Zero Days News, Articles and Updates

Predictions A - Z for 2018 - Dystopian or Utopian dawn?

Happy New Year! SC Media UK resumes news reporting on 2 Jan 2018. During the break, catch up on our experts' predictions for a range of positive and negative futures, from the impacts of AI to likely new Zero days.

Are we too busy with pancakes to get serious about ransomware?

Application Whitelisting ends the weak spot for Zero-Day malware in AV, but false positives may make passive process/service monitoring with alerting a better compromise between prioritising business operations over protection.

What you can do to defend against the onslaught of zero-day attacks

Implementing the best defences, tools, process and technology can help mitigate an attack and quicken time to remediation. It's important to think about not only the tools, but the process, people, intelligence and technology.

Did Israel deliver spyware using Adobe Flash 0-day in Word document?

A new Adobe Flash zero day exploit has been identified, reportedly used in an attack on 10 October by a threat actor known as BlackOasis and delivered through a Microsoft Word document to deploy the FinSpy commercial spyware.

MacOS can be exploited to reveal keychain passwords, researcher warns

Launched just days ago, the latest release of Apple's operating system for Macs contains a known zero-day vulnerability that could allow attackers to exfiltrate passwords from the user's keychain.

Zerodium offers up $1 million bounties for Tor zero day

Zero-day-acquisition firm Zerodium reported it will pay a total of US$ 1 million (£740,000) for zero day exploits found for the Tor browser on Tails Linux and Windows.

WannaCry fallout: is hoarding exploits, delaying fixes ever justified?

With the lethality of WannaCry being blamed on the NSA's EternalBlue exploit, we asked the cyber-security industry about the wisdom of allowing intelligence agencies to stockpile zero days.

ShadowBrokers leak more hacking tools - MS says most exploits patched

Malwarebytes reports recent zero-days among Shadowbrokers hacking tools and code analysis appears to confirm earlier reported NSA origins.

Wikileaks releases document trove allegedly containing CIA hacking tools

Hacking tools from the isolated, high-security network situated inside the CIA's Centre for Cyber Intelligence have allegedly been released by Wikileaks who hope to instigate conversation around the moral use of cyber-weapons.

East African banks wary of Zero days

East African banks are on high alert as experts bring news of zero day attacks on the continent's banks.

Microsoft bundles security updates - no more pick and choose

Microsoft is now bundling security updates into one, causing concern at IT teams who fear the effects of certain updates on the networks.

Updated: Remote Apple jailbreak - with just one click

IOS zero day spyware discovered, more capable than any previously reported - patch launched today, immediate update advised.

After NSA leaks, a renewed interest in vulnerability disclosure

Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups in the US for a national conversation about vulnerability disclosure policy.

DEF CON 24: US government retains dozens, not thousands, of zero-days

The number of vulnerabilities in the US federal government arsenal hovers in the dozens, Columbia University senior research scholar Jason Healey told a DEF CON 24 audience.

War of words as researchers reveal Kaspersky and FireEye zero-days

Researchers reveal zero-day vulnerabilities in FireEye and Kaspersky's security software during the US Labor Day holiday weekend.

'Chinese' APT group hits hundreds of Japanese firms

A suspected Chinese hacker group dubbed 'Blue Termite' has been targeting hundreds of Japanese businesses and government organisations in a cyber-espionage campaign stretching back to 2013.

Darkhotel APT group phases out hotel Wi-Fi infections, brings in Hacking Team zero-day

The Darkhotel APT group swapped out its previous Flash zero-days this past month for an exposed Hacking Team zero-day.

Zero-day exploit hits fully patched Macs

OS X 10.10 has a vulnerability that allows hackers to install malware without system passwords

Apple App Store and iTunes buyers hit by zero-day

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.