Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker to execute arbitrary code and silently take the control of a victim’s machine. This flaw is currently Read more…
Tags: Adobe, Data Protection, PDF, Zero-Day
We discussed much of the unfolding Duqu attack in our previous post. Some new light has recently illuminated some missing pieces to this interesting attack. Researchers at CrySys Labs in Hungary have disclosed information about a Word document that is purported to be the installer file for the Duqu attacks. The document loads a kernel Read more…
Tags: Duqu, Kernel 0day vulnerability, Stuxnet, Zero-Day
The recent security breach at Lockheed Martin confirmed that the attacks we saw with Operation Aurora, identified by McAfee, and Stuxnet are just the beginning of a new era of targeted attacks. Cybercriminals are now executing the perfect plan to get closer to their target without raising any red flags. In the case of Operation Read more…
Tags: Lockheed Martin, malware, Night Dragon, Operation Aurora, Stuxnet, targeted attacks, Whitelisting, Zero-Day
Adobe released a security advisory warning the users of a zero-day vulnerability in Adobe Flash Player Versions 10.2.152.33 and earlier. An exploit targeting this vulnerability was embedded inside Microsoft Excel documents and was used to deliver the malicious code to the victims. McAfee Labs performed a detailed technical analysis of the exploit and learned that Read more…
Tags: Adobe, Flash, JavaScript, Zero-Day
Late on Thursday Microsoft released an advisory about a new privilege escalation vulnerability affecting IIS and SQL Server on Windows XP, 2003, Vista, and Server 2008. It’s likely that this is the same flaw discussed by Cesar Cerrudo in his talk, “Token Kidnapping”, at the HITB Security Conference 2008 in Dubai. Cerrudo had discovered a Read more…
Tags: exploit, Microsoft, vulnerability, Zero-Day
Some news is in circulation regarding a recently disclosed (and patched) vulnerability in Adobe’s Flash. The attack used dereferenced NULL pointers, which were believed to be very hard to exploit. The findings were first revealed in a paper called “Application-Specific Attacks: Leveraging the ActionScript Virtual Machine,”(pdf) by Mark Dowd. The paper described a new technique Read more…
Tags: exploit, vista, vulnerability, Zero-Day
Posts tagged under Zero-Day