Summary: This vulnerability affects: Probably all current versions of Internet Explorer (IE), but the targeted exploit only affects IE 8 and 9 How an attacker exploits it: By enticing one of your users to visit a web page containing malicious content Impact: In the worst case, an attacker can execute code on your user’s computer, potentially gaining complete control of … [Read more...]
WatchGuard Security Week in Review: Episode 63 – Patch Bonanza
Zero Day Patches, Nasty New Malware, and Jailed Hackers Ready for a dose of InfoSec news? Your weekly security highlights reel is spooled up and ready to go. This week was all about software updates. Not only did Microsoft and Adobe's monthly Patch Day bring us patches for critical zero day vulnerabilities, but we saw security updates for Firefox and iTunes as well. In today's … [Read more...]
WatchGuard Security Week in Review: Episode 62 – Major Cyber Heist
The Onion Hack, IE8 0day, and ATM Cyber Heist Are you an over-worked IT administrator with no time to learn about the latest internet threats? Do you want to keep your network safe, but don't know what the bad guys are up to? If that's you, then our weekly information security highlights video is just the thing for you. For just three easy payments of... well, nothing... you … [Read more...]
H.D. Moore Unveils Major UPnP Security Vulnerabilities
This week, H.D Moore, the creator of Metasploit, and now CSO of Rapid7, released a detailed report unveiling his team's months-long research into the security of the Universal Plug and Play (UPnP) protocol. If you haven't heard of it, Universal Plug and Play (UPnP) is a set of networking protocols intended to allow network devices to automatically find one another and then … [Read more...]
Final IE 0day Update: Microsoft Out-of-Cycle Patch Available
If you've read my two posts [ 1 / 2 ], and watched this week's video, you already know all about the zero day vulnerability plaguing Internet Explorer (IE) this week. In my last update, I mentioned Microsoft promised to release a full, out-of-cycle patch for this serious vulnerability today. True to their word, they did just that. Since you know all about this flaw already, I … [Read more...]