Author: Admin

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th. In-The-Wild & Disclosed CVEs CVE-2021-31955 This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows Kernel Information Disclosure could allow an attacker to read kernel memory via a user mode process via…

Apple’s WWDC 2021: Five new privacy features announced Length: 7:45 | Jun 8, 2021 Brandon Vigliarolo talks to Karen Roby about the new privacy features that Apple revealed during the keynote of WWDC 2021. Source link

CVE-2021-33739 | Microsoft Desktop Window Manager Core Library Elevation of Privilege Vulnerability CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky…

The operators of subscription service MoviePass have agreed to settle Federal Trade Commission allegations of fraud and data security failures.  It is alleged that MoviePass used an elaborate three-prong approach to prevent and discourage subscribers from using its $9.95 “one movie a day” monthly subscription service as advertised. First, according to the FTC complaint, the company blocked as many as 75,000 subscribers from accessing content by purposefully invalidating their passwords.  The FTC said: “MoviePass’s operators invalidated subscriber passwords…

An intrusion into the IT system of the New York City Law Department is being co-investigated by the New York Police Department and the FBI’s Cyber Task Force. The hack was first reported by The Daily News, which learned that sensitive information belonging to more than a thousand department employees may have been exposed in the security incident. After discovering the intrusion, the city restricted admission to the system, preventing government lawyers from accessing documents.  On…

Medical data is a valuable commodity—one that needs to be protected from cybersecurity threats. Tom Merritt lists five things to know about medical data security. Seth Rosenblatt’s “The Parallax View” recently posted about medical vulnerabilities found by CybelAngel’s senior cybersecurity analyst, David Sygula. TechCrunch had a similar writeup about warnings for medical imaging from Greenbone Networks’ lead researcher, Dirk Schrader. Last December, Kaspersky project manager Maria Namestnikova warned that software used by medical organizations is…