14 matches found
Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers...
InkySquid State Actor Exploiting Known IE Bugs
The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...
NK Hackers Deploy Browser Exploits on South Korean Sites to Spread Malware
A North Korean threat actor has been discovered taking advantage of two exploits in Internet Explorer to infect victims with a custom implant as part of a strategic web compromise SWC targeting a South Korean online newspaper. Cybersecurity firm Volexity attributed the watering hole attacks to a...
CVE-2020-1380
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
CVE-2020-1380
CVE-2020-1380 : Internet Explorer Scripting Engine memory corruption vulnerability in which memory objects mishandled by the scripting engine (jscript9.dll) can allow remote code execution in the context of the current user..attack vector: web-based via crafted websites or hosting IE rendering en...
CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability
...
CVE-2020-1380 Scripting Engine Memory Corruption Vulnerability
...
CVE-2020-1380
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully...
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Executive summary In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit f...
CVE-2020-1380
creationtimestamp| type| source ---|---|--- 2020-08-12 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=499 2020-08-12 10:03:34+00:00| published-proof-of-concept| https://t.me/cKure/1816 2020-08-12 11:34:34+00:00| exploited| https://t.me/truesecator/839 2020-08-13...
Microsoft Windows Multiple Vulnerabilities (KB4571703)
This host is missing a critical security update according to Microsoft KB4571703 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4571729)
This host is missing a critical security update according to Microsoft KB4571729 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KLA11935 Multiple vulnerabilities in Microsoft Browsers
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Microsoft Edge can be exploited remotely via specially crafted website to...
Security Updates for Internet Explorer (August 2020)
The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input. An attacker could execute arbitrary code in the...