Windows Zero-Day Emerges in Active Exploits

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A just-patched vulnerability in the Windows operating system that was previously unknown up until last week is being actively exploited in the wild; it opens the door for full system takeover.

Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns, the researchers said, targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).

Read more

Top 5 Security News

This DDoS Attack Unleashed the Most Packets Per Second Ever. Here’s Why That’s Important.

DNS Hijacking Abuses Trust In Core Internet Service

OEM Presentation Platform Vulnerabilities

TinyPOS: Handcrafted Malware in Assembly Code

World Password Day – what (NOT!) to do