Posts Tagged ‘zero-day’

Plesk Zero-Day Exploit

Plesk Zero-Day Exploit

Published zero-day exploit to attack the system with Plesk control panel

More than 360,000 Apache websites imperiled by critical Plesk vulnerability

Publicly available attack code exploits remote-code bug in Plesk admin panel and  allows execution of arbitrary code on the web-servers that are running Plesk (the web hosting control panel).

The problem is tested on systems with Plesk 8.6, 9.0, 9.2, 9.3 and 9.5.4 running under Linux and FreeBSD (other systems have not been tested and may also vulnerable). The vulnerability remains unpatched. According to preliminary estimates, the Web is about 360,000 potentially vulnerable servers on which the panel is installed Plesk. (more…)

internet explorer logoThis vulnerability was used to attack visitors to the site of the Council on Foreign Relations, United States.

Microsoft has published an advance notice of the fact that today, 14 January, at 10:00 PST, will be available security update, which will eliminate the zero-day vulnerability in the browser Internet Explorer.

Recall that on December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the pages of an exploit for a previously unknown vulnerability in Microsoft Internet Explorer. Subsequently FireEye published in his blog analysis of malware, which has been used by hackers. (more…)

HackersUnidentified hackers posted on the compromised site exploit to a zero-day vulnerability in IE.

December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the site exploits a previously unknown vulnerability in Microsoft Internet Explorer.

First started talking about breaking only on December 27. Representative of the Council on Foreign Relations, David Mikhail said that the organization is aware of a security incident, and is being investigated.

December 28th the company FireEye blog published an analysis of malicious software that has been used by hackers. According to the analysis FireEye, attackers have used Adobe Flash for the preparation of dynamic memory on the system of the victim (heap spray) for the successful operation of a zero-day vulnerability in Microsoft Internet Explorer. The exploit has been designed for users who have a browser is the default put English, Chinese, Japanese, Korean or Russian. (more…)