Microsoft's Internet Explorer, already stunned with a bug currently being used by hackers to infect PCs with spyware, suffers from yet another vulnerability, a researcher said Tuesday.
The bug affects how the browser loads Flash files, which use the ".swf" extension. Attackers can use a Flash file to spoof the address bar in IE to disguise the true URL of the site being viewed. Address bar spoofing is a long-time phishing tactic that's used to masquerade the bogus URL.
(Oddly enough, recent research by a trio from Harvard and Berkeley shows that few surfers use the browser address bar to detect fake sites.)
Danish vulnerability tracker Secunia rated the IE spoof as "less critical," in part because the name of the Flash file appears in the browser window.
To protect against such a spoof, Secunia recommended that users disable IE's Active Scripting feature, advice also given by Microsoft to deflect attacks exploiting the createTextRange vulnerability that the Redmond, Wash. developer promised would be patched no later than April 11.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
