Zero-Day

Zero-day attacks last much longer than most would believe

By

A new report highlights just how little is known about zero-day attacks, even after the flaws are made public.

As a Java zero-day spreads, disclosure questions arise

By

As expected, exploits taking advantage of gaping holes in Java now are growing in prominence -- and the big question is: When will Oracle patch the issue?

The hypocrisy of the zero-day exploit trade

By

In the high-priced market of exploit sales, developers resist government regulations -- but are more than happy when one wants to open its coffers to them.

On Patch Tuesday, Microsoft warns of zero-day attacks in IE

By

Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.

Why aren't customers dropping Oracle?

Why aren't customers dropping Oracle?

In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.

Connecticut community college hit with "zero-day" malware

By

Eighty-seven thousand people affiliated with Housatonic Community College may be open to identity theft after the institution became the second Connecticut school to experience a malware outbreak this year.

Debate: Anti-virus is essential

Debate: Anti-virus is essential.

Duqu variant uncovered

By

The year's first variant of the notorius W32.Duqu, a trojan that seems intended for cyber war, has been discovered by Symantec researchers.

Microsoft scrambles to address widespread ASP.NET bug

By

There is no holiday lull for Microsoft, as the software giant is working to address a potentially dangerous denial-of-service vulnerability impacting its entire .NET Framework. Other vendors may be impacted too.

Out-of-band fix for Adobe Reader security issue coming Friday

By

An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.

Lockheed Martin hit, but not breached, with Adobe zero-day

By

Defense contractors appear to be the prime target of sophisticated malware that attempts to take advantage of an unpatched flaw in Adobe Reader and Acrobat software.

Microsoft security update addresses four flaws, not Duqu

By

Microsoft is prepping four security bulletins for its November update, though it is not expected to provide a fix for the zero-day flaw used to spread Duqu.

Duqu trojan spreads through 0-day Microsoft bug

By

A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.

Flash to get update for zero-day bug

By

Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.

Zero-day holes found in Blackboard platform

Vulnerabilities in the Blackboard Learn platform have the potential to affect millions of school and university students and thousands of institutions around the world.

Zero-day flaw affects popular WordPress image utility

By

Hackers are exploiting a zero-day vulnerability affecting an image resizing utility, possibly impacting a large number of WordPress sites.

Podcast Episode No. 2: Targeted attacks

By

In this episode, Michael Cotton, chief network security architect of Digital Defense, explains why targeted cyberattacks are on the rise and why many organizations are failing to recognize this increasing threat. Cotton offers a list of corporate actions that may incite such an attack and suggests some remedies for staying out of the hackers' crosshairs and being compromised. Hint: Uninstall the programs your employees don't need.

"LulzSec" uses zero-day on PBS, promises more attacks

By

There is a new cybervigilante group in town, and its name is LulzSec. Its technical ability became known over the weekend with the infiltration and subsequent defacement of PBS.org.

Threat of the month: Flash zero-day

Threat of the month: Flash zero-day

Department of Energy-funded lab silenced by APT attack

By

Internet and email service remains offline at the Oak Ridge National Laboratory after spear phishing attacks led to the theft of sensitive data.

Adobe fixes Reader, Acrobat issues early

By

Adobe has sped up the planned release of updates to its Reader and Acrobat software, good news for customers now that reports of public exploits have emerged. The updates, released Thursday but not expected until next week, shore up two critical vulnerabilities, one of which has been leveraged in in-the-wild attacks, according to a revised bulletin. Reader X for Mac and Acrobat X for Windows and Mac received updates, as did Reader/Acrobat 9.4.3 for Windows and Mac. Reader X for Windows won't receive a new version until June 14, a scheduled quarterly update, because the "Protected Mode" capability prevents against exploit. The flaw being used in attacks also was present in Flash Player, but that software was patched last week.

Microsoft updates "coordinated" bug program

By

Microsoft on Wednesday announced new components to its Coordinated Vulnerability Disclosure program, unveiled last summer to enhance transparency around the discovery, response and handling of security flaws.

Microsoft's April patch batch to address 64 flaws

By

Microsoft's planned security update for next week likely will include a fix for a vulnerability that is being actively exploited.

New Flash patch expected today

By

A fix is expected later today for a critical vulnerability in Adobe Flash Player 10.x and earlier versions used on various operating systems, as well as Reader and Acrobat X. The flaw could cause a crash and enable an attacker to gain control of an affected system. Limited exploits in the wild against Flash Player - embedded in an Excel file and attached to email - have been reported. Adobe stated that it is not aware of attacks targeting Adobe Reader and Acrobat.

Unwitting accomplices and complicit security teams

Unwitting accomplices and complicit security teams

End-users may be the weakest link, but technology exists to take security out of their hands.

Microsoft says zero-day flaw not exploitable remotely

By

Microsoft confirmed the existence of an unpatched vulnerability affecting all versions of Windows, but said it is unlikely the flaw could be exploited remotely.

Cybercrime: Narrowing the gap

Cybercrime: Narrowing the gap

By

The $1 trillion cybercrime industry is expertly - and competitively - run. Take a peek into the inner workings of these syndicates and how the good guys are closing in.

THREAT OF THE MONTH

IE zero-day

Microsoft kicks off 2011 with light patch load

By

Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.

Microsoft upset over Google researcher's tool release

By

A potentially exploitable zero-day vulnerability in Internet Explorer, detailed by a Google researcher who created a fuzzing tool to find browser flaws, is under investigation by Microsoft.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US