VB Migration

Tag: zero-day

  • Good and bad news for victims of targeted attacks against Microsoft products

    Bug bounty program extended; TIFF zero-day used in the wild. This week, Microsoft has good news and bad news for those targeted by zero-day exploits in its products. The bad news is that a new zero-day exploit has been discovered in a graphics library that is used by Office 2010 . To exploit the vulnerability,…

  • Microsoft offers fix-it for IE 8 zero-day

    CVE-2013-1347 used in watering hole attacks. Following this weekend’s discovery of a new zero-day vulnerability in version 8 of Microsoft ‘s Internet Explorer browser, the company has released a ‘fix-it’ that addresses the known attack vectors. Last week (ironically on Labour Day), researchers at AlienVault discovered that the website of the US Department of Labor…

  • Internet Explorer zero-day used in the wild

    Dropped PoisonIvy trojan linked to ‘Nitro’ attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in the wild by the ‘ Nitro ‘ gang. The attack, which is probably used in a drive-by download attack, starts with an HTML file that does some preparatory work…

  • From spear phishing to watering holes

    Symantec reports increase in ‘watering hole attacks’. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some malware attached, or a link to a site serving malware. That is called spear phishing. Spear-phishing is commonly used in targeted attacks; for…

  • RSA gives insight into anatomy of attack on its systems

    Publicly available information used to spear phish employees. Security company RSA has released some information about how hackers gained access to its systems, giving a good insight into how such attacks take place and providing some useful lessons for the industry as a whole. The first step taken by the hackers was to obtain publicly…

  • Patch Tuesday brings little relief from browser exploits

    Six fixes issued, but new IE zero day emerges along with Firefox flaw. Microsoft has issued its monthly ‘Patch Tuesday’ security update, with some serious browser flaws patched, but a new IE zero-day has been seen being exploited in the wild, and Firefox users have also been warned about a serious vulnerability. The Patch Tuesday…

  • Another IE zero day exploited

    Second DirectShow vulnerability in six weeks labelled ‘extremely critical’. Microsoft has issued an advisory on a serious vulnerability in an ActiveX control in its Internet Explorer browser, the second zero-day alert in the same area of the product in recent months. The issue has been flagged as ‘extremely critical’ by vulnerability watchers at Secunia ,…

  • Yahoo! jukebox flaw exploits in wild

    Zero day vulnerability in music system rapidly targeted. Vulnerabilities in Yahoo! Jukebox , a free music-management system provided by Yahoo! , have been exploited by in-the-wild attacks just days after flaws were first disclosed. Two separate buffer overflow issues in ActiveX controls used by the system were reported on February 2nd and 5th, and attacks…

  • Microsoft alert on Excel vulnerability

    Targeted exploitation of zero-day flaw seen in wild. Microsoft has issued a security advisory on an unresolved vulnerability in its Excel software, which has been reported as a vector for targeted attacks in the wild. Few details have emerged on the exact nature of the flaw, but it is known to affect several versions of…

  • RealPlayer zero-day flaw exploited

    Manufacturer responds rapidly to serious security hole. A zero-day vulnerability in the popular media playing system RealPlayer was spotted being exploited in the wild late last week, with several trojans penetrating vulnerable systems from malicious websites in silent drive-by downloads. The flaw is in a piece of code previously exploited to cause denial of service,…