FireEye and Kaspersky had zero-day vulnerability bugs in their software.
http://www.zdnet.com/article/fireeye-kaspersky-hit-with-zero-day-flaw-claims/
It is not news that software has flaws, and that some flaws are vulnerabilities that can be exploited by hackers. What is news is that FireEye is a cybersecurity company:
With firewall devices among their product lines.
http://www.theregister.co.uk/2015/09/08/fireeye_0day/ Says that the security researcher put the exploit on the net before disclosing to FireEye over 18 months. Apparently the reading between the lines is that there was an expectation of payment for the disclosure (like bug bounties paid for Chrome bugs).
Apparently even the supposed “good guys” don’t always do the right things when it comes to money.
But the fact that FireEye has a bug is not news, what is news is that the security researcher went public before notifying FireEye.
In the security industry it is not a good idea to make these public statements, as companies want to fix the bugs on their own time. Whereas the security researcher (and journalist) looks for sensational news.
This is why we recommend that everyone perform due diligence and scan their computers on the Internet. It is easy for hackers to find your problems, that is why you have to spend resources to find them on your own.
http://oversitesentry.com/contact-us/
Here is another link with 7 famous hacks:
1 thought on “Newsflash: Software has bugs – 0day vulnerabilities”