Search DaniWeb - fireeye

Calamine released for Poison Ivy RAT itch 10 Years Ago by happygeek …. Attacks involving several ongoing nation-state threat 'actors' identified by FireEye such as: * admin@338: Active since 2008, this actor mostly… telecom, government, and defense sectors. * th3bug: First detected in 2009, FireEye has observed this actor targeting a number of industries, primarily… WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek …have [detected a new zero-day vulnerability](http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero… would appear, a fully-blown in the wild exploit. FireEye researchers state that: > ...this vulnerability leads to arbitrary…from tweaking this exploit and making it work reliably. FireEye is working with Oracle to this end, but in… How to destroy a botnet 14 Years Ago by happygeek … a lot of inside knowledge. Researchers at the FireEye Malware Intelligence Lab have been working hard at gathering… with an intent to destroy a botnet. So FireEye contacted ISPs, registries and registrars and set about …mount any kind of defence strategy to keep running. FireEye approached the challenge methodically, by first preparing enough … Ke3Chang kerching: naked Carla Bruni led Chinese hackers to G20 diplomats 10 Years Ago by happygeek …European foreign ministries, were successfully targeted by Chinese hackers. FireEye researchers had monitored a server, one of 23, … them to observe the malware in action, although FireEye says no data was stolen as far as they…. The circumstantial evidence collected at the time leads FireEye to believe that Chinese hackers were carrying out the… How the Chinese took, and lost, control at TechNet 8 Years Ago by happygeek …the tactic, researchers with security outfit FireEye [discovered](https://www.fireeye.com/blog/threat-research/2015/05/… hacking campaign called Deputy Dog](https://www.fireeye.com/blog/threat-research/2013/09/operation… however, have backfired having been detected. The FireEye researchers have been working with the Microsoft Threat… Which is the most secure smartphone? Not the iPhone it appears... 9 Years Ago by happygeek …. First the security researchers disclosed the [Masque Attack](http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all… off as a non-event, but if you read the FireEye disclosure report you will see that the company claims to… Dear Adobe Flash, why won't you DIE, DIE, DIE? 8 Years Ago by happygeek … Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe… Syrian Electronic Army attacks Washington Post, CNN and Time via plug-in 10 Years Ago by happygeek … similar messages. Darien Kindlund, Threat Intelligence Manager at security vendor FireEye notes that the Syrian Electronic Army is "a prolific… Re: Warning: Linux security bashed by 22 year old remote code execution bug 9 Years Ago by happygeek More news from the security research labs: > FireEye has discovered that cyber attackers have already mobilised to use … Re: Crypto Virus found on my computer! 9 Years Ago by Traevel …](http://en.wikipedia.org/wiki/Operation_Tovar). You can check the [FireEye and Fox-IT page](https://www.decryptcryptolocker.com/) for instructions… Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by peter_budo No flaming inteded, however it would be nice once in while if you wrote about something that got fixed. Open source community is doing their best to help to tacle all while trying to bring new stuff in. World is not all negative... ;) PS: Can get you in touch with London open source community with influence on Oracle Java development, just ask. Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek The world may not be all negative Peter, but security problems usually are. Would you rather people were not warned, in a timely fashion, of real world threats out there that could impact upon their data? Some things just cannot be sugar coated... Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by bguild All security issues are some variety of design failure. No one can sneak into your computer through the internet without an invitation, so the big questions are what design failure in the JVM makes this theoretically possible, and what is being done about it? The good news that I want to hear is that Oracle has not only fixed the security hole, … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek ...and worth reporting, no doubt about that! :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by peter_budo Yes people should be warned, but there should aslo be a notice "Hey they fixed this..." Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek When Oracle fixes it, really fixes it rather than keep using sticking plasters to try and stem an arterial bleed, then I will be the first to write a news story saying so. That said Peter, don't hold your breath :) Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by JamesCherrill It seems Oracle have rushed out a quick fix (or maybe just a sticking plaster?) for this one... http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by happygeek Comment from Lamar Bailey, Director of Security Research and Development at nCircle on the latest patch/fix: > Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by jwenting what complete bollocks. These vulnerabilities are extremely rare and hard to trigger, and I seriously doubt Oracle is going to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV products. Or do you suggest most people update their AV product only when they get a new PC, which is roughly how often most … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by bguild > I seriously doubt Oracle is going to pump out new JVM versions 3-4 times a day, which is the rate of database updates for serious AV products. Java doesn't need and shouldn't have an anti-virus database. Java runs on a virtual machine, which means that the virtual machine is directly responsible for any inappropriate behaviour in any Java … Re: WARNING: New zero-day for Java 6u41 and Java 7u15 11 Years Ago by jwenting you seem to misunderstand my point :) Re: Which is the most secure smartphone? Not the iPhone it appears... 9 Years Ago by nRg6ExWxsJ8JzX PWN2OWN isn't really representative though. It's a bit like the historical claims about Apple laptops being secure due to the lack of exploits: mostly this was just down to the tiny userbase, and the economics of researching a minority OS. As the userbase grew, so did the attention. There are few exploits for the Windows phone today, because there… Re: Which is the most secure smartphone? Not the iPhone it appears... 9 Years Ago by Kelly Burby I seemed to agree with the above poster as currently windows devices haven't that much user over their platform is the reason why it's on top ! I am sure it will lower down once the number increases. But for the time I am giving my vote to Windows. Re: Which is the most secure smartphone? Not the iPhone it appears... 9 Years Ago by happygeek Actually, the 'fewer users' argument doesn't apply to PWN2OWN. As I said in the news story itself: > while it could be argued that the reason Windows Phone did so well was that only one team targeted it that would be a flawed assumption. Teams only target devices at the competition proper if they have been able to uncover working zero-day … Re: Dear Adobe Flash, why won't you DIE, DIE, DIE? 8 Years Ago by diafol >Flash, along with ActiveX and Java Heh heh, are you suggesting that Java runtimes be dropped too? Silverlight? Things are warming up. Re: Syrian Electronic Army attacks Washington Post, CNN and Time via plug-in 10 Years Ago by LastMitch >Within days of the New York Times website suffering an outage which was widely reported as being down to another cyber attack, although the NYT itself insists it was actually an internal issue following system maintenance, media sites belonging to CNN, Time and the Washington Post have been attacked by the Syrian Electronic Army (SRA) in …