ZDNet Must Read:
Microsoft confirms 'detailed' Windows 7 exploit
Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »
Category: Zero-day attacks
October 26th, 2009
UK newspaper Web site hacked; 500,000 job-seekers affected
In what is being described as a “deliberate and sophisticated crime,” the Guardian newspaper in the U.K. says the careers section of its Web site was hacked, exposing sensitive data belonging to about half a million users. Read the rest of this entry »
October 9th, 2009
New Adobe PDF flaw under attack; Patch coming Tuesday
Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.
The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX. Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.
September 23rd, 2009
From Gimmiv to Conficker: The lucrative MS08-067 flaw
GENEVA — The critical MS08-067 vulnerability used by the Conficker worm to build a powerful botnet continues to be a lucrative security hole for cyber criminals.
During a presentation at the Virus Bulletin 2009 conference here, a trio of Microsoft researchers dissected the malware attacks linked to MS08-067 and found that criminal gangs are still exploiting the flaw to plant data-theft Trojans on vulnerable Windows machines. Read the rest of this entry »
September 18th, 2009
Microsoft ships one-click 'workaround' for critical SMB2 flaw
With exploit code in circulation and facing a race against time to fix the SMB v2 vulnerability haunting Windows Vista and Windows Server 2008, Microsoft today shipped a one-click “fix-it” workaround to help users avoid malicious hacker attacks.
The fix-it package, which was added to Redmond’s pre-patch advisory, effectively disables SMBv2 and then stops and starts the Server service. It provides temporary mitigation from remote code execution attacks targeting the known — and still unpatched — vulnerability.
September 9th, 2009
Microsoft confirms SMB2 vulnerability, warns of code execution risk
Microsoft has issued a formal security advisory to confirm the remote reboot flaw in its implementation of the SMB2 protocol, going a step further to warn that a successful attack could lead to remote code execution and full system takeover.
The vulnerability, which was originally released as a denial-of-service issue, does not affect the RTM version of Windows 7, Microsoft said. It appears Microsoft fixed the flaw in Windows 7 build ~7130, just after RC1. Windows Vista and Windows Server 2008 users remain at risk.
September 8th, 2009
Windows 7, Vista exposed to 'teardrop attack'
[ UPDATE: Microsoft has now confirmed this vulnerability and warns of code execution risk ]
Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.
The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled. No user action is required.
September 4th, 2009
Microsoft FTP in IIS vulnerability now under attack
Less than a week after the publication of exploit code for a critical vulnerability in the FTP Service in Microsoft Internet Information Services (IIS), attackers are now launching in-the-wild attacks against Windows users.
The attacks, described as “limited,” target businesses running IIS 5.0, 5.1, and 6.0. Microsoft has updated its security advisory to warn of the new attacks and availability of proof-of-concept code targeting Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.
August 5th, 2009
Apple warns of Mac attack risk via image files
Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users.
In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG (Portable Network Graphics) and other images to take complete control of unpatched Mac systems.
August 4th, 2009
U.S. Marines ban Facebook, MySpace, Twitter
The U.S. Marine Corps has slapped an immediate ban on the use of social networking sites on its network, warning that sites like Facebook, MySpace and Twitter are a “proven haven for malicious hackers and content.”
The ban, contained in an order issued Monday, will last for a year. It specifically mentions Facebook, Twitter and MySpace although it applies to what is described as “Web-based services that allows communities of people to share common interests.”
August 3rd, 2009
Mozilla patches 'critical' Firefox flaws
Mozilla has released two advisories to patch serious security flaws in its flagship Firefox Web browser.
The vulnerabilities are rated “critical,” meaning they can be exploited by malicious hackers to run harmful code and install software, requiring no user interaction beyond normal browsing. These issues were separately discussed at last week’s Black Hat conference by researchers Moxie Marlinspike and Dan Kaminsky.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Key Strategies for Federal Agencies - Safe and Cost Effective Migration for Legacy Hardware GovConnection The federal government has mandated that federal agencies reduce energy ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Recent Entries
- Opera patches ‘extremely severe’ security hole
- Exploit published for critical IE 7 zero-day flaw
- Inside the Google Chrome OS security model
- Microsoft finds security hole in Google Chrome Frame
- Mozilla locks out rogue Firefox add-ons
Blogs From Our Sponsors
Most Popular Posts
- Microsoft confirms 'detailed' Windows 7 exploit
- Thousands of web sites compromised, redirect to scareware
- Windows 7's default UAC bypassed by 8 out of 10 malware samples
- Mac OS X mega patch covers 58 security vulnerabilities
- Which antivirus is best at removing malware?
- Microsoft patches Windows worm holes, drive-by download flaws
Top Rated
- Thousands of web sites compromised, redirect to scareware+43 votes
- Microsoft confirms 'detailed' Windows 7 exploit+43 votes
- Firefox hit by multiple drive-by download flaws+41 votes
- Which antivirus is best at removing malware?+41 votes
- iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
- Mac OS X mega patch covers 58 security vulnerabilities+26 votes
- Phishing experiment sneaks through all anti-spam filters+25 votes
- Microsoft patches Windows worm holes, drive-by download flaws+20 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.

- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.

- Learn more about the free, six-month trial offer>>
Archives
Favorite Links
ZDNet Blogs
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- Rational Rants
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
-
-
Smart Tech
Expert advice on innovations in healthcare and the green technologies that make it happen.
Find out more
-
Smart Business
Discussion and advice on management issues that revolve around making your world smarter and more useful.
More Smart Advice
-
Smart People
The best and worst moves in the management and strategy trenches.
Learn More




