Microsoft has issued a “top up” security bulletin for a fix that didn’t quite make it into the November 2014 Patch Tuesday. The vulnerability can be used to turn any user into a domain administrator, and it’s been exploited in the wild…
Tag Archives: Zero Day
Has the “Sandworm” zero-day exploit burrowed back to the surface?
You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the “Sandworm” vulnerability all over again. Paul Ducklin explains…
Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]
Watch our latest 60 Second Security video! An entertaining but insightful look at the week’s security woes – in just one minute…
Ex-con Kevin Mitnick now selling zero-day exploits, starting at $100K
He says his firm will carefully screen potential clients and that he’d never sell to an entity such as the Syrian regime or a criminal gang. Then again, he’s not asking what clients intend to do with the high-end exploits. 
SoHo routers to get hacker-style scrutiny in return for “awesome” prizes
Buy a $50 SoHo router, plug it in, press a couple of buttons. Bingo! A connected household! What could possibly go wrong? If history is any guide, quite a lot…
EFF sues NSA over hoarding of zero days
Wouldn’t it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers. 
Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]
Are two zero-days better than one? What happened to AOL’s user database? And is that another award that Naked Security just won? Find out in 60 Sec Security for 03 May 2014…
SSCC 145 – Zero-days x2, fixing Heartbleed x2, and security-by-design [PODCAST]
An 0-day in IE and an 0-day in Flash; two approaches to fixing OpenSSL after Heartbleed; how to get a free pass to Infosec Europe 2014; and why security happens by design and not by accident! Join Chet and Duck for another podcast in the weekly Chet Chat series…
Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash
Hot on the heels of Microsoft’s IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash. (No, they’re *not* related, even though the current IE exploits use a Flash file to kick things off.)