How China built a one-of-a-kind cyber-espionage behemoth to last
A decade-long quest to become a cyber superpower is paying off for China.
How China built a one-of-a-kind cyber-espionage behemoth to last Read MoreTag: Zero-Day Exploits
A Zero Day is both a previously undetected hole in security software and the code attackers use to take advantage of said hole.
Zero day actually refers to two things—a Zero-Day Vulnerability or a Zero-Day Exploit.
Zero-Day Vulnerability refers to a security hole in software—such as browser software or operating system software—that is yet unknown to the software maker or to antivirus vendors. This means the vulnerability is also not yet publicly known, though it may already be known by attackers who are quietly exploiting it. Because zero day vulnerabilities are unknown to software vendors and to antivirus firms, there is no patch available yet to fix the hole and generally no antivirus signatures to detect the exploit, though sometimes antivirus scanners can still detect a zero day using heuristics (behavior-tracking algorithms that spot suspicious or malicious behavior).
Zero-Day Exploit refers to code that attackers use to take advantage of a zero-day vulnerability. They use the exploit code to slip through the hole in the software and plant a virus, Trojan horse or other malware onto a computer or device. It’s similar to a thief slipping through a broken or unlocked window to get into a house.
Zero day vulnerabilities and exploit codes are extremely valuable and are used not only by criminal hackers but also by nation-state spies and cyber warriors, like those working for the NSA and the U.S. Cyber Command.
—WIRED, “Hacker Lexicon: What Is a Zero Day?“
Google’s top security teams unilaterally shut down a counterterrorism operation
The decision to block an “expert” level cyberattack has caused controversy inside Google after it emerged that the hackers in question were working for a US ally.
Google’s top security teams unilaterally shut down a counterterrorism operation Read More
China’s and Russia’s Spying Sprees Will Take Years to Unpack
The full extent of the SolarWinds hack and Hafnium’s attack on Microsoft Exchange Server may never be known.
China’s and Russia’s Spying Sprees Will Take Years to Unpack Read More
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims Read More
The Ethics of Zero-Day Exploits: The NSA Meets the Trolley Car
This article [takes] two basic approaches to evaluating the ethics of stockpiling zero-day exploits.
The Ethics of Zero-Day Exploits: The NSA Meets the Trolley Car Read More