Archives for Securitycurrent

Browsing Security. Again. Major Vulnerability in IE.

security-current

Here we go again. A major zero day vulnerability in a widely deployed application, Internet Explorer, has been discovered. The usual cycle of discovery-disclosure-patch-announcement-exploitation has bee reversed this time. FireEye Research Labs discovered the exploit being actively used in what they have dubbed “Operation Clandestine Fox.”

The fact that a zero day in IE6 through IE11 is actively being exploited induced DHS CERT to warn people to stop using Internet Explorer until a patch is available. Millions of people stopped using IE many versions ago, so they are not impacted by this new attack vector. Of course all browsers have their issues; as Dan Kaminsky Tweeted “All browsers have 0day, and lots of it.”

Full Article


Read More