Category: upcoming events Published Date
All our consultants are senior professional with tremendous exposure to Information Security and Governance Risk & Compliance. With over a decade of experience in training & consulting, they help bring a lot of practical and industry relevant examples with case studies to the classroom which improves the overall learning experience. Our professional hold industry acclaimed accreditation such as : CEC , CEH , M.S , CISSP, CHFI, CISA, CISM, ISO 27001 LI / LA, CCNP, CWNA , MCSE & ITIL.
( 8 Hours / Day)
|Workshop Fees||1000 Rs Per participant|
Last Updated on Friday, 04 May 2012 20:16
Category: News & Blog Published Date
This blog is on the misfortune that continues with the Internet Explorer browser. The zero-day vulnerability woes in the Internet Explorer browser are under constant siege in wild and its confirmation from Microsoft makes it a cause of worry. The fire fighting measures from Microsoft side comes in the form of a Windows patch for the time being to fix this serious Internet Explorer flaw.
The "Nitro" hacking group, is on the work seems who have noticed this Java zero-day vulnerability reported last month. Our thanks should be to the Security researcher Eric Romang who deciphered the exploit code on a server used by the group for this exploits. The Security firm Rapid7 has asked the web users to shift different Web browser is a left a lethal blow on the already ailing Internet explorer. The Symantic revelation in last October may be recalled as the start and the current cyber assaults on firm’s code named “Nitro” shall be seen along with this malware that ails Internet Explorer. The resemblance of a buffer over flow is there with the present zero-day in IE 6-9 and is an application of use-after-free memory corruption vulnerability. This feature assist an assaulter to assault from remote on a compromised machine. The PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file was in the part of the drop of the original exploit payload has found a replacement with the PlugX RAT via the same corrupted Flash movie in the current payload. The companies in ethical hacking firms do update their armaments to counter new exploitation in the browsers. InfySEC is a pioneer in it and their services(http://www.infysec.com/services/security-and-defense/patch-management) of patch management are constantly upgraded to remove glitches.
The use of social media as a trap for this category of attack that starts with a phishing email and the end is a compromised PC. The risk of vulnerability of major websites that intend to promote their website also get affected though the ads are placed through a third-party “compromised” ad servers. Therefore, the net result is that the use of any site results in the taking advantage of the IE error. The error is of a serious note to Microsoft, as German authorities’ directions to Germans to shift to other browsers testify it. However, Microsoft is lackadaisical in approach with statements to cover the issues of like few afflictions arise out of this bug and so on so forth. Its suggestions also include deactivation of ActiveX controls or application of their Enhanced Mitigation Experience Toolkit for the time since their patches for it is in the pipeline.
Metasploit has its contribution for this PoC and in their words ."This module exploits a vulnerability found in Microsoft Internet Explorer (MSIE). When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec () function, leading to a use-after-free condition. Please note that this vulnerability has been exploited in the wild since Sep 14 2012, and there is currently no official patch for it." To fetch this, click here, and I go to fetch some more interesting cyber news.
Last Updated on Monday, 01 October 2012 00:35