Posts Tagged ‘Zero-day vulnerability’

[Cyber Security 2015] Critical Vulnerability in Microsoft Internet Explorer

Posted: August 19, 2015 in IT Security News
Tags: , , , , , ,
4

Internet Explorer vulnerabilitiesMicrosoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

Cyber Security 2015: The Hacking Team Hacking – Latest news

Posted: July 15, 2015 in IT Security News
Tags: , , , , , , ,
1

Hacking Team hackedHacking news 2015: The Hacking Team Hacking – Latest news

Recall, July 5, unknown hackers have broken into the computer network of the company and abducted more than 400 GB of corporate data.

Stolen information includes corporate documents, source code, and even, as it became known, a few exploits for zero-day vulnerability in Adobe Flash. Also, hackers managed to hack the official Hacking Team account in Twitter.

Hacking Team’s CEO David Vincenzetti issued a new statement promising that the company plans to deliver the recovered version of Galileo Remote Control System (Galileo, is the advanced and sophisticated spyware tool) and internal infrastructure to replace products that have been compromised in the cyber attacks. (more…)

CVE-2014-8346: Zero-day vulnerability in the Samsung’s Find My Mobile service

Posted: October 29, 2014 in Vulnerabilities
Tags: , , ,
0

samsung find my mobileZero-day vulnerability in Samsung’s Find My Mobile service allows you to remotely lock the user smartphone.

If an attacker exploits the zero-day vulnerability in Samsung’s ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.

Vulnerability affects all smartphones Samsung, what support the web service Find My Phone. (more…)

CVE-2014-6352: Critical Vulnerability in Microsoft Windows

Posted: October 22, 2014 in Vulnerabilities
Tags: , , ,
0

dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. (more…)

Zero-day vulnerability CVE-2014-4114 impacting all versions of Microsoft Windows

Posted: October 14, 2014 in Vulnerability News
Tags: , , ,
0

SandwormZero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114. (more…)

Trend Micro: Q1 2013 Security Roundup Report

Posted: April 30, 2013 in IT Security News
Tags: , ,
0

Trend MicroTrend Micro released a report on cyber threats in the I quarter of 2013

Trend Micro released a report Q1 2013 Security Roundup Report, dedicated to cyber threats in the first quarter of 2013, the main topics of research are proliferating attacks using vulnerabilities “zero day” and the recent targeted attack on the people of South Korea. Results of the study indicate that the vulnerability of “zero day” threats remain relevant and hackers are becoming more sophisticated, intense and dangerous. (more…)

In Adobe Reader has been discovered zero-day vulnerability

Posted: February 14, 2013 in Security Notices, Vulnerability News
Tags: , , , ,
0
Adobe Logo

Vulnerabilities in Adobe Reader

The flaw allows a potential attacker to remotely execute arbitrary code.

Zero day vulnerability was discovered in the popular software Adobe Reader, allows you to execute arbitrary code on the target system. This in his report the researchers reported FireEye, who happened to encounter with an infected PDF-document capable of compromising computers based on Windows.

When trying to open a malicious file, is running two dll-libraries, one of which is designed to conceal the fact of infection. It gives the user an error message while working on a document. Second library contains a component that provides for the connection to the remote server attacks.

According to FireEye, vulnerable to this attack were such versions of Adobe Reader, as 9.5.3, 10.1.5 and 11.0.1. Older versions may also be exposed to the threat. Currently, researchers have already submitted details of the detected flaws developers. (more…)

Adobe fixed two zero-day vulnerability in Flash Player

Posted: February 8, 2013 in Security Notices, Vulnerability News
Tags: , , ,
0

Adobe FlashUsers are advised to install security updates as soon as possible.

Yesterday, Adobe released an emergency update Flash Player, which addresses two zero-day vulnerabilities.

The manufacturer has confirmed that the underlying vulnerability used in the implementation of targeted attacks using the documents in Microsoft Word. These documents are distributed by spam mailings, when opened on the victim’s system runs the malicious SWF-content. One of the vulnerabilities in the ActiveX-focused version of Flash Player for Windows.

Adobe thanked experts from Kaspersky Lab Sergey Golovanov and Alexander Polyakov for the detection of one of the vulnerabilities. (more…)

Exploit for zero-day vulnerability in Java

Posted: January 11, 2013 in Uncategorized
Tags: , , , ,
0

Java DangerDevelopers Blackhole and Nuclear Pack said that the exploit is a ‘New Year present’ for their clients.

Hackers who are the authors of such sets exploits as Blackhole and Nuclear Pack, claim that they had added a new exploit, an attacker previously unknown and is not currently vulnerability in Java.

Thus, on 9 January, the developer Blackhole – hacker disguised under the pseudonym ‘Paunch’ – said on several underground forums that a zero-day vulnerability in Java is a ‘New Year gift’ to those who use it with a set of exploits. Soon, similar reports were received from the developers and distributors of Nuclear Pack. (more…)

Arbitrary code execution in Microsoft Internet Explorer

Posted: December 30, 2012 in Vulnerabilities
Tags: , , ,
0

internet explorer logoVulnerability: Arbitrary code execution in Microsoft Internet Explorer

Severity Rating: Critical
Patch: None

CVE ID: CVE-2012-4792
Vector of operation: Remote
Impact: System Compromise
CWE ID: CWE-119: An error occurred in the buffer
Exploited by active exploitation of the vulnerability
Affected Products: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x

Affected versions: Microsoft Internet Explorer version 6.x, 7.x, 8.x

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error after release of the processing facility ‘CDwnBindInfo’. This can be exploited via a specially crafted Web-page call dereference already freed object and execute arbitrary code on the target system. (more…)