Category Archives: zero days

Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

Posted on by

On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux. Continue reading Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

Study: Hoarded zero days last seven years and are rarely discovered

Posted on by

Newly discovered software vulnerabilities known as zero days, if kept secret by the people that find them, tend to stay that way for years and years because there is only about a 1 in 20 chance annually that a hoarded zero day will be independently found by someone else, according to research published Thursday. A RAND Corp. study and statistical analysis of a rare collection of more than 200 zero days — so-called because the manufacturer has “zero days” to fix the security hole — upends much of the conventional wisdom about vulnerability disclosure and the hoarding of knowledge about software flaws. The study — the first-ever published research to examine a dataset including zero day vulnerabilities still undisclosed to the public — comes at a time when the U.S. government’s process for deciding whether or not to disclose such vulnerabilities is facing calls for reform because of WikiLeaks’ dump of an apparent trove of CIA hacking tools […]

The post Study: Hoarded zero days last seven years and are rarely discovered appeared first on Cyberscoop.

Continue reading Study: Hoarded zero days last seven years and are rarely discovered

WikiLeaks dump reignites debate over feds hoarding zero days

Posted on by

The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy. Defenders of U.S. policy say there is already a process in place to weigh the risks any time the government decides to keep a newly discovered software vulnerability to itself and weaponize it, rather than sharing it with the vendor so it can be fixed. And a former White House official tells CyberScoop that U.S. agencies should be reaching out to the manufacturers of the products CIA hackers owned to help them fix the holes they have been using. “Time is of the essence,” former White House Cybersecurity Coordinator J. Michael Daniel, told CyberScoop. In a blog […]

The post WikiLeaks dump reignites debate over feds hoarding zero days appeared first on Cyberscoop.

Continue reading WikiLeaks dump reignites debate over feds hoarding zero days

Software vulnerability disclosures by NSA will continue under Trump, officials say

Posted on by

The disclosure process that governs how and when federal agencies should tell tech firms about flawed computer code is in no immediate danger of termination under the Trump administration, current and former U.S. officials said. Flawed code by its very nature offers vulnerabilities that can be targeted by hackers. Knowledge of these vulnerabilities — especially those […]

The post Software vulnerability disclosures by NSA will continue under Trump, officials say appeared first on Cyberscoop.

Continue reading Software vulnerability disclosures by NSA will continue under Trump, officials say

FruityArmor APT Group Used Recently Patched Windows Zero Day

Posted on by

The FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks. Continue reading FruityArmor APT Group Used Recently Patched Windows Zero Day