Tuesday, May 9, 2017

Google 0-Day Hunters Find 'Crazy Bad' Windows RCE Flaw

Ok, this maybe the worst, but there is more to come, so hang on. This is a problem that as any zero day vulnerability probably has been known for some time by our and other intelligence agencies, and will probably show up in a Wikileaks dump at some time. Last month another Zero Day was released and had been a vulnerability for years, for an explanation, a Zero Day vulnerability is a vulnerability someone has found and not told anyone about, so they can use it for their purposes in the future. Since it has never been used, it is a zero day vulnerability, because as soon as it is used, others may use it, or a patch maybe made to counter it. There is a game in the zero day world, and that is who knows about the vulnerability, some hackers find zero day vulnerabilities and hold on to them to sell in the future, some hackers find zero day vulnerabilities and wait to exploit them when it will do the most for them or the worst for the company with the vulnerability. The problem with all these is if someone finds the vulnerability before it is used or sold by the hacker, if that happens the value of the vulnerability goes way down, it may still be sold, but for a far less amount. Once the company attacked finds a fix, then the vulnerability is near worthless, except for those people that have not applied the patch. It was said three separate Zero day vulnerabilities were used in the attack on the Iranian Nuclear facilities. Those were vulnerabilities some governments knew about, and held close to the vest so they could stop the progress of the Iranian Nuclear program. Some privacy folks protested that our government as well as other governments should disclose these vulnerabilities so the systems can be patched. There is a common sense to Governments making every vulnerability known to the world so that hackers can not exploit them, but in the world of cyber espionage and may I say cyber war, we need ways to attack the bad guys as needed.
from CTI Consulting http://ift.tt/2qhMMV8

1 comment:

  1. I think Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats........
    Zero-day attack