The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. Drupal site owners should immediately - and we mean right now - update their sites to Drupal 7.58 or Drupal 8.5.1, depending on the version they're running.
CS Digest Section: Software Security
Microsoft's updates for the Meltdown microprocessor mega-flaw inadvertently left users running Windows 7 64-bit systems open to a "way worse" flaw, a researcher has claimed.
When the Spectre and Meltdown bugs hit, it became clear that they wouldn't be fixed with a few quick patches - the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three,
A third-party company that was paid to review the validity of the recent AMD flaws -RyzenFall, MasterKey, Fallout, and Chimera- has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.
Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.
Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.
The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
Outlook will strip attachments from some forwarded emails once you've applied a security patch from this month's Patch Tuesday, Microsoft has admitted.
Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.