article thumbnail

Patch Tuesday, December 2018 Edition

Krebs on Security

Microsoft patched a zero-day flaw that is already being exploited ( CVE-2018-8611 ) and allows an attacker to elevate their privileges on a host system. Similarly, CVE-2018-8628 is flaw in all supported versions of PowerPoint which is also likely to be used by attackers. Ghacks writeup on December 2018 Patch Tuesday.

Software 164
article thumbnail

Patch Tuesday, October 2018 Edition

Krebs on Security

The zero-day bug — CVE-2018-8453 — affects Windows versions 7, 8.1, Another vulnerability patched on Tuesday — CVE-2018-8423 — was publicly disclosed last month along with sample exploit code. 10 and Server 2008, 2012, 2016 and 2019.

Software 183
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, November 2018 Edition

Krebs on Security

This week’s patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ( CVE-2018-8589 ) that is already being exploited to compromise Windows 7 and Server 2008 systems.

article thumbnail

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

Krebs on Security

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure.

Scams 237
article thumbnail

Threat Modeling in 2018 (video release)

Adam Shostack

Blackhat has released all the 2018 US conference videos. My threat modeling in 2018 video is, of course, amongst them. Slides are linked here.

140
140
article thumbnail

Pearson agreed to pay $1 million for 2018 Data Theft

CyberSecurity Insiders

Pearson, a London based e-textbook publishing firm that supplies software to Schools and Universities has been slapped with a fine of $1 million for misleading investors about a 2018 data breach that witnessed siphoning of millions of student records by hackers.

article thumbnail

British Airways Settles 2018 Data Breach Lawsuit

Heimadal Security

British Airways has settled a case brought by customers and staff affected by a massive 2018 data breach that led to personal information being leaked. The post British Airways Settles 2018 Data Breach Lawsuit appeared first on Heimdal Security Blog.