HackDig : Dig high-quality web security articles for hackers

Experts at ZDI reported two critical Zero-Day flaws in Foxit PDF Reader

Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer Security researchers have discovered two critical zero-day vulnerabilities in the popular Foxit Reader application that could be exploited by attackers to execute arbitrary code on a targeted computer, if no
Publish At:2017-08-22 13:35 | Read:4333 | Comments:0 | Tags:Breaking News Hacking Foxit PDF Reader RCE ZDI zero-Day

US-CERT to Windows Users: Dump Apple Quicktime

Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for it, warns the Department of Homeland Security‘s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely wo
Publish At:2016-04-18 15:05 | Read:4409 | Comments:0 | Tags:Latest Warnings Other Time to Patch Apple Quicktime Christop

The first rule of zero-days is no one talks about zero-days (so we’ll explain)

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unkno
Publish At:2015-10-20 12:25 | Read:4995 | Comments:0 | Tags:Features Law & Disorder Risk Assessment Technology Lab zdi z

Citing Wassenaar, HP Pulls out of Mobile Pwn2Own

More evidence of the potential chilling effect the Wassenaar Arrangement could have on security research surfaced this week when it was revealed HP has decided not to take part in November’s Mobile Pwn2Own hacking contest in Japan.Dragos Ruiu, who organizes the CanSecWest and PacSecWest conferences that include the Pwn2Own contests, told Threatpost tha
Publish At:2015-09-04 10:10 | Read:4204 | Comments:0 | Tags:Government Hacks Malware Vulnerabilities CanSecWest Dragos R

HP Releases Details, Exploit Code for Unpatched IE Flaws

Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to ve
Publish At:2015-06-23 02:30 | Read:4027 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security Blue Hat binus HP Int

Bug Bounties in Crosshairs of Proposed US Wassenaar Rules

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward programs.The proposed U.S. rules for the Wassenaar Arrangement pose
Publish At:2015-06-09 13:45 | Read:3647 | Comments:0 | Tags:Google Government Hacks Microsoft Privacy Vulnerabilities We

Details Surface on Stuxnet Patch Bypass

It took 10 hours to find what had eluded others for close to five years.German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and which is accused of putting a serious dent in Iran’s deve
Publish At:2015-03-12 00:55 | Read:3774 | Comments:0 | Tags:Hacks Malware Microsoft Vulnerabilities HP LNK patch LNK vul

IE Memory Attacks Net ZDI $125,000 Microsoft Bounty

When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser.A team of experts from HP’s Zero Day Initiative were among those who noticed that once-reliable exploits were no longer beha
Publish At:2015-02-05 20:20 | Read:3916 | Comments:0 | Tags:Microsoft Vulnerabilities Web Security HP Security Research

On CVE-2014-1770 / ZDI-14-140 : Internet Explorer 8 "0day"

Hi all,I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8.  I wanted to take a few moments to clarify some of the confusion and answer some of the questions in this p
Publish At:2014-08-10 15:20 | Read:5341 | Comments:0 | Tags:Exploits 005 - Microsoft related 0day advisory cve-2014-1770

Tools

Tag Cloud