New vulnerability endangers Internet Explorer users

By: Doug Zbikowski

iewarn

UPDATE (May 1, 2014, 1:30pm ET): Microsoft has released an emergency patch for the Internet Explorer vulnerability. In a surprise move, they also released an update for Windows XP! Head over to Windows Update to get it.

A new bug has been discovered that could put Internet Explorer users at serious risk. Until the problem is fixed security experts are calling on users to switch to an alternative browser such as Google Chrome or Mozilla Firefox. In a rare move, the US Government is advising to users to switch to another browser until Internet Explorer is fixed.

On April 26th, 2014, Microsoft announced that all versions of Internet Explorer are at risk for “drive-by” attacks from malicious websites. This new vulnerability, dubbed CVE-2014-1776, has the potential to give hackers direct access to your computer, allowing infected web sites to install malicious applications, create new Windows accounts, and change or delete data stored on the computer. Disturbingly, these attacks have actually been observed in the wild by Internet security firm FireEye, who started observing this type of attack as early as February. Microsoft says attacks seem to be coming from websites that feature advertisement feeds or user-provided content where an attacker could insert malicious code. At this time it is unknown whether Microsoft will release an emergency patch or wait until patch Tuesday on May 13th to fix the vulnerability. Continue reading “New vulnerability endangers Internet Explorer users”

Security Firms Recommend Disabling Java Due To New Exploit

Security researchers are recommending users disable Java on their computers after an exploit has been discovered that could possibly allow a malicious website to take control of your computer.

Java, a set of software tools that allows advanced features to run on websites, currently has a vulnerability that can allow an attacker to run unauthorized applications on a vulnerable computer. Being a zero-day vulnerability, antivirus firms and Oracle (the manufacturers of Java), have not had time to implement a fix, leaving both PC’s and Macs unprotected until a patch becomes available. Security firm Alien Vault as reported websites using this exploit are already showing up in the wild. Continue reading “Security Firms Recommend Disabling Java Due To New Exploit”

Security Alert for Internet Explorer Users

Microsoft URGES everyone to install security tool

UPDATE: Microsoft has released a patch to fix this security issue as of 9/22/12. Please run Windows Update to make sure you are patched.

 

This week, Microsoft is urging Windows users to install a security tool to protect against a newly discovered bug in Internet Explorer.

This security issue may allow hackers to take control of infected PCs and affects all versions Internet Explorer browsers. Microsoft is currently working to patch the flaw, but their security tool should protect users in the meantime.

The free security tool, called the Enhanced Mitigation Experience Toolkit,  is available from Microsoft.

The malicious software,  known as Poison Ivy, was discovered last Friday and has the capability of stealing data and assuming remote control of infected PC’s. Being a “zero-day” infection, there are not any effective patches or protections available against it as of yet. Antivirus manufacturers are working on updates to protect against Poison Ivy, and are expected to have them available later this week.

In the meantime, be sure to install any Windows updates as soon as they are available. Check for the latest updates from Windows Update.

For free antivirus software, visit TOAST.net’s Software Page.

Update 9/20/12:

Microsoft has announced a patch for this vulnerability will be made available on Friday, Sept. 21st via Windows Update.

And the 25 Worst Passwords Are…

I’ve covered this before, but it’s worth repeating: using “password” as your password is not a good idea.

“Password”, “123456”, and the ever more secure “12345678” are the most used passwords of 2011 according to a recent report from security provider SlashData. Hackers love simple passwords, and it seems we’re making it easy for them. According to the report, sequential characters such as qwerty and 123456 are popular choices, as well as names of children and pets. Other choices such as “dragon” or “superman” are harder to explain, but may come from objects or images in the vicinity of the user. As websites require passwords to contain numbers and letters, it makes sense that we’re seeing abc123 and trustno1 on the list as well. Continue reading “And the 25 Worst Passwords Are…”

Cloud Services: Going Green Saves You Green…

Green CloudTOAST.net has been singing the praises of cloud services for years, and with good reason. Cloud based email, document systems, security, and web tools are easier to use, easier to maintain, incredibly less expensive, and now it turns out they help to save the planet. Continue reading “Cloud Services: Going Green Saves You Green…”