Windows TCO Leftovers
-
CyberRisk Alliance LLC ☛ Are your GitHub Action artifacts leaking tokens? | SC Media
Palo Alto research found many open-source projects can be compromised through public artifacts.
-
Bleeping Computer ☛ Microsoft is killing the Windows Paint 3D app after 8 years
-
Security Week ☛ Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely.
Technical details on the vulnerability, tracked as CVE-2024-38063, remain scarce but Microsoft’s sparse documentation suggests a worm-like attack is practical on the newest versions of its flagship operating system.
-
PC World ☛ Oh, damn! Word and Outlook can crash when you type
Microsoft warns that merely typing in several Microsoft 365 apps can cause the app itself to unexpectedly crash, a rather rude way to interrupt your day! While there’s no fix at the present, there is a workaround.
-
Krebs On Security ☛ NationalPublicData.com [Breach]| Exposes a Nation’s Data
A great many readers this month reported receiving alerts that their Social Security Number, name, address and other personal information were exposed in a breach at a little-known but aptly-named consumer data broker called NationalPublicData.com. This post examines what we know about a breach that has exposed hundreds of millions of consumer records. We’ll also take a closer look at the data broker that got hacked — a background check company founded by an actor and retired sheriff’s deputy from Florida.
-
EFF ☛ 2 Fast 2 Legal: How EFF Helped a Security Researcher During DEF CON 32
Throughout the year, we receive a number of inquiries from security researchers who seek to report vulnerabilities or present on technical exploits and want to understand the legal risks involved. Enter the EFF Coders’ Rights Project, designed to help programmers, tinkerers, and innovators who wish to responsibly explore technologies and report on those findings. Our Coders Rights lawyers counsel many of those who reach out to us on anything from mitigating legal risk in their talks, to reporting vulnerabilities they’ve found, to responding to legal threats. The number of inquiries often ramp up in the months leading to “hacker summer camp,” but we usually have at least a couple of weeks to help and advise the researcher.
In this case, however, we did our work on an extremely short schedule.
Dennis is a prolific researcher who has presented his work at conferences around the world. At DEF CON, one of the talks he planned along with a co-presenter involved digital locks, including the vendor Digilock. In the months leading up to the presentation, Dennis shared his findings with Digilock and sought to discuss potential remediations. Digilock expressed interest in these conversations, so it came as a surprise when the company sent him the cease-and-desist letter on the eve of the presentation raising a number of baseless legal claims.