Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day

What you may be getting wrong about cybersecurity

Attention-grabbing cyberattacks that use fiendish exploits are probably not the kind of threat that should be your main concern – here’s what your organization should focus on instead. When we hear about breaches, we assume that attackers used some never-before-seen, zero-day exploit to breach our defenses. This situation is normally far from the truth. While … More What you may be getting wrong about cybersecurity

Microsoft rushes out patch for Internet Explorer zero‑day

There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day

Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

ESET research discovers a zero-day exploit that takes advantage of a local privilege escalation vulnerability in Windows. In June 2019, ESET researchers identified a zero-day exploit being used in a highly targeted attack in Eastern Europe. The exploit abuses a local privilege escalation vulnerability in Microsoft Windows, specifically a NULL pointer dereference in the win32k.sys component. Once … More Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks

PowerPool malware exploits ALPC LPE zero-day vulnerability

Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability

Translating power grid security concerns into action

On the heels of our recent investigations into threats against critical infrastructure like power grids, transportation and other systems that we count on every day, public agencies and private parties alike wonder if we can trust the power grid (see this selection of WeLiveSecurity articles). I was recently invited to speak at a Lexington Institute Capitol Hill … More Translating power grid security concerns into action

Adobe warns of Flash zero-day vulnerability, being actively exploited by online criminals

As I write this, if you’re running Adobe Flash on your Windows, Mac, Linux or Chrome OS computer you’re potentially at risk. Adobe has issued a security advisory, warning of an as-yet unpatched critical security hole in its popular Flash player software that is reported to being actively exploited by criminals in the wild. No … More Adobe warns of Flash zero-day vulnerability, being actively exploited by online criminals