Zero Days Have Staying Power
A look at 200 zero day vulnerabilities reveals key details on longevity, value and how long it takes to create one after a software vulnerability has been identified. Continue reading Zero Days Have Staying Power
Category Archives: Zero-day vulnerabilities
Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
2016 was a tense and turbulent year in cyberspace – from the massive IoT botnets and ransomware to targeted cyberespionage attacks, financial theft, ‘hacktivism’ and more. Kaspersky Lab’s Review of the Year and Statistics provide a detailed review – you can read the Executive Summary here. Continue reading Kaspersky Security Bulletin 2016. Review of the year. Overall statistics for 2016
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack
As part of Patch Tuesday Adobe patched a zero-day vulnerability in Flash Player the company claims is being used in targeted attacks against Internet Explorer users on Windows.
Continue reading Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attack
Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users
Mozilla released a new version of Firefox on Wednesday to address a zero day vulnerability that was actively being exploited to de-anonymize Tor Browser users.
Continue reading Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users
InPage zero-day exploit used to attack financial institutions in Asia
In September 2016, while researching a new wave of attacks, we found an interesting target which appeared to constantly receive spearphishes, a practice we commonly describe as a “magnet of threats”. Among all the attacks received by this magnet of threats, which included various older Office exploits such as CVE-2012-0158, one of them attracted our attention. Continue reading InPage zero-day exploit used to attack financial institutions in Asia
Windows zero-day exploit used in targeted attacks by FruityArmor APT
A few days ago, Microsoft published the “critical” MS16-120 security bulletin with fixes for vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. One of the vulnerabilities – CVE-2016-3393 – was reported to Microsoft by Kaspersky Lab in September 2016. Continue reading Windows zero-day exploit used in targeted attacks by FruityArmor APT
DHS Urges Vigilance in Protecting Networking Gear
A Homeland Security alert warns network operators that the security of routers and firewalls must be revisited in the wake of the ShadowBrokers dump and other attacks on enterprise networking equipment. Continue reading DHS Urges Vigilance in Protecting Networking Gear
Apple releases ‘Emergency’ Patch after Advanced Spyware Targets Human Rights Activist
Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.
One of the world’s most invasive softwar… Continue reading Apple releases ‘Emergency’ Patch after Advanced Spyware Targets Human Rights Activist
The Equation Giveaway
August 13, 2016 saw the beginning of a truly bizarre episode. A new identity going under the name ‘ShadowBrokers’ came onto the scene claiming to possess files belonging to the apex predator of the APT world, the Equation Group. Continue reading The Equation Giveaway
Putting Apple Bug Bounty Rewards in Perspective
Competing zero-day acquisition programs pay out much more than Apple’s new bug bounty program, but researchers used to submitting bugs gratis to Apple aren’t complaining much. Continue reading Putting Apple Bug Bounty Rewards in Perspective