Two out of seven bulletins in today’s Microsoft Patch Tuesday are tagged as critical while the rest are marked as important. The critical bulletins addressed a number of vulnerabilities found existing in Microsoft Office and Internet Explorer, which when exploited could allow remote code execution, thus compromising the security of the systems.
Perhaps the most interesting bulletin here is MS14-035, which resolves flaws in Internet Explorer versions 6 to 11, can be abused via a specially crafted web page and can possibly ...
OpenSSL has recently released six security updates addressing vulnerabilities found in OpenSSL. As of this writing, there is no reported exploit leveraging these vulnerabilities in the wild. The security patches cover the following vulnerabilities:
SSL/TLS MITM vulnerability (CVE-2014-0224)
DTLS recursion flaw (CVE-2014-0221)
DTLS invalid fragment vulnerability (CVE-2014-0195)
SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (CVE-2014-0198)
SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)
Anonymous ECDH denial of service (CVE-2014-3470)
When SSL/TLS MITM vulnerability is exploited via man-in-the-middle attacks, it can allow remote attacker to change traffic from any vulnerable client ...
In the recent 2H-2013 Targeted Attack Roundup Report we noted that we have been seeing several targeted attack campaign-related attacks in Taiwan.
We are currently monitoring a campaign that specifically targets government and administrative agencies in Taiwan. We are naming this specific campaign PLEAD because of the letters of the backdoor commands issued by the related malware.
The point of entry for this campaign is through email. In the PLEAD campaign, threat actors use the RTLO (right to left override) technique in order ...
We've previously discussed how difficult it is to safely connect to networks when on the go. This is particularly true on vacations and holidays, where the availability of Internet access is one of the most important factors when looking for a place to stay. In fact, many holiday lodges and hotels today have made Wi-Fi access an integral part of their offered amenities. With all the fun and relaxation set before you, it is easy to take secure Internet access for granted.
This month’s Patch Tuesday features eight bulletins, the most number of bulletins released for the year so far. Out of the eight bulletins, two are rated as ‘critical’ and the remaining, ‘important.’ While Microsoft may have released an out-of-band update for Windows XP to address a (then) zero-day vulnerability, updates for that OS are noticeably absent for this rollout.
Aside from the eight bulletins, this Patch Tuesday also includes the out-of-band security patch that was released two weeks ago addressing an ...