Blog Archives

Google’s Project Nightingale: Access to Patient Data of 2600 Hospitals

Google gets access to names, diagnosis, labs, and birth dates by teaming with Ascension.  Google says it won’t be matching this data with any consumer data.

Microsoft to Apply California’s Privacy Law to All

A new law in California meant to inform users on how companies use their data will be applied globally to Microsoft US customers.

Windows Users: Update iTunes

Currently being used to spread malware.  

DeepFake Vishing Costs Company $250k

A company has lost $243000 due to a fake, computer generated, call to an executive imitating someone they knew.

Foxit Software Breach

If you use Foxit software, such as the PDF reader, and you’ve registered with the company with a password, you need to change it.

SWAPGS: The Newest Speculative Execution Flaw for Intel CPUs (and Maybe AMD)

Another side channel attack.  Microsoft patched it last month.  AMD says its chips are not vulnerable. 

Urgent/11, Critical Flaws in Embedded OS VXWorks

Researchers have found remotely exploitable flaws in the popular embedded OS VXWorks.  

Critical Vulnerabilities in LibreOffice, Enable Stealth Mode

Libreoffice patched two critical vulnerabilities this month, but one of them is still exploitable via a malicious document.  You’ll need to enable stealth mode to prevent loading of external content.

DataSpii – How Your Browser Can Be Made to Spy on You

Make sure you vet any extension you add to a browser as some of them send private information (URL, SSNs, etc.) back to companies for analysis and sale.

Critical Flaw Found in Zoom for MacOS: Update Apple is Autopatching the Flaw

If you have ever installed Zoom for MacOS, you need to make sure it is patched (not available yet)  and completely deleted.  Even if you’ve uninstalled it, it leaves behind a web server to easy re-installation.  A patch has been released at https://zoom.us/support/download Apple is autodeleting the local webserver that core to the flaw.