On July 14th, 2015, Microsoft’s widely deployed Windows Server 2003 reached end of life after nearly 12 years of support. For millions of enterprise servers, this meant the end of security updates, leaving the door open to serious security risks. Now, we are fast approaching the end of life of another server operating system –…
Read More
I had to go to the doctor the other day because I was miserable and sick. I don’t like going to the doctor so I waited until my stuffy nose and congestion turned into a full blown sinus infection. The doctor said this thing was going around, and I should be better in a few…
Read More
We’re at the end of July and the Zero Day Initiative (ZDI) has published 873 advisories so far. That’s 273 advisories this month alone – and that’s just the tip of the iceberg! Earlier this week, ZDI announced the Targeted Incentive Program, which brings over $1,500,000 USD in special bounty awards for specific targets. With…
Read More One night this week, I came across one of my favorite movies Willy Wonka and the Chocolate Factory. The world had gone crazy after the reclusive Willy Wonka announces that he has hidden five golden tickets in chocolate Wonka Bars that promised a factory tour and a lifetime supply of chocolate. There’s a scene at…
Read More Earlier this week, I wrote a blog covering a couple of the statistics from the Zero Day Initiative’s (ZDI) first half of 2018. One of the stats that I didn’t cover is the increasing focus on enterprise applications. The team is seeing consistent growth in submissions of Microsoft and Apple vulnerabilities, but now they’re also…
Read More The General Data Protection Regulation (GDPR) has been up and running for a couple of months now and your organization is compliant. It’s time to take a little break – well, not so fast! Late last week, the State of California passed a new data privacy law called the California Consumer Privacy Act of 2018….
Read More
I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day,…
Read More As I pull together the list of zero-day filters for this blog, I see all types of vulnerabilities from various vendors. My interest is always piqued when I see a vulnerability affecting a security company. The Zero Day Initiative’s (ZDI) interest was also piqued when the researcher Pagefault submitted a Bitdefender vulnerability to the ZDI…
Read More As a native Texan, I’ve seen more than my fair share of bugs – actual physical bugs that love the hot, humid Texas climate and my curly hair for some reason. The Zero Day Initiative (ZDI) sees many bugs (of the software variety), including those that affect SCADA control systems. Fritz Sands recently walked through…
Read More It was a busy day yesterday, with Adobe issuing four emergency patches for their Flash Player, including one for a zero-day being actively exploited in the wild. Adobe has indicated that CVE-2018-5002 was discovered being used in limited, targeted attacks on Windows users in the wild. The attacks use Microsoft Office documents embedded with malicious…
Read More
