Security News

Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
2024-09-17 01:29

The C in these CVEs stands for Confusing Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was...

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
2024-07-24 05:56

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The...

InkySquid State Actor Exploiting Known IE Bugs
2021-08-19 20:19

The InkySquid advanced persistent threat group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. "As with the initial redirect, the attacker chose to bury their malicious code amongst legitimate code. In this case, the attacker used the 'bPopUp' JavaScript library alongside their own code."

Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
2021-07-15 05:45

Threat intelligence researchers from Google on Wednesday shed more light on four in-the-wild zero-days in Chrome, Safari, and Internet Explorer browsers that were exploited by malicious actors in different campaigns since the start of the year. What's more, three of the four zero-days were engineered by commercial providers and sold to and used by government-backed actors, contributing to an uptick in real-world attacks.

Chrome zero-day, hot on the heels of Microsoft’s IE zero-day. Patch now!
2021-06-10 18:01

Microsoft's Patch Tuesday announcement was bad enough, with six in-the-wild vulnerabilities patched, including one buried in the vestiges of Internet Explorer's MSHTML web rendering code. It's been followed by Google's latest Chrome security advisory, which includes a zero-day patch to Chrome's JavaScript engine amongst its 14 officially listed security fixes.

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks
2021-03-10 21:30

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Among those five security issues are a clutch of vulnerabilities known as ProxyLogon that allows adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.

March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
2021-03-09 19:33

Patches for four actively exploited Exchange Server vulnerabilities have already been delivered with the updates for supported versions released last week. Among the vulnerabilities patched by Microsoft on this March 2021 Patch Tuesday are several deserving extra attention.

Vendor Ships Unofficial Patch for IE Zero-Day Vulnerability
2021-02-15 14:43

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer that North Korean hackers are believed to have exploited in a campaign targeting security researchers. South Korean security vendor ENKI published a report on the IE zero-day in early February, claiming that North Korean hackers leveraged it to target its researchers with malicious MHTML files leading to drive-by downloads of malicious payloads.

Google Chrome, Microsoft IE Zero-Days in Crosshairs
2021-02-05 20:00

Google late Thursday night shipped an emergency patch to close a Chrome browser vulnerability that was being used in mysterious zero-day attacks. The Google Chrome patch, which is being pushed via the browser's automatic self-patching, covers a critical vulnerability in V8, Google's JavaScript and WebAssembly engine.

Hacking group also used an IE zero-day against security researchers
2021-02-04 17:07

An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers.