|
Home > News > Tags > zero-day
|
|
30
More: next 50 >>
A few days ago, AlienVault experts reported identifying a new watering hole attack that abused the Site Exposure Matrices (SEM) website of the US Department of Labor (DOL). At the time, researchers believed that an old Internet Explorer vulnerability (CVE-2012-4792) was exploited. However, it turns out that the vuln... |
6 May 2013
06:51 GMT |
 |
|
Researcher from Security Explorations have done it again. They’ve identified 5 vulnerabilities in Java SE 7 Update 15 which, when combined, can be exploited to achieve a complete sandbox bypass.
The new flaws, identified as “issue 56” through “issue 60,” have been identified by the rese... |
4 March 2013
09:58 GMT |
|
|
Ever since The New York Times reported being attacked by Chinese hackers, news started pouring in about similar breaches.
This week we’ve learned that the Chinese military is also suspected of targeting 23 US natural gas pipeline operators. In addition, Chinese hackers are also accused of breaching the Europ... |
3 March 2013
02:11 GMT |
|
|
It appears there’s a link between the recent Bit9 security incident and the latest Java zero-day attacks.
Experts have found that one of the Trojans signed with a stolen Bit9 certificate is the same as the final payload in the attacks which leverage the Java 6 Update 41 and Java 7 Update 15 vulnerabilities.
... |
2 March 2013
03:24 GMT |
|
|
Currently, Oracle’s Java appears to be one of the most vulnerable pieces of software around, and judging by the way things are going, some time will pass until experts will tell users that they can utilize it safely.
FireEye researchers have identified yet another Java zero-day being exploited in the wild. Exp... |
1 March 2013
06:55 GMT |
|
|
A couple of days ago, we learned that researchers from Polish firm Security Explorations had uncovered two Java 7 Update 15 vulnerabilities that could be leveraged for a complete sandbox bypass. Oracle has assigned tracking numbers to the flaws, but it still hasn't confirmed the experts’ findings. “... |
27 February 2013
04:47 GMT |
|
|
JustSystems, the developer of the popular Japanese word processor Ichitaro, is warning users about a zero-day vulnerability that’s currently exploited by cybercriminals to spread malware.
Security firm Symantec has been monitoring the cybercriminal campaign, which appears to be targeted only at Japanese users,... |
26 February 2013
05:40 GMT |
|
|
Researchers from Polish firm Security Explorations have identified another serious vulnerability in Java 7. The experts say Java SE 7 Update 15 and all earlier versions are affected. Adam Gowdiak, the CEO of Security Explorations, has told Softpedia that they’ve uncovered two security issues, which they’... |
25 February 2013
05:52 GMT |
|
|
Adobe has released an emergency patch to address the critical vulnerabilities in Reader and Acrobat currently exploited in the wild. Considering the seriousness of the issue, users are advised to update as soon as possible.
The vulnerabilities, a memory corruption and a buffer overflow, affect Reader and Acrobat 11.... |
21 February 2013
03:34 GMT |
|
|
On Saturday, Adobe revealed that it would issue a patch for the latest Reader and Acrobat zero-day during the week of February 18, 2013, more precisely, sometime this week. The issues affect Adobe Reader and Acrobat 11.0.01 and earlier for Windows and Macintosh, 10.1.5 and earlier for Windows and Macintosh, 9.5.3 an... |
18 February 2013
03:33 GMT |
|
|
Facebook is the latest company to announce that it has been the victim of a sophisticated cyberattack. Fortunately, user data has not been compromised in the incident.
According to Facebook Security, the attack occurred last month, when some of the company’s employees visited a compromised mobile developer web... |
16 February 2013
02:31 GMT |
|
|
On Wednesday, we learned that experts had identified new zero-day vulnerabilities affecting the latest versions of Adobe Reader and Acrobat. Adobe is looking into the issue, but in the meantime, it recommends that users apply some mitigations.
