Security News

As has become normal, Google did not provide any other details on the attacks or provide any IOCs to help organizations find signs of infection. So far in 2021, Google has rushed out fixes for at least three separate in-the-wild zero-day attacks.

Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important.

A researcher has dropped working exploit code for a zero-day remote code execution vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Pwn2Own contest rules require that the Chrome security team receive details of the code so they could patch the vulnerability as soon as possible, which they did; the latest version of the Chrome V8 JavaScript engine patches the flaw, Agarwal said in a comment posted in response to his own tweet.

A security researcher has dropped a zero-day remote code execution vulnerability on Twitter that works on the current version of Google Chrome and Microsoft Edge. While Agarwal states that the vulnerability is fixed in the latest version of the V8 JavaScript engine, it is not clear when Google will roll out the Google Chrome.

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The three Cisco router models and one VPN firewall device are of varying age and have reached "End of life" and will not be patched, according to Cisco.

The exploits, which went back to early 2020 and used never-before-seen techniques, were "Watering hole" attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.

Apple has just pushed out an emergency "One-bug" security update for its mobile devices, including iPhones, iPads and Apple Watches. Just like the last emergency Apple patch, this vulnerability affects WebKit, Apple's core web browser code.

Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild. The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."

Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.