tag
zero-day

Java vulnerability confirmed by US Department of Homeland Security

A Java vulnerability seemingly discovered by a French researcher has been confirmed by the US Government.

Java zero day = time to disable Java, in your browser at least

Now is the time to disable Java in your web browser, or even remove it from your system if that is practical. Why? The bad guys are hard at work trying to exploit a zero day vulnerability in the latest version of Java (version 1.7, Update 6.). This vulnerability is the subject of a US-CERT

CVE2012-1889: MSXML use-after-free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

Stuxnet and the DHS

In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.

How to Screw Up and Skew a Test

Even as AMTSO attempts to bring some qualified and competent guidance to testing methodologies, and individuals with an agenda or paranoia invent stories about why it is not good, we see more completely incompetent testing. I refer this time to the test that Steve Ragan wrote about at http://www.thetechherald.com/article.php/201031/5979/Anti-Virus-industry-lacking-when-it-comes-to-detection-says-report. The test performed by Cyveillance, who

Which Army Attacked the Power Grids?

The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.

Ten Ways to Dodge Cyber-Bullets (Part 9)

[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.] Be Wireless, not Careless Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of

Ten Ways to Dodge Cyber-Bullets (Part 8)

[Part 8 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Anti-Virus isn’t Total Security Don’t expect antivirus alone to protect you from everything. Use additional measures such as a personal firewall, antispam and

SMB2 0-Day update

Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates "Firewall best practices and standard default firewall configurations", which "can help protect networks from attacks that originate outside the enterprise perimeter,"  and suggests exposing a "minimal number of ports". Well, duh… I’d expect any firewall

SMB2 zero-day

Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

6 articles related to:
Hot Topic
11 Jan 2013
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.