Hackin9

InfoSec News


Microsoft have published a security advisory for a zero day attack being used against a targeted audience using Internet Explorer 6, 7, and 8. This atypically means corporate or business users still locked in to using these older browsers.



Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsofts recommendations to build a layered defence to protect staff.



Microsofts information on the vulnerability:



Microsoft Advisory 2794220:

http://technet.microsoft.com/en-us/security/advisory/2794220



General information and basic mitigation steps at:

http://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx



Useful technical information at:

http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx



Here is some basic analysis from FireEye on the Council on Foreign Relations website that was compromised and hosting malicious content:

http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html



Thank you to Toby and another Reader for writing in with this.



Chris Mohan --- Internet Storm Center Handler on Duty



Join Ashley Deuble for MGT 414: SANS +S Training Program for the CISSP Certification Exam in Brisbane, Australia
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft on Saturday confirmed that Internet Explorer (IE) 6, 7 and 8 contain an unpatched bug -- or "zero-day" vulnerability -- that is being used by attackers to hijack victims' Windows computers.
 
A U.S. International Trade Comission judge recommends sanctions against Samsung that include an import and sales ban on products found to infringe Apple patents, and the posting of a bond for 88% of the value of some of the devices involved in the case.
 
At the 29C3 hacker congress, security researchers from Columbia University have demonstrated how the microphone in the receiver of internet-based Cisco phones can be turned into a remotely controlled listening device


 
When it comes to Facebook users and their messages, almost nobody knows who can see or share their posts on social networks. And that's a problem that must be fixed, says Mike Elgan.
 
In the last of three parts, The H looks are what people were reading in 2012, month by month. From insecure instant messaging and plugging into the Raspberry Pi to hacked routers and Linux rootkit hacks, it's all in The H Roundup of 2012


 
Internet Storm Center Infocon Status