zero-day attacks

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Blue Pill Project extends VM rootkit cat-and-mouse tussle

LAS VEGAS - The intellectual cat-and-mouse tussle over hiding and finding virtual machine rootkits has hit a new gear with a team of researchers dismissing the notion of "100 percent undetectable" malware and the release of source code for a new "Blue Pill" rootkit.As previously reported, Thomas Ptacek, co-founder of...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-08-02

OpenBSD team mocked at first ever 'Pwnie' awards

LAS VEGAS -- The OpenBSD team has won an award for the most spectacular "mishandling" of a critical security vulnerability.Here's why:The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code...

Tags: Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple

Blog posts 2007-08-02

Remembering five years of vulnerability markets

Guest Editorial by David EndlerWhile compiling some stats this week for our Zero Day Initiative two year anniversary, I came across this recent news article by the Associated Press, Researchers Seek Cash for Software Flaws. It's the latest in a long line of media coverage on the launch of...

Tags: Botnets, Black Hat, Apple, Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Symantec, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers

Blog posts 2007-08-01

Apple monster update fixes iPhone, Safari, Mac OS X flaws

LAS VEGAS -- Apple has issued a monster update with patches for about 50 security vulnerabilities affecting iPhone, Safari and Mac OS X users.In a race against the clock, the company rushed out iPhone v1.0 with fixes for four different vulnerabilities that could allow hackers to take full control of...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Metasploit, McAfee, Hackers, Google, Digital rights management, Data theft, Browsers, Botnets, Black Hat, Apple

Blog posts 2007-07-31

Mozilla fixes its end of URL protocol handling saga

Mozilla has fixed its end of the controversial URL protocol handling vulnerability that puts Windows users at risk of PC takeover attacks.Exactly a week after admitting that Firefox was just as guilty as Internet Explorer when it comes to passing dangerous data to third party applications, the open-source group shipped...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Apple

Blog posts 2007-07-31

Google hires browser hacking guru

Google has snapped up one of the sharpest minds in the hacker community, luring Michal Zalewski to help lock down its long list of Internet facing products.Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.He...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-30

German hacker denied entry into U.S. for Black Hat training

Thomas Dullien, a prominent security researcher who has been a fixture at the annual Black Hat security conference, has been denied entry into the U.S. to attend and conduct training at this year's confab.Dullien left, a German reverse engineering whiz known in hacker circles as "Halvar Flake," said he was...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Passwords, Microsoft, Metasploit, Hackers, Exploit code, Digital rights management, Data theft, Cisco, Browsers, Botnets, Black Hat

Blog posts 2007-07-29

Code execution hole in Yahoo Widgets

A serious security flaw in an ActiveX control that ships with the Yahoo Widgets could put users at risk of PC takeover attacks.The vulnerability, rated "highly critical" by Secunia, is caused due to a boundary error within the YDPCTL.YDPControl.1 (YDPCTL.dll) ActiveX control when handling the "GetComponentVersion" method. This can be...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-27

Protocol abuse adds to Firefox, Windows security woes

Security researchers have discovered a new set of protocol abuse problems with Mozilla Firefox, warning that the popular open-source browser is a sitting duck for code execution exploits.Billy BK Rios, a hacker who has warned repeated about risky and unnecessary URIs registered on Windows, has released proof-of-concept exploits that shows...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple, Spam and Phishing, Hackers

Blog posts 2007-07-26

Some great security apps are still free

Last week, I wrote dismissively about Symantec adding a $29.99 a year price tag on its new Norton AntiBot technology, calling it a bit of a con job to sell all these different security tools to protect users against malware.Well, it turns out that there are some great FREE security...

Tags: Data theft, Browsers, Botnets, Apple, Digital rights management, Exploit code, Firefox, Hackers, McAfee, Metasploit, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Privacy, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Wi-Fi security, Zero-day attacks

Blog posts 2007-07-25

Critical ActiveX flaw haunts LinkedIn toolbar

The flaw, which is not yet patched, was discovered by researchers at VDA Labs. A proof-of-concept demo has been released to show how a PC can be hijacked if a LinkedIn toolbar user is lured to a booby-trapped Web site.The toolbar is marketed by the social network site to...

