Though this time, the attack requires a hacker to have gained local privileges, which could most likely be obtained via a working exploit of other software sitting on Mac machines. Here’s the Video Demonstration: Wardle has demonstrated his hack attack …
mac hacker – read more
If you patched your Windows computers in 2010 against the LNK exploit used by Stuxnet and thought you were safe, researchers from Hewlett-Packard have some bad news for you: Microsoft’s fix was flawed.
In January, researcher Michael Heerklotz reported privately to HP’s Zero Day Initiative (ZDI) that the LNK patch released by Microsoft over four years ago can be bypassed.
This means that over the past four years attackers could have reverse-engineered Microsoft’s fix to create new LNK exploits that could infect Windows computers when USB storage devices got plugged into them. However, there’s no information yet to suggest this has happened.
To read this article in full or to leave a comment, please click here
Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash. The patch is now ready via auto-update – 2 days early!
Naked Security – Sophos
From now on if you want to see what patches Microsoft is going to issue on Patch Tuesday you’ll have to pay for it.
The company’s Advanced Notification Service – the Thursday postings that thumbnailed the security bulletins the company would issue on Patch Tuesday – will only be available to Premier customers. For the past 10 years the service has been free to anyone who wanted to subscribe.
“Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page,” according to a post by Chris Betz, the senior director, of Microsoft’s Security Response Center.
To read this article in full or to leave a comment, please click here