According to the NSA, it will report zero-day security vulnerabilities to software vendors “9 out of 10 times.” The other 10% of the time, it won’t say what it does with them, but it does say there are times when the military and national security benefits outweigh the benefit to disclosing vulnerabilities to vendors.
The leaks of Edward Snowden put the agency’s name on the tip of the nation’s tongue a few years back, and research shows it could be decades before Americans know the whole story. It is no longer a question of whether the NSA and other organs of the surveillance state do conduct electronic surveillance on ordinary Americans, but whether or not [...]
Google Hacker Tavis Ormandy has previously revealed vulnerabilities in the Russian anti-virus Kaspersky Labs. He has now revealed more vulnerabilities in their system framework. Ormandy is famous for finding vulnerabilities in major anti-virus vendors to help them improve their security.
Tavis Ormandy has revealed more vulnerabilities in the system framework of Kaspersky, one of the largest and most reputed anti-virus vendors in the world. He turned his attention to Kaspersky after exposing vulnerabilities in Sophos and ESSET. Tavis had released a report earlier this month about some security vulnerabilities that he found in Kaspersky and has now revealed an even more [...]
The Chinese hacker group APT3 is known in the security industry for their previous, large-scale attacks. The group’s last big campaign, dubbed Operation Clandestine Fox, was a smashing success that relied on something most people visiting this website will find absurd: people using Internet Explorer.
As of that time, as much as 25% of people on the Internet were still using the notoriously insecure browser. Indeed, large organizations still use Explorer, and these are the kinds of targets that APT3 goes after. Now, in a potentially much bigger attack called “Operation Clandestine Wolf,” APT3 has found a vulnerability in Adobe Flash Player which allows it [...]
Adobe Flash Player is notorious for causing security issues. It’s just one of the many reasons why sites like YouTube have switched to HTML5. Trend Micro’s researchers recently discovered a zero-day exploit in Flash used for malvertisement attacks, affecting Windows, Mac, and Linux users. According to a security bulletin from Adobe, the vulnerability, known as CVE-2015-0313, affects Flash Player 220.127.116.116 (the latest version) and earlier versions. A patch for CVE-2015-0313 is expected to begin rolling out on February 4th. But until the update is ready, users are recommended to disable Adobe Flash Player.