News
Personal note
Back from vacation!
Getting right back to work, catching up on all the things :-) Enjoy!
Google fixes high-severity browser engine flaw
It could lead to remote code execution. No exploit has been seen yet though, and I think you'd still have to get through the sandbox? But still, better make sure you have the latest.
Cisco IOS XE routers vulnerable to rare 10/10-severity security flaw
It allows anyone on the internet to bypass the login for an IOS XE device without the correct password. Patch em if you got em.
Protocol used by 630,000 devices can be abused for devastating DDoS attacks
Researchers warn that the WS-Discovery protocol can readily be abused for DDoS attacