Hackers target military, embassy and defense workers in Operation Pawn Storm

A group of organised criminal hackers, possibly backed by an unknown country, are targeting government, media and military organisations in the United States, Pakistan, and across Europe, according to new research [PDF] released by researchers at Trend Micro.

In an operation dubbed “Pawn Storm”, the hackers have targeted computers belonging to –

> Read More

Internet Explorer 8 Users Told Their Browser has Less Than 18 Months to Live

The single most popular browser on computer desktops around the world is Internet Explorer 8 – and its days are officially numbered.

Because, from January 12 2016, Microsoft is only going to provide support and security updates for the following operating system/browser combinations:

  • Windows Vista SP2 and Windows Server 2008 SP2: Internet Explorer 9
  • Windows Server 2012: Internet Explorer 10
  • Windows 7 SP1,

> Read More

Ten Bulletins This May Patch Tuesday; But Don’t Get Excited

While 10 patches covering 33 vulnerabilities may seem like a high number, it isn’t all bad news for IT professionals this May Patch Tuesday. Only two of the 10 patches released today are critical and both impact Microsoft Windows and Internet Explorer. The two critical-rated patches address the IE 8 zero-day that made news after attacking a website belonging to the U.S.

> Read More

Patch Tuesday August 2012: Something Old, Something New and a Little Something to Make You Blue

Several reboots affecting all versions of Windows makes August a busy patch month. Microsoft updates include patches to new problems, updates to old problems and something that may cause more work than you may have been anticipating this month.

Prioritizing the Patches

There are nine security bulletins this Patch Tuesday, five critical and four important.

> Read More

Tiger Blood, Adonis DNA, Malware … Oh My!

As sure as night follows day, malware follows the meme. And latest meme, apparently, is all Charlie Sheen, all the time.

I don’t watch much TV (read: none), and don’t read many celebrity gossip blogs (read: none), but even *I* am painfully aware of Charlie Sheen’s seemingly wacked out 20/20 special and the sundry other interviews.

> Read More

Microsoft Issues Second Out-of-Band Patch-Addresses IE Cumulative Update

Microsoft announced today they will be releasing a critical out-of-band patch MS10-018. From an impact perspective, this is a remote code execution and impacts Internet Explorer (IE) versions 6 and 7.  The unscheduled release is in response to a reported upswing in attacks against Microsoft customers as detailed in Microsoft Security Advisory 981374.

> Read More

Could Firefox 3.6 be the Answer to Aurora?

Not sure this is entirely coincidental, but Mozilla released Firefox 3.6 on Jan. 21 – the same day that Microsoft announced their out-of-band patch to the so-called Google Attack / Aurora exploit / IE zero-day. Perhaps fortuitous is a better way of putting it.

My colleagues Don Leatham and Paul Zimski have both weighed in on this week’s hubbub surrounding Google and the IE zero-day (see here and here,

> Read More

Google Attack, Aurora, IE Zero-Day – Facts, Practical Mitigation and Protection Guidance

There is a new Internet Explorer zero-day vulnerability this week that is at the center of “in-the-wild” attacks targeting large corporations including Google and Adobe.  As the research and vendor communities have been deconstructing the vulnerability, automated attack tools and various methodologies used to carry out the attack, a number of facts and mitigation steps have been identified. 

> Read More

Microsoft Issues Out-of-Band Patch – Addresses “Google-China” Attack Vector

Today, Microsoft released an out-of-band security patch: Microsoft Security Bulletin MS10-002 – Critical, Cumulative Security Update for Internet Explorer (978207)MS10-002 address the previously announced flaw in Internet Explorer that has been widely reported as the key attack vector in reported attacks against Google and other companies by entities based in China (MS Security Advisory #979352.)  Microsoft has confirmed that there are active exploits attacking Internet Explorer 6. 

> Read More

Another Zero Day Threat Discovered in Internet Explorer

The latest Internet Explorer zero day threat will unfortunately catch many off guard and will have a significant impact on many organizations that are still relying on outdated defenses.

For the past decade or perhaps longer, our way of dealing with threats has been to try to filter our way out of trouble.

> Read More

Patch Tuesday II – The Sequel

IT pros are anxiously awaiting this Tuesday’s out-of-band patches from Microsoft. The patches are supposed to add an additional layer of security to the issues for Internet Explorer, which was patched just last Tuesday, as well as handle issues within Visual Studio.

The IE issues involve the ongoing Active X saga and hopefully will provide an actual fix to the underlying code issue this time instead of applying some form of the work-around such as simply disabling the impacted code by default and calling it “fixed.”

Microsoft is taking it right down to the wire –

> Read More