Monthly Archives: December 2017

BF-SIRT Newsletter 2017-51

Google’s Project Zero released details of a local proof-of-concept attack against a fully patched Windows 10 PC that allows an adversary to execute untrusted JavaScript outside a sandboxed environment on targeted systems. These vulnerabilities was patched this month, and they … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-51

BF-SIRT Newsletter 2017-50

This weeks top stories begins with the ROBOT attack, a bug in the implementation of RSA key exchange for products using PKCS #1 v1.5. This includes SSL\TLS if RSA is used for for exchanging keys. The bug can let an … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-50

BF-SIRT Newsletter 2017-49

This weeks top stories is that Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability that could lead to remote code execution in Microsoft’s own Malware Protection Engine. CVE-2017-11937 uses a memory corruption bug that lets a specially crafted file … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-49

BF-SIRT Newsletter 2017-48

This weeks top stories is that half of the Internet’s email servers was vulnerable to a remote code execution, half the planets inhabitants seemingly wondered how blank password could give privilege escalation in the latest version of macOS. Financially focused … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-48