Cisco kills leaked CIA 0-day that let attackers commandeer 318 switch models
Cisco Systems has patched a critical flaw that even novice hackers could exploit using Central Intelligence Agency attack tools that were recently leaked to the Internet. As previously reported, the zero-day exploit allowed attackers to issue commands that remotely execute malicious code on 318 models of Cisco switches. The attack code was published in early March by WikiLeaks as part of its Vault7 series of leaks, which the site is...
Microsoft’s recent success in blocking in-the-wild attacks is eerily good
Enlarge (credit: Stephen Brashear / Getty Images News) Microsoft engineers have neutralized a series of attacks that took control of targeted computers by exploiting independent vulnerabilities in Word and Windows. Remarkably, the software maker said fixes or partial mitigations for all four security bugs were released before it received private reports of the attacks. Both versions of the attacks used malformed Word documents that...
Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable
Enlarge (credit: Timothy A. Clary/AFP/Getty Image) A massive and rather embarrassing remote code execution vulnerability has been discovered in Microsoft’s MsMpEng, the malware protection engine used by Windows Defender, Microsoft Security Essentials, Microsoft Forefront, and Microsoft Endpoint in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Notably, Windows Defender is installed by default on...