Microsoft is keeping it light this September after releasing 13 security bulletins last August. The vendor released five security bulletins this month, all of which were rated "important." These bulletins resolve 15 flaws found in several software. One of the bulletins addresses five vulnerabilities (MS11-072) in Microsoft Excel and affects even the newest and Mac versions of the program. To successfully exploit these, a potential attacker needs to create malicious Excel files and distribute these via different social engineering ...
If you are a frequent reader of this blog, you are more or less already familiar with denial-of-service (DoS) attacks. Such an attack typically targets specific systems or servers and "floods" it with information in order to prevent legitimate users from accessing information or services.
This time around, we observed a DoS attack exploiting a specific vulnerability. This is different from the usual known DoS attack methods. DoS attacks are typically done by flooding the target site with traffic (SYN flooding, ...
This month, 13 is a(n) (un)lucky number as Microsoft released 13 security bulletins to resolve 22 vulnerabilities for today's August Patch Tuesday. This month's bulletins include fixes for reported bugs in Internet Explorer, Windows, Office, and Virtual Studio, among others.
Two of these bulletins have been deemed "critical" by Microsoft, such as that with five undisclosed and two publicly reported bugs in Internet Explorer. The most severe of these vulnerabilities may lead to an attacker executing a malicious code on the system. ...
We were recently able to analyze a certain attack that compromised numerous e-commerce websites in order to steal credit card information from potential customers.
The affected websites were found using osCommerce, an open source e-commerce solution that allows users to easily manage their online shops.
Based on our analysis, more than 90,000 pages were compromised. The attackers inserted an iframe that leads to certain URLs in each of these sites, triggering several redirections. The redirections finally lead to an exploit kit that ...
After last month's relatively light security update, Microsoft released 16 bulletins to address 34 vulnerabilities. Nine of these bulletins were tagged "critical" while the remaining seven were deemed "important." The patch release contains fixes for bugs in Microsoft Windows, Microsoft Office, Internet Explorer (IE), and Silverlight, among others. Most of the updates also require a system restart, making deployment a possible issue for IT administrators.
Trend Micro earlier worked with Microsoft regarding a vulnerability that was addressed in this release, specifically one found in IE (CVE-2011-1252). ...
