Blog Archives

Windows Users: Update iTunes

Currently being used to spread malware.  

DeepFake Vishing Costs Company $250k

A company has lost $243000 due to a fake, computer generated, call to an executive imitating someone they knew.

Foxit Software Breach

If you use Foxit software, such as the PDF reader, and you’ve registered with the company with a password, you need to change it.

SWAPGS: The Newest Speculative Execution Flaw for Intel CPUs (and Maybe AMD)

Another side channel attack.  Microsoft patched it last month.  AMD says its chips are not vulnerable. 

Urgent/11, Critical Flaws in Embedded OS VXWorks

Researchers have found remotely exploitable flaws in the popular embedded OS VXWorks.  

Critical Vulnerabilities in LibreOffice, Enable Stealth Mode

Libreoffice patched two critical vulnerabilities this month, but one of them is still exploitable via a malicious document.  You’ll need to enable stealth mode to prevent loading of external content.

DataSpii – How Your Browser Can Be Made to Spy on You

Make sure you vet any extension you add to a browser as some of them send private information (URL, SSNs, etc.) back to companies for analysis and sale.

Critical Flaw Found in Zoom for MacOS: Update Apple is Autopatching the Flaw

If you have ever installed Zoom for MacOS, you need to make sure it is patched (not available yet)  and completely deleted.  Even if you’ve uninstalled it, it leaves behind a web server to easy re-installation.  A patch has been released at Apple is autodeleting the local webserver that core to the flaw.

Firefox 0-Day Leads to MacOS Malware

If you use MacOS, make sure to update Firefox ASAP.

VLC Releases Large Security Update

If you use VLC player, make sure you upgrade soon.