Posts Tagged ‘Microsoft’


Windows 10 securityAre Microsoft actually taking security seriously this time around?

Windows has had plenty of problems with hackers because it was (and still is) the most popular operating system on the planet–but times have changed. Windows is still viciously popular, and is still the most commonly used operating system for desktop devices, but hackers have different priorities these days.

As a hacker, why bother trying to break into the ever updating Windows system to gain access to a company’s systems when their employees will click a hacker’s links in Twitter? Why hack a Windows computer to get financial information, when hackers can crack your PayPal or Skrill passwords and wire themselves as much money as they like? The answers to people’s secret questions for their bank accounts can be found by the information they have added to Facebook, and people will happily download unchecked and free apps to their phones. (more…)

Security NewsHot Cyber Security Weekly News

Dear readers, today we offer you a selection of the five  hot news in the field of Cyber Security over the past week:

  • Slider Revolution Plugin Critical Vulnerability Being Exploited;
  • Microsoft, eBay apps open to man-in-the-middle MITM attacks;
  • A previously unknown variant of the APT backdoor XSLCmd – OSX.XSLCmd;
  • Hackers break into server for Obamacare website;
  • Facebook will teach users to protect private data. (more…)
New Vulnerabilities

0day-exploit for Internet Explorer

Microsoft warns users of Internet Explorer, what the attackers began to exploit a new previously unknown 0-day vulnerability in browser IE 6-10.

Now specialists are working on the release of the patch, which will included in automatic updates. But the danger is so great that people are asked to self-install the patch Fix It, which released an emergency basis. Before you install it you need to install the September patch KB2870699.

Vulnerability CVE- 2013-3893 refers to the browser Microsoft Internet Explorer 6-10 under all versions of the OS, other than Server Core, and allows for remote code execution. According to the official description, the failure is due to improper browser access to an object in memory that has been deleted or incorrectly placed. Exploit the remote execution of code means that an attacker can install malicious software on your computer, just pointing it on outside web page (the attack drive-by). (more…)

Microsoft

Microsoft Security Bulletin

Microsoft Corp. today released the July set of patches for their products by removing six unique vulnerabilities that affect most modern products of the company.

It is interesting to note that three of the vulnerability associated with the way Microsoft software handles fonts. “Working with fonts in the operating system has become really difficult, there is a real-time process that started at the time of printing and this complexity may be the subject of attack,” – says Wolfgang Kandek CTO, Qualys.

The number of critical security vulnerabilities that have been eliminated at this time is higher than average. As a rule, the entire set of vulnerabilities, the company produces 2.1 bulletin describing the critical bugs, but this time there were three of these vulnerabilities – MS13-052, -053 and -054. All related to the rendering system Microsoft TrueType Fonts. (more…)

MicrosoftMicrosoft says about the “freeing” of two million computers of botnet Citadel

Microsoft says that earlier this month, the company has blocked the work of a large botnet Citadel, which allowed “to free” about 2 million computers worldwide. Previously, these machines have been infected with malicious software and used to steal more than $ 500 million from bank accounts.

“We definitely liberated more than 2 million PCs worldwide. This is a very conservative estimate,” – said Richard Boscovich, Assistant General Counsel for Microsoft Digita Crimes Unit. “Most of the machines worked in the U.S., Europe and Hong Kong.” (more…)

MicrosoftAs part of a joint operation by Microsoft and the U.S. FBI blocked the work of botnet Citadel, which specialize in the theft of personal information and bank details.

At the same time, Microsoft warned that the size and complexity Citadel such that the operation is not likely to destroy Citadel allow 100%. The company also pointed out that some of the other botnets have been associated with the Citadel and in a joint operation could be affected by other botnets.

Botnets are networks of computers infected with malicious software, which is controlled by cyber-criminals and they are used, as a rule, to send spam, spread viruses, attack other computers and servers, as well as for other types of illegal IT activities for botnet operators. (more…)

Microsoft

Fix to update MS13-036

Microsoft has released an update for computers affected by the detected error in one of the security bulletins that were released last week. Fix – is ​​a program to recover that can automatically remove the update.

The company introduced the users to boot the image file used to create the backup DVD or USB-disk, which can remove security updates automatically.

The  ISO image, can be used to write data. For Windows 8 developers have native support for ISO-files within Windows Explorer. (more…)

Microsoft Security Bulletin

Microsoft Security Bulletin

Microsoft Security Bulletin Summary for April 2013

In March 2013, Microsoft released seven security bulletins that fixed 20 vulnerabilities.

In April 2013, Microsoft released nine security bulletins that were fixed three vulnerability high level and 11 low level risk vulnerabilities. (more…)

internet explorer logoThis vulnerability was used to attack visitors to the site of the Council on Foreign Relations, United States.

Microsoft has published an advance notice of the fact that today, 14 January, at 10:00 PST, will be available security update, which will eliminate the zero-day vulnerability in the browser Internet Explorer.

Recall that on December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the pages of an exploit for a previously unknown vulnerability in Microsoft Internet Explorer. Subsequently FireEye published in his blog analysis of malware, which has been used by hackers. (more…)

internet explorer logoMicrosoft has released an emergency fix for browser Internet Explorer, which has been fixed a vulnerability exploited by hackers on the Internet to break into computers.

Error is in the older versions of the browser, the latest IE 10 is not affected by the problem. According to the company, the problem is fixed in the code of Internet Explorer 6, 7 and 8. The company said about first problem on Saturday, promising as soon as possible to release a fix.

In the anti-virus company Symantec said that already committed a wave of attacks that exploit the vulnerability. In attacks malefactors try to place a malicious code of Bitfrose which first representatives appeared in 2004 on attacked computers. Bitfrose is the backdor allowing the organizer of attack to abduct from the user computer various data. Now the most part of attacks with use of the last representative of Bitfrose is concentrated in the USA. (more…)