Known Exploits

The Security Impact of HTTP Caching Headers | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security

Posted by

0

Mobile phone browsers and older browsers seem to like to cache content regardless of HTTPS. We have this problem with PDF\’s of people\’s statements wanting to be stored locally even though we explicitly send all the right headers to prevent it.

via The Security Impact of HTTP Caching Headers | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security.

via The Security Impact of HTTP Caching Headers | Diary Discussions | Community Forums | SANS Internet Storm Center; Cooperative Network Security Community – Internet Security.

Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine

Posted by

0

The operators of the affected security website, which became the drive-by attack against visitors, has asked FireEye not to reveal its URL, Mike Scott, senior staff threat analyst at FireEye, told SCMagazine.com on Monday.

The zero-day takes advantage of a timestamp vulnerability affecting IE 7 and 8 on Windows XP and IE 9 on Windows 7, according to the post, which states that a memory access vulnerability designed to work with IE 7 and 8 on Windows XP and Windows 7 is also abused.

“The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages,” according to the post. “Based on our analysis, this vulnerability affects IE 7, 8, 9, and 10.

via Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine.

via Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine.