[Threatpost[ Two Zoom Zero-Day Flaws Uncovered

Author:



UPDATE. Two zero-day flaws have been uncovered in Zoom’s macOS client version, according to researchers. The web conferencing platform vulnerabilities could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera. As of Thursday, the two vulnerabilities have , according to Zoom.



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesOracle

Übernahme durch US-Firmen: So soll der TikTok-Deal angeblich aussehen

September 18, 2020
Einem Insider zufolge gibt es eine Einigung zwischen dem chinesischen TikTok-Eigentümer Bytedance und der US-Regierung...
Tags , , , , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft VulnerabilitiesOS

CVE-2020-1048 Microsoft Windows Print Spooler 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

September 18, 2020
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule <...
Tags , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
Category CERT-LatestNews Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesMozilla

CVE-2020-0618 Microsoft SQL Server和Microsoft SQL Server Reporting Services 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

September 18, 2020
# Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution # Google...
Tags , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
vamtam-theme-circle-post
Category CERT-LatestNews Malware Microsoft ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesMicrosoft VulnerabilitiesNetwork

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack — Krebs on Security

September 18, 2020
The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree...
Tags , , , , , , , , , ,
Read More
Category CERT-LatestNews Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesDBMS VulnerabilitiesGoogle VulnerabilitiesMicrosoft VulnerabilitiesMozilla

Microsoft SQL Server Reporting Services 2016 Remote Code Execution

September 18, 2020
# Exploit Title: Microsoft SQL Server Reporting Services 2016 – Remote Code Execution # Google...
Tags , , , , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

Microsoft Spooler Local Privilege Elevation

September 18, 2020
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule...
Tags , , , , ,
Read More
Category Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

【安全通报】Microsoft Exchange远程代码执行漏洞(CVE-2020-16875)

September 18, 2020
2020年09月08日微软发布关于 Microsoft Exchange 远程代码执行漏洞(CVE-2020-16875)漏洞通告,由于对 cmdlet 参数的验证不正确,Microsoft Exchange 服务器中存在一个远程执行代码漏洞。成功利用此漏洞的攻击者可以在系统用户的上下文中运行任意代码。利用此漏洞需要以某个 Exchange 角色进行身份验证的用户权限,此漏洞等级为严重 ,漏洞评分为9.1分。 2020年09月16日,me tasploit github 仓库更新了该漏洞利用的脚本,可造成任意命令执行,建议相关用户进行及时更新。...
Tags , ,
Read More
Category APTFilter CERT-LatestNews Cybersecurity-Covid-19 Microsoft VulnerabilitiesAll VulnerabilitiesMicrosoft

季风行动——蔓灵花(APT-C-08)组织大规模钓鱼攻击活动披露

September 18, 2020
转载: 360威胁情报中心 蔓灵花(APT-C-08)是一个拥有南亚地区政府背景的APT组织,近几年来持续对南亚周边国家进行APT攻击,攻击目标涉及政府、军工、高校和驻外机构等企事业单位组织,是目前较活跃的针对我国境内目标进行攻击的境外APT组织之一。 2020年360安全大脑在全球范围内曾监测到蔓灵花组织多次攻击行动,如年初在COVID-19新冠病毒席卷我国之际,该组织就曾借疫情攻击过我国的相关单位。从7月开始,360安全大脑遥测发现蔓灵花组织针对南亚地区发起了大规模的钓鱼窃密攻击活动,通过360高级威胁研究院的追踪溯源,发现此次攻击行动的目标涉及包括我国和巴基斯坦在内的多个单位组织、政府机构…. Source link
Tags , , , , , , , , , , , , , , , , , , , , ,
Read More
Category APTFilter CERT-LatestNews Microsoft VulnerabilitiesAll VulnerabilitiesApplications VulnerabilitiesFirmware VulnerabilitiesMicrosoft VulnerabilitiesNetwork

恶意软件沙盒规避技术与原理详解

September 18, 2020
随着黑客正在实施最新技术来绕过防护,网络攻击正变得越来越复杂。勒索软件和 0 day供击是过去几年中最普遍的威胁,如今逃避沙盒的恶意软件将成为网络攻击者未来的主要武器。 沙盒技术被广泛用于恶意软件的检测和预防,因此,黑客一直寻找方法让他们的恶意软件在沙盒中保持不活动状态。这样,逃避沙箱的恶意软件可以绕过保护并执行恶意代码,而不会被现代网络安全解决方案检测到。 在本文中,我们描述了恶意软件用来避免沙箱分析的技术,并说明了用于检测逃避沙箱的恶意软件的现有方法。本文对于正在开发网络安全解决方案的开发人员很有用。 在讨论逃避沙箱的恶意软件之前,让我们定义什么是沙箱。沙箱是一种用于恶意软件检测的自动化技术…. Source link
Tags , ,
Read More
vamtam-theme-circle-post
Category Microsoft VulnerabilitiesAll VulnerabilitiesDBMS VulnerabilitiesMicrosoft VulnerabilitiesOracle

Trump sieht Microsoft im Poker um Tiktok womöglich noch dabei

September 18, 2020
US-Präsident Donald Trump Microsoft sei doch noch im Rennen um die Tiktok-Beteiligung dabei, sagte Trump...
Tags , , , , , , , , , , , , , , , , , , , , , , , , , ,
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact