Microsoft’s Windows Patch Tuesday resolves a total of 60 vulnerabilities, 19 of which are critical, including two zero-day security flaws which are being actively used in attacks today. The Redmond giant published a security advisory detailing the latest round of updates.
The update impacts the Windows operating system, Internet Explorer, Microsoft Edge, Microsoft Office services and apps, ChakraCore, the .NET Framework, Microsoft Exchange and SQL Server, as well as Visual Studio. Security updates were also released for Adobe Flash Player.
Read more about the resolved vulnerabilities on ZDNet.
According to the researchers who found it, “Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds.”
Read more about the newly discovered Intel chip security problem on ZDNet.
Turning off Google location tracking may not be as simple as changing one setting to “off,” according to new research.
An AP investigation found that even with Google location tracking turned off, certain apps will take a timestamped snapshot of the user’s location and store that data when the user performs a search, opens Google Maps, or checks the weather.The unexpected Google location tracking behavior on Android and iOS devices has been confirmed by computer science researchers at Princeton University.
Read more about how it is possible for Google to track your movements even when location tracking is turned off, on TechTarget.
The most crucial function police body cameras need to perform—beyond recording footage in the first place—is protecting the integrity of that footage so it can be trusted as a record of events. However, security researcher Josh Mitchel has found that many body cameras on the market today are vulnerable to remote digital attacks, including some that could result in the manipulation of footage.
Mitchell analyzed five body camera models from five different companies and found vulnerabilities in all but one that would allow an attacker to delete footage, or to download footage off a camera, edit it and then re-upload it, leaving no indication of the change.
Read more about the discovered vulnerabilities in police bodycams on Wired.
Vulnerabilities in mPOS (mobile point-of-sale) machines could allow malicious merchants to defraud customers and attackers to steal payment card data, Positive Technologies researchers have found.
The use of mPOS devices has seen huge growth over the last few years. Like ATMs and traditional POS, they are at the end point of payment infrastructure, meaning they are very attractive and accessible to criminals for both the testing of these devices and in the movement of fraudulent money.
Read about the vulnerabilities that have been discovered in a number of market-leading mPOS devices popular in both the U.S. and Europe: Square, SumUp, iZettle, and PayPal, on Help Net Security.
Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously.
The researchers analyzed and found vulnerabilities in a number of commercial smart irrigation systems, which enable attackers to remotely turn watering systems on and off at will.
IBM has discovered 17 zero-day vulnerabilities in smart city systems which could debilitate core services. At the Black Hat conference in Las Vegas, the cybersecurity firm’s X-Force Red team demonstrated how old-school threats are placing the cities of the future at risk in the present day.
Smart city technology spending is predicted to hit $80 billion this year and become as high as $135 billion by 2021. Together with researchers from Threatcare, IBM X-Force Red discovered that smart city systems developed by Libelium, Echelon and Battelle were vulnerable to attack.
Read more about the uncovered zero-day bugs which can be used to kill our critical city systems, on ZDNet.
Comcast has resolved two critical vulnerabilities which had the potential to expose confidential information including home addresses and social security numbers belonging to over 26.5 million customers.
As reported by Buzzfeed, the previously unknown bugs were discovered by security researcher Ryan Stevenson. The vulnerabilities were found within customer software provided by Comcast Xfinity, a subsidiary of Comcast which provides cable, Internet, and telecommunications services.
Read more about the critical bugs that impact multiple versions of the open-source software, on ZDNet.
Another week, another publicly accessible AWS storage cloud found to be leaking enterprise secrets. This time around, the company exposed was GoDaddy – but in a twist on the normal storyline, it was an AWS employee responsible for the misconfiguration.
Researchers with the UpGuard Cyber Risk Team found a publicly accessible Amazon S3 bucket wide open for public consumption. Included within that data store were documents that detailed configurations and pricing information for tens of thousands of systems in the AWS cloud.
In the world we know today, road safety is carefully enforced to the point where we take it for granted. But it wasn’t always thus. People simply weren’t aware of the risks. In the past there were no uniform traffic safety regulations and no safety precautions built into vehicles, such as seatbelts or no airbags.
We’re currently facing serious security challenges with the Internet of Things, and the parallels with road safety are striking. The number of connected devices offered in the market rises inexorably and the low cost of manufacturing often relegates good security to an afterthought.
Read more about what cybersecurity professionals can learn from the evolution of road safety in order to improve IoT security according to Brian Honan, CEO of BH Consulting, on Help Net Security.