Recently, Microsoft addressed twelve critical security flaws related to Internet Explorer (IE). Eleven of the patched security flaws allow attackers to attain user privileges through remote code execution. Security researchers at Symantec have identified active exploitation of one of these vulnerabilities by cyber-attackers. The security flaw affects IE 6, 7 and 8.
IE remains unaffected by the vulnerability. According to Symantec, attackers are apparently trying to exploit the vulnerability through target-based attacks. Security researchers of the security firm have identified one of the attacks, wherein attackers inserted the exploit code in a compromised web hosting content of a restaurant. Successful execution of the code would result in download of a malicious file from the website. Attackers allegedly inserted the code in an iframe tag, which links to an exploit page. Attackers may send e-mails to the target victims with the link to the compromised site. Unwary Internet users, who fall prey to the attack, and visit the compromised website may inadvertently download malicious file on their computer systems.
Usually, attackers attempt to steal confidential information through sophisticated attacks. IE users must immediately install the latest patch by Microsoft. The developer issues security bulletins on second Tuesday of every month. Microsoft addressed 34 security flaws in the latest patch release. Internet users must adhere to security advisories, update the security software, operating systems and web browsers to safeguard their systems, and secure data stored on them. They must avoid responding to e-mails arriving from unknown sources and risky file extensions. They must directly visit a legitimate website, rather than clicking on a link provided in the e-mails, even when they appear to arrive from known or legitimate sources. They must also be cautious of e-mails containing images arriving from both known and unknown sources. Attackers may spoof the e-mails of legitimate companies or government bodies to trick users into believing the contents of the e-mail.
Vulnerabilities are common in software products. Independent security researchers, experts affiliated to security firms and in-house security professionals often test software products for flaws. Attackers are proactive in identification and exploitation of vulnerabilities. There is usually a time lag between the release of the patch and their implementation by Internet users. Attackers take advantage of the time lag and exploit flaws in the software products. E-tutorials, online degree programs, security blogs and cyber security alerts may help Internet users to stay informed of latest security threats and adhere to precautionary measures.
Professionals qualified in masters of security science may help enterprises in timely identification, prioritization and application of appropriate security updates. IT professionals must train employees on the safe online computing practices, and alert them on latest security threats. Employees must verify the authenticity of e-mails that ask them to download files, reveal sensitive information or visit a website to avoid falling prey to scams and social engineering attacks. E-learning and online university degree programs may help employees in understanding and implementing information security practices. Proactive security measures are crucial to identify security threats and ward off potential security breach attempts by cyber-attackers.
0 komentar:
Post a Comment