University College London admitted in a status report published yesterday afternoon that it had succumbed to a ransomware infection that affected computers on its network. The infection appears to have taken place yesterday afternoon after an employee or student opened an email attachment.
Microsoft's May 2017 Patch Tuesday, released yesterday, included fixes for three zero-days, which according to ESET and FireEye, were used by cyber-espionage groups operating out of Russia.
Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
The saga of CVE-2017-0199, a recently patched zero-day vulnerability affecting Microsoft Office and WordPad, just got a little stranger yesterday after cyber-security firm FireEye revealed the vulnerability was used by both cyber-criminals pushing mundane malware, and also by state-sponsored cyber-espionage groups.
The operators of the Dridex botnet are using the recently disclosed Microsoft Office zero-day to spread a version of their malware, the infamous Dridex banking trojan.
Cyber-security firms McAfee and FireEye have both disclosed in-the-wild attacks with a new Microsoft Office zero-day that allows attackers to silently execute code on targeted machines and secretly install malware.
For more than a month, at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors, DDoS bots, cryptocurrency miners, or ransomware, depending if the machine is running Linux or Windows.
Since July 2016, attackers have been using a zero-day in IIS 6.0 to compromise and take over Windows servers. The vulnerability only affects IIS 6.0, which was released in November 2010, and shipped with Windows Server 2003 and Windows XP Professional x64 Edition.
Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium. The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.
Microsoft has patched a zero-day vulnerability that was used in the massive AdGholas malvertising campaign and later integrated into the Neutrino exploit kit.
Mozilla engineers released Firefox 52.0.1 to patch a security flaw that came to light last Friday, in the Pwn2Own 2017 hacking contest.
Over 300 Cisco products are affected by a zero-day vulnerability Cisco discovered last week, and for which no patch is available at the time of writing.