article thumbnail

2018 Retrospective

Troy Hunt

Here's my 2018 highlights, starting with travel: Travel "Oh yeah, I'm totally gonna travel less this year" - me every single year In reality, my travel ended up looking like this: That's the same number as last year, 4 more days and another 8,000km. Probably with my 2018 events page which lists everything I did of a public nature.

Passwords 199
article thumbnail

Patch Tuesday, December 2018 Edition

Krebs on Security

Microsoft patched a zero-day flaw that is already being exploited ( CVE-2018-8611 ) and allows an attacker to elevate their privileges on a host system. Similarly, CVE-2018-8628 is flaw in all supported versions of PowerPoint which is also likely to be used by attackers. Ghacks writeup on December 2018 Patch Tuesday.

Malware 163
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, October 2018 Edition

Krebs on Security

The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, Another vulnerability patched on Tuesday — CVE-2018-8423 — was publicly disclosed last month along with sample exploit code. 10 and Server 2008, 2012, 2016 and 2019.

Software 182
article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 238
article thumbnail

Patch Tuesday, November 2018 Edition

Krebs on Security

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems.

article thumbnail

Patch Tuesday, September 2018 Edition

Krebs on Security

The zero-day flaw, CVE-2018-8440 , affects Microsoft operating systems from Windows 7 through Windows 10 and allows a program launched by a restricted Windows user to gain more powerful administrative access on the system. The sole non-Microsoft update pushed by Redmond today fixes a single vulnerability in Adobe Flash Player, CVE-2018-15967.

Internet 121
article thumbnail

Threat Modeling in 2018 (video release)

Adam Shostack

Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here.

140
140