This is the Shared Security Weekly Blaze for May 14, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox. This episode was hosted by Tom Eston. Listen to this episode and previous ones direct via your web browser by clicking here!
Help the podcast and leave us a review! We would really appreciate you leaving a review in iTunes. Reviews really help move us up the podcast ratings list and are greatly appreciated!
Show Transcript
This is your Shared Security Weekly Blaze for May 14th 2018 with your host, Tom Eston. In this week’s episode: Recent windows vulnerabilities, exposed Twitter and GitHub passwords and the latest credit freeze controversy.
The Shared Security Podcast is sponsored by Silent Pocket. With their patented Faraday cage product line of phone cases, wallets and bags you can block all wireless signals which will make your devices instantly untrackable, unhackable and undetectable. Visit silent-pocket.com for more details.
Hi everyone, I’m Tom Eston, Co-host of the Shared Security podcast. Welcome to the Shared Security Weekly Blaze where we update you on the top 3 security and privacy topics from the week. These weekly podcasts are published every Monday and are 15 minutes or less quickly giving you “news that you can use”.
If you like this podcast we would really appreciate you leaving a five star review in iTunes. Reviews really help move us up in the podcast ratings and attract more listeners. We’ll be sure to thank you for your review on the show! Thanks for your support!
Microsoft has recently released patches for two rather serious vulnerabilities that are currently being exploited in the wild. One vulnerability, dubbed “Double Kill”, affects the Windows VBScript engine through the Internet Explorer web browser which impacts most modern Windows operating systems including Windows 10. The other vulnerability is described as an elevation of privilege vulnerability which only affects Windows 7 and Windows Server 2008. With the VBScript engine vulnerability, an attacker leverages a malicious Word document to exploit the flaw through the Internet Explorer web browser. The interesting aspect of this attack is that even if you don’t use Internet Explorer, and use another browser like Chrome or Firefox, you can still fall victim to this attack. This is because Internet Explorer is tightly integrated into the rest of the Windows operating system. Researchers have noted that this vulnerability in particular is looking to be one of the most exploited in the future because of the way it leverages Internet Explorer to conduct the attack. The other critical vulnerability announced is a little harder to exploit as the attacker needs to login to a Windows system as a regular user, then run an application to exploit the vulnerability, which would give the attacker full control of the victim’s system. Lastly to note, there were about 20 more critical updates that were part of this most recent patch release from Microsoft that are not yet known to be actively exploited.
The best way to protect yourself against these latest vulnerabilities and future ones is to ensure you’re running the most current version of Windows as well as checking that Windows Update is set to automatically download and install c
Published on 7 years, 7 months ago
If you like Podbriefly.com, please consider donating to support the ongoing development.
Donate