Microsoft Security Bulletin MS15-093 - RCE in IE7-11 with active exploits in the wil SANS ISC SecNewsFeed(cached at August 18, 2015, 11:59 pm)

Widespread Android vulnerability enables code execution with full privileges (SC Mag SANS ISC SecNewsFeed(cached at August 18, 2015, 11:59 pm)

Microsoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE, (Tue, A SANS Internet Storm Center, InfoCON: green(cached at August 18, 2015, 11:58 pm)

Security Update for Internet Explorer (3088903)

Recommendation: Test and patch ASAP

Related Bulletin and KBs:

https://technet.microsoft.com/library/security/MS15-093

https://support.microsoft.com/en-us/kb/3087985
https://support.microsoft.com/en-us/kb/3081444
https://support.microsoft.com/en-us/kb/3088903

Executive Summary

This security update resolves a vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.
The security update addresses the vulnerability by modifying how Internet Explorer handles objects in memory.
For more information about this update, see Microsoft Knowledge Base Article 3088903.

Vulnerability Information

An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker or create new accounts with full user rights. Systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.

See bulletin for all affected software">|">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mice Brainpower Boosted With Alteration of a Single Gene Slashdotby Soulskill on biotech at January 1, 1970, 1:00 am (cached at August 18, 2015, 11:32 pm)

Zothecula writes: By altering a single gene to inhibit the activity of an enzyme called phosphodiesterase (PDE4B), researchers have given mice the opportunity to see what an increase in intelligence is like. "They tended to learn faster, remember events longer and solve complex exercises better than ordinary mice. For example, the “brainy mice” showed a better ability than ordinary mice to recognize another mouse that they had been introduced to the day before (abstract). They were also quicker at learning the location of a hidden escape platform in a test called the Morris water maze. However, the PDE4B-inhibited mice also showed less recall of a fearful event after several days than ordinary mice." While many people would welcome such a treatment, the scientists say their research could lead to new treatments for those with cognitive disorders and age-related cognitive decline.

Read more of this story at Slashdot.

Memphis stars as Man Utd edge closer to CL return AL JAZEERA ENGLISH (AJE)(cached at August 18, 2015, 11:29 pm)

Depay scores brace and creates another as former champions edge out Belgian club in Champions League playoff first-leg.
FDA Device Alert: A Catalyst for Change (InfoRiskToday) SANS ISC SecNewsFeed(cached at August 18, 2015, 11:29 pm)

Rated Power Capacities for Backup (IT Toolbox Blogs) SANS ISC SecNewsFeed(cached at August 18, 2015, 11:29 pm)

MS15-093 - Critical: Security Update for Internet Explorer (3088903) - Version: 1.0 SANS ISC SecNewsFeed(cached at August 18, 2015, 11:29 pm)

Windows Memory Manager To Introduce Compression Slashdotby Soulskill on windows at January 1, 1970, 1:00 am (cached at August 18, 2015, 11:02 pm)

jones_supa writes: Even though the RTM version of Windows 10 is already out of the door, Microsoft will keep releasing beta builds of the operating system to Windows Insiders. The first one will be build 10525, which introduces some color personalization options, but also interesting improvements to memory management. A new concept is called a compression store, which is an in-memory collection of compressed pages. When memory pressure gets high enough, stale pages will be compressed instead of swapping them out. The compression store will live in the System process's working set. As usual, Microsoft will be receiving comments on the new features via the Feedback app.

Read more of this story at Slashdot.

South Africa's disabled children shut out of school AL JAZEERA ENGLISH (AJE)(cached at August 18, 2015, 10:59 pm)

Human Rights Watch says 500,000 disabled children have been excluded from the education system.
Target, Visa Reach Breach Settlement (InfoRiskToday) SANS ISC SecNewsFeed(cached at August 18, 2015, 10:59 pm)

Insider-Focused Investigation Made Easier (SANS Reading Room) SANS ISC SecNewsFeed(cached at August 18, 2015, 10:59 pm)

Report: Dark web marketplaces complete up to $500K in transactions daily (SC Magazin SANS ISC SecNewsFeed(cached at August 18, 2015, 10:59 pm)

Tremco staffer loses laptop, contained data on thousands of employees (SC Magazine) SANS ISC SecNewsFeed(cached at August 18, 2015, 10:59 pm)

Development of the CryptoApp ransomware finished; changes active campaign (Reddit) SANS ISC SecNewsFeed(cached at August 18, 2015, 10:59 pm)