Customers of Reader XI and Acrobat XI for Windows are advised to enable P... |
14 February 2013
09:49 GMT |
|
|
Over the past years, governments and state-operated intelligence agencies have started to rely more and more on undisclosed zero-day exploits to achieve various goals. However, experts warn that such practices will make the Internet less safe for everyone.
Many security experts responsibly disclose the vulnerabiliti... |
14 February 2013
07:13 GMT |
|
|
Security researchers from FireEye have identified a new zero-day vulnerability in Adobe Reader and Adobe Acrobat. The experts say that versions 9.5.3, 10.1.5 and 11.0.1 are affected.
The attacks rely on cleverly crafted PDF documents. When the PDF file is opened, two DLLs are dropped.
One of them shows a fake error... |
13 February 2013
07:04 GMT |
|
|
Adobe has released Flash Player 11.5.502.149 for Windows and Mac and Flash Player 11.2.202.258 for Linux. Flash Player for Android has also been updated. The latest updates address a couple of vulnerabilities that are currently exploited in the wild. The affected products are Flash Player 11.5.502.146 and earlier v... |
8 February 2013
02:59 GMT |
|
|
Back in November 2012, Group IB claimed to have found a zero-day vulnerability that affected Adobe Reader X/XI. Adobe has addressed some security holes, but it’s uncertain if they’re related because the company has never received a detailed proof-of-concept.
At the time, Group IB said the zero-day &ndash... |
5 February 2013
03:59 GMT |
|
|
Researchers from Security Explorations have identified a couple of vulnerabilities that affect the latest version of Java. The security holes can be exploited to achieve a complete sandbox bypass in Java 7 Update 11. Experts say that they’ve been inspired by the vulnerability related to obtaining references to... |
18 January 2013
09:42 GMT |
|
|
Less than a week has passed since Oracle patched the vulnerability in Java 7 Update 10 and another zero-day exploit – which is said to work on Java 7 Update 11 – is already being sold on the cybercriminal underground market.
Brian Krebs, who came across an ad for the exploit on a hacker forum on Monday, ... |
16 January 2013
09:50 GMT |
|
|
The recently discovered Java 7 zero-day exploit has been utilized to spread variants of the Reveton ransomware, according to experts from security firm Trend Micro.
This doesn't come as a surprise, considering that the exploit is said to be contained in the new Cool Exploit Kit, which is mainly utilized to spre... |
11 January 2013
07:30 GMT |
|
|
Yesterday, we learned that a new zero-day exploit affecting Java 7 update 10 was identified. According to experts, the zero-day code could not have worked if Oracle had properly addressed an old vulnerability. Adam Gowdiak, the CEO of Security Explorations – the company that’s responsible for identifying... |
11 January 2013
04:13 GMT |
|
|
The security expert known as Kafeine, the curator of the Malware Don’t Need Coffee website, has come across a new Java zero-day.
The vulnerability affects the latest Java 1.7 and it has been found on a website that allegedly records hundreds of thousands of hits each day.
Experts from AlienVault have analyze... |
10 January 2013
09:29 GMT |
|
|
On December 25, 2012, someone published the details of what appeared to be a zero-day vulnerability in Symantec’s PGP Whole Disk Encryption product. After analyzing the POC, Symantec’s engineers confirmed that it was in fact a vulnerability.
However, according to Symantec’s Kelvin Kwan, it’s ... |
5 January 2013
05:52 GMT |
|
|
Eric Romang, the researcher that has analyzed the recent Council on Foreign Relations (CFR) watering hole attacks, has found a couple of additional websites targeted in this campaign. One of them is the site of Taiwanese travel agency PHIL-AM Tour (philam.com.tw). Fortunately, the website has been cleaned up. The s... |
4 January 2013
03:44 GMT |
|
|
The Council on Foreign Relations (CFR) wasn't the only target of the recently discovered watering hole attack that leveraged a zero-day vulnerability in Internet Explorer. It appears that the Capstone Turbine Corporation, a world-leading microturbine systems producer, is also a victim.
According to security res... |
3 January 2013
03:45 GMT |
|
|
Security researchers from ReVuln have published a video to show how a remote attacker can leverage vulnerabilities in Samsung Smart TVs to access sensitive information, monitor the devices, and even gain control over them.
