Every year there are several zero-days and tons of undisclosed vulnerabilities fixed by software vendors. 2014 was a little different. Here are some of the year's most notable, and the lessons we can learn from them.
A look into the threat landscape during the third quarter of 2014 reveals the loopholes and vulnerabilities in often overlooked targets such as routers and PoS systems that were used as attack vectors.
Microsoft has released an out-of-band security bulletin (MS14-068) that addresses a vulnerability in various versions of Windows, stating that the vulnerability is already being used in “limited, targeted attacks”.
Microsoft released 16 security updates during its Patch Tuesday release for November 2014, including one for the Windows OLE Automation Array Remote Code Execution Vulnerability that affects almost all Windows versions.
A new Shellshock attack targeting SMTP servers has been discovered. Attackers used email to deliver the exploit, which downloads and executes an IRC Bot.
Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), new attacks related to this flaw are still being spotted. These attacks contain a new routine that could prevent detection.
A recent investigation revealed that the Sandworm zero day exploit could likely be used to target GE Intelligent Platform CIMPLICITY users. Find out what it does and how you can safeguard your systems against this emerging attack.