Security News

Citrix is strongly urging admins to apply security updates for an actively exploited 'Critical' zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. Citrix is warning admins to install the latest update "As soon as possible" as the vulnerability is actively exploited in attacks.

Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits targeting consumer products between December 6th and December 9th. During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration. The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. "The group has historically focused their targeting on South Korean users, North Korean defectors, policy makers, journalists, and human rights activists," TAG said in a Thursday analysis.

North Korea has hit a new low, using the death of over 150 people to exploit a zero-day flaw in Internet Explorer. South Korea declared a week of national mourning after the incident.

Google's Threat Analysis Group revealed today that a group of North Korean hackers tracked as APT37 exploited a previously unknown Internet Explorer vulnerability to infect South Korean targets with malware. Once opened on the victims' devices, the document would deliver an unknown payload after downloading a rich text file remote template that would render remote HTML using Internet Explorer.

Google has patched CVE-2022-4262, a type confusion vulnerability in the V8 JavaScript engine used by Google Chrome, which is being exploited by attackers in the wild. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Srinivas Sista, Technical program manager for Google Chrome, explained.

It's just under two weeks since Google rushed out a Chrome patch for the then-current version 107 to seal off a bug that was already being used in real-life attacks. How might the bug might be triggered? Was merely viewing a booby-trapped web page enough? Could it be abused for remote code execution? Could the crooks end up installing malware without any visible warning? Who was using it? Were they state-sponsored attackers, or some other sort of cybercriminals? What they were after? Were they into data stealing, ransomware attacks, unlawful surveillance, or all of those things?

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine.

Google has released Chrome 108.0.5359.94/.95 for Windows, Mac, and Linux users to address a single high-severity security flaw, the ninth Chrome zero-day exploited in the wild patched since the start of the year.This update was immediately rolled out to our systems when BleepingComputer checked for new updates from the Chrome menu > Help > About Google Chrome.