zero-day


Introduction Last month, iSightPartners revealed a Microsoft Office zero-day leveraged in a targeted attack by a Russian cyber espionage team. This vulnerability has been patched in Microsoft bulletin MS15-070. CVE-2015-2424 was assigned to this vulnerability. In this blog post, we will discuss the nature of the vulnerability to give some insights to other researchers for understanding and detecting this specific Word vulnerability. Multi-directory entries chaining We first extracted the embedded objects inside the exploit document... [Read More]
by RSS Wayne Chin Yick Low  |  Sep 01, 2015  |  Filed in: Security Research
Introduction Recently, we came across an unknown document exploit which was mentioned in a blogpost by the researcher @ropchain. As part of our daily routines, we decided to take a look to see if there was something interesting about the document exploit. The sample’s SHA1 used in the analysis is FB434BA4F1EAF9F7F20FE6F49C4375E90FA98069. The file we’re investigating is a Word document called amendment.doc. Understanding the vulnerability In fact, the exploit is not widely covered by AV vendors. Thus it becomes more challenging... [Read More]
by RSS Wayne Chin Yick Low  |  Aug 20, 2015  |  Filed in: Security Research
Today, Adobe has released a new announcement of vulnerabilities, 3 of which were discovered by researchers at FortiGuard Labs. Adobe Flash and Shockwave continue to be a challenge for organizations and vendors to keep secure. Memory corruptions can lead to the development of zero-day exploits against systems and there are overlaps in feature sets between versions of Shockwave and Flash. FortiGuard Lab researchers are finding chatter among hacker groups that leads us to believe attackers are still finding Flash and Shockwave as a viable and... [Read More]
by RSS Aamir Lakhani  |  Jul 14, 2015  |  Filed in: Industry Trends & News
Angler/Flash 0-day FAQ Version 1.1 - Friday, January 23 15:45PST This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates.   What is Angler? The Angler Exploit Kit (EK) is a toolkit used by malware authors and cybercriminals to deliver other pieces of malware. Typically these exploit kits are used in compromised websites that victims are guided to through links and phishing emails in order to infect victims.  What has happened? Noted malware... [Read More]
by RSS Richard Henderson  |  Jan 22, 2015  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Jul 26, 2014  |  Filed in: Industry Trends & News
[Read More]
by RSS Stefanie Hoffman  |  Jun 28, 2014  |  Filed in: Industry Trends & News
As a security professional for the past decade, I've seen quite a few evolutions in the threat landscape over the years- as I imagine have most of you. Does the following sound familiar and recent to you? First came enterprise-class anti-virus (AV) tools, then desktop firewalls and anti-spyware protection. With each technical advance, however, would-be attackers changed their tactics -- or morphed the latest virus or Trojan just enough for it to sail past the defenses. It's reached the point where AV and spyware just don't seem able to cope... [Read More]
by RSS David Finger  |  May 21, 2014  |  Filed in: Industry Trends & News
In nature, predators on the hunt for food often wait by small ponds and marshes for their prey. The reason? Animals of all kinds will inevitably flock to a watering hole out of necessity in order to survive - including vulnerable prey. When that occurs, the predator only has to pounce in order to fulfill its objectives. Wikimedia Commons In short, the watering hole removes the challenge of finding and chasing an elusive target. The same concept applies to watering hole attacks. As the name suggests, watering hole attacks occur when an attacker... [Read More]
by RSS Stefanie Hoffman  |  Oct 23, 2013  |  Filed in: Security 101
Microsoft announced today that an attacker or attackers are exploiting a previously known exploit in virtually all versions of Internet Explorer. Microsoft has released an out of bound Fix-It patch for users to implement as soon as possible while they work on a permanent fix. The exploit is CVE-2013-3893 and allows an attacker to execute code remotely - this means that simply by visiting a hacked or malicious website, you will likely have malware installed on your system. To install the Fix-It patch, visit this page. Simply click on the "Enable... [Read More]
by RSS Richard Henderson  |  Sep 17, 2013  |  Filed in: Industry Trends & News