On mySimon: Toothbrush Sanitizer
BNET Business Network:
BNET
TechRepublic
ZDNet

ZDNet Must Read:

Microsoft confirms 'detailed' Windows 7 exploit

Microsoft has issued a security advisory to acknowledge a crippling denial-of-service flaw affecting its newest operating systems -- Windows 7 and Windows Server 2008 R2.... Continued »

Category: Reverse Engineering

October 9th, 2009

Google patches Android DoS vulnerabilities

Posted by Ryan Naraine @ 11:17 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Google, Mobile (In)Security, Patch Watch, Pen testing, Phishing, Responsible disclosure, Reverse Engineering, Spam and Phishing, iPhone

Tags: Google Inc., Phone, DOS, Vulnerability, Patch Management, Cell Phone, SMS, SMS Message, Text Messaging/SMS/MMS, Telephony

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.

According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless. Read the rest of this entry »

August 5th, 2009

Absolute Software downplays BIOS rootkit claims

Posted by Dancho Danchev @ 2:47 pm

Categories: Anti Virus, Complex Attacks, Hackers, Malware, Reverse Engineering, Rootkits

Tags: Absolute Software, Malware, Rootkit, LoJack, Anti-theft Service, Conficker, BIOS, Spyware, Adware & Malware, Cyberthreats, Security

Following a flood of calls from customers, the company behind the LoJack anti-theft service which researchers from Core Security Technologies recently portrait as a security threat, issued a statement downplaying the researchers’ claims.

According to the statement, LoJack is neither a rootkit, nor does it behave in such a way. Moreover, the company insists that the product is forced upon any user, and that even if someone attempts to use it as an infection vector for a BIOS-persistent malware, traditional antivirus software will detect the attempt.

More from the press release:

Read the rest of this entry »

May 14th, 2009

Apple eliminates CanSecWest Pwn2Own flaws

Posted by Ryan Naraine @ 2:25 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Microsoft, Mozilla, Patch Watch, Pen testing, Responsible disclosure, Reverse Engineering

Tags:

Here’s a little ditty that was almost lost in the sheer volume of this week’s Mac OS X security update: Apple has finally patched the two vulnerabilities used to win this year’s CanSecWest Pwn2Own hacking contest.

The two flaws were used by Charlie Miller and a German researcher known only as “Nils” to launch successful drive-by download attacks against Apple’s Safari browser.

Read the rest of this entry »

May 12th, 2009

Microsoft plugs 14 PowerPoint security holes

Posted by Ryan Naraine @ 10:38 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Microsoft, Patch Watch, Responsible disclosure, Reverse Engineering

Tags: Security, Vulnerability, Microsoft PowerPoint, Microsoft Corp., Microsoft Office, Office Suites, Software, Ryan Naraine

Microsoft has slapped a massive band-aid on its PowerPoint presentation software to cover at least 14 documented security vulnerabilities.

Read the rest of this entry »

May 6th, 2009

Layoffs hit Microsoft security unit

Posted by Ryan Naraine @ 2:53 pm

Categories: Anti Virus, Data theft, Hackers, Hirings and firings, Microsoft, Passwords, Pen testing, Punditocracy, Responsible disclosure, Reverse Engineering

Tags: Layoff, Microsoft Corp., Riley, Security, Ryan Naraine

The latest round of layoffs at Microsoft has taken a toll on Redmond’s security unit.

Steve Riley (left),  a senior security strategist who served as one of the public faces of Microsoft’s security efforts, had his position eliminated during the second round of cuts that happened this week.

Riley is best known for his presentations at security conferences and his work on the Protecting Your Windows Network book.

Read the rest of this entry »

May 6th, 2009

Critical security hole in Google Chrome

Posted by Ryan Naraine @ 7:24 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Google, Google Chrome, Malware, Patch Watch, Reverse Engineering, Vulnerability research

Tags: Google Inc., Attacker, Web Browser, Google Chrome, Web Browsers, Security, Internet, Ryan Naraine

For the second time in two weeks, Google has shipped a new version of its Chrome browser to fix a pair of serious security vulnerabilities.

One of the two flaws carry a “critical” rating because of the risk of code execution with the privileges of the logged on user.

Read the rest of this entry »

March 3rd, 2009

Pwn2Own hacker: Apple Safari is 'easy pickings'

Posted by Ryan Naraine @ 9:05 am

Categories: Adobe, Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Hackers, Microsoft, Mobile (In)Security, Mozilla, Patch Watch, Research, Reverse Engineering, Vulnerability research, Web Applications, iPhone

Tags: Apple Safari, Apple Inc., Hacker, Hacking, Smart Phones, Web Browsers, Security, Handhelds, Consumer Electronics, Personal Technology

Charlie Miller, the security researcher who won last year’s Pwn2Own hacker contest, is predicting that Apple’s Safari browser will be the easiest target this year.

In a note posted on the popular Daily Dave mailing list, Miller describes Safari as “easy pickin’s” and forecasts that at least four zero-day Safari flaws will be used during the contest at CanSecWest later this month.

Read the rest of this entry »

January 13th, 2009

Oracle drops critical database server patch bundle

Posted by Ryan Naraine @ 3:12 pm

Categories: Arbitrary Code Execution, Data theft, Exploit code, Locally Running Web Servers, Oracle, Patch Watch, Responsible disclosure, Reverse Engineering, Vulnerability research, Web Applications

Tags: Oracle Corp., Database Server, Vulnerability, Storage, Databases, Security, Hardware, Enterprise Software, Software, Data Management

Oracle drops mega patch bundleOracle has dropped the first quarterly critical patch update for 2009 — with patches for 41 vulnerabilities in a wide range of database server products.

The January 2009 CPU includes 20 new security fixes for the company’s flagship database product lines, 4 new security fixes for the Oracle Application Server, 9 vulnerabilities in Oracle Secure Backup, 4 new security fixes for the Oracle Applications Suite, and 6 new security fixes for the PeopleSoft and JDEdwards Suite.

On the Oracle Database side, here’s a breakdown of the main patches:

Read the rest of this entry »

January 9th, 2009

Oracle planning Patch Tuesday whopper

Posted by Ryan Naraine @ 3:43 pm

Categories: Arbitrary Code Execution, Complex Attacks, Data theft, Denial of Service (DoS), Locally Running Web Servers, Oracle, Passwords, Patch Watch, Pen testing, Reverse Engineering, Vulnerability research

Tags: BEA WebLogic, BEA Systems Inc., Oracle Corp., Portals, Application Servers, Enterprise Software, Middleware, Databases, Internet, Software

Oracle plans monster patch dayMicrosoft may be offering a Patch Tuesday respite this month but, if you’re an Oracle database administrator, January 13 will be a very busy day.

The database server giant announced plans for a monster Patch Day next Tuesday with fixes for 41 security vulnerabilities in “across hundreds of  Oracle products.”

The first CPU (Critical Patch Update) for 2009 includes patches for flaws that affect multiple products, the company said.  “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.”

The following products are affected:

Read the rest of this entry »

August 18th, 2008

From Metasploit to Microsoft: Skape goes to Redmond

Posted by Ryan Naraine @ 10:00 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Exploit code, Hackers, Hirings and firings, Kernel-level Exploits, Malware, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Research, Reverse Engineering, Vulnerability research, Windows Vista

Tags: Microsoft Corp., Mitigation, Matt Miller, Microsoft Windows, Productivity, Tools & Techniques, Operating Systems, Software, Management, Ryan Naraine

Skape goes to RedmondMetasploit developer Matt Miller, who for years frustrated Microsoft officials with the public release of Windows exploits, is heading to Redmond to join Microsoft’s Security Science team.

Miller, who uses the hacker moniker Skape,will work on improved ways to find security vulnerabilities and better software defenses through mitigations, according to an announcement by SDL guru Michael Howard.

Read the rest of this entry »

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Most Popular Posts

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline