0 day

(get it in RSS or Atom)

Anatomy of a targeted attack - SophosLabs explores an Adobe zero-day "malware experiment"

by SophosLabs on February 14, 2013 | 7 Comments

SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.

What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...

Oracle releases out of cycle fixes for Java

by Chester Wisniewski on August 30, 2012 | 9 Comments
Oracle releases out of cycle fixes for Java

Oracle has released an emergency update fixing four vulnerabilities affecting both Java 6 and Java 7 users.

Java flaws already included in Blackhole exploit kit, Oracle was informed of vulnerabilities in April

by Chester Wisniewski on August 30, 2012 | 6 Comments
Java flaws already included in Blackhole exploit kit, Oracle informed of vulnerabilities in April

The latest Java flaw is already being exploited by criminals. Oracle was notified of the problem in April, but no fix is available. Learn how to disable Java or remove it from your computer to protect yourself.

Unpatched Java exploit spreads like wildfire

by Chester Wisniewski on August 28, 2012 | 31 Comments
Unpatched Java exploit spreads like wildfire

A new zero-day vulnerability in Java discovered on a Chinese web server being used in a targeted attack is being quickly adopted by online criminals.

Many WordPress blogs at risk from image-based zero-day vulnerability

by Paul Ducklin on August 3, 2011 | 7 Comments
Many WordPress blogs at risk from image-based zero-day vulnerability

Technology blogger Mark Maunder recently wrote about an intrusion to his WordPress site.

The culprit was a widespread image-tweaking utility called timthumb. Learn what happened and how to fix it.

Zero-day Windows exploit - Microsoft issues advisory

by Paul Ducklin on January 5, 2011 | 5 Comments
Zero-day Windows exploit - Microsoft issues advisory

Microsoft has just published an advisory about a remotely-exploitable zero-day vulnerability in the Windows graphics rendering engine.

Internet Explorer zero-day exploit - explanation and mitigation

by Paul Ducklin on December 23, 2010 | Leave a comment
emet-250x250

A remote code execution vulnerability against Internet Explorer was announced recently.

Microsoft doesn't have a patch out yet, but it has published a workaround which protects against this exploit, and others of a similar sort.

September roundup - "90 Second News"

by Paul Ducklin on September 28, 2010 | Leave a comment
thumb-sep

Don't just read the latest computer security news - watch it in 90 seconds! This month: when internet access chose the government; Adobe battles another zero-day; Twitter suffers XSS woes; and the Stuxnet malware keeps on making the wrong headlines. Read more…

Operation Aurora: Patch available, new evidence of China connection

by Chester Wisniewski on January 21, 2010 | 1 Comment
Image (1) ms010-002525.jpg for post 2777

Microsoft has responded very quickly turning around a patch for the 0 day exploit in Internet Explorer in approximately one week. This is impressive, as something as complicated as Windows with all of the language variants, service packs, etc is Read more…