Vulnerabilities & Exploits
- July 08, 201423 reported vulnerabilities affecting Internet Explorer versions 6 to 11 are now resolved thanks to the July 2014 patch. Microsoft issues a total of six security bulletins - patches for various products and Windows operating system components.
- July 01, 2014Isolated heap, a method where IE prepares an isolated heap for objects in IE that are prone to the use-after-free vulnerability. Isolated heap does a number of steps in occupying the memory space vacated by the object.
- June 21, 2014Signs operated by the North Carolina Department of Transportation were recently compromised by a hacker who changed them to read “Hacked by Sun Hacker Twitt Wth Me.”
- June 17, 2014A pattern emerges from the document exploits recently used by HORSMY, ESILE, FARFLI, and other targeted campaigns. Likely sourced in cybercriminal underground markets, this template exploit can be modified depending on what attackers need from their targets.
- June 15, 2014The mobile threat landscape is quickly resembling today’s PC threat landscape wherein vulnerabilities are discovered one after another. Each new bug is more damaging than the one before it. And a lot of these bugs could lead to data theft or device infection i
- May 26, 2014Adobe released a security update for a Flash Player zero-day vulnerability that leaves PCs at risk to information theft and bot infection. The said vulnerability already has an exploit which target business environments.
- May 26, 2014A new Internet Explorer zero-day exploit has emerged again, affecting roughly 23% of all destop browser users. Attackers again used social engineering tactics against their targets. How does this affect Microsoft XP users now that support has ended?
- May 23, 2014PLEAD, a new targeted attack campaign that was found targeting Taiwanese agencies just a week after similar targets were attacked using a Microsoft zero-day exploit. PLEAD uses phishing emails mixed with RTLO and Windows vulnerability techniques to ensnare vic
- May 12, 2014Two separate attacks were seen targeting government agencies and an educational institute in Taiwan. The attackers used the new Microsoft Word zero-day vulnerability and entered through a bogus email.