Zero-Day News, Articles and Updates
A researcher discovered a zero-day vulnerability inside the x86 processor architecture that can allow attackers to install rootkits.
A new report highlights just how little is known about zero-day attacks, even after the flaws are made public.
As expected, exploits taking advantage of gaping holes in Java now are growing in prominence -- and the big question is: When will Oracle patch the issue?
In the high-priced market of exploit sales, developers resist government regulations -- but are more than happy when one wants to open its coffers to them.
Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.
In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
Eighty-seven thousand people affiliated with Housatonic Community College may be open to identity theft after the institution became the second Connecticut school to experience a malware outbreak this year.
Debate: Anti-virus is essential.
The year's first variant of the notorius W32.Duqu, a trojan that seems intended for cyber war, has been discovered by Symantec researchers.
There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.
An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.
Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.
Microsoft is prepping four security bulletins for its November update, though it is not expected to provide a fix for the zero-day flaw used to spread Duqu.
A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
Vulnerabilities in the Blackboard Learn platform have the potential to affect millions of school and university students and thousands of institutions around the world.
Hackers are exploiting a zero-day vulnerability affecting an image resizing utility, possibly impacting a large number of WordPress sites.
In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers' crosshairs and being compromised. Hint: Uninstall the programs your employees don't need.
There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.
Threat of the month: Flash zero-day
Internet and email service remains offline at the Oak Ridge National Laboratory after spear phishing attacks led to the theft of sensitive data.
Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.
Microsoft on Wednesday announced new components to its Coordinated Vulnerability Disclosure program, unveiled last summer to enhance transparency around the discovery, response and handling of security flaws.
Microsoft's planned security update for next week likely will include a fix for a vulnerability that is being actively exploited.
A fix is expected later today for a critical vulnerability in Adobe Flash Player 10.x and earlier versions used on various operating systems, as well as Reader and Acrobat X. The flaw could cause a crash and enable an attacker to gain control of an affected system. Limited exploits in the wild against Flash Player - embedded in an Excel file and attached to email - have been reported. Adobe stated that it is not aware of attacks targeting Adobe Reader and Acrobat.
End-users may be the weakest link, but technology exists to take security out of their hands.
Microsoft confirmed the existence of an unpatched vulnerability affecting all versions of Windows, but said it is unlikely the flaw could be exploited remotely.
The $1 trillion cybercrime industry is expertly - and competitively - run. Take a peek into the inner workings of these syndicates and how the good guys are closing in.
Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- USAA members hit with multiple phishing attacks
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought