ZDNet Must Read:
Mozilla Firefox hit by malware add-ons
Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.... Continued »
Category: Zero-day attacks
February 4th, 2010
MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities
Microsoft’s February batch of security patches will be a biggie — 13 bulletins with fixes for a whopping 26 vulnerabilities.
According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated “critical” because of the risk of remote code execution attacks.
January 22nd, 2010
Tor Project suffers hack attack
The Tor Project, a service that provides privacy and anonymity to Web users, said hackers broke into two of its servers and used the CPU and bandwidth to launch additional attacks.
Tor project lead Roger Dingledine confirmed the hack in an e-mail that urged users to immediately upgrade to get fresh identity keys for the two compromised directory authorities.
January 20th, 2010
Critical out-of-band IE patch coming tomorrow (Jan 21)
This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).
The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe. Read the rest of this entry »
January 20th, 2010
Researcher demos clickjacking attack on Facebook
An Israeli security researcher has found a way to perpetrate so-called clickjacking attacks on Facebook, proving that it’s trivial to manipulate the social network’s security and privacy mechanisms.
A demo exploit released by Shlomi Narkolayev shows how easy it is to trick Facebook users into adding apps or other malicious content by hijacking clicks to what appears to be harmless links.
January 19th, 2010
Google-China cyber espionage saga - FAQ
With more details emerging on the inner workings of the targeted malware attack that hit Google and over 30 other companies (ZDNet News Special Coverage - Special Report: Google, China showdown), it’s time to summarize all the events that took place during the past week, and answer some of the most frequently asked questions such as - How did the attack take place? Did Google strike back at the attackers? Was the Chinese government behind the attacks, and if not who orchestrated them and for what reason?
Go through the FAQ and their answers.
January 19th, 2010
Microsoft readies emergency IE patch to counter public exploits
UPDATE: Here is the official confirmation from Microsoft that an out-of-band patch is coming. No official date yet.
Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.
The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend. Read the rest of this entry »
January 15th, 2010
Microsoft says Google was hacked with IE zero-day
Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.
According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement. Read the rest of this entry »
January 13th, 2010
Adobe plugs PDF zero-day flaw in latest security makeover
Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.
The update comes with significant security improvements, including the on-by-default addition “Enhanced Security,” a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.
Read the rest of this entry »
December 17th, 2009
Cisco patches critical WebEx security holes
Cisco has released a security fix for at least six security holes that expose users of its WebEx Player software to remote code execution attacks.
The affected Cisco WebEx WRF Player is an application that is used to play back WebEx meeting recordings that have been recorded on the computer of an on-line meeting attendee.
December 16th, 2009
Adobe PDF attack update: Patch coming Jan 12
Here’s a quick update to the Adobe PDF Reader/Acrobat zero-day story that broke yesterday after the company confirmed that an unpatched vulnerabilities was being attacked in the wild.
First up, an exploit has been fitted into the Metasploit point-and-click penetration testing tool and there are predictions that exploit code will be widely available within a day or two. Read the rest of this entry »
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
SponsoredWhite Papers, Webcasts, and Downloads
- Volume Activation Operations Guide Microsoft Microsoft? Volume Activation helps Volume Licensing customers automate and ... Download Now
- Sole-sourcing BI from your ERP vendor: IT convenience or strategic business decision? IBM Is sole-sourcing BI from ERP vendors delivering on its promises? See what 100 companies worldwide had to say about this increasingly common practice. Download Now
- Responding to Today's Demands with a Dynamic Infrastructure IBM Corp. Listen to this webcast to hear IBM executives and clients discuss a host ... Download Now
Recent Entries
- Reports: SQL injection attacks and malware led to most data breaches
- Patch Tuesday: Microsoft plugs critical Windows worm holes
- Adobe screw-up leaves Flash flaw unpatched for 16 months
- Oracle rushes out patch for gaping server hole
- Mozilla Firefox hit by malware add-ons
Blogs From Our Sponsors
Most Popular Posts
- Report: 48% of 22 million scanned computers infected with malware
- And the most popular password is...
- Code execution holes in iPhone OS, iPod Touch
- Bogus IQ test with destructive payload in the wild
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities
- RealPlayer haunted by 11 critical vulnerabilities
Top Rated
- And the most popular password is...+34 votes
- Microsoft readies emergency IE patch to counter public exploits+33 votes
- Report: 48% of 22 million scanned computers infected with malware+32 votes
- Microsoft says Google was hacked with IE zero-day+31 votes
- Microsoft confirms 17-year-old Windows vulnerability+31 votes
- MS Patch Tuesday heads-up: 13 bulletins, 26 vulnerabilities+26 votes
- Bogus IQ test with destructive payload in the wild+22 votes
- Haiti earthquake themed blackhat SEO campaigns serving scareware+21 votes
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Archives
Favorite Links
ZDNet Blogs
- A Developer's View
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Technology and the Global Supply Chain
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
White Papers, Webcasts, and Downloads
- Live Webcast: Oracle Business Intelligence for Midsize Companies: More Than Just Pretty Dashboards Oracle Oracle's Business Intelligence solutions are widely recognized as market ... Download Now
- Achieving Cost and Resource Savings with UC white paper Microsoft Read how UC can help your company save by reducing out-of-pocket expenses, consolidating communications infrastructure, and leveraging human capital. Download Now
- Business Analytics and Optimization for the Intelligent Enterprise IBM Corp. IBM Global Business Services, through the IBM Institute for Business ... Download Now
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study




