Security Alerts & News
by Tymoteusz A. Góral

History
#859 Got $90,000? A Windows 0-Day could be yours
How much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000.

So-called “zero-day” vulnerabilities are flaws in software and hardware that even the makers of the product in question do not know about. Zero-days can be used by attackers to remotely and completely compromise a target — such as with a zero-day vulnerability in a browser plugin component like Adobe Flash or Oracle’s Java. These flaws are coveted, prized, and in some cases stockpiled by cybercriminals and nation states alike because they enable very stealthy and targeted attacks.
Read more
#867 The impossible task of creating a “Best VPNs” list today
#866 Ransomware is working, and the cybercrooks know it
#865 Outlook and Hotmail flooded by spam
#864 Samsung: Don't install Windows 10. REALLY
#863 Out-of-the-box exploitation possible on PCs from top 5 OEMs
#862 Tor Browser 6.0: Ditches SHA-1 support, uses DuckDuckGo for default search results
#861 Crypto-ransomware attacks Windows 7 and later, scraps backward compatibility
#860 Millions of PCs ship with bloatware riddled with security flaws, say researchers
#859 Got $90,000? A Windows 0-Day could be yours
#858 Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
#857 SSL/TLS and PKI timeline
#856 Hackers find bugs, extort ransom and call it a public service
#855 SandJacking attack puts Apple iOS devices at risk to rogue apps
#854 PayPal to pull out of Turkey following license denial
#853 US court says no warrant needed for cellphone location data
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12