Happy Monday, IT folks. Ready to patch and then restart your machines? I hope so as Microsoft released an out-of-band patch for a remote, critical flaw in the way Windows Adobe Type Manager Library handles OpenType fonts; all supported versions of Windows are affected. It's being exploited in the wild and Microsoft admitted some of its customers could be attacked. It's not every day Microsoft releases an out-of-band patch, so when it does so instead of deploying the fix on Patch Tuesday, then it means patch now.This morning Microsoft Premier Support customers received notification that Microsoft would release an out-of-band patch for a critical remote code execution (RCE) vulnerability that affects all versions of Windows. There was no more information, other than that a reboot would be required after the patch was installed. Everyone else was notified when Microsoft made the out-of-band patch announcement at 10 am PST.To read this article in full or to leave a comment, please click here
After attending IDEX 2015 (International Defense Exhibition), Boeing subsidiary Insitu become interested in using its surveillance drones to deliver Hacking Team malware for even more surveillance.In April, an Insitu mechanical engineer intern sent an email to the Hacking Team which stated:
We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.To read this article in full or to leave a comment, please click here
For July 2015, Microsoft released 14 security bulletins, with four patches rated as "critical" remote code execution (RCE) fixes. At least one of the fixes rated "critical" and some rated as "important" are currently being exploited in the wild.Patches rated CriticalMS15-065 resolves 28 flaws in Internet Explorer that could otherwise "modify how IE, VBScript and Jscript handle objects in memory." Qualys CTO Wolfgang Kandek pointed out that three of these were previously known (CVE-2051-2413, CVE-2015-2419 and CVE-2015-2421 ). "CVE-2015-2425 seems to come from the data dump at Hacking Team as well and I am impressed by the fix speed that Microsoft showed here. Of the other vulnerabilities a full 19 are of type RCE and allow the attacker to take over the targeted machine simply by browsing to a malicious, or infected site."To read this article in full or to leave a comment, please click here
As ridiculous as it was when police in Georgia arrested an electric car owner for stealing five cents of electricity, it may be more ridiculous that a UK man was arrested for stealing about a 'penny's worth' of power after charging his iPhone on a train.The entire episode was "ridiculous," artist Robin Lee told the London Evening Standard. He had plugged his iPhone into the train to charge it during a trip that took about "eight or nine minutes" and was then arrested for "abstracting electricity."To read this article in full or to leave a comment, please click here
“Developing the U.S. market. Well done,” reads an email from Hacking Team CEO David Vincenzetti dated on May 22. That comment was in regards to the Hacking Team meeting with the Florida Metropolitan Bureau of Investigation (MBI) in Orlando after the police agency expressed an interest in purchasing surveillance malware. MBI is a “a multi-agency task force that covers Orange and Osceola counties” and includes members from DEA, FBI, ICE, Secret Service and other agencies.To read this article in full or to leave a comment, please click here
Did you know "the U.S. accounts for more than 42% of the world's most dangerous mobile apps targeting non-jailbroken and non-rooted devices? These apps aren't found on shady third-party stores—they're found right in the trusted Apple App Store and Google Play—putting the everyday consumer at higher risk for privacy violation than they likely realize." That's just one nugget from Marble Security's threat stats after the firm's analysts, cryptographers, and cybercrime specialists analyzed over 3.5 million iOS and Android apps from more than 650,000 publishers. They scored each app "against 1,000 potentially malicious and privacy-leaking behaviors to determine whether it is risky or safe."To read this article in full or to leave a comment, please click here
Although the cost of 3D printers continues to drop so that more people have them in their homes, it’s not like most homes have one. But innovative minds keep turning out new and improved 3D printers, such as the following three new types: one can print soft and cuddly objects from fabric; another includes actuators that allow an object to morph after being exposed to external stimuli; the last has a retrofit kit to change 3D printers into 3D food printers.Disney 3D-prints soft objects from fabric You know how little kids can be super attached to one particular item like a toy or a blanket? And if that item gets lost or destroyed, it’s a red alert unless you can find another exactly like the first. If that beloved object is a soft cuddly toy, wouldn’t be great if you could 3-D print another? Disney Research has come up with a 3D printer that can create soft interactive objects like a printed fabric bunny.To read this article in full or to leave a comment, please click here
Bless Microsoft’s heart; it’s still betting on Windows Phones. In fact, Microsoft is “excited” about the “impressive growth of the Windows Phone ecosystem.” The company is so excited that it released the infographic (posted above), bragging about that growth.Have you looked at the smartphones Microsoft has introduced so far at World Mobile Congress? I hadn’t heard of most of the brands, but any growth is better than none. We aren't going to look too hard at any specs, since none of them are high-end, but you can see some pictures of them.To read this article in full or to leave a comment, please click here
Ms. Smith