Solved: Why in-the-wild Bluekeep exploits are causing patched machines to crash

Recent in-the-wild attacks on the critical Bluekeep vulnerability in many versions of Windows aren’t just affecting unpatched machines. It turns out the exploits—which repurpose the September release from the Metasploit framework—are also causing many patched machines to crash. Late last week, Windows users learned why: a separate patch Microsoft released 20 months ago for the
Complete Reading

Jérôme Segura Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any user interaction upon visiting a site, reads: Please stop and do not close the
Complete Reading

A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi cards in Linux devices. The vulnerability triggers a buffer overflow in the
Complete Reading

Google is temporarily increasing the rewards it pays for hacks that exploit holes in a beefed-up security protection that debuted in desktop versions of Chrome last month. Chrome for Android, meanwhile, is receiving a slimmed-down version of the same protection. For a limited time, Google will boost its normal bounty amounts for exploits that allow
Complete Reading

Mobile phones of two prominent human rights activists were repeatedly targeted with Pegasus, the highly advanced spyware made by Israel-based NSO, researchers from Amnesty International reported this week. The Moroccan human rights defenders received SMS text messages containing links to malicious sites. If clicked, the sites would attempt to install Pegasus, which as reported here
Complete Reading

Attackers exploited a zeroday vulnerability in Apple’s iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week. The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post.
Complete Reading

Attackers are exploiting a critical vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night. There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO
Complete Reading

Enlarge / Artist’s impression of a malicious hacker coding up a BlueKeep-based exploit. Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.
Complete Reading

Enlarge / The bootrom of an Apple Watch Series 3, as shown through a hex viewer. Yep, Apple Watches series 1, 2, and 3 are also vulnerable to Checkm8. Often, when new iOS jailbreaks become public, the event is bittersweet. The exploit allowing people to bypass restrictions Apple puts into the mobile operating system allows
Complete Reading

vBulletin Attackers are mass-exploiting an anonymously disclosed vulnerability that makes it possible to take control of servers running vBulletin, one of the Internet’s most popular applications for website comments. Sites running the app should take comments offline until administrators install a patch that vBulletin developers released late Wednesday morning. The vulnerability was disclosed through an 18-line
Complete Reading

Create Account



Log In Your Account