Zero Day

(get it in RSS or Atom)

A virus on a *Mac*? Is NOTHING sacred? [Chet Chat Podcast 211]

The latest episode of our weekly security podcast - a quarter-hour of news with attitude! Enjoy.

Update Tuesday, Firefox's zero-day, more Android bugginess, a firmware virus for your Mac ...and a tax fraudster busted.

Flash zero-day leaks out from "Hacking Team" hack, patch expected Real Soon Now

Last night we wrote about how Flash troubles come in threes, like those proverbial buses.

Stop the presses! Here comes another one!

Google's Project Zero backs off a bit - will now give up to 14 days' grace

zd-250

Google's controversial "zero-day dropping machine," Project Zero, which automatically outs your bugs after 90 days, will now give up to 14 day's leeway.

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

Internet Explorer has a Cross Site Scripting zero-day bug

ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

Adobe gets second Flash zero-day patch ready 2 days early!

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

Adobe issues emergency fix for Flash zero-day

Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310.

Adobe has a fix already, so grab it while it's hot!

SSCC 181 - The Security Duel: "Bug reports at 15 paces" [PODCAST]

Microsoft vs. Google - Google vs. Users - Hackers vs. US Army - the fight is on in the latest episode of our weekly security podcast!

Enjoy...

SSCC 180 - Surely zero-days come from cybercrooks, not from Silicon Valley? [PODCAST]

Enjoy the first 2015 episode of our popular weekly security podcast.

In this episode: zero-day politics, leaky security features, Bitcoin news, and a shout out to our New Year #sophospuzzle winners!

Microsoft "tops up" Patch Tuesday, issues delayed fix for zero-day hole in logon security

Microsoft has issued a "top up" security bulletin for a fix that didn't quite make it into the November 2014 Patch Tuesday.

The vulnerability can be used to turn any user into a domain administrator, and it's been exploited in the wild...

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K

He says his firm will carefully screen potential clients and that he'd never sell to an entity such as the Syrian regime or a criminal gang. Then again, he's not asking what clients intend to do with the high-end exploits.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

EFF sues NSA over hoarding of zero days

nsa-250

Wouldn't it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers.

Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]

2014-03-05-thumb-0250

Are two zero-days better than one? What happened to AOL's user database? And is that another award that Naked Security just won?

Find out in 60 Sec Security for 03 May 2014...

SSCC 145 - Zero-days x2, fixing Heartbleed x2, and security-by-design [PODCAST]

sscc145-thumb-250

An 0-day in IE and an 0-day in Flash; two approaches to fixing OpenSSL after Heartbleed; how to get a free pass to Infosec Europe 2014; and why security happens by design and not by accident!

Join Chet and Duck for another podcast in the weekly Chet Chat series...

Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash

Hot on the heels of Microsoft's IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash.

(No, they're *not* related, even though the current IE exploits use a Flash file to kick things off.)