zero-day

Adobe issues emergency patch -- again

Adobe Systems and Microsoft on Thursday issued patches with emergency measures for critical vulnerabilities in Flash and Internet Explorer.

Microsoft, which usually fixes security problems once a month on Tuesdays, distributed the off-calendar repair for Internet Explorer 9 and 10 because of the severity of the exploit. The fix is highly recommended for people who use those versions of IE since Microsoft described the previously unknown vulnerability in its security bulletin as actively being used in "limited, targeted attacks."

However, people who use those browsers must apply the fix manually with the FixIt shim tool. A permanent fix … Read more

Adobe issues emergency Flash update for Windows and Mac

Adobe is recommending that users update their Flash Players immediately -- especially those who frequent Google Chrome and Internet Explorer. The company released an emergency security bulletin on Tuesday that addresses vulnerabilities in Flash, which could be exploited by hackers.

"This vulnerability could allow an attacker to remotely take control of the affected system," Adobe wrote in a blog post. "Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin."

Adobe assigned a Priority 1 rating to the vulnerabilities being … Read more

Microsoft plans to address zero-day IE bug on Tuesday

Microsoft plans to issue a security update on Tuesday that addresses an Internet Explorer ActiveX Control vulnerability that allowed malware to be installed on computers when users visited at least one breached Web site.

Microsoft said Monday that vulnerability CVE-2013-3918, which was disclosed Friday by security researcher FireEye, was already scheduled to be addressed in "Bulletin 3" on Tuesday. An exploit described by the security firm as a classic drive-by attack is already in the wild, targeting English versions of IE7 and 8 in Windows XP and IE8 on Windows 7.

FireEye said its analysis of the exploit … Read more

New zero-day bug targets IE users in drive-by attack

A pair of vulnerabilities in Internet Explorer are currently being exploited in the wild to install malware on computers that visit at least one malicious Web site, security researches warn.

The classic drive-by download attack targets the English versions of IE 7 and 8 in Windows XP and IE 8 on Windows 7, security firm FireEye warned in a company blog post Friday. However, the security researcher wrote that its analysis indicated that other languages and browser version could be at risk.

"The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily … Read more

Kaspersky releases 2014 edition of Internet Security and Antivirus

On Tuesday, Kaspersky launched the 2014 release of their Internet Security and Antivirus updates. In addition to a much more polished user interface, Kaspersky brings a slew of under the hood improvements and performance gains across the board. New in 2014 is the Application Control center, a hybrid between a system monitor and task manager that also gives you a trust rating of each running application. For full review or to download a trial, click on the Download button below.

Review: Kaspersky Internet Security 2014

Kaspersky Internet Security 2014 returns as a top-notch security suite with improved overall performance, a slight interface refresh, and new countermeasures against zero-day attacks.

Since last year's release, Kaspersky 2014's design comes with minimal changes to its interface. The mobile-style drawer also makes a return, which reveals extra tools like parental controls, network monitoring, and application controls.

The extraneous arrows and flap-like carousel buttons have all been consolidated into a single-drawer button, following Windows 8-like behaviors. The main interface has been stripped down even more for a much cleaner, uncluttered look.

Menus and settings have also gotten a … Read more

ExploitShield becomes Malwarebytes Anti-Exploit

ExploitShield launched in September 2012 (covered previously by Seth Rosenblatt) with an ambitious goal: to close the yawning security gap for zero-day threats, those nasty exploits that arise upon first notice of a security vulnerability in a browser or other application before developers can fix the hole. Today, the ExploitShield technology gained a lot more visibility as it was acquired by security-software publisher Malwarebytes, whose Malwarebytes Anti-Malware software has been a Top 10 product on Download.com for many years.

As a result of the purchase, Malwarebytes has released a new beta version of the software, now called Malwarebytes Anti-Exploit. … Read more

Google push for faster zero day fixes hits a wall: Other companies

Google has undertaken what some might call a Sisyphean effort: to get technology companies to patch publicly unknown security vulnerabilities, referred to as "zero day" exploits, more quickly.

In a blog post published Wednesday, two Google security engineers advised their counterparts at other companies to respond to actively exploited zero days within seven days.

The post's authors, Chris Evans and Drew Hintz, wrote, "Often, we find that zero day vulnerabilities are used to target a limited subset of people. In many cases, this targeting actually makes the attack more serious than a broader attack, and more … Read more

Adobe issues emergency patch for zero-day Flash vulnerabilities

Adobe Systems released an emergency security update today that addresses a trio of vulnerabilities in Flash, two of which the company said were already being exploited by hackers.

Today's surprise update -- the company's third for the browser plug-in this month -- patches holes "that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security bulletin.

"Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which … Read more

Adobe confirms targeted attacks due to security hole in Reader

A zero-day security flaw in Adobe Reader and Acrobat is being exploited through a series of targeted attacks against vulnerable computers, Adobe Systems said yesterday.

In a security bulletin, Adobe confirmed that the vulnerabilities could cause Reader and Acrobat to crash, potentially opening the door for an attacker to gain control of the system.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message," the company revealed in the bulletin.

Adobe said it's … Read more