Security flaw in IE used to target U.S. firms in cyber attack
Friday, January 15, 2010
Microsoft announced yesterday that the cyber criminals who launched a large-scale assault on network security at multiple American firms did so via a vulnerability in the company's Internet Explorer browser software.
A security alert released by the company said that IE 6 installations running on some less commonly used versions of Windows were vulnerable, as well as IE 6, 7, and 8 installations on Windows XP, Vista, Server 2003/2008, and Windows 7. Microsoft has said that it is working on a solution and could release an off-cycle update to repair the vulnerability.
CNET reports that source code was stolen from over 30 U.S. firms targeted in the attack, including Adobe, Yahoo, Symantec, and Dow Chemical, though only Adobe has issued an official confirmation that it was attacked.
Experts say that setting IE's security features to maximum prevents the attack from gaining access to valuable personal or company data. According to PC Magazine, this implies the exploit targets IE's unprivileged context, outside of which it is unlikely to cause many problems.
Related News:
Gmail security concerns provoke moves toward strict measures - 1.18.2010
After an attack by Chinese cyber criminals penetrated the network security and email systems of U.S. corporations and Chinese human rights activists living abroad, Gmail was quick to announce that it would bolster its security by making HTTPS access the default method.
Cyber attacks prompt probable Google withdrawal from China - 1.14.2010
An attempt to crack the email security protecting the accounts of several human rights activists in China and elsewhere has caused search giant Google to end its cooperative relationship with the Chinese government, and, experts say, probably cease operations in China altogether.
Spam sticks around because it works: Report - 12.29.2009
Although anti-spam utilities have grown more sophisticated and email users have grown more savvy, email spam shows no signs of slowing down, according to the St. Louis Post-Dispatch.
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
|
