Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Seven zero-day attacks discovered in 1H13

FireEye : 18 July, 2013  (Technical Article)
FireEye provides details of the zero-day vulnerabilities that the company uncovered during the first half of the year
Seven zero-day attacks discovered in 1H13

FireEye discovered seven zero-day vulnerabilities during the first half of 2013.  Each of the vulnerabilities uncovered by FireEye was exploited by advanced attacks across a number of applications, including Microsoft Internet Explorer, Adobe Flash, PDFs, Oracle, and Java, and highlight a growing trend of organisations seeing damage to their reputations and critical infrastructure due to highly publicised zero-day threats.

“The consistent discovery of flaws by FireEye demonstrates the power of our virtual-machine technology and the calibre of our research group,” said Zheng Bu, senior director of research.  “Our Multi-Vector Virtual Execution (MVX) engine offers a new and more sophisticated approach toward threat protection that can verify the existence and root cause of exploits before they are able to cause catastrophic damage.”

Zero-day flaws are especially dangerous because of their ability to evade detection from traditional and next-generation firewalls, intrusion prevention systems, anti-virus, and Web gateways, leaving gaping holes in network defences.  As a result, the potential for loss and theft of customer information, intellectual property, and confidential information increases.

The FireEye platform provides real-time analysis of advanced malware in a controlled environment and uses multi-vector and multi-flow virtual execution to detect next-generation threats that would otherwise go undiscovered.

“The newest generation of cybercriminals are persistent, exploiting zero-day vulnerabilities that often leave security experts unaware of the holes in their networks until the damage has already been done,” said Ashar Aziz, FireEye founder and CTO.  “To fill in the gap in network defences, the FireEye technology is able to monitor both inbound and outbound attacks, identifying and blocking the activities of today’s most advanced cyber attacks.”

The seven zero-day flaws discovered by FireEye this year are:

* CVE-2012-4792, Internet Explorer:  Allowed remote attackers to execute arbitrary code via a crafted website that triggers access to an object that was not properly allocated or was deleted.
* CVE-2013-0422, Java:  Retrieved a template from the Web and created a full screen window demanding payment using some kind of social engineering scheme to scare the victim.
* CVE-2013-0634, Flash:  Allowed remote attackers to execute arbitrary code or caused a denial of service (memory corruption) via crafted SWF content.
* CVE-2013-0640, CVE-2013-0641, PDF:  Designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.
* CVE-2013-1493, Java:  Allowed successful unauthenticated network attacks via multiple protocols, which resulted in unauthorised operating system takeover including arbitrary code execution.
* CVE-2013-1347, Internet Explorer:  Allowed remote attackers to execute arbitrary code via a crafted website that triggered access to an object that was not properly allocated or was deleted.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo