Showing 13 results for: 2013 ×Zero-Day ×

Another Day, SpiderLabs Discovers Another IE Zero-Day

We at SpiderLabs investigate many suspicious webpages on a daily basis. Occasionally we run into something that seems new and unfamiliar to us, which is generally when things become interesting. A recent discovery of ours began just like that and...

Microsoft Patch Tuesday, September 2013

In Chicago, it's been a roller coaster of a summer with cold weather to now steaming hot. Fortunately, the weather held out for last weekend Trustwave summer outing which was held at Six Flags Great America in Gurnee, Illinois. For...

Fun with 'Active Defense'

Active Defense is steadily becoming a popular trend in the security field, both in a theoretical and practical approach. From its humble beginnings it has made its way to a fully functional software implementations that aim at making your attacker's...

Mayday! 0-Day

While many workers around the world were celebrating the May 1st events, the US Department of Labor website got hacked and was used to redirect browsers to a 3rd party site which served a new IE 8 0day exploit, known...

Q&A w/ SpiderLabs Research: Java 0day CVE-2013-0422

Q: What's going on? People are talking about some Java 0day which threatens the whole world… Bring me up to speed, now! A: About a week ago, an independent researcher has reported a previously unknown (0day) Java vulnerability being used...

Microsoft Patch Tuesday, January 2013 - Part II

It's now official, there is another bulletin (MS13-008) release for the month of January and affected Microsoft Windows users should be expecting a out-band security patch soon. This out-of-band security patch fixes one memory corruption vulnerability discovered in Internet Explorer...

First Java 0day For The Year 2013

Today @Kafeine was the first to announce the new Java 0day. This 0day allows an attacker to execute malicious code on any desktop with Java 1.7 u10 (or prior) installed – which is the latest version from Oracle. After some...

Dissecting a CVE-2012-4792 Payload

A little while ago I was fortunate enough to get ahold of a sample that was dropped on a system after it was infected via the exploit outlined in CVE-2012-4792. For those that may not have heard, this CVE has...

Microsoft Advance Notification for January 2013

If you were hoping for a nice relaxing Patch Tuesday after the holidays, well, sorry to disappoint you. Microsoft will be issuing seven new bulletins next week, two of them are rated as 'Critical'. Both critical bulletins can result in...