Thursday, 5 February 2015

XSS security flaw in IE 11 affects fully patched versions



A newly-discovered, severe security flaw in fully patched versions of Internet Explorer allows attackers to steal user credentials or to conduct phishing attacks through any website.

The vulnerability, which affects fully patched versions of IE 11 running on both Windows 7 and 8.1, was disclosed by security researcher David Leo from security firm Deusen. Detailed on Full Disclosure, the Internet Explorer vulnerability allows hackers to bypass the Same-Origin Policy -- a fundamental element of web applications including the IE system which is meant to prevent cross-site forgeries -- and run scripts or inject malicious content into websites.

According to Leo, Microsoft was notified on Oct 13, 2014 http://www.zdnet.com/article/severe-xss-flaw-in-fully-patched-microsoft-internet-explorer-discovered/

Health insurer Anthem Inc, loses nearly 40 million US customers personal information



Health insurer Anthem Inc, which has nearly 40 million US customers, said late on Wednesday that hackers had breached one of its IT systems and stolen personal information relating to current and former consumers and employees... The information accessed during the “very sophisticated attack” did include names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data, the company said.

Just how safe is your information online? http://www.theguardian.com/us-news/2015/feb/05/millions-of-customers-health-insurance-details-stolen-in-anthem-hack-attack