So during the past weekend, Microsoft confirmed an Internet Explorer 0-day that is actually being used in targeted online attacks. Vulnerability in Internet Explorer Could Allow Remote Code Execution It will be interesting to see if they push an out of band patch for this one or just wait for the next Patch Tuesday. It’s […]
internet explorer security
2 Different Hacker Groups Exploit The Same IE 0-Day
It hasn’t been too long since the last serious Internet Explorer 0-day, back in November it was used in drive-by attacks – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. And earlier last year there was an emergency patch issued – Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit. […]
Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
So another IE 0-Day has been uncovered, and is in use in the wild for drive-by attacks on unwitting web users. I have to say, technically speaking, this attack is rather impressive – in terms of the exploit, the delivery method and the way that it runs. It retrieves the PE headers from a DLL […]
Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability
There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been known about for at […]
Clever Attack Allows Theft Of Names & Addresses From IE & Safari
There has been some very clever attacks lately, especially involving browsers and the kind of data they can leak when probed the right way. The biggest press recently was generated by the history leak that occurs in most browsers. Another clever attack that got some coverage lately was tabnapping and the latest is another fascinating […]