Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093.
MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.
This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it. The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.
As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately.
Read More »
Tags: 0-day, internet explorer, Microsoft, patch, Talos
As part of a broader “Cybersecurity Call to Action” outlined in the Cisco 2015 Midyear Security Report, Cisco has called for the development of a cohesive, multi-stakeholder, global cybergovernance framework. Investing in the development of such a framework is essential to supporting innovation and economic growth in business on the global stage.
While there has been an increasing awareness that managing cyber risks is essential to the operation of any networked system, current mechanisms are not effective to protect businesses from cyberattacks. The lack of effective global cybergovernance can prevent collaboration in the security industry, which is needed to create adaptive technologies that can detect and prevent new threats.
Without question, the Internet is only becoming more essential to organizations around the globe. They rely on it not only for everyday operations, but also for supporting new business models that provide them competitive advantage and benefit consumers. Adversaries, meanwhile, are deploying tactics that can undermine the success of any business operating in the digital economy. The Cisco 2015 Midyear Security Report makes clear that threat actors are only becoming more adept at innovating rapidly and enhancing their capacity to compromise systems and evade detection. Read More »
Tags: 2015 midyear security report, Cisco Midyear Security Report, cybergovernance, MSR, security
Update 2015-08-21: This post has been updated to reflect an additional advisory released on August 20.
Talos, in conjunction with Apple’s security advisories issued on August 13 and August 20, has released six advisories for vulnerabilities that Talos found in Apple Quicktime. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been reported to Apple and CERT. This post serves as a summary for the advisories being released in coordination with Apple and CERT.
Ryan Pentney and Richard Johnson of Talos are credited with the discovery of these vulnerabilities.
Read More »
Tags: 0-day, Apple, Talos, Vulnerability Research
Last year was one of the biggest years for retail data breaches, with credit card data from well over 106 million shoppers stolen from two of America’s largest retailers alone. The attacks shook consumer confidence, eroded brand loyalty, and cost the industry millions of dollars.
Even though the retail and security industries have been talking about compliance and security for more than a decade, breaches continue. And while research shows that compliance with PCI DSS has improved in recent years, it also shows that staying in compliance as demonstrated by passing interim assessments is another matter. Furthermore, compliance doesn’t always equal security, as it tends to focus on blocking attacks at the perimeter. Stopping attacks in the first place certainly is important, but it isn’t sufficient in an era when attackers are innovating at a pace we’ve never faced before.
Compounding the challenge is that retailers are in the midst of game-changing trends that can make or break them: creating a hyper-relevant experience for shoppers, adopting mobile Point-of-Sale (mPOS) systems, and realizing security is now a driver for consumers’ trust. Retailers who create successful strategies to innovate and embrace these trends will retain and gain more customers. But it requires a fresh approach to security.
So how should you look at and think about security differently? Read More »
Tags: point of sale, POS, retail, security, threat-centric security
Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 14 bulletins released which address 58 CVEs. Four bulletins are rated “Critical” this month and address vulnerabilities in Internet Explorer, Graphics Component, Office, and Edge. The other ten bulletins are rated “Important” and address vulnerabilities within Remote Desktop Protocol (RDP), Server Message Block (SMB), XML Core Services, Mount Manager, System Center Operations Manager, UDDI Services, Command Line, WebDAV, Windows, and the .NET Framework. Read More »
Tags: Microsoft, patch tuesday, Talos, vulnerabillity