Latest News

2019/06/24

[PATCH] Apple releases eight updates for AirPort Base Station bugs

Apple released eight updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n that could allow a remote attacker to take control of an affected system, according to a June 20 security update.

One vulnerability could allow a remote attacker to leak memory due to an out-of-bounds read that was addressed with improved input validation. Another flaw allowed a remote attacker to cause a system denial of service due to an issue that was addressed with improved validation.
2019/06/12

Microsoft patches 22 critical flaws, four zero days on June Patch Tuesday

Microsoft’s June Patch Tuesday release covered 88 CVE, including 22 rated as critical and four that covered previously announced zero-day vulnerabilities.

The zero-day issues, all are elevation of privilege issues, were tagged as top priority patches of the month by several cybersecurity executives, although the good news is none of the zero days, or other vulnerabilities, were found to be in the wild. These are:

CVE-2019-1069 affects Windows Task Scheduler which could affecting Windows 10, Server 2016 and later versions.
CVE-2019-1064 is in Windows affecting Windows 10, Server 2016 and later.
CVE-2019-1053 is a vulnerability in Windows Shell and affects all currently supported Windows operating systems.
CVE-2019-0973 is a vulnerability in Windows Installer.
2019/06/12

Radiohead sells recordings to public after ‘Creep’ hacker threatens to leak them

The English rock band Radiohead has decided to sell some of its unreleased recording materials after a hacker stole them and threatened to leak them in an extortion scheme.

The proceeds will go toward Extinction Rebellion, an environmentalist movement that relies on nonviolent resistance to generate awareness and advance its causes.

Radiohead guitarist and keyboardist Jonny Greenwood said a hacker last week stole lead vocalist Thom Yorke’s minidisk archive, which contained recordings from around the time of the band’s 1997 studio album, OK Computer. Reportedly, the hacker threatened to publish the materials if he (or she) did not receive $150,000.
2019/06/12

Linux Command-Line Editors Vulnerable to High-Severity Bug

A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor.
2019/04/17

Windows Zero-Day Emerges in Active Exploits

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover.

Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns, the researchers said, targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).