Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer Security researchers have discovered two critical zero-day vulnerabilities in the popular Foxit Reader application that could be exploited by attackers to execute arbitrary code on a targeted computer, if no

Microsoft Windows users who still have Apple Quicktime installed should ditch the program now that Apple has stopped shipping security updates for it, warns the Department of Homeland Security‘s U.S. Computer Emergency Readiness Team (US-CERT). The advice came just as researchers are reporting two new critical security holes in Quicktime that likely wo

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unkno

More evidence of the potential chilling effect the Wassenaar Arrangement could have on security research surfaced this week when it was revealed HP has decided not to take part in November’s Mobile Pwn2Own hacking contest in Japan.Dragos Ruiu, who organizes the CanSecWest and PacSecWest conferences that include the Pwn2Own contests, told Threatpost tha

Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to ve

Bug bounties have gone from novelty to necessity, not only for enterprises looking to take advantage of the skills of an organized pool of vulnerability hunters, but also for a slew of independent researchers who make a living contributing to various vendor and independent bounty and reward programs.The proposed U.S. rules for the Wassenaar Arrangement pose

It took 10 hours to find what had eluded others for close to five years.German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and which is accused of putting a serious dent in Iran’s deve

When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser.A team of experts from HP’s Zero Day Initiative were among those who noticed that once-reliable exploits were no longer beha

Hi all,I have received a ton of questions regarding a recently published ZDI advisory, which provides some details about a bug I discovered and reported to Microsoft (via ZDI), affecting Internet Explorer 8.  I wanted to take a few moments to clarify some of the confusion and answer some of the questions in this p