Tuesday, September 8, 2015

FireEye 0-Days for Sale

Two security researchers, Kristian Hermansen and Ron Perris, found four zero-day vulnerabilities within FireEye's solution. They've blown one of the vulnerabilities on the internet to prove that what they have is a big deal and that there's more to come. Shortly after they leaked the first 0-day the researchers announced that the remaining vulnerabilities are now for sale. This comes after 18 months of frustration from the researchers attempting to have the vulnerabilities fixed, without no avail. This is either an exaggeration or they weren't submitting the vulns to the FireEye bug bounty (which I seem highly unlikely).

This becomes a major concern for FireEye, and it's customers using their products, since they pride themselves on finding 0-Day vulnerabilities as part of their offering and now have multiple ones available for sale against their product. You can read FireEye's White Paper and view on why finding 0-Day threats are so important on their website.

Vulnerabilities are found every day against major software vendors, but when it comes to 0-day vulnerabilities  being found against the largest security company detecting these attacks, it starts getting some attention.

We'll see how this plays out.

No comments:

Post a Comment