As part of August’s Patch Tuesday, Microsoft made fixes for 93 security vulnerabilities available. 29 issues are critical, including four remote code-execution (RCE) flaws in Remote Desktop Services (RDS) and one critical RCE bug in Microsoft Word. Two of the RDS flaws stand out in particular, as they are “wormable,”

Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts

Security researchers at Bitdefender have discovered a critical vulnerability in Intel processors that can enable attackers to get CPU chips to leak sensitive information via a side-channel attack. The attack is similar to previously discovered vulnerabilities known as Spectre and Meltdown and actually bypasses security mechanisms intended to prevent expliotation

Privacy advocates are accusing Microsoft of investing in surveillance technology that is used to spy on people whose human rights are being trampled upon by authorities. In particular, activists criticize the tech giant’s funding of AnyVision, an Israeli facial recognition firm that provides technology used to carry out surveillance on

GitHub is restricting the user accounts of people residing in territories subject to US government sanctions, such as the Crimea region of Ukraine, Cuba, Iran, North Korea, and Syria. The policy came to light after a developer in Crimea had his account restricted, meaning that only certain very basic features

Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23. BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be

New figures released by Microsoft underscore the importance of updating to the latest operation system, since the stats show that the majority of Windows zero-day vulnerabilities cannot be used to attack the latest Windows versions. Since 2015, 38.2% of zero-days could be exploited on the latest OS versions, while the

A recent survey by Cyren and Osterman Research found that 4 in 10 companies in the US and the UK have experienced the compromise of Office 365 login credentials, with incidents being more common in the UK (54%) than in the US (34%). Furthermore, when taking into account all organizations,

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

In the past year, Microsoft informed about 10,000 users that state-backed hackers were targeting them. The number includes both victims and targets who were not compromised. The vast majority of targets were enterprise customers, i.e. businesses, with individual consumers accounting for about 10% of victims. Nearly all campaigns went after