Latest News

2019/06/12

Microsoft patches 22 critical flaws, four zero days on June Patch Tuesday

Microsoft’s June Patch Tuesday release covered 88 CVE, including 22 rated as critical and four that covered previously announced zero-day vulnerabilities.

The zero-day issues, all are elevation of privilege issues, were tagged as top priority patches of the month by several cybersecurity executives, although the good news is none of the zero days, or other vulnerabilities, were found to be in the wild. These are:

CVE-2019-1069 affects Windows Task Scheduler which could affecting Windows 10, Server 2016 and later versions.
CVE-2019-1064 is in Windows affecting Windows 10, Server 2016 and later.
CVE-2019-1053 is a vulnerability in Windows Shell and affects all currently supported Windows operating systems.
CVE-2019-0973 is a vulnerability in Windows Installer.
2019/06/12

Radiohead sells recordings to public after ‘Creep’ hacker threatens to leak them

The English rock band Radiohead has decided to sell some of its unreleased recording materials after a hacker stole them and threatened to leak them in an extortion scheme.

The proceeds will go toward Extinction Rebellion, an environmentalist movement that relies on nonviolent resistance to generate awareness and advance its causes.

Radiohead guitarist and keyboardist Jonny Greenwood said a hacker last week stole lead vocalist Thom Yorke’s minidisk archive, which contained recordings from around the time of the band’s 1997 studio album, OK Computer. Reportedly, the hacker threatened to publish the materials if he (or she) did not receive $150,000.
2019/06/12

Linux Command-Line Editors Vulnerable to High-Severity Bug

A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor.
2019/04/17

Windows Zero-Day Emerges in Active Exploits

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover.

Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns, the researchers said, targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).
2019/04/17

Scranos, a new rootkit malware, steals passwords and pushes YouTube clicks

Security researchers have discovered an unusual new malware that steals user passwords and account payment methods stored in a victim’s browser — and also silently pushes up YouTube subscribers and revenue.

The malware, Scranos, infects with rootkit capabilities, burying deep into vulnerable Windows computers to gain persistent access — even after the computer restarts. Scranos only emerged in recent months, according to Bitdefender with new research out Tuesday, but the number of its infections has rocketed in the months since it was first identified in November.