Skip to main content

Slashdot: Google Discloses Windows Zero-Day Exploited in the Wild

Google Discloses Windows Zero-Day Exploited in the Wild
Published on October 31, 2020 at 01:05AM
Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. From a report: The zero-day is expected to be patched on November 10, which is the date of Microsoft's next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google's elite vulnerability research team. On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week. The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome's secure container and run code on the underlying operating system -- in what security experts call a sandbox escape.

Read more of this story at Slashdot.

Labels:

Comments

Post a Comment

Popular posts from this blog

Slashdot: AT&T Now Lets Customers Lock Down Account To Prevent SIM Swapping Attacks

AT&T Now Lets Customers Lock Down Account To Prevent SIM Swapping Attacks Published on July 02, 2025 at 01:30AM AT&T has launched a new Account Lock feature designed to protect customers from SIM swapping attacks. The security tool, available through the myAT&T app, prevents unauthorized changes to customer accounts including phone number transfers, SIM card changes, billing information updates, device upgrades, and modifications to authorized users. SIM swapping attacks occur when criminals obtain a victim's phone number through social engineering techniques, then intercept messages and calls to access two-factor authentication codes for sensitive accounts. The attacks have become increasingly common in recent years. AT&T began gradually rolling out Account Lock earlier this year, joining T-Mobile, Verizon, and Google Fi, which already offer similar fraud prevention features. Read more of this story at Slashdot.
Post a Comment
Read more

Slashdot: Protecting 'Funko' Brand, AI-Powered 'BrandShield' Knocks Itch.io Offline After Questionable Registrar Communications

Protecting 'Funko' Brand, AI-Powered 'BrandShield' Knocks Itch.io Offline After Questionable Registrar Communications Published on December 16, 2024 at 01:04AM Launched in 2013, itch.io lets users host and sell indie video games online — now offering more than 200,000 — as well as other digital content like music and comics. But then someone uploaded a page based on a major videogame title, according to Game Rant. And somehow this provoked a series of overreactions and missteps that eventually knocked all of itch.io offline for several hours... The page was about the first release from game developer 10:10 — their game Funko Fusion, which features characters in the style of Funko's long-running pop-culture bobbleheads. As a major brand, Funko monitors the web with a "brand protection" partner (named BrandShield). Interestingly, BrandShield's SaaS product "leverages AI-driven online brand protection," according to their site, to "detect...
Post a Comment
Read more

Slashdot: 'Investors in Limbo'. Will the TikTok Deal's Deadline Be Extended Again?

'Investors in Limbo'. Will the TikTok Deal's Deadline Be Extended Again? Published on December 15, 2025 at 04:29AM An anonymous reader shared this report from the BBC: A billionaire investor keen on buying TikTok's US operations has told the BBC he has been left in limbo as the latest deadline for the app's sale looms. The US has repeatedly delayed the date by which the platform's Chinese owner, Bytedance, must sell or be blocked for American users. US President Donald Trump appears poised to extend the deadline for a fifth time on Tuesday. "We're just standing by and waiting to see what happens," investor Frank McCourt told BBC News... The president...said "sophisticated" US investors would acquire the app, including two of his allies: Oracle chairman Larry Ellison and Dell Technologies' Michael Dell. Members of the Trump administration had indicated the deal would be formalised in a meeting between Trump and Xi in October — howeve...
Post a Comment
Read more