Tags: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Microsoft, Mozilla, Passwords, Patch Watch, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research, Windows Vista, Zero-day attacks

Blog posts 2007-07-24

Mozilla caught napping on URL protocol handling flaw

Uh-oh. The latest twist in the URL protocol handling vulnerability saga has left eggs on the faces of the security folks at Mozilla.It turns out that Mozilla's Firefox is just as guilty Microsoft's Internet Explorer when it comes to passing dangerous data to third party applications.Over the last two...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Spyware and Adware, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-23

CEO out in Core Security shake-up

Core Security Technologies, one of a handful of companies hawking penetration testing tools to businesses, is looking for a new CEO to replace Paul Paget.According to an analyst report from The 451 Group, there are red flags about the future of Core after news emerged that Paget and product manager...

Tags: Zero-day attacks, Vulnerability research, Spyware and Adware, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-23

Microsoft: 'Very difficult' to block IE attack vector

A member of Microsoft's Internet Explorer team says it is "very difficult" to put protections in place to block the protocol handlers attack vector exposed by the recent IE-to-Firefox code execution vulnerability.Markellos Diorinos, a product manager on the IE team, insists it is the responsibility of the receiving called application...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-20

MPack exploit kit creator speaks

SecurityFocus.com reporter Rob Lemos has a fascinating interview with one of the developers of MPack, the exploit kit used in thousands of drive-by malware attacks.In the interview, presented from multiple IRC conversations and edited/reordered for clarity, Lemos does a nice job of peeking behind the dark curtain of exploit writing...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Black Hat

Blog posts 2007-07-20

Firefox raises barrier to cross-site scripting attacks

Mozilla has quietly fitted a new security feature into the latest Firefox update, adding the ability for the browser to prevent cross-site scripting attacks.The change, which was not officially announced, implements httpOnly cookies in Firefox 2.0.0.5, the most recent refresh of the open-source browser.Web application security experts are welcoming the...

Tags: Zero-day attacks, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-19

Mac worm rumors swirl; Dai Zovi ships unofficial Mac OS X patch

Amidst unconfirmed rumors that anonymous hackers have created a worm that exploits an unpatched code execution flaw in Mac OS X Intel, a team of researchers have come up with a way to completely disable a buggy portion of the Mac code base.Led by Mac security guru Dino Dai Zovi...

Tags: Zero-day attacks, Wi-Fi security, Vulnerability research, Spyware and Adware, Spam and Phishing, Rootkits, Punditocracy, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-18

Mozilla patches Firefox; tells users to avoid IE

Mozilla has rolled out Firefox 2.0.0.5 with patches for a total of 9 nine vulnerabilities, including cover for the controversial IE-to-Firefox code execution attack vector.Even after plugging the hole, Mozilla inserted a blunt message into its alert:This patch does not fix the vulnerability in Internet Explorer.The open-source group is also...

Tags: Zero-day attacks, Windows Vista, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Open source, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple

Blog posts 2007-07-18

Blocking (Internet Explorer) drive-by malware downloads

Last week, I wrote about Haute Secure, a new browser toolbar promising to to block drive-by exploits from compromising Windows computers.The company, founded by four former Microsoft employees, has fitted behavior-based profiling algorithms into an Internet Explorer toolbar to identify and intercept malicious files in real-time.Currently available as a free...

Tags: Zero-day attacks, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Spam and Phishing, Rootkits, Responsible disclosure, Punditocracy, Pen testing, Passwords, Oracle, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets

Blog posts 2007-07-17

Symantec puts price tag on anti-botnet tool

Symantec's new Norton AntiBot utility is now out of beta, promising to remove zombies from for-profit botnets scourge in exchange for $29.99 a year.The anti-botnet tool see previous coverage here is being marketed as "complementary solution to existing antivirus or security suites," adding yet another application to the list of...

Tags: Zero-day attacks, Vulnerability research, Viruses and Worms, Symantec, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Passwords, Open source, Microsoft, Metasploit, Hackers, Google, Firefox, Exploit code, Digital rights management, Data theft, Browsers, Botnets

Blog posts 2007-07-17