Post Thumbnail

Typically, coders and researchers who discover security vulnerabilities in software will tell the companies involved before posting their findings -- it's a courtesy to make sure that those holes are patched before attackers can use them. Don't tell that to developer Luca Todesco, though. He recen...

August 17th 2015 at 5:05pm 0 Comments
Post Thumbnail

Feel safe with your fully-patched computer? If you use Flash and land on the wrong website, you may get a virus or even a cryptolocker that renders your machine unusable. That's because a sophisticated "zero-day" exploit stolen from Hacking Team has now been released into the wild. As a reminder,...

July 8th 2015 at 6:00am 0 Comments
Post Thumbnail

It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it. No one must have told that to the US Navy until this week, however. The Electronic Frontier Foundation caught the military...

June 14th 2015 at 5:20pm 0 Comments
Post Thumbnail

If you've been wondering how Russian cyberattackers could compromise the White House and other high-profile political targets, the security researchers at FireEye have an answer. They've determined that APT28, a politically-motivated Russian hacking group, used unpatched exploits in Flash Player a...

April 18th 2015 at 11:11pm 0 Comments
Post Thumbnail

Google's Project Zero is supposed to goad companies into patching software security flaws before they pose a threat, but that's not exactly how the effort has panned out. As Apple and Microsoft will tell you, the strict 90-day disclosure deadline sometimes leaves developers scrambling to finish pa...

February 15th 2015 at 4:59pm 0 Comments
Post Thumbnail

Microsoft isn't the only big tech firm grappling with surprise security flaw disclosures these days. Google's Project Zero security unit revealed at least two unpatched vulnerabilities in OS X (Yosemite appears to have mitigated a third) that theoretically help attackers take control of your Mac....

January 23rd 2015 at 3:33pm 0 Comments
Post Thumbnail

Whether or not you believe that North Korea hacked Sony Pictures, one thing is becoming apparent: whoever's responsible knew what they were doing. Sources for Recode understand that the perpetrators took advantage of a zero-day exploit, or a software security hole that hadn't been patched yet. The...

January 20th 2015 at 2:53pm 0 Comments
Post Thumbnail

A hacker who found a vulnerability in QuickTime said he posted the attack code online after Apple ignored him for a month. The code exploits a flaw in QuickTime that causes a crash when a unusually-long parameter is passed along with a movie file. While it's not demonstrated, the hacker claims that...

September 18th 2008 at 12:00pm 0 Comments
Post Thumbnail

A zero-day vulnerability in Safari that could litter a user's desktop (or downloads folder) with arbitrary files is a serious security flaw, argues ZDNet, and not a mere "annoyance" as Apple claims. In theory, a user must click a link to visit a malicious website that can begin downloading arbitrary...

May 30th 2008 at 12:30am 0 Comments