Zero-Day

Passwords begone: two LastPass vulns found and promptly fixed, update now!

Passwords begone: two LastPass vulns found and promptly fixed, update now!

By

Two security vulnerabilities have been found and fixed in password manager LastPass. One by prolific security-vulnerability finder Tavis Ormandy, and the other by Mathias Karlsson of Detectify Labs.

Neutrino EK adopts new exploit after open source POC release

By

The Neutrino exploit kit (EK) added a former Internet Explorer zero-day vulnerability to its arsenal.

ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack

ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack

By

The latest In Case You Missed It (ICYMI) looks at CEO whaling victim; Unpatched zero-day; Passwords dropped; Self-propagating ransomware; USB charging hack

Zero-day affects Linux computers—and Android devices?

By

A zero-day bug in version 3.8 of Linux can potentially affect millions of Linux computers and servers as well as 66 percent of Android devices.

Cyber-security firm offers £645K (US$1 million) for iOS 9 jailbreak and vulnerabilities

Cyber-security firm offers £645K (US$1 million) for iOS 9 jailbreak and vulnerabilities

By

Zerodium is offering up to £1.9 million for vulnerabilities and a jail break of iOS 9.

Unpatched 0-day threatens Apple Mac users

Unpatched 0-day threatens Apple Mac users

By

OS X flaw is exposed by teenage Italian security researcher without warning Apple - reigniting the debate about 'irresponsible' bug disclosure.

Zero-day exploit hits fully patched Macs

Zero-day exploit hits fully patched Macs

By

OS X 10.10 has a vulnerability that allows hackers to install malware without system passwords

Apple App Store and iTunes buyers hit by zero-day

Apple App Store and iTunes buyers hit by zero-day

By

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.

Update: Jeep taken over from 10 miles away via in-car entertainment system

Update: Jeep taken over from 10 miles away via in-car entertainment system

By

Car hack exploit could enable criminals could take control of Jeep Cherokee over the internet

Google slams US cyber-rules that hit UK student's research

Google slams US cyber-rules that hit UK student's research

By

Google has warned that planned US curbs on exporting 'intrusion software' - intended to limit the sale of zero-days by organisations like Hacking Team - could be a boon for hackers making "billions ...less secure".

Updated: Facebook CSO calls time on Flash after Hacking Team breach

Updated: Facebook CSO calls time on Flash after Hacking Team breach

By

New cyber-attacks by Chinese and others criminals are exploiting the Adobe Flash zero-days leaked through the recent Hacking Team breach - prompting calls for Flash to be "put out to pasture".

Time to abandon Flash?  Hit by zero-day once again

Time to abandon Flash? Hit by zero-day once again

By

Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash

Duqu2.0 knocks Kaspersky and security peers for six

Duqu2.0 knocks Kaspersky and security peers for six

By

The news that Kaspersky Lab was hit by a "next-generation" malware attack is an indication of both how far we have come in cyber-warfare and how much further we still have to go.

Venom vulnerability: toxic threat or hissing hyperbole?

Venom vulnerability: toxic threat or hissing hyperbole?

Anyone reading the news headlines on the Venom flaw over the last 24 hours might be forgiven for thinking that the sky, or at least the cloud, is falling down.

'Venom' VM zero-day draws comparisons with Heartbleed

'Venom' VM zero-day draws comparisons with Heartbleed

By

CrowdStrike security researchers have discovered a zero-day affecting virtual machines, dubbed 'Venom', which could allow an attacker to "escape out of the virtual machine and execute code on the host with full privileges", thus putting data centres potentially in danger.

Android zero-day opens phones up to drive-by-downloads

Android zero-day opens phones up to drive-by-downloads

By

A new zero-day flaw affecting all versions of Google's Android operating system could be exploited by hackers looking to steal data or take control of the mobile device.

APT gang caught exploiting Flash and Windows zero-days

APT gang caught exploiting Flash and Windows zero-days

By

Cyber-security firm FireEye details zero-day exploits perpetrated by 'nation-state' sponsored threat actors.

Under-fire Google tweaks bug disclosure policy

Under-fire Google tweaks bug disclosure policy

By

After stinging criticism from Microsoft and others over how and when it reported zero-day flaws, Google has changed its vulnerability disclosure policy.

ICYMI: EU data protection, iPhone spyware and Flash zero-days

ICYMI: EU data protection, iPhone spyware and Flash zero-days

By

The latest ICYMI column looks at the biggest stories on SC this week, including worrying news on EU data protection laws, claims of iPhone spyware and new Flash Player zero-days.

Adobe suffers second zero-day in 24 hours

Adobe suffers second zero-day in 24 hours

By

Adobe has been hit by two zero-day flaws in the space of 24 hours, raising questions over the safety of its Flash Player platform which is being heavily targeted by cyber-criminals.

Researcher discovers 'critical' new Adobe Flash zero-day

Researcher discovers 'critical' new Adobe Flash zero-day

By

A widely-used exploit kit called 'Angler' has apparently been used to target a new zero-day affecting the latest versions of Adobe's Flash Player.

Google finds 'severe' bug in MS Windows

Google finds 'severe' bug in MS Windows

By

Google researchers accused of being "reckless" for disclosing flaw before Microsoft has patched it.

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

By

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Zeroing in on zero-day vulnerabilities with looping

Zeroing in on zero-day vulnerabilities with looping

Zero-day vulnerabilities are a fact of life in cyber-security, which is why looping is so essential, says Darren Anstee.

Russian cyber-spies use Windows zero-day to hit NATO

Russian cyber-spies use Windows zero-day to hit NATO

By

A Russian cyber-espionage group has used a dangerous Microsoft Windows zero-day bug - being patched today - to attack targets including NATO, a western European government, a French telecoms firm, Polish energy companies and a US academic organisation.

The 5 most read articles this week: July 11-17

The 5 most read articles this week: July 11-17

By

Here are the five most popular SC articles, as seen by you the reader, in the week for July 11 to 17.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US