Articles about zero day

Oops icon

Researcher says fixes to Windows Defender's engine incomplete

In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done. James Lee, who has presented at conferences like Zer0con, has contacted The Register to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the …
hacker

Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service

Shadow Brokers, the group that leaked stolen NSA hacking tools including the vulnerability that proved key to the WannaCrypt outbreak, has launched a new exploit subscription service. Subscriptions for the zero-day feed will cost 100 ZEC (Zcash cryptocurrency) or $21,000 per month. The group emptied its Bitcoin wallet on …
John Leyden, 30 May 2017
The Shining - blood cascade

Yahoo! retires! bleeding! ImageMagick! to! kill! 0-day! vulnerability!

How would you like US$778 per byte for your exploit? That's what security researcher Chris Evans just scored from Yahoo!, for an 18-byte demonstration of how private Yahoo! Mail images could leak. Even though the bug's been patched, Yahoo! decided it was one bug too many in the library, and retired it. Because (a) bugs get …
Eye

Ubiquiti network gear can be 'hijacked by an evil URL' – thanks to its 20-year-old PHP build

Updated Security researchers have gone public with details of an exploitable flaw in Ubiquiti's wireless networking gear – after the manufacturer allegedly failed to release firmware patches. Austrian-based bods at SEC Consult Vulnerability Lab found the programming cockup in November and contacted Ubiquiti – based in San Jose, …
Iain Thomson, 16 Mar 2017

Zero-days? Sexy, sure, but crap passwords and phishing are probably more pressing

A new study from RAND Corporation concluded that zero-day vulnerabilities – security flaws that developers haven't got around to patching or aren't aware of – have an average life expectancy of 6.9 years. The research, based on rare access to a dataset of more than 200 such vulnerabilities, also looked at how frequently the …
John Leyden, 9 Mar 2017

Spies do spying, part 97: Shock horror as CIA turn phones, TVs, computers into surveillance bugs

WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops' ability to spy on people. The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, to read messages, listen in via …
John Leyden, 7 Mar 2017
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Attackers use ancient zero-day to pop Asian banks, govts

Attackers are compromising government and banks across Asia by exploiting a years-old zero day vulnerability in desktop publishing application InPage, which targets users working in Urdu or Arabic. Kaspersky Labs analyst Denis Legezo found the attacks and reported the zero-day to InPage, which he says ignored his disclosures …
Darren Pauli, 24 Nov 2016
Boba Fett

$200,000 for a serious iOS bug? Pfft, we'll give you $500,000, says exploit broker Exodus

Last week Apple made its belated entrance into the bug bounty market, announcing a top award of $200,000 for major flaws in iOS, but Cook & Co have been comprehensively outbid. On Tuesday, exploit trading firm Exodus Intelligence said it is willing to pay $500,000 for a major flaw in iOS 9.3 and above – and the exploit to use …
Iain Thomson, 11 Aug 2016

How many zero-day vulns is Uncle Sam sitting on? Not as many as you think, apparently

DEF CON While some fear the US government is hoarding a vast pool of zero-day security vulnerabilities, the reality is that it probably holds just a few dozen, according to a study by Columbia University. In a presentation at the DEF CON hacking conference in Las Vegas today, Jason Healey, senior research scholar in the university's …
Iain Thomson, 5 Aug 2016
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Hackers brew Intel chip defence kit to neuter budding exploits

Black Hat 2016 EndGame vulnerability researchers Cody Pierce, Matt Spisak, and Kenneth Fitch have created a defence framework to protect against deeper modern attacks. The security trio with roots in the HP Zero Day Initiative, the National Security Agency, and the Department of Defence, have extended a hardware defense tool already in use …
Darren Pauli, 2 Aug 2016

FBI's iPhone paid-for hack should be barred, say ex-govt officials

The FBI's purchase of a hack to get into the San Bernardino shooter's iPhone should not have been allowed. That's according to a new paper from two former US government cybersecurity officials, Ari Schwartz and Rob Knake. In their paper [PDF] they dig into the current vulnerability equities process (VEP), disclosed in 2014, …
Kieren McCarthy, 17 Jun 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Windows 10 zero day selling for $90,000

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000 (£62,167, A$124,348). The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a …
Darren Pauli, 1 Jun 2016

Europe talks to hackers, security bods on Wassenaar recalibration

Speaking at a roundtable meeting on export controls on Wednesday, Dutch MEP Marietje Schaake said that she and other lawmakers were working to avoid "some of the unintended consequences of the Wassenaar Arrangement." That's the arrangement between various nations on the export of weapons and arms, which includes software used …
Jennifer Baker, 30 Sep 2015

Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop

Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August. The vulnerabilities have not been disclosed but they will affect mobile devices and Supervisory Control and Data Acquisition (SCADA) systems among other platforms. "We have 32 different zero- …
Darren Pauli, 21 Jul 2015

Hacker publishes tech support phone scammer slammer

Security pro Matthew Weeks has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. Weeks' day job is director at Root9b, but he's taken time to detail a zero-day flaw in Ammyy …
Darren Pauli, 12 Sep 2014

You don't need a HERO, you need a ZERO. From Google

+Comment Google will expand its computer security research efforts by forming a well-staffed full-time team called Project Zero. The web ad broker wants to hire the best of the best, who can find Heartbleed-grade vulnerabilities, or worse bugs, in software. It's also looking to extend its bounty program for reporting holes. Project …
John Leyden, 15 Jul 2014

Microsoft hardens EMET security tool: OK, it's not invulnerable, but it's free

Microsoft has beefed up its Enhanced Mitigation Experience Toolkit (EMET), adding features designed to block more exploits. The release of the technical review (beta) version of the tool, EMET 5.0, follows the discovery of new attacks against earlier versions of the technology. EMET 5.0 beta comes with a feature called Attack …
John Leyden, 26 Feb 2014

Reg HPC man relives 0-day rootkit GROUNDHOG DAY

HPC blog This is a difficult article to write, and I’ve put it off for way too long. But it’s time to bite the bullet and make an embarrassing admission to the Register audience. I’ve been hacked and hacked hard. Admitting this publicly to Reg readers is like chumming shark-infested waters with my own blood. Or like telling people that …
Dan Olds, 21 Feb 2014

Create a news alert about zero day, or find more stories about zero day.

Biting the hand that feeds IT © 1998–2017