X-Industry

The cost of zero-day exploits has always been high, especially if they allow an attacker to remotely execute code on a host machine.  But why pay hundreds of thousands of dollars for a 0-day when a relatively simple drive-by attack doesn’t need one and can achieve much the same result?  That’s what interested an Imperva security researcher who has published a report on new drive-by attack using something called the Evil Code Editor.  Here’s what you need to know.

“A remote code execution chain i

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution.  Google Chrome is a web browser used to access the internet.  Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full us

A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution.[1]  Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Users whose accounts are configured to have fewer user rights on the system could be less impacte

A stealthy new Windows Trojan steals saved passwords, session cookies, hardware and software information and other valuable items from the Google Chrome and Mozilla Firefox browsers and from Windows itself. 

The malware, named Jupyter by its finders at Israeli security firm Morphisec, has been active since at least May 2020, but it escaped detection by most antivirus software until last week; partly because unlike most malware, Jupyter runs mostly in memory and leaves very little trace on a syst