• Home
  • Resources
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Cybersecurity Related Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Store
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cart
  • Skip to primary navigation
  • Skip to content
  • Skip to footer
Login / Register

CSIAC

Cyber Security and Information Systems Information Analysis Center

header-right

Main navigation

  • Resources
    • Cybersecurity Policy Chart
    • CSIAC Reports
    • Webinars
    • Podcasts
    • Cybersecurity Digest
    • Standards & Reference Docs
    • Journals
    • Certifications
    • Acronym DB
    • Topic Tags
    • Cybersecurity Websites
  • Services
    • Free Technical Inquiry
    • CAT Program
    • Subject Matter Experts
    • Store
    • Training
    • Contact
  • Community
    • Upcoming Events
    • Cybersecurity
    • Modeling & Simulation
    • Knowledge Management
    • Software Engineering
    • Cyber COI
  • About
    • About the CSIAC
    • The CSIAC Team
    • DTIC’s IAC Program
    • DTIC’s R&E Gateway
    • Inquiries & CAT’s
    • FAQ’s
    • DTIC STI Program
  • Cart
  • Cybersecurity
  • Modeling & Simulation
  • Knowledge Management
  • Software Engineering
  • Cyber COI
/ All CS Digest Sections / RECENT HEADLINES / Software Security

CS Digest Section: Software Security

Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites

Posted: 04/03/2018 | Leave a Comment

The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL. Drupal site owners should immediately - and we mean right now - update their sites to Drupal 7.58 or Drupal 8.5.1, depending on the version they're running.

https://www.bleepingcomputer.com/news/security/drupal-fixes-drupalgeddon2-security-flaw-that-allows-hackers-to-take-over-sites/

Microsoft’s Windows 7 Meltdown Patch Created ‘Worse’ Flaw

Posted: 04/03/2018 | Leave a Comment

Microsoft's updates for the Meltdown microprocessor mega-flaw inadvertently left users running Windows 7 64-bit systems open to a "way worse" flaw, a researcher has claimed.

https://nakedsecurity.sophos.com/2018/03/29/microsofts-windows-7-meltdown-patch-created-worse-flaw/

Intel Announces Hardware Fixes for Spectre and Meltdown on Upcoming Chips

Posted: 03/20/2018 | Leave a Comment

When the Spectre and Meltdown bugs hit, it became clear that they wouldn't be fixed with a few quick patches - the problem runs deeper than that. Fortunately, Intel has had plenty of time to work on it, and new chips coming out later this year will include improvements at the hardware/architecture level that protect against the flaws. Well, two out of three,

https://techcrunch.com/2018/03/15/intel-announces-hardware-fixes-for-spectre-and-meltdown-on-upcoming-chips/

AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer

Posted: 03/20/2018 | Leave a Comment

A third-party company that was paid to review the validity of the recent AMD flaws -RyzenFall, MasterKey, Fallout, and Chimera- has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.

https://www.bleepingcomputer.com/news/security/amd-flaws-pose-no-immediate-risk-of-exploitation-says-independent-reviewer/

Microsoft Updates Guideline on Windows Driver Security

Posted: 03/06/2018 | Leave a Comment

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.

https://www.bleepingcomputer.com/news/security/microsoft-updates-guideline-on-windows-driver-security/

Intel’s latest set of Spectre microcode fixes is coming to a Windows update

Posted: 03/06/2018 | Leave a Comment

Windows users running the latest version of Windows 10 on recent Intel processors will soon be receiving Intel's microcode updates to address the Spectre variant 2 attack.

https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/

Kali Linux Now in Windows Store, but Defender Flags Its Packages as Threats!

Posted: 03/06/2018 | Leave a Comment

The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.

https://www.bleepingcomputer.com/news/security/kali-linux-now-in-windows-store-but-defender-flags-its-packages-as-threats/

Skype Can’t Fix a Nasty Security Bug Without a Massive Code Rewrite

Posted: 02/20/2018 | Leave a Comment

A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.

http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/

You Had One Job, Outlook! Security Bug Fix Stops Mail App From Forwarding Attachments

Posted: 02/06/2018 | Leave a Comment

Outlook will strip attachments from some forwarded emails once you've applied a security patch from this month's Patch Tuesday, Microsoft has admitted.

http://www.theregister.co.uk/2018/01/26/outlook_email_attachment_bug/

Microsoft Releases Emergency Windows Update to Hamstring Earlier ‘Spectre’ Defense

Posted: 02/06/2018 | Leave a Comment

Microsoft on Saturday issued an out-of-band Windows security update that disabled a patch the company released earlier this month to protect personal computers from possible attacks leveraging one of the "Spectre" vulnerabilities.

https://www.computerworld.com/article/3252165/microsoft-windows/microsoft-releases-emergency-windows-update-to-hamstring-earlier-spectre-defense.html

  • Page 1
  • Page 2
  • Page 3
  • …
  • Page 11
  • Next Page »

Footer

CSIAC Products & Services

  • Free Technical Inquiry
  • Core Analysis Tasks (CATs)
  • Resources
  • Events Calendar
  • Frequently Asked Questions
  • Product Feedback Form
  • CSIAC Store

About CSIAC

The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More

Contact Us

Phone:800-214-7921
Email:info@csiac.org
Address:   266 Genesee St.
Utica, NY 13502
Send us a Message
ASD(R&E) LogoUS Department of Defense LogoDoD IACs LogoDTIC LogoTEMS Logo

Copyright 2018, Quanterion Solutions Incorporated

Sitemap | Privacy Policy | Terms of Use | Accessibility Information