Security Alerts & News
by Tymoteusz A. Góral

History
#739 Microsoft patches JScript, VBScript flaw under attack
Microsoft released a hefty load of security bulletins today, which included a patch for a JScript and VBScript scripting engine vulnerability being publicly exploited.

The flaw is addressed in its own bulletin, MS16-053, but users need to pay attention to, and apply MS16-051 as well since the attack vector is through Internet Explorer.

MS16-051 addresses the issue in IE 9, 10 and 11; MS16-053 patches the flaw in IE 7 and earlier supported versions of the browser.

The flaw, CVE-2016-0189, is one of two memory corruption vulnerabilities in the scripting engines. Both enable arbitrary code execution if a victim, via IE, lands on an attacker’s site hosting the exploit; CVE-2016-0187 is the other flaw in the scripting engines patched today. Microsoft said the flaws exist because of how JScript and VBScript handle objects in memory in IE. VBScript 5.7 is vulnerable on Windows Vista, Windows Server 2008 and the Server Core installation option, while JScript 5.8 and VBScript 5.8 are vulnerable on Windows Server 2008 R2 for x64 Systems Service Pack 1 are vulnerable on the Server Core installation only.
Read more
#749 Attackers targeting critical SAP flaw since 2013
#748 Viking horde malware co-ops Android devices for ad fraud
#747 Microsoft zero-day exposes 100 companies to PoS attack
#746 Malware parasites feed on PerezHilton.com gossip fans
#745 Wendy’s: Credit cards breach affected 5% of restaurants
#744 Mozilla launches Test Pilot, a Firefox add-on for trying experimental new features
#743 Backdoor as a software suite: How TinyLoader distributes and upgrades PoS threats (PDF)
#742 Microsoft Patch Tuesday 2016-05-10
#741 Software security suffers as startups lose access to Google’s virus data
#740 Adobe warns of Flash zero-day, patches Acrobat
#739 Microsoft patches JScript, VBScript flaw under attack
#738 Internet Explorer zero-day exploit used in targeted attacks in South Korea
#737 Checking in with spear phishing, criminals check out with hotel credit card data
#736 IBM’s Watson supercomputer takes on security
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12