Tag Archives: internet explorer

Security Never Sleeps- Internet Explorer Bug, Sonic Breaches

Internet Explorer Bug Leaks What Users Type in the URL Address Bar

“Privacy risks with new bug”

Microsoft’s Internet Explorer browser is affected by a serious bug that allows rogue sites to detect what the user is typing in his URL address bar. This includes new URLs where the user might be navigating to, but also search terms that IE automatically handles via a Bing search. Users copy-pasting URLs for Intranet pages inside IE would likely see this bug as a big issue. The bug was spotted by security researcher Manuel Caballero, poses a privacy risk.

Fast-Food Chain Sonic Confirms Data Breach

“Yet another firm dealing with insufficient security systems”

The operator of drive-in burger joints said the attack left some customer credit and debit card numbers at risk. Fast-food chain Sonic Corp. is the latest company contending with a breach of customer data.

 

Calls for crackdown on rogue rental appliance firms after data breach

“Thousands of customers at risk”

A rental appliance company has suffered a massive data breach that has leaked tens of thousands of Australian private customers’ records online, including identification documents, Centrelink records and financial information.

Amazing Rentals – a company leasing televisions, fridges and other household goods – was last week revealed to have published 26,000 personal documents involving 4,000 customers on the internet.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 116

Website Security Flaw Places Millions at Risk

“Website Platform Wix.com Vulnerable to XSS bug”

Contrast Security research engineer Matt Austin has recently announced in a blog post that a severe vulnerability that can be exploited by adding a single parameter to any site created with Wix.com. This means that over 87 million websites and their users are now in jeopardy of cyber-attacks due to an XSS bug that allows criminals to create a ‘worm.’ Worms give access to website functions and commandeer administrator accounts, essentially giving attackers full control over targeted websites.

Fake Flash Player App Targeting Banks, Social Media

“Malware running through android devices increasing attacks”

A Trojan program has caused grave concern across the banking industries in both the United States and Europe. The malware is among one of the most advanced seen targeting banking applications, particularly because it can dodge the SMS-based two-factor authentication system with ease.

Windows Vista, IE8 Pose Huge Enterprise Threat

“Represents a threat to organizations who use company networks from insecure devices”

Duo Security has reported that still over half of its customer base still run Windows Vista or Windows XP on their devices, which are notorious for being outdated and have a plethora of vulnerabilities. Many also use outdated versions of Internet Explorer and Google Chrome, which have also reached what is called “End of life status.” This means that these web browsers no longer receive security patches, and are incredibly vulnerable to modern cyber-attacks.

Arizona Man Accused of Trying to Hack University Email

“Over 75 universities targeted”

Higher education campuses nationwide have had hacking attempts on their email servers from the same attacker in recent weeks. The would-be hacker Jonathan Powell was arrested Wednesday and is now held for arraignment in Phoenix. Powell used his work computer to mine personal data from a New York school, which investigators used as evidence to track and hold him.

10Fold – Security Never Sleeps – 28

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  A Google researcher discovered critical flaw in TrendMicro that allows hackers to view all contents of a password manager program. Forbes has recently instituted a policy that visitors must turn off ad blocking software before they can view content, but that new policy left website visitors wide open to malware attacks. A survey commissioned by ISACA revealed that 83% of security professionals believe that there will be another critical infrastructure attack that will happen this year. Lastly, Windows announced today that it will no longer support older versions of internet explorer, which leaves unaware users wide open for new viruses and attacks.

Google Security Researcher Excoriates TrendMicro For Critical AV Defects – Publication: Ars Technica – Reporter name: Dan Goodin

Antivirus provider TrendMicro has released an emergency product update that fixes critical defects that allow attackers to execute malicious code and to view contents of a password manager built in to the malware protection program. The release came after a Google security researcher publicly castigated a TrendMicro official for the threat. Details of the flaws became public last week after Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, published a scathing critique disclosing the shortcomings. While the code execution vulnerabilities were contained in the password manager included with the antivirus package, they could be maliciously exploited even if end users never make use of the password feature.


How Forbes Inadventently Proved The Anti-Malware Value Of Ad Blockers – Publication: Network World – Reporter name: Andy Patrizio

A security researcher found malicious ads on Forbes after following the site’s policy that insists readers disable ad-blocking software. Forbes has taken an aggressive line against ad blockers. When it detects one running on your system, it denies you access to the content until you turn off the ad blocker. Needless to say, this hasn’t gone over very well with some people. Forbes included a prominent security research in an article called “The Forbes 30 Under 30,” which drew a number of other security researchers to check out the article. After disabling Adblock Plus, they were immediately served with pop-under malware.


83% Of InfoSec Pros Think (Another) Successful Cyberattack On Critical Infrastructure Likely In 2016 – Publication: Dark Reading – Reporter name: Sara Peters

On the heels of the cyberattack that caused a blackout in the Ukraine, the lion’s share of cybersecurity professionals think a successful cyberattack on critical infrastructure is likely to happen in 2016 — 37.56 percent high, 45.55 percent medium likelihood — according to ISACA’s latest Cybersecurity Snapshot report. (The survey was conducted Dec. 21 through Jan. 2, so it was open for a small window before the breach Dec. 23.) ISACA surveyed about 2,900 cybersecurity professionals, mostly in the United States, about their opinions on a wide variety of pressing issues, from hiring to legislation


Windows Users Face A Dangerous World With End Of Support For Older Internet Explorer Versions – Publication: ZDNet – Reporter name: Ed Bot

With the end of support for Windows XP in April 2014, Internet Explorer versions 6 and 7 finally fell off the official support lifecycle. But that still leaves four versions of Internet Explorer in widespread use. Effective today, Microsoft officially ends support for all but the latest version of Internet Explorer. This certainly shouldn’t come as a surprise; the company gave nearly 18 months of warning, starting in August 2014.