Security News

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system," Microsoft explained.

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer browser that attackers are actively exploiting in the wild - and there is no patch yet available for it. A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability for Internet Explorer. In brief... A poorly configured Elasticsearch database left an app's baby photos and videos accessible from the public internet.

Just two days after releasing Firefox 72, Mozilla has issued an update to patch a critical zero-day flaw. Some Linux distros and many businesses stick to Firefox's Extended Support Release because it gets security fixes at the same pace as the regular version, but doesn't force you to take on new features at every update.

Mozilla has patched a Firefox zero-day vulnerability that is being exploited in attacks in the wild and is urging Firefox and Firefox ESR users to update their installations as soon as possible. A day after Mozilla released Firefox 72 - which blocks fingerprinting scripts by default for all users, replaces annoying notification request pop-ups from various sites with a speech bubble in the address bar, and fixes a number of security issues - the corporation pushed out Firefox 72.0.1 with a fix for CVE-2019-17026, a type confusion vulnerability in IonMonkey, the JavaScript Just-In-Time compiler for Mozilla's JavaScript engine.

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks. Mozilla says it's aware of targeted attacks exploiting this zero-day, but no other information has been made available.

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store⁠-you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

A malicious application in the Google Play store targeted a recently patched zero-day vulnerability that affects multiple Android devices, including Google's Pixel phones. Tracked as CVE-2019-2215, the vulnerability was disclosed as a zero-day in October by Google Project Zero security researcher Maddie Stone.

From ransomware ramp up, to voice assistant privacy perils, the Threatpost team breaks down the top news stories from this past year.