exploit

Wed
30
Apr
John Lister's picture

Security Experts: Stop Using Internet Explorer

The United States Department of Homeland Security (DOHS) has warned that users should switch away from Internet Explorer until a serious bug has been fixed. It's the first big security scare since Microsoft stopped supporting Windows XP earlier this ... month. The bug doesn't have a glamorous nickname and is instead simply known as CVE-2014-1776. When triggered, the bug allows for remote code execution, which means a third party would have full control over a remote PC without the need for credentials or consent from the PC owner. By clicking on a malicious link or by visiting an infected ... (view more)

Mon
14
Apr
Brandon Dimmel's picture

Is Using Windows XP Really That Dangerous?

Is it really that dangerous to continue using Windows XP? Microsoft's Windows XP has officially been decommissioned as of April 8, 2014, meaning that Microsoft will not longer support the software insofar as security updates are concerned. Without ... any security updates, Windows XP is extremely vulnerable to attack if and when an operating system exploit is discovered. And, even if one is discovered, it may or may not make headlines - which means most users running Windows XP simply won't be aware their system has been compromised. It's these types of attacks that are most dangerous ... (view more)

Fri
21
Feb
John Lister's picture

Microsoft Issues Emergency Fix for IE 9, 10 Users

Microsoft has released a temporary fix to an important security bug affecting two recent versions of Internet Explorer. The exploit has been linked to attacks that compromised a website for US military veterans. The bug affects Internet Explorer ... versions 9 and 10. It does not affect version 11, nor anything previous to version 9. That said, using an earlier version Internet Explorer less than what is currently available (depending on which version of Windows you're running) is definitely not advised. JavaScript Bug Exploits Drive-by Download Attack The exploit involves JavaScript, a ... (view more)

Wed
02
Oct
Dennis Faas's picture

Internet Explorer Exploits Could Intensify: Experts

Experts are growing increasingly concerned about a still-unpatched security flaw in Microsoft's popular web browser, Internet Explorer. According to recent reports, the vulnerability -- which first emerged in mid-September -- has been exploited on ... several occasions. Microsoft has called the vulnerability CVE-2013-3989. The firm first announced the flaw back on September 17 shortly after Microsoft became aware of its use in a number of attacks. In the days that followed Microsoft released a temporary "Fix It" tool that Internet Explorer users could manually download and install on their ... (view more)

Wed
14
Dec
Dennis Faas's picture

December Patch Tuesday Fixes Duqu Worm

Microsoft has fixed a major vulnerability exploited by the nasty Duqu Worm with its most recent Patch Tuesday series of security updates, which started rolling out yesterday. The total number of patches fix 17 vulnerabilities in Windows. (Source: ... eweek.com ) Unfortunately, the company still hasn't issued a fix for a serious browser flaw ominously known as BEAST (Browser Exploit Against SSL/TLS). The BEAST exploit was first discovered in September of this year and was responsible for cracking Paypal encrypted browser cookies. (Source: theregister.co.uk ) Of the 17 vulnerabilities noted, ... (view more)

Fri
18
Feb
Dennis Faas's picture

Microsoft Confirms Zero Day Exploit, Downplays Risk

Microsoft says it's unlikely that hackers will successfully exploit a recently discovered security bug in Windows. The company says that if the bug is abused, it would likely result in a denial of service attack instead. As noted on Wednesday, the ... problem involves system files related to Windows network file and printer sharing. Hackers are often particularly interested in exploiting such system files as they are a potential entry point between a networked computer and the outside world (via the Internet). Denial of Service Risk to Windows In this case, the Windows exploit appears to have two ... (view more)

Wed
05
Jan
Dennis Faas's picture

New Windows Exploit Opens Door to Total System Takeover

Microsoft has confirmed that a zero-day vulnerability exists in Windows XP, Vista, as well as Server 2003 and Server 2008. The bug, which first emerged in mid-December 2010, has evolved since the exploit was posted publicly. The bug was first ... discussed on December 15 at a security conference in South Korea. Since no one had yet exploited the vulnerability, there was not significant cause for concern. That's changed now that researcher Joshua Drake has released an exploit module via open-source penetration testing project, Metasploit. Exploit Opens Door to Total System Takeover Metasploit has ... (view more)

Wed
21
Jul
Dennis Faas's picture

New 'Windows Shortcut Flaw' High Risk, Affects All Users

A new Windows zero-day flaw has gone public. Known as the "Windows Shortcut flaw", the exploit affects all versions of Microsoft Windows. What's important to note is that merely opening or viewing an infected USB stick can infect a computer -- even ... on systems where Windows Autoplay is disabled. The flaw affects files which have the file extension .LNK, otherwise known as a "Windows Shortcut" file. Shortcut files are essentially copies of program icons and tell Windows where the original program is located. For example, normally one would have to click Start -> Programs ... (view more)

Thu
10
Sep
Dennis Faas's picture

Networking Bug Bad Publicity For Windows 7 Launch

Microsoft has confirmed a serious security issue affecting Windows 7 Release Candidate (RC) -- the version that was made available to the public prior to the full release of Windows 7. The problem also currently affects Windows Vista and Server ... 2008, but not Windows XP or Server 2008 R2. The issue involves the Server Message Block (SMB) system which is a part of Windows itself and is used for sharing files over a network. A bug in the system means anyone could take advantage of the exploit and use SMB to gain remote access to (and take control of) a remote computer. Temporary Solution: Block ... (view more)

Wed
09
Sep
Dennis Faas's picture

Zero-day Attack

A zero-day or "0day" attack is a computer threat that tries to exploit computer application vulnerabilities for which no security fix is yet available. Zero-day exploits are used by attackers before the software vendor knows about the vulnerability. ... The term derives from the age of the exploit. When a vendor becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of vendor awareness, meaning the vendor has not had any opportunity to disseminate a security ... (view more)

Pages

Subscribe to RSS - exploit