As part of this month's Patch Tuesday, Microsoft has released security patches for a serious privilege escalation vulnerability which affect all versions of its Windows operating system for enterprises released since 2007.
CS Digest Section: Software Security
OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?
A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades their computer.
Under Pressure, Western Tech Firms Bow to Russian Demands to Share Cyber Secrets
Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.
http://www.reuters.com/article/us-usa-russia-tech-idUSKBN19E0XB
CertLock Trojan Blocks Security Programs by Disallowing Their Certificates
A new trend in adware and unwanted program purveyors is to install protection software that makes it more difficult for Windows users to run their security programs and clean infections. This was seen with the SmartService rootkit that blocked AV software from running and now with a protection program being called CertLock.
PowerPoint File Downloads Malware When You Hover a Link, No Macros Required
Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.
DoD Announces the Launch of “Code.mil,” an Experiment in Open Source
DoD is working with GitHub, an open source platform, to experiment with fostering more collaboration between private sector software developers and federal employees on software projects built within the DoD. The Code.mil URL redirects users to an online repository that will house code written for a range of projects across DoD for individuals to review and
NIST Special Publication 800-160, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
Engineering-based approaches to solutions are essential to managing the growing complexity and interconnectedness of today’s systems—as exemplified by cyber-physical systems, systems-of-systems, and the Internet of Things.
“Most serious” Linux privilege-escalation bug ever is under active exploit
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.
Free Tool Protects PCs from Master Boot Record Attacks
The tool acts as a system driver and blocks ransomware and other malicious programs from injecting rogue code into the master boot record.
AtomBombing Microsoft Windows Via Code Injection
Researchers have identified a new way to inject malicious code into Windows systems -- and it doesn't exploit a vulnerability.
