Exploit kits: What are they and what is an exploit blocker?

What are exploit kits? Unwary internet users may not realize that in the course of normal browsing they can be exposed to malicious exploit kits that lurk on some websites. Exploit kits consist of malicious code to exploit one or more potential vulnerabilities in common web browsing and document viewing software. More sophisticated exploit kits … More Exploit kits: What are they and what is an exploit blocker?

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Mozilla rushes out patch for Firefox zero‑day

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people’s computers. Mozilla has rolled out a new version of its Firefox web browser to address a critical zero-day vulnerability that has been abused for targeted attacks. Details about the flaw and its exploitation are rather sparse, however. What little is … More Mozilla rushes out patch for Firefox zero‑day

Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan. ESET researchers have discovered a new malware campaign misusing stolen digital certificates. We spotted this malware campaign when our systems marked several files as suspicious. Interestingly, the flagged files were digitally signed using a valid … More Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign

Microsoft Edge bug could be exploited to spill your emails to malicious sites

Since a patch for the flaw has already been released, users are well advised to make sure that they’re running the browser’s most recent version. A Google developer has discovered a high-severity loophole that affected the Microsoft Edge web browser and, less so, Mozilla Firefox, and that could provide an attacker with access to the … More Microsoft Edge bug could be exploited to spill your emails to malicious sites

Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram

Some of the tactics used in APT attacks die hard. A good example is provided by Turla’s watering hole campaigns. This group, which has been targeting governments, government officials and diplomats for years, is still using watering hole techniques to redirect potentially interesting victims to their C&C infrastructure. In fact, they have been using them … More Turla’s watering hole campaign: an updated Firefox Extension abusing Instagram