Ad: Manage updates with the Download App
  • CNET
  • All zero-day exploits posts

zero-day exploits

ExploitShield becomes Malwarebytes Anti-Exploit

ExploitShield launched in September 2012 (covered previously by Seth Rosenblatt) with an ambitious goal: to close the yawning security gap for zero-day threats, those nasty exploits that arise upon first notice of a security vulnerability in a browser or other application before developers can fix the hole. Today, the ExploitShield technology gained a lot more visibility as it was acquired by security-software publisher Malwarebytes, whose Malwarebytes Anti-Malware software has been a Top 10 product on Download.com for many years.

As a result of the purchase, Malwarebytes has released a new beta version of the software, now called Malwarebytes Anti-Exploit. … Read more

Microsoft's next Patch Tuesday won't resolve IE zero-day flaw

Microsoft's regular Patch Tuesday rolls around next week. But one flaw that won't be fixed in the mix is the latest zero-day exploit in Internet Explorer.

Last Saturday, Microsoft warned about the zero-day flaw in IE 6, 7, and 8 that could allow attackers to gain control of Windows computers to host malicious Web sites. In its advisory, the company noted that IE 9 and 10 are unaffected by the vulnerability and suggested a variety of workarounds to those running the older browser versions.

On Monday, the company issued a temporary fix that prevents the flaw from being … Read more

McAfee: China attacks a 'watershed moment'

The China-based cyberattacks on Google and other companies were "a watershed moment in cybersecurity," according to an executive at computer security company McAfee.

"I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations," McAfee Chief Technology Officer George Kurtz wrote on his blog Sunday. "While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits."

"What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the … Read more

Adobe exploit puts backdoor on computers

A new zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat, drops a backdoor onto computers using JavaScript, Trend Micro researchers warned on Friday.

Trend Micro identified the exploit as a Trojan horse dubbed "Troj_Pidief.Uo" in a blog post. It arrives as a PDF file containing JavaScript-based malware, "Js_Agent.Dt," and then drops a backdoor called "Bkdr_Protux.Bd."

The exploit affects Microsoft Windows 98, ME, NT, 2000, XP, and Server 2003, according to Trend Micro.

The blog post provides technical details on how the … Read more