RSS_Virtulization

Microsoft announced patches for a half-century of CVEs this month, including seven zero-day vulnerabilities, six of which are being actively exploited in the wild. The six vulnerabilities in question start with CVE-2021-31955, an information disclosure bug in Windows kernel, and remote code execution flaw CVE-2021-33742. The rest are elevation of privilege bugs in Windows NTFS (CVE-2021-31956), the Microsoft Enhanced Cryptographic Provider (CVE-2021-31199 and CVE-2021-31201) and the Microsoft DWM Core Library (CVE-2021-33739). In addition, CVE-2021-31968 is a…

In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means ‘free,’ and in the digital marketplace, it means ‘open source.’ Open Source aka “Freeware” Since the early days of the internet, open source software (OSS) has been with us. At that time, though, it was more popularly known as “freeware.” It was only when the…

Global law enforcers are celebrating today after a three-year operation across 16 countries led to the arrest of 800 and the seizure of over 30 tons of narcotics. Europol described operation Greenlight/Trojan Shield as “one of the largest and most sophisticated law enforcement operations to date.” According to The Economist, it was made possible after the developer of an encrypted device service known as Anom turned informant back in 2018. This allowed the FBI and…

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th. In-The-Wild & Disclosed CVEs CVE-2021-31955 This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows Kernel Information Disclosure could allow an attacker to read kernel memory via a user mode process via…

Apple’s WWDC 2021: Five new privacy features announced Length: 7:45 | Jun 8, 2021 Brandon Vigliarolo talks to Karen Roby about the new privacy features that Apple revealed during the keynote of WWDC 2021. Source link

CVE-2021-33739 | Microsoft Desktop Window Manager Core Library Elevation of Privilege Vulnerability CVE-2021-33739 is an EoP vulnerability in the Microsoft Desktop Window Manager (DWM) core library, dwmcore.dll. It was discovered and reported to Microsoft by researchers at DBAPPSecurity Threat Intelligence Center. In February, DBAPPSecurity Threat Intelligence Center disclosed another zero-day vulnerability, CVE-2021-1732, an elevation of privilege vulnerability in Win32k linked to a threat actor known as BITTER APT. In April, researchers at Kaspersky…

The operators of subscription service MoviePass have agreed to settle Federal Trade Commission allegations of fraud and data security failures.  It is alleged that MoviePass used an elaborate three-prong approach to prevent and discourage subscribers from using its $9.95 “one movie a day” monthly subscription service as advertised. First, according to the FTC complaint, the company blocked as many as 75,000 subscribers from accessing content by purposefully invalidating their passwords.  The FTC said: “MoviePass’s operators invalidated subscriber passwords…

An intrusion into the IT system of the New York City Law Department is being co-investigated by the New York Police Department and the FBI’s Cyber Task Force. The hack was first reported by The Daily News, which learned that sensitive information belonging to more than a thousand department employees may have been exposed in the security incident. After discovering the intrusion, the city restricted admission to the system, preventing government lawyers from accessing documents.  On…