Entries filed under 'Zero-day'

Threat Research Blog

The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.


    IE Zero Day is Used in DoL Watering Hole Attack

    By Yichong Lin
    Similar to what we found before in a series of watering hole attacks, targeting CFR and Chinese Dissidents,  zero-day and just patched vulnerabilities were used. In the latest watering hole attack against Department of Labor (DoL), our research indicates a new IE zero-day is used in this watering hole attack, although some other vendors claim they are using known vulnerabilities.This particular exploit checks for OS version, and only runs on Windows XP. Read more...


    YAJ0: Yet Another Java Zero-Day

    By Darien Kindlund, Yichong Lin
    Through our Malware Protection Cloud (MPC), we detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking Read more...


    The Number of the Beast

    By James T. Bennett
    Yesterday, we sent out a warning regarding the PDF zero-day we found being exploited in the wild. Adobe has released a security advisory with mitigations. Here are more details about the attack. The JavaScript embedded in the crafted PDF is highly obfuscated using string manipulation techniques. Most of the variables in the JavaScript are in Italian. The JavaScript has version checks for various versions of Adobe Reader as shown below and it Read more...


    CFR Watering Hole Attack Details

    By Darien Kindlund
    [Updated on December 30, 2012] On December 27, we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21—right Read more...


    Looking Forward to Windows 8: A Look Back at Windows Security

    By Abhishek Singh
    With the release of Windows 8 scheduled for October 26, Windows security is on our mind. Windows is one of the most widely used operating systems in the world, making it a lucrative target for exploit developers and malware authors. In previous versions of Windows, many security features were introduced, including ASLR, DEP, and pointer encodings. Microsoft utilized software development lifecycle and threat modeling to ensure it was delivering a secure operating system to its users; however, many of Read more...