The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. Drupal site owners should immediately - and we mean right now - update their sites to Drupal 7.58 or Drupal 8.5.1, depending on the version they're running.
CS Digest Section: Software Security
Microsoft’s Windows 7 Meltdown Patch Created ‘Worse’ Flaw
Microsoft's updates for the Meltdown microprocessor mega-flaw inadvertently left users running Windows 7 64-bit systems open to a "way worse" flaw, a researcher has claimed.
https://nakedsecurity.sophos.com/2018/03/29/microsofts-windows-7-meltdown-patch-created-worse-flaw/
Intel Announces Hardware Fixes for Spectre and Meltdown on Upcoming Chips
When the Spectre and Meltdown bugs hit, it became clear that they wouldn't be fixed with a few quick patches - the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three,
AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer
A third-party company that was paid to review the validity of the recent AMD flaws -RyzenFall, MasterKey, Fallout, and Chimera- has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.
Microsoft Updates Guideline on Windows Driver Security
Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.
Intel’s latest set of Spectre microcode fixes is coming to a Windows update
Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.
Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats!
The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.
Skype Can’t Fix a Nasty Security Bug Without a Massive Code Rewrite
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/
You Had One Job, Outlook! Security Bug Fix Stops Mail App From Forwarding Attachments
Outlook will strip attachments from some forwarded emails once you've applied a security patch from this month's Patch Tuesday, Microsoft has admitted.
http://www.theregister.co.uk/2018/01/26/outlook_email_attachment_bug/
Microsoft Releases Emergency Windows Update to Hamstring Earlier ‘Spectre’ Defense
Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.
