Tag: Zero-day

Malware

Zero-Day Vulnerabilities: Rooting Out Hidden Threats

In 2015, ransomware and malware related attacks cost businesses around the world $325 million. This was considered to be a relatively acceptable figure. Rumors spread throughout the cybersecurity industry that a future dominated by cybercrimes was something we might be able to dodge. While a high amount, the $325 million value just didn’t meet the worst-case scenario many had expected. Was it possible everyone drastically overestimated how popular these attack methods would become? Fast forward two years later, as ransomware-based attacks alone are expected to reach $5 billion in costs to organizations this year. Obviously, this is an astronomical increase in the spread and effectiveness of cyberattacks. It is, however, just the tip of the iceberg. While ransomware attacks like

Read More »
Cybersecurity

In Plain Sight: Zero-Day Vulnerabilities

Zero-day vulnerability is a futuristic sounding term – you can almost picture it as the name of a science fiction novel – but it presents a great threat to organizations across all industries. These vulnerabilities are holes in software which lack a patch or fix, meaning they can be exploited by clever cyber criminals to steal your information. Back in 2014, Anthem, a major US health insurer, suffered what was then the biggest healthcare breach ever. This attack was conducted by a group known as “Black Vine,” who used zero-day vulnerabilities in Internet Explorer to carry out the attack. Recently, RAND corporation, a research organization that develops solutions to public policy challenges to help make communities throughout the world safer

Read More »
Repost

MICROSOFT IE ZERO-DAY VULNERABILITY (CVE-2014-1776)

THREAT OVERVIEW:  On April 26th 2014, Microsoft released a security advisory (2963983) for a zero-day vulnerability in Internet Explorer (CVE-2014-1776).  Exploitation of the vulnerability is reportedly being used in limited, targeted attacks.  The vulnerability exists in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.  There is currently no patch available for this vulnerability and Microsoft did not provide a release date for a patch. Windows users running vulnerable versions of Internet Explorer are at risk, when visiting compromised websites containing malicious code to exploit this vulnerability. THREAT DETAILS: According to Microsoft, The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in

Read More »