14 Aug 2019

Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List

As part of August’s Patch Tuesday, Microsoft made fixes for 93 security vulnerabilities available. 29 issues are critical, including four remote code-execution (RCE) flaws in Remote Desktop Services (RDS) and one critical RCE bug in Microsoft Word. Two of the RDS flaws stand out in particular, as they are “wormable,”

Read More
12 Aug 2019

Researchers find security flaws in 40 kernel drivers from 20 vendors

Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts

Read More
07 Aug 2019

New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

Security researchers at Bitdefender have discovered a critical vulnerability in Intel processors that can enable attackers to get CPU chips to leak sensitive information via a side-channel attack. The attack is similar to previously discovered vulnerabilities known as Spectre and Meltdown and actually bypasses security mechanisms intended to prevent expliotation

Read More
02 Aug 2019

Microsoft Slammed For Investment In Israeli Facial Recognition ‘Spying On Palestinians’

Privacy advocates are accusing Microsoft of investing in surveillance technology that is used to spy on people whose human rights are being trampled upon by authorities. In particular, activists criticize the tech giant’s funding of AnyVision, an Israeli facial recognition firm that provides technology used to carry out surveillance on

Read More
29 Jul 2019

Microsoft-Owned GitHub Blocks Devs in US Sanctioned Countries

GitHub is restricting the user accounts of people residing in territories subject to US government sanctions, such as the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria. The policy came to light after a developer in Crimea had his account restricted, meaning that only certain very basic features

Read More
25 Jul 2019

US company selling weaponized BlueKeep exploit

Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23. BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be

Read More
24 Jul 2019

Windows zero-days don’t usually work against the latest OS version

New figures released by Microsoft underscore the importance of updating to the latest operation system, since the stats show that the majority of Windows zero-day vulnerabilities cannot be used to attack the latest Windows versions. Since 2015, 38.2% of zero-days could be exploited on the latest OS versions, while the

Read More
23 Jul 2019

40% of enterprises experienced Office 365 credential theft, report finds

A recent survey by Cyren and Osterman Research found that 4 in 10 companies in the US and the UK have experienced the compromise of Office 365 login credentials, with incidents being more common in the UK (54%) than in the US (34%). Furthermore, when taking into account all organizations,

Read More
18 Jul 2019

800K Systems Still Vulnerable to BlueKeep

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

Read More
18 Jul 2019

Microsoft has warned 10,000 victims of state-sponsored hacking

In the past year, Microsoft informed about 10,000 users that state-backed hackers were targeting them. The number includes both victims and targets who were not compromised. The vast majority of targets were enterprise customers, i.e. businesses, with individual consumers accounting for about 10% of victims. Nearly all campaigns went after

Read More