against activists and journalists mostly in Israel, but also in Georgia, Turkey, Mexico, the UAE and other countries.

Chrysaor espionage

Breaking: Wikileaks reveals CIA's Apple MacOS and iPhone Hacking Techniques

As part of its “Vault 7” series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices.

Dubbed “Dark Matter,” the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA

Unpatchable 'DoubleAgent' Attack Can Hijack All Windows Versions — Even Your Antivirus!

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.

Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10.

What’s worse? DoubleAgent

Disable TELNET! Cisco finds 0-Day in CIA Dump affecting over 300 Network Switch Models

Cisco is warning of a new critical zero-day IOS / IOS XE vulnerability that affects more than 300 of its switch models.

The company identified this highest level of vulnerability in its product while analyzing “Vault 7” — a roughly 8,761 documents and files leaked by Wikileaks last week, claiming to detail hacking tools and tactics of the Central Intelligence Agency (CIA).

The vulnerability

WikiLeaks Won't Disclose CIA Exploits To Companies Until Certain Demands Are Met

It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units.

“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so