This Week in Security: Use Emacs, Crash a Windows Server, and a Cryptocurrency Heist

It looks like Al was right, we should all be using Emacs. On the 4th of June, [Armin Razmjou] announced a flaw in Vim that allowed a malicious text file to trigger arbitrary code execution. It’s not every day we come across a malicious text file, and the proof of …read more

Continue reading This Week in Security: Use Emacs, Crash a Windows Server, and a Cryptocurrency Heist

Zero Day Survival Guide | Everything You Need to Know Before Day One

0-days may be more common than you think, but you’re not defenseless against the unknown. Read all about 0-day attacks and how to protect against them.
The post Zero Day Survival Guide | Everything You Need to Know Before Day One appeared first on Secu… Continue reading Zero Day Survival Guide | Everything You Need to Know Before Day One

Apple patches FaceTime flaw, and two exploited zero-days in new security update

An Apple security update released Thursday includes fixes for three vulnerabilities hackers already have exploited, leaving customers who fail to download the new software unprotected from known threats. The security patch, iOS 12.1.4, squashes the widely-publicized FaceTime bug that allowed attackers to spy on others via audio and video. It also fixes two zero-day vulnerabilities that Ben Hawkes, a researcher on Google’s Project Zero security team, said had been exploited before the update was issued. The bugs, dubbed CVE-2019-7286 and CVE-2019-7287, would have allowed attackers to gain elevated privileges, and execute arbitrary code with kernel privileges, respectively. Few details were immediately available about how and when those bugs were exploited, though prominent experts are encouraging users to update their phone as soon as possible. Users should visit the “Settings” page on their iPhone, then follow “General” to “Software Update.” Click “Download and Install.” iOS user? Update to 12.1.4 now. It […]

The post Apple patches FaceTime flaw, and two exploited zero-days in new security update appeared first on CyberScoop.

Continue reading Apple patches FaceTime flaw, and two exploited zero-days in new security update