• Hackers exploit zero day before enterprises can patch

    8 days ago - By Beta News

    Cybercriminals exploited the new CVE-2021-40444 remote code execution zero-day a week before the patch was issued on September 14, according to the latest report from HP Wolf Security. Researchers also saw scripts that automated the creation of the exploit on Github on the 10th, making it easier for less-sophisticated attackers to use the exploit against vulnerable organisations. This illustrates the trend of cybercriminals moving faster than ever to exploit zero-days, while businesses take 97 days on average to implement patches, creating a window of vulnerability. The latest Threat...
    Read more ...

     

  • New 'MysterySnail' exploit used to hijack Windows Server deployments

    New 'MysterySnail' exploit used to hijack Windows Server deployments

    8 days ago - By Tech Radar

    Cybersecurity experts have helped quash a mysterious new remote access trojan that exploited a zero-day in an essential Windows driver to launch a privilege escalation exploit. Discovered and reported by Kaspersky , Microsoft has patched the zero-day that was exploited by the trojan in the October 2021 edition of Patch Tuesday. “The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309 , but closer analysis revealed that it was a zero-day. We discovered that it was using a previously unknown vulnerability in the Win32k driver...,” observed...
    Read more ...