Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day

Microsoft rushes out patch for Internet Explorer zero‑day

There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day

Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan. ESET researchers have discovered a new malware campaign misusing stolen digital certificates. We spotted this malware campaign when our systems marked several files as suspicious. Interestingly, the flagged files were digitally signed using a valid … More Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

Millions of readers who visited popular news websites have been targeted by a series of malicious ads redirecting to an exploit kit exploiting several Flash vulnerabilities. Since at least the beginning of October, users might have encountered ads promoting applications calling themselves “Browser Defence” and “Broxu” using banners similar to the ones below: These advertisement … More Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads

The security review: BlackEnergy, Internet Explorer and Fitbit

Expert insight into BlackEnergy attacks in Ukraine, thoughts on Microsoft ending support for older versions of Internet Explorer and the implications of the third-party Fitbit hack on the Internet of Things … we’ve got you covered for all the important security stories from the past seven days. Insight into the BlackEnergy attack on Ukrainian energy … More The security review: BlackEnergy, Internet Explorer and Fitbit