Latest Internet Explorer zero-day

Ongoing IE-based attacks are exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked. The resulting JavaScript code has linked exploits to the group responsible for a spate of recent espionage attacks dubbed the “Elderwood Project.” In early 2013, Microsoft issued a temporary Fix-it patch for the vulnerability, but now researchers are claiming that they have bypassed the patch and were able to compromise a fully patched system. The hacker group, believed to be based in China, has targeted U.S. defense contractors and their partners in the supply chain, including manufacturers of mechanical components.

Takeaway: While Microsoft is working on a full patch for the flaw, keep your system up to date and avoid Flash, Java and other third-party applications in your browser.