http://www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/
By Kim Zetter
Security
Wired.com
01/13/16
ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities
in software that are unknown to the software maker and are therefore
unpatched. Criminal hackers and intelligence agencies use zero day
exploits to open a stealth door into your system, and because antivirus
companies also don’t know about them, the exploits can remain undetected
for years before they’re discovered. Until now, they’ve usually been
uncovered only by chance.
But researchers at Kaspersky Lab have, for the first time, discovered a
valuable zero-day exploit after intentionally going on the hunt for it.
And they did so by using only the faintest of clues to find it.
The malware they found is a remote-code execution exploit that attacks a
vulnerability in Microsoft’s widely used Silverlight software—a browser
plug-in Netflix and other providers use to deliver streaming content to
users. It’s also used in SCADA and other industrial control systems that
are installed in critical infrastructure and industrial facilities.
The vulnerability, which Microsoft called “critical” in a patch released
to customers on Tuesday, would allow an attacker to infect your system
after getting you to visit a malicious website where the exploit
resides—usually through a phishing email that tricks you into clicking on
a malicious link. The attack works with all of the top browsers except
Chrome—but only because Google removed support for the Silverlight plug-in
in its Chrome browser in 2014.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
