Security News

Microsoft disclosed the existence of the Internet Explorer zero-day on January 17, when it promised to release patches and provided a workaround. Microsoft has credited Google's Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability.

Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before. It's called honware, and it's a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment and IoT devices by using devices' firmware image.

In terms of bugs themselves, "[we also] saw abused for privilege escalation, had the Samsung handset exploited via baseband for the third Pwn2Own Tokyo in a row and disclosed a significantly impactful SharePoint bug later seen in active attacks," ZDI's Brian Gorenc wrote, in a blog post on Thursday. From a trend perspective, Gorenc said that 2019 saw a shift towards more reports for high-severity flaws - rather than medium-severity bugs making the bulk of advisories as they have in years past.

Organizations are not making progress in reducing their endpoint security risk, especially against new and unknown threats, a Ponemon Institute study reveals. 68% IT security professionals say their company experienced one or more endpoint attacks that compromised data assets or IT infrastructure in 2019, an increase from 54% of respondents in 2017.

ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks. Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.

ACROS Security has released a micropatch that implements the workaround for a recently revealed actively exploited zero-day RCE flaw affecting Internet Explorer. Remote code execution vulnerability affecting IE. Last Friday, Microsoft released an out-of-band security advisory notifying Internet Explorer users of a remote code execution vulnerability affecting IE 11, 10 and 9 on various versions od Windows and Windows Server, which they know is being exploited in "Limited targeted attacks".

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system," Microsoft explained.

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer browser that attackers are actively exploiting in the wild - and there is no patch yet available for it. A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability for Internet Explorer. In brief... A poorly configured Elasticsearch database left an app's baby photos and videos accessible from the public internet.