Security Briefing 6.27.17
This week’s security briefing, Vulnerability Lab security researcher Benjamin Kunz Mejri revealed in the zero-day vulnerability in a public security disclosure, saying the Stack Buffer Overflow flaw, CVE-2017-9948, impacts Skype versions 7.2, 7.35, and 7.36. Granted a CVSS score of 7.2, the stack buffer overflow flaw is considered dangerous as it permits attackers to remotely crash the application with an unexpected exception error, to overwrite the active process registers, and to execute malicious code. Vulnerability Lab first notified Microsoft of the bug on 16 May. After Microsoft’s team acknowledged the problem and developed a fix, a patch was deployed on 8 June, leading to public disclosure on 26 June.
Google has announced that Gmail is going to stop reading your emails. From “later this year” its consumer email product will no longer target ads based on what you read and write. The ads aren’t going anywhere, they’re just going to rely on your user settings instead.
Hackers used a “brute-force attack” against the UK Parliament’s email system over the weekend, apparently gaining access to 90 accounts used by Parliamentary workers and members. Rob Greig, director of the Parliamentary Digital Service, described the attack as “sustained and determined.” Security services blocked network access to anyone outside Westminster, leaving all 650 MPs and their staff unable to access email until the next morning.
A couple of weeks ago we reported that Microsoft was trumpeting it’s new operating system, Windows 10 S, with the slogan “No known ransomware works against Windows 10 S”. Can you guess what comes in malicious Word macros these days?
The FBI has published its Internet Crime Report 2016 based on information received by the Internet Crime Complaint Center (IC3). It shows that 298,728 complaints were received by the IC3 during 2016 (up from 288,012 in 2015); and that reported losses to internet crime totaled more than $1.45 billion (up from $1.07 billion in 2015).
A wave of “computational propaganda,” largely driven by Russia, is impacting politics around the world by spreading misinformation designed to manipulate public opinion, researchers said Tuesday.