The Hacker News - Cybersecurity News and Analysis: emergency patch

Two days ago, The Hacker News (THN) reported about the Zero-day vulnerability in the freshly patched Adobe Flash Player . The vulnerability was exploited in the wild by a well-known group of Russian hackers, named " Pawn Storm ," to target several foreign affairs ministries worldwide. The zero-day flaw allowed hackers to have complete control of the users' machine, potentially putting all the Flash Player users at a potentially high risk. Since then, there was no patch available to make flawed utility safe. However, Adobe has now patched the zero-day vulnerability, along with some critical vulnerabilities whose details are yet to be disclosed. Yesterday, the company published a post on their official security bulletin ( APSB15-27 ) detailing the risks associated with the zero-day and how a user can get rid of them. The critical vulnerabilities are assigned following CVE numbers: CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 Also, Adobe is kn

It's time to immediately patch your Internet Explorer – Once again! Microsoft has issued an emergency out-of-band patch for all supported versions of Internet Explorer browser, to fix a critical security flaw that hackers are actively exploiting to hijack control of targeted computers. The Zero-Day flaw (assigned CVE-2015-2502 ) is a Remote Code Execution vulnerability that could be exploited when a user visits a booby-trapped website or open a malicious email on an affected machine. The security bug actually resides in the way Internet Explorer handles objects in memory. If successfully exploited, a hacker could gain the same user privileges as the current user. Therefore, users running administrator accounts on their machines as well as systems where IE is frequently used, like workstations or terminal servers, are particularly at the most risk from this vulnerability. Critical Zero-Day Vulnerability "An attacker who successfully exploited th

Microsoft today released an " out-of-band " security updates to fix a critical vulnerability in all supported versions of its Windows Server software that cyber criminals are exploiting to compromise whole networks of computers. The Emergency patch release comes just one week after Microsoft provided its monthly security patch updates. The November 2014 Patch Tuesday updates included 16 security patches, five of which were rated by Redmond as "critical." The security update (MS14-068) addresses a vulnerability in the Windows component called Microsoft Windows Kerberos KBC , authentication system used by default in the operating system. The flaw allows an attacker to elevate domain user account privileges and access rights to that of a domain administrator account. As a result, if users unknowingly or accidentally run a malicious software on their system, it could therefore be used to compromise the entire network, which could be more dangerous for those who