Did you know: There is a new Internet Explorer zero day that remains unpatched.

Description: The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks

What to do:
This can be mitigated by restricting access to the JavaScript component JScript.dll. Also, Microsoft noted that the risk of exploitation is lower on Windows Server, where Internet Explorer is, by default, locked down to protect against browser-based attacks. This restricted mode, called Enhanced Security Configuration, “can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server”, said Microsoft.

Other than that, ensure strong firewalls, password policies and data encryption are in place.

Educate your employees about browser-based attacks and urge them to be cautious. Upgrade to SSL if you haven’t already done so.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 005
Cyber Security

WME Security Briefing 15 April 2024

E-Commerce Security Alert: Unveiling Magecart’s Persistent Backdoor Overview Malicious activities by Magecart attackers have been reported. They are targeting Shopify’s content delivery network (CDN) by creating fake Shopify stores. The backdoor method has enabled them to

Read More »
WME Cybersecurity Briefings No. 004
Cyber Security

WME Security Briefing 11 April 2024

Mispadu Trojan Exploits Windows Vulnerability to Target Financial Data Overview The Mispadu banking trojan has intensified its operations as it’s exploiting an already patched Windows SmartScreen flaw. Since its initial identification in 2019, Mispadu has primarily preyed on

Read More »
WME Cybersecurity Briefings No. 003
Cyber Security

WME Security Briefing 29 March 2024

Russian hackers escalating their cyber warfare, deploying TinyTurla-NG to breach European NGOs. Cisco Talos reveals a targeted attack against organizations advocating democracy and supporting Ukraine. With their sophisticated methods, these cyber attackers are bypassing antivirus defenses

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=