Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploits two previously unknown vulnerabilities: a remote-code execution vulnerability in Adobe Reader and a privilege escalation vulnerability in Microsoft Windows. The use of the combined vulnerabilities is extremely powerful, as it allows an attacker to execute… Read More

For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers. Until now, Rowhammer exploits had to execute… Read More

Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use… Read More

In one video uploaded to Vimeo, Gleg shows an exploit being used against a hospital health information management system (HHIMS). A list of MedPack updates includes a zero-day to replace files in a piece of software from a company called MediTEX. MediTEX makes scheduling software as well as a platform for documenting therapy and quality… Read More

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners. This means that it’s up to the user to decide if… Read More

The proof of concept for this exploit can be found on the Chromium bug page. This bug was reported by lokihardt from Google Project Zer0. The bug can be found in Element::setAttributeNodeNS(). Let’s take a look at a code snippet: Source: github… Read More