Items tagged with Zero Day

Remember when skirmishes were fought on land, air, and sea? They still are, though in today's world, you can add cyberspace to the list. Cyber warfare has become a point of focus, and lest anyone doubt it, consider that that the U.S. Navy is looking to buy zero-day exploits, particularly those used on commercial software that foreign threats might be using. Dave Maass, a researcher for the Electronic Frontier Foundation, stumbled upon the zero-day request on FedBizOpps, a site that government agencies use to post contracting requests. On the site, the U.S. Navy posted a listing saying that the... Read more...
Google has been hitting tech companies with a few right hooks in recent months with regards to zero day exploits. As a part of Google’s “Project Zero” program, its security researchers discover security vulnerabilities in software products, and report its findings to the vendor. The vendor has 90 days from the time of first disclosure to patch the problem, or Google goes public with the full details of the exploit. At that point, anyone can pour over the details to take advantage of the exploit. Google busted Microsoft’s chops in early January when it failed to adhere to Google’s 90-day window... Read more...
Things are getting a little hairy on the wild, wild Internet. With privacy fears at an all-time high and the whole Snowden episode stirring up worries that governments can easily convince companies to hand out just about any digital information in the world, the mere notion of whimsically cruising the Internet is becoming a little frightening for some. Now, a NYT report is shedding light on two Italian hackers who spend their days sifting through code in software used by hundreds of millions of people. Why? Because governments all over the globe are evidently willing to pay top-dollar to know about... Read more...
Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe. Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are... Read more...
Adobe on Tuesday confirmed the existence of an unpatched zero day vulnerability rated as "critical" in Adobe Reader X (10.1.1) and earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macs. In theory, the critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected machine. And in practice? "There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," Adobe stated... Read more...