Zero-day vulnerabilities – Page 8

A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me

Posted on March 12, 2019 by Joseph Cox

We recently got a rare look at how a company tried to source these exploits through private one-on-one deals—because the company came to us. Continue reading A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me→

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Posted on December 12, 2018 by Boris Larin

In October 2018, our AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. Continue reading Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)→

A new exploit for zero-day vulnerability CVE-2018-8589

Posted on November 14, 2018 by Boris Larin

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589. Continue reading A new exploit for zero-day vulnerability CVE-2018-8589→

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Posted on October 10, 2018 by AMR

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453. Continue reading Zero-day exploit (CVE-2018-8453) used in targeted attacks→

Delving deep into VBScript

Posted on July 3, 2018 by Boris Larin

In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that uses a well-known technique from the PoC exploit CVE-2014-6332. But whereas CVE-2014-6332 was aimed at integer overflow exploitation for writing to arbitrary memory locations, my interest lay in how this technique was adapted to exploit the use-after-free vulnerability. Continue reading Delving deep into VBScript→

IT threat evolution Q1 2018

Posted on May 14, 2018 by David Emm

In January, we uncovered a sophisticated mobile implant Skygofree that provides attackers with remote control of infected Android devices. Network worm OlympicDestroyer attacked on the Olympic infrastructure just before the opening of the games in February. Continue reading IT threat evolution Q1 2018→

Microsoft Patches Two Actively Exploited Zero-Day Vulnerabilities

Posted on May 9, 2018 by Lucian Constantin

Microsoft fixed 67 vulnerabilities across its products May 8, including two vulnerabilities that were already being exploited in the wild. The most serious and urgent issue was a remote code execution vulnerability in the Windows VBScript engine track… Continue reading Microsoft Patches Two Actively Exploited Zero-Day Vulnerabilities→

The King is dead. Long live the King!

Posted on May 9, 2018 by Vladislav Stolyarov

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. Continue reading The King is dead. Long live the King!→

A Slice of 2017 Sofacy Activity

Posted on February 20, 2018 by GReAT

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard. Continue reading A Slice of 2017 Sofacy Activity→

Zero-day vulnerability in Telegram

Posted on February 13, 2018 by Alexey Firsh

In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service. Continue reading Zero-day vulnerability in Telegram→