Microsoft exposed 250 million customer support records

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection. Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and … More Microsoft exposed 250 million customer support records

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Mozilla rushes out patch for Firefox zero‑day

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers. Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks. Details about the flaw and its exploitation are rather sparse, however. What little is … More Mozilla rushes out patch for Firefox zero‑day

Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day

The security review: BlackEnergy, Internet Explorer and Fitbit

Expert insight into BlackEnergy attacks in Ukraine, thoughts on Microsoft ending support for older versions of Internet Explorer and the implications of the third-party Fitbit hack on the Internet of Things … we’ve got you covered for all the important security stories from the past seven days. Insight into the BlackEnergy attack on Ukrainian energy … More The security review: BlackEnergy, Internet Explorer and Fitbit

First exploitation of Internet Explorer ‘Unicorn bug’ in-the-wild

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability, known as CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer … More First exploitation of Internet Explorer ‘Unicorn bug’ in-the-wild