Zero Day
May Patch Tuesday critical for users of Internet Explorer and web-based services
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
Anatomy of a targeted attack - SophosLabs explores an Adobe zero-day "malware experiment"
SophosLabs was contacted recently to help investigate malware from an unusual sort of targeted attack.
What our researchers found was intriguing, to say the least, so we thought we'd share our discoveries with you...
Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B
In the past 24 hours, many popular exploit kits have been found to be targeting what appears to be a new zero-day vulnerability in Java. Read this article for advice on how to fend off these attacks.
Monday review - the hot 17 stories of the week
OK, these aren't just the hot 17 stories of the past week, but of the two weeks before that, too.
If, like us, you've been enjoying some downtime over the Christmas and New Year holidays, here's your quickest way to get back up to speed with Naked Security...
Zero day vulnerability in Internet Explorer being used in targeted attacks, FixIt now available
Microsoft has released an advisory on a new zero day attack against users of Internet Explorer. While a Fixit is available it may be best to avoid using IE for awhile.
Hacker selling $700 exploit that hijacks Yahoo email accounts
A hacker is selling a $700 zero-day exploit for Yahoo Mail that lets an attacker leverage a cross-site scripting (XSS) vulnerability to steal cookies and hijack accounts.
Adobe Reader zero-day exploit thwarts sandboxing
The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.
Monday review: the hot 18 stories of the week
It's weekly summary time.
Here's everything we've written in the last seven days.
Microsoft advisory: Internet Explorer zero day affects most Windows versions
A newly discovered and serious security hole in Microsoft’s Internet Explorer web browser affects a wide swath of the company’s Windows and Internet Explorer installations, according to a Security Advisory released by the company late Monday.
New IE zero day exploit circulating, used to install Poison Ivy
The gang behind that recent Java zero day attacks apparently hasn't packed up for the season. A researcher examining one of the servers used to launch attacks on vulnerable Java installations said he found a new zero day exploit for Microsoft's Internet Explorer web browser.
Oracle releases out of cycle fixes for Java
Oracle has released an emergency update fixing four vulnerabilities affecting both Java 6 and Java 7 users.
Java flaws already included in Blackhole exploit kit, Oracle was informed of vulnerabilities in April
The latest Java flaw is already being exploited by criminals. Oracle was notified of the problem in April, but no fix is available. Learn how to disable Java or remove it from your computer to protect yourself.
Unpatched Java exploit spreads like wildfire
A new zero-day vulnerability in Java discovered on a Chinese web server being used in a targeted attack is being quickly adopted by online criminals.
Google announces Pwnium 2, raises prize money for Chrome hack to $2m
Google's "hack the Chrome browser for money" competition is back, with Pwnium 2 set to take place at the 2012 Hack in the Box conference in Kuala Lumpur, Malaysia.
The prize pool's been doubled, if you're interested...
SSCC 93 - Flame, LinkedIn, FISA, Patch Tuesday, border snooping and the BlueHat prize
Michael Argast joins Chet once again to discuss Flame, LinkedIn, warrantless wiretapping, Patch Tuesday, border patrol spying and Microsoft's BlueHat prize.
Gmail accounts targeted by 'state-sponsored attackers' using Internet Explorer zero-day vulnerability
Both Google and Microsoft have put out alerts about an unpatched, zero-day hole in Internet Explorer that is actively being exploited in the wild.
Oracle discloses new zero day exploit and launches JDK for Mac OS X
Oracle announces the release of Java JDK for OS X Lion and a zero day in its database products that has a proof-of-concept available in the wild.
New zero-day Yahoo Messenger exploit allows malware to spread via hijacked status updates
An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to meddle with any user's status message, opening an opportunity for malware to spread.
Mystery flaw crashing DNS servers across the internet
A zero-day vulnerability is being exploited in-the-wild to crash BIND 9 DNS servers all over the internet. The flaw, a Denial of Service vulnerability described as an "as-yet unidentified network event" affects all of the currently supported versions of BIND.
Microsoft announces workaround for the Duqu exploit
Microsoft have released a security advisory for the vulnerability used in the Duqu Trojan. They are providing a workaround, but it disables the use of embedded True Type Fonts.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