The video shows how an attacker can access files and other information, including TV settings ... |
11 December 2012
04:29 GMT |
|
|
A new Java zero-day is currently being sold on the underground market by a cybercriminal who’s asking a five-digit sum for the exploit.
According to Brian Krebs, the unpatched vulnerability affects all versions of Java JRE 7, but it doesn’t impact Java 6 or earlier variants.
The seller claims that the ... |
28 November 2012
03:48 GMT |
|
|
Underground hacking forums are flooded with all sorts of zero-day exploits, many of which can be used to attack millions of regular Internet users. A perfect example is the Yahoo! Mail zero-day exploit identified by journalist and security researcher Brian Krebs. According to Krebs, the details of the vulnerability ... |
23 November 2012
04:53 GMT |
|
|
A newly launched security firm called ReVuln, founded by researchers Donato Ferrante and Luigi Auriemma, claims to have identified several critical vulnerabilities in the SCADA systems of companies such as Siemens, Schneider Electric and General Electric.
However, ReVuln hasn’t provided the details of the secu... |
22 November 2012
09:02 GMT |
|
|
Earlier this month we learned from cybercrime investigation company Group-IB that cybercriminals were selling an Adobe Reader X/XI zero-day for prices ranging between $30,000 (€23,000) and $50,000 (€39,000). Adobe still hasn’t managed to address the issue.
The company’s representatives have tol... |
22 November 2012
03:29 GMT |
|
|
Security researchers have identified a couple of critical vulnerabilities in Skype. One of them allowed an attacker to reset the usernames and passwords of any Skype account, and the other one could have been leveraged to bypass session token protections. The ones responsible for finding the security hole are Vulne... |
16 November 2012
10:56 GMT |
|
|
Last week, we learned that an Adobe Reader zero-day was being offered to select “customers” in the criminal underground. Since the company has yet to come up with a patch for the issue, experts share some advice on how you can protect your computer against attacks that leverage the vulnerability.
Conside... |
15 November 2012
07:18 GMT |
|
|
The details of a zero-day vulnerability that allows attackers to change the password of any Skype user have been posted on a Russian hacking forum. A similar security hole was identified by Vulnerability Lab researchers and it was reported to Skype at the beginning of October. The Next Web, which was the first ... |
14 November 2012
05:43 GMT |
|
|
Experts from cybercrime investigation company Group-IB have discovered that a zero-day vulnerability which affects Adobe Reader X and Adobe Reader XI is being sold on the black market for prices between $30,000 (€23,000) and $50,000 (€39,000).
According to researchers, the security hole – which has b... |
8 November 2012
02:55 GMT |
|
|
We’ve had a busy week, with all sorts of things happening in the world of information security. However, most prevalent this week were protests against blasphemous videos and cartoons featuring the Muslim prophet Mohammed, cyber legislation, and the zero-day in Internet Explorer.
The Innocence of Muslims movie... |
23 September 2012
00:11 GMT |
|
|
After the German government warned citizens to stop using Internet Explorer until Microsoft addresses the zero-day vulnerability that’s currently being exploited in the wild, now it’s Sweden’s turn to do the same.
The head of the Computer Security Incident Response Team with the Swedish Civil Conti... |
20 September 2012
08:08 GMT |
|
|
Most security firms are currently busy analyzing the latest Internet Explorer (IE) zero-day exploit. One of these companies is AlienVault which has not only found websites that host the malicious code, but it has also uncovered a connection to the PlugX RAT.
Experts have identified a new version of the moh2010.swf F... |
19 September 2012
04:50 GMT |
|
|
Germany's Federal Office for Information Security – or Das Bundesamt für Sicherheit in der Informationstechnik (BSI) – warns users about the threats posed by the existence of a zero-day vulnerability which affects Internet Explorer (IE).
