7.4 C
Friday, November 24, 2017
Home Tags Zero-day

Tag: zero-day

2017 was one of the most intense in terms of incidents affecting the information security of industrial systems.
Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on accidental infections of industrial systems and detected targeted attacks.
Adobe today released an out-of-band Flash Player update addressing a zero-day vulnerability being exploited by a little-known Middle Eastern APT group called Black Oasis.
WatchGuardrsquo;s latest Internet Security Report reveals rise of Mimikatz, finds that 47 percent of all malware is new or zero day and offers comprehensive analysis of WannaCry28 September 2017 – Criminal tactics used to access user credentials are growing in prevalence and sophistication, according to the findings of WatchGuardrsquo;s latest quarterly Internet Security Report, which explores computer and network security threats affecting SMBs and distributed enterprises.

The findings also show that a record 47 percent... Source: RealWire
Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day.
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.
The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability.
We've got Safe Mode and that's safe enough, vendor tells ~400m users The Zero Day Initiative (ZDI) has gone public with a Foxit PDF Reader vulnerability without a fix, because the vendor resisted patching.…
Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks.

The flaw will be disclosed and demonstrated during DEF CON.
To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware.

Given our love for unsolved mysteries, we jumped right on it. Wersquo;d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya.
The ShadowBrokers announced details on how to subscribe to its Monthly Dump Service, which is available for 100 Zcash.