Items tagged with Zero-Day
A vulnerability researcher at Google is giving props to Microsoft for issuing a quick fix to what he described as a "crazy bad" remote code exploit in the company's malware protection engine. He also said it was the worst of its kind in recent memory, and that is because prior to the patch, a remote attacker could...
Read more...
As always, be wary of opening email attachments, especially from untrusted sources. Security outfits FireEye and McAfee have both observed malicious Microsoft Office RTF documents in the wild that are exploiting a zero-day vulnerability in Microsoft Windows and Office that has not yet been patched. The samples...
Read more...
When WikiLeaks revealed the Central Intelligence Agency’s (CIA’s) hacking arsenal to the world, it was made clear that the agency is capable of snooping on Samsung Smart TVs thanks to various security exploits. However, it’s not just Samsung Smart TVs that are susceptible, a new report suggests that a number of...
Read more...
Newer versions of Windows, including Windows 10 are vulnerable right now to a new Server Message Block (SMB) zero-day exploit that has been shown as a proof-of-concept. The vulnerability was first demonstrated by @PythonResponder and requires a user to connect to a SMBv3 server for a successful attack.
Given the...
Read more...
Microsoft has often said that Windows 10 offers the best security features and malware protection of any Windows OS to date. In case anyone doubts that claim, the Redmond outfit explained how Windows 10 with the Anniversary Update installed was able to thwart a pair of potentially dangerous zero-day exploits months...
Read more...
Once again Google and Microsoft are at odds over the former's decision to disclose a zero-day vulnerability affecting the latter's Windows operating system. Google alerted both Adobe and Microsoft on October 21, 2016, of previously disclosed security flaws it discovered and in the time that has passed Adobe has issued...
Read more...
Adobe recently published a security advisory APSA16-03, which details a vulnerability in Adobe Flash Player version 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. This comes after a patch for a zero day exploit was released in early April.
Adobe believes the attackers are a group...
Read more...
In the "vast majority of cases," when the U.S. government is made aware of a software vulnerability, it discloses that information to the vendor so that it can issue a patch to the public. What constitutes a "vast majority?" Nine times out of 10, or 91 percent of the time, according to the U.S. National Security...
Read more...
Until the web at large adopts the open HTML5
Read more...
We're coming up on the second Tuesday of the month, which is when Microsoft rolls out a collection of security updates for Windows and Internet Explorer. Otherwise known as "Patch Tuesday," the one that's coming up tomorrow will be relatively light compared to previous ones as it contains only five security bulletins...
Read more...
Google security researchers learn about exploits and zero-day vulnerabilities in third-party software all the time, and for years the company has immediately notified the affected vendors about the issues, worked with them closely to fix the problems, and both notified the public within 60 days of discovering the vulnerabilities and also encouraged...
Read more...
Is there a world record for number of software vulnerabilities exposed within the span of a single month? If so, I'm willing to bet that Oracle's Java is the clear winner. We've reported on many Java happenings over the past couple of months, and it doesn't look like the fun is going to end anytime soon. Security firm...
Read more...
Another day, another Adobe Reader vulnerability -- what else is new, right? It just so happens that this latest security hole affects several versions of Adobe Reader, including 10 and 11, both of which are supposed to keep the operating system isolated from attacks through sandbox technology. No dice. "Adobe has identified critical vulnerabilities...
Read more...
Consider this a PSA: Oracle is going to patch that hole in Java, the one that security pros discovered last week. Cybercriminals were using a zero-day exploit in Oracle’s Java to deliver malware payloads, steal identities, and take over computers to force them to commit nefarious acts. According to Reuters, Oracle said that “A...
Read more...
Here we go again. We're not even halfway through the first month of the New Year, and already we're being warned to disable Java. Not as a general practice, mind you (though that's not a bad idea), but because of yet another zero-day exploit spotted in the wild "There appears to be multiple ad networks redirecting to Blackhole sites, amplifying...
Read more...
