Latest News


Palo Alto’s Unit 42 discovered 10 ‘Important’ Microsoft bugs

Palo Alto’s Unit 42 researchers discovered 10 new Microsoft vulnerabilities all of which had a Maximum Severity Rating of “Important.”

“The severity of the vulnerabilities discovered were all rated ‘Important,’” according to a June 20 blog post, which said that one vulnerability had been addressed in the June 2019 Microsoft Security Response Center (MSRC) update release and the other nine in the May 2019 updates.

[PATCH] Apple releases eight updates for AirPort Base Station bugs

Apple released eight updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n that could allow a remote attacker to take control of an affected system, according to a June 20 security update.

One vulnerability could allow a remote attacker to leak memory due to an out-of-bounds read that was addressed with improved input validation. Another flaw allowed a remote attacker to cause a system denial of service due to an issue that was addressed with improved validation.

Microsoft patches 22 critical flaws, four zero days on June Patch Tuesday

Microsoft’s June Patch Tuesday release covered 88 CVE, including 22 rated as critical and four that covered previously announced zero-day vulnerabilities.

The zero-day issues, all are elevation of privilege issues, were tagged as top priority patches of the month by several cybersecurity executives, although the good news is none of the zero days, or other vulnerabilities, were found to be in the wild. These are:

CVE-2019-1069 affects Windows Task Scheduler which could affecting Windows 10, Server 2016 and later versions.
CVE-2019-1064 is in Windows affecting Windows 10, Server 2016 and later.
CVE-2019-1053 is a vulnerability in Windows Shell and affects all currently supported Windows operating systems.
CVE-2019-0973 is a vulnerability in Windows Installer.

Radiohead sells recordings to public after ‘Creep’ hacker threatens to leak them

The English rock band Radiohead has decided to sell some of its unreleased recording materials after a hacker stole them and threatened to leak them in an extortion scheme.

The proceeds will go toward Extinction Rebellion, an environmentalist movement that relies on nonviolent resistance to generate awareness and advance its causes.

Radiohead guitarist and keyboardist Jonny Greenwood said a hacker last week stole lead vocalist Thom Yorke’s minidisk archive, which contained recordings from around the time of the band’s 1997 studio album, OK Computer. Reportedly, the hacker threatened to publish the materials if he (or she) did not receive $150,000.

Linux Command-Line Editors Vulnerable to High-Severity Bug

A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor.