Security Alerts & News
by Tymoteusz A. Góral

History
#2167 Microsoft quietly patched Windows 0day used in attacks by Zirconium group
Without making too much fuss about it, Microsoft patched a zero-day vulnerability used in live attacks by a cyber-espionage group named Zirconium.

The zero-day, tracked as CVE-2017-0005, affects the Windows Win32k component in the Windows GDI (Graphics Device Interface), included in all Windows OS versions.

According to Microsoft, a successful exploit would have resulted in a memory corruption and elevation of privileges (EoP) for the attacker's code, allowing him to escalate access to the machine and execute code with SYSTEM privileges.
Read more
#2167 Microsoft quietly patched Windows 0day used in attacks by Zirconium group
#2166 PyCL ransomware delivered via RIG EK in distribution test
#2165 One of the most dangerous forms of ransomware has just evolved to be harder to spot
#2164 Potent LastPass exploit underscores the dark side of password managers
#2163 Humbled malware author leaks his own source code to regain community's trust
#2162 Security? What security? Four million data records are stolen or lost every day
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12