Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
07 January 2013
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
While no true security best practices exist, the key is in identifying the security metrics that mean the most to the organization and focusing on those activities to remediate specific vulnerabilities.
FireEye researchers have calculated how much cybercriminals wielding TeslaCrypt and AlphaCrypt have managed to extort. The researchers were able to calculate the sum because most victims preferred to pay the lesser ransom amount using Bitcoin instead of PayPal My Cash cards.
Trust. Itís a small word but it conveys a lot. To many it is the cornerstone of security, because without trust there can be no security. To operate securely in the online world, businesses need to trust the technology they use.