Content

0.5-day IE exploit

"Security researchers have published a zero-day exploit for Internet Explorer this week that allows remote code execution on most variants of Windows. The vulnerability targeted by the exploit was originally announced in May as a stability issue resulting in the browser closing. "

So, a DoS vulnerability that turns out to be a remote exploit. M$ knew about it at least since May and did find the remote exploitability, but some clever hackers did. For the most part I treat DoS vulnerabilities as if they could lead to remote code execution (if they deal with memory, not the TCP SYN flood type DoS).

Full Article

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.