Tag: Microsoft

Microsoft Fixes 18 Year-Old Windows Hole Used In Attacks

At this late date, you’d like to think that all the really nasty vulnerabilities in legacy Windows systems have been identified. Wishful thinking. On Tuesday, Microsoft issued a patch for a critical, remotely exploitable vulnerability affecting Windows systems going back to Windows 95, one of 14 software fixes the company released. The vulnerability in Microsoft’s OLE (Object Linking and Embedding) code is associated with CVE-2014-6332 and is already being used in targeted attacks online. It is among the most serious discovered in recent years, exposing Windows systems to remote attacks that can bypass Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Enhanced Protected Mode sandbox in the Internet Explorer browser. The vulnerability was discovered six months ago and patched, officially, on Tuesday with MS14-064, which fixes a related OLE vulnerability, CVE-2014-6352). Microsoft has also released a stop-gap tool that customers can use in lieu of the full patch. Microsoft has also issued an […]

Europol Warns of Internet of Things Risk

In a newly released report, Europol’s European Cybercrime Center (EC3) warns that the growth of the Internet of Things (IoT) threatens to strengthen the hand of organized cyber criminal groups and make life much more difficult for police and governments that wish to pursue them. EC3’s latest Internet Organized Crime Threat Assessment (iOCTA) says the “Internet of Everything” will greatly complicate the work of law enforcement creating “new opportunities for everything from cyber criminals to state actors to child abusers. The growing numbers of connected devices will greatly expand the “attack surface” available for cyber criminal activity, the EC3 warns. Cyber criminals may co-opt connected devices for use in common criminal activity (like denial of service attacks and spam campaigns). However, advancements like connected (“smart”) vehicles and infrastructure create openings for large scale and disruptive attacks. The report, which was published late last months, is a high level position paper and pulls data mostly […]

A Guide to Internet of Things Standards | Computerworld

From Colin Neagle over at Computerworld: a run-down of emergent IoT standards – a list that has suddenly become rather long. From his article: “The complexity of these standardization efforts has evoked comparisons to the VHS and Betamax competition in the 1980s. Re/Code’s Ina Fried wrote, “there’s no way all of these devices will actually be able to all talk to each other until all this gets settled with either a victory or a truce.” In the meantime, we’re likely to see some debate among the competing factions. “If this works out at all like past format wars, heavyweights will line up behind each different approach and issue lots of announcements about how much momentum theirs are getting,” Fried wrote. “One effort will undoubtedly gain the lead, eventually everyone will coalesce and then, someday down the road, perhaps all these Internet of Things devices will actually be able to talk to […]