“The vulnerability is being exploited in targeted a... |
19 September 2012
04:04 GMT |
|
|
A few hours ago, researchers from Rapid 7 confirmed that an exploit code for a zero-day that affected Internet Explorer 9 and older versions on Windows XP, Vista and 7 had been added to Metasploit. In the meantime, security companies have started spotting attacks that leverage the vulnerability.
Identified by E... |
18 September 2012
05:05 GMT |
|
|
Apple has released its own patches for OS X users affected by a zero-day vulnerability in Oracle’s Java platform that was discovered in August. Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 are free updates to all Mac OS versions starting with Snow Leopard.
The Cupertino, California-based Apple I... |
6 September 2012
05:40 GMT |
|
|
The Nitro campaign has been active for quite some time now, and the fact that the cybercriminals behind it have been relying on tools such as Poison Ivy and clever social engineering tricks has apparently ensured its success. Now, the attackers have added the new Java zero-day flaw to their malicious schemes.
Expert... |
31 August 2012
04:32 GMT |
|
|
Microsoft advises customers who rely on Internet Explorer to surf the web to decide whether they really need to use Java, and the web browser plugin in particular. Those who don’t necessarily need the component are instructed by the Redmond company to check out the Knowledge Base article 2751647. When the worl... |
30 August 2012
08:38 GMT |
|
|
Attention users in the Netherlands! Cybercriminals want to serve you the new Java exploit via an email that reads “Let op! BTW tariefverhoging per 1 oktober 2012” (Attention! VAT rate increase per 1 October 2012).
The emails – apparently originating from BDO Accountants & Adviseurs – inform recipie... |
30 August 2012
08:07 GMT |
|
|
FireEye experts, the ones who first reported the existence of a limited number of attacks that leveraged the new Java zero-day, returned with more information. Apparently, there are a number of exploit servers worldwide, fact which indicates the start of a mass-scale attack.
The researchers identified nine such mach... |
29 August 2012
04:21 GMT |
|
|
TippingPoint’s Zero Day Initiative (ZDI) has published a number of five advisories to reveal the existence of serious security holes that affect HP products. The vulnerabilities haven’t been addressed, but since the 180-day deadline appointed by ZDI expired, the flaws have been made public. In August 2010... |
28 August 2012
05:41 GMT |
|
|
Soon after the world learned about the existence of a new zero-day that affects all the latest Java run-time environment (JRE) versions, researchers started analyzing the exploit, trying to figure out a solution to protect computers against it. Security experts from Deep End Research have come up with a patch that t... |
28 August 2012
03:32 GMT |
|
|
Security researchers from FireEye have identified a new Java zero-day vulnerability that’s currently being exploited in a limited number of targeted attacks.
According to experts, most of the recent Java run-time environments (JRE) are affected and, for the time being, there are no known mitigations.
Th... |
27 August 2012
04:28 GMT |
|
|
Experts are seeing thousands of websites being hacked each day and some believe that the phenomenon may have something to do with a zero-day vulnerability that affects Parallels’ Plesk Panel.
According to Brian Krebs, the exploit, which works for sites running Plesk 10.4.4 and earlier versions, is sold on unde... |
11 July 2012
03:45 GMT |
|
|
Microsoft has recently released its June 2012 security update and with it the company also released an advisory to warn customers of a serious zero-day exploit that affects Internet Explorer. While there isn’t a permanent patch for this issue, the Redmond company has made available a “Fix it” soluti... |
14 June 2012
03:41 GMT |
|
|
Update. VUPEN's CEO & Head of Research Chaouki Bekrar has responded to our inquiry and denied the claims. "This compromise rumour is totaly false, nothing happend at all," he said.Since there is no other evidence to indicate that the company has been breached we will assume that these rumors are most likely... |
7 June 2012
08:21 GMT |
|
|
At the beginning of May, we reported that a number of Indian ISP started blocking their subscribers from accessing BitTorrent sites, and even Vimeo, just before the launch of a Bollywood motion picture. Many were discontent with the decision, but one of these individuals decided to do something about it. After seein... |
15 May 2012
04:52 GMT |
|
More: next 50 >> |
|
|
Find us on Google+
