Web Security

Flaw in Core IE 8 Component Could Enable Remote Attacks

There’s an unpatched vulnerability affecting Internet Explorer 8 running on most current versions of Windows that could give attackers the ability to run code on remote machines. The flaw is a memory leak that gives attackers key information on the location of a specific address in memory, even with memory protections such as ASLR enabled.

Facebook Employees Crack Admin Security

Senior engineers at Facebook responsible for SRE (site reliability
engineering) challenged Facebook employees to try to compromise him and
gain access to Facebook’s administrative system via information obtained
from him. They succeeded. Read the full article. [TechCrunch]

The infection routines being used by some scareware and rogue AV gangs are much more comprehensive and far-reaching than many current analyses have shown, experts say, including some attacks that not only place a malicious script on a compromised server, but infect every single legitimate script on the server, as well.

In a move hailed by privacy advocates, Facebook deployed a
feature that allows its users to better control what personal
information can be accessed by third-party applications and websites. Read the full article. [The Register]

Guests who recently stayed at Destination Hotels & Resorts may have been
victimized by compromised
point-of-sale systems. The company refused to release many details of
the incident citing an ongoing investigation by the FBI. In a note posted to its Web site said that it had “uncovered a malicious
software program inserted into its credit card processing system from a
remote source.” Read the full article. [Computerworld]

A developer figured out that Foursquare had a privacy leak because of how it published user check-ins on web pages for each location. He logged 875,000 in San Francisco. Foursquare is aware of the bug. Read the full article. [Wired]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.