securityXspace: a blog about cyber-philosophy.

It’s monthly Microsoft patching time, with the software giant releasing updates to fix 79 vulnerabilities across their product range, with 17 critical and 61 important. A couple of these were to fix vulnerabilities with a public exploit. One of these is probably CVE-2019-1235, the privilege escalation in Windows Text Service Framework (TSF), which was disclosed…

Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. Firefox Private Network service is currently in beta and available only to desktop users in the United States as part of Mozilla’s…

It’s Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). Source: Adobe Releases…

Coders release a working exploit for the dangerous Bluekeep bug that was found and patched earlier this year in Microsoft’s Remote Desktop Protocol implementation Source: Metasploit Project publishes exploit for Bluekeep bug

The Instagram account of Robert Downey Jr. has been hacked. He is the last celebrity to have their social media accounts compromised. This time the attacker did not publish offensive content but attempted to monetize their efforts by posting fake giveaways for Apple products. Source: Robert Downey Jr’s Instagram account has been hacked

Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 30 and Sep. 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically…

A senior executive at private browser company Brave has accused Google of using a workaround that lets it identify users to ad networks. Source: Brave accuses Google of sidestepping GDPR

Phone numbers linked to more than 400 million Facebook accounts were listed online in the latest privacy lapse for the social media giant, US media reported Wednesday. read more Source: 400 Mn Facebook Users’ Phone Numbers Exposed in Privacy Lapse: Reports

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. Source: WordPress 5.2.3 Security and Maintenance Release

Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 23 and Aug. 30. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically…