Hackers have a new security hole to go phishing in

If you use Internet Explorer 11, be aware that researchers have discovered a zero-day vulnerability that could allow attackers to change content on domains remotely. The exploit could also allow hackers to inject malicious content in browsers, steal personal data, and track your online movements. That's the bad news. And the good? You're unlikely to fall prey to such an attack, according to Microsoft.
"To successfully exploit this issue, and adversary would first need to lure a person, often through trickery such as phishing, to a malicious website that they've created," Microsoft said in a statement sent to The Inquirer. "SmartScreen, which is on by default in newer versions of Internet Explorer, helps protect against nefarious phishing websites."
Microsoft also said that it's not aware of the vulnerability being actively exploited at this time, and that it's working on a fix, which it will dole out in a future update. However, the Redmond outfit didn't provide a time table for the fix.
Security firm Symantec weighed in with a statement of its own, saying that it too was unaware of the vulnerability being exploited in the wild. However, it also warned of the exploit's potential for harm, saying it "could allow an attacker to bypass the same-origin policy in order to steal from, and inject information into, other websites."
David Leo, the researcher at Deusen who discovered the flaw, provided an example of how the vulnerability works. By exploiting the vulnerability, he's able to inject content that reads "Hacked by Deusen" into the Daily Mail's website seven seconds after opening the webpage.
To see for yourself, fire up IE11 and click here. Close the popup window after three seconds, as it instructs, and then click Go. This will open the Daily Mail website, and after seven seconds, you'll see the Hacked by Deusen message.
The zero-day vulnerability affects Windows 7 and Windows 8.1 users.
Follow Paul on Google+, Twitter, and Facebook


More...