In what has become a familiar scenario over the last couple of years, attackers have compromised a key Tibetan web site and loaded it with code that redirects some users to a third-party site that installs an APT-style backdoor. The attack has hit the Web site of the Central Tibetan Administration, a site belonging to[...]
Browsing Category: Microsoft
Microsoft will ship three critical bulletins among its August 2013 Patch Tuesday security updates, including patches for critical, remotely exploitable vulnerabilities in IE, Exchange Server and Windows.
Microsoft issued an advisory warning of a weakness in the PEAP authentication protocol for Windows Phone 8.
Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats.
Nearly two months after the company was part of an operation to disrupt a large number of Citadel botnets, Microsoft said that 88 percent of the botnets spawned by that malware have been taken down.
This month’s Patch Tuesday security bulletins called attention to vulnerabilities in the Windows kernel’s font-processing engine, which had been exploited previously in Duqu and other targeted attacks.
Just a few weeks after announcing its first bug bounty programs, Microsoft is already set to pay out a reward to a researcher from Google who discovered a vulnerability in Internet Explorer 11.
Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that’s being used is capable of bypassing both ASLR and DEP.
Bug bounty programs can be as much as 100 times more cost-effective for finding security vulnerabilities than hiring full-time security researchers to do the same thing. New research from the University of California at Berkeley, which focused on bug bounty programs run by Google and Mozilla, found that each of these programs has cost the vendor about $400,000 over the course of three years, far less than it would’ve cost to hire employees to find the same number of vulnerabilities.
Microsoft’s July Patch Tuesday security bulletins patch numerous critical vulnerabilities, including some related to malicious TrueType Font files used in a number of high-profile targeted attacks.