Collaborate Disseminate
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable unauthenticated remote code execution flaw in Remote Desktop Services (RDP). The vulnera… Continue reading BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Free cybersecurity threat assessment for midsize and large organizations Cynet unveiled the Cynet Threat Assessment program. The free offering for organizations with 500 or more endpoints identifies critically exposed attack surfaces and provides actio… Continue reading New infosec products of the week: April 5, 2019
Adobe has issued a new fix addressing a vulnerability in Reader it thought it had fixed on 12 February as part of Patch Tuesday. Continue reading Adobe patches the same critical Reader flaw twice in one week
0patch released the fix for the remote code execution vulnerability in Windows, which has a CVSS score of 7.8. Continue reading Microsoft Windows RCE Flaw Gets Temporary Micropatch
Earlier this week a security researcher that goes by “SandboxEscaper” published details and a PoC exploit for a zero-day local privilege escalation vulnerability affecting Windows. Microsoft has, so far, been cagey about when they will push… Continue reading 0patch releases micropatch for Windows Task Scheduler zero-day
Microsoft has published a security advisorty containing DDE attack mitigation instructions for both users and admins. What’s a DDE attack? For a while now, attackers have been ditching malicious macros and OLE objects in favor of the Dynamic Data Exchange (DDE) attack technique to deliver malware via booby-trapped Office documents. Opening such a document will not trigger any security warnings. Users will be simply asked to update the document links, and then to execute the … More → Continue reading Microsoft offers mitigation advice for DDE attacks scenarios