[Cyber Security 2015] Critical Vulnerability in Microsoft Internet Explorer

---

Microsoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

New Dangerous Critical Vulnerability in CMS Drupal

Dangerous vulnerability has been fixed in Drupal. The most serious issue outlined in the advisory (CVE-2015-3234) allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

The victim must have an account in a certain OpenID-providers for a successful attack.

Vulnerabilities identified in the module OpenID, allows a potential attacker to log in as an administrator. However, for a successful attack the victim must have an account associated with the OpenID-providers (for example: Verisign, LiveJournal, StackExchange, and some other). (more…)

Latest Security News of Monday, July 22, 2013

The website of Apple developers has been hacked

The American company Apple was forced to disable a service for application developers because of a hacker attack, according to the company’s website.

In a statement, the company stated that the attack on the site started last Thursday, and was likely to intruders personal information of registered users of the resource.

“Confidential information are stored in encrypted form, and access to it was closed, but we do not exclude the possibility that the names, addresses and e-mail addresses of some users might fall into the wrong hands,” – said in a statement.

At the moment our specialists are working on strengthening security, software update and restore databases. The exact start time of the resource is not reported. (more…)

VMware Patches a critical vulnerability in VMware View

VMware this week released a patch for the product VMware View, eliminating critically dangerous vulnerability that could allow unauthorized users to gain access to the target file system.

“VMware View contains a critical vulnerability when working with directories, allow unauthorized users to get the directories and files from the server View. Exploitation of this vulnerability could result in the release of classified information to the server,” – the document says VMware.

This vulnerability became aware of Digital Defence, which has warned VMware in October this year. Independent experts say that in this case the risk is mainly exposed to large corporate users who are using virtualization in their networks. In this case, the potential employee, an attacker could gain access to restricted files on the server and PC with VMware View. (more…)