Microsoft announced this afternoon that the zero-day vulnerability being exploited in a watering hole attack against an unnamed U.S.-based NGO website was already scheduled to be patched in a cumulative Internet Explorer update tomorrow. The zero-day was reported publicly on Friday by FireEye researchers and today a few more dots were connected on the attack, which is dropping a variant of the McRAT Trojan that has been used in a number of targeted espionage attacks targeting industrial secrets. Read more @ Threatpost
Category: Security Alerts
In a post on its Technet blog, Microsoft said the attacks observed so far against the vulnerability have been “carefully carried out against selected computers, largely in the Middle East and South Asia.” It added that the exploit needs some user interaction because it arrives disguised as an email that entices potential victims to open a specially crafted Microsoft Word attachment.
An Israeli security firm will expose a flaw common to thousands of iPhone and iPad applications, which allows miscreants to hijack software using man-in-the-middle attacks. “We identified a very large number of applications that are vulnerable to this problem,” Skycure’s CTO Yair Amit told The Register. The programming error will be revealed at the RSA Europe conference in Amsterdam on Tuesday. “Usually we go through responsible disclosure and contact specific vendors of programs, solve it, then talk about it. In this case it’s an interesting challenge in that there’s a huge amount of applications, too many to have an organized disclosure route, so we give developers the information they need to fix the applications.” Read More… Source: The Register
Ransomware is a type of malware that stops you from using your computer until you pay a certain amount of money (the ransom). It is also called “FBI Moneypak” or the “FBI virus” as it often uses the FBI or local police logos and asks you to pay using Green Dot MoneyPak. There are two types of ransomware. Lock screen ransomware – which uses a full-screen image or webpage to stop you from accessing anything on your PC. Encryption ransomware – which locks your files with a password, stopping you from opening them. Most ransomware shows a notification that says your local authorities have detected illegal activity on your PC. They then demand you pay a “fine” to avoid prosecution and to get access to […]
October 2013 marks the first time Oracle has patched Java on the same quarterly cycle as other products, Java updates previously arrived on a four month cycle. “The update addresses 51 vulnerabilities, with 12 vulnerabilities having the highest CVSSv2 score of 10, indicating that these vulnerabilities can be used to take full control over the attacked machine over the network without requiring authentication,” warns Wolfgang Kandek, CTO at cloud security firm Qualys in a blog post.
Search The Security Pub
Active Directory Adobe Adobe Hack Android Anti-Malware Apple Best Practices Breach Data Breach Documentation Facebook Google Guidelines Information Security News Internet ios ipad iphone Java 7 Java Security Patch Malware Malwarebytes Man in The Middle Attacks Microsoft Mobile Security MS Hotfixes Oracle passwords Phishing Polls PowerShell Command Privacy security Security Groups Security Policies Security Policy Smartphone Software SSL Standards Tablet VBScript Vulnerabilities Vulnerability Web Security
Logging and Log Management
Author: Anton Chuvakin
- Apple Releases Security Updates for OS X, Safari, iOS and Apple TV January 28, 2015
- Linux "Ghost" Remote Code Execution Vulnerability January 27, 2015
- Security Advisory for Adobe Flash Player January 26, 2015
- IC3 Releases Alert for a Scam Targeting Businesses January 24, 2015
- FBI Releases "Ransomware on the Rise" January 23, 2015
- <a href="#" onclick="window.open('https://www.sitelock.com/verify.php?site=thesecuritypub.com" ,'SiteLock','width=600,height=600,left=160,top=170');" >