Security Alerts & News
by Tymoteusz A. Góral

History
#2044 Google reports “high-severity” bug in Edge/IE, no patch available
A member of Google's Project Zero security research team has disclosed a high-severity vulnerability in Microsoft's Edge and Internet Explorer browsers that reportedly allows attackers to execute malicious code in some instances.

The vulnerability stems from what's known as a type-confusion bug in Internet Explorer 11 and Microsoft Edge, Project Zero researcher Ivan Fratric said in a report that he sent to Microsoft on November 25 and publicly disclosed on Monday. The disclosure is in line with Google's policy of publishing vulnerability details 90 days after being privately reported. A proof-of-concept exploit Fratric developed points to data stored in memory that he said "can be controlled by an attacker (with some limitations)." Asked by a commenter how easy it would be to bypass security measures designed to prevent code execution, Fratric wrote: "I will not make any further comments on exploitability, at least not until the bug is fixed. The report has too much info on that as it is (I really didn't expect this one to miss the deadline)."
Read more
#2049 New RaaS portal preparing to spread Unlock26 ransomware
#2048 Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
#2047 Google open-sources Chrome extension to make PGP encryption easier in Gmail
#2046 Shamoon (malware): Multi-staged destructive attacks limited to specific targets
#2045 More on bluetooth ingenico overlay skimmers
#2044 Google reports “high-severity” bug in Edge/IE, no patch available
#2043 Severe SQL injection flaw discovered in WordPress plugin (NextGEN Gallery) with over 1M installs
#2042 Siemens RUGGEDCOM NMS equipment vulnerable to CSRF, XSS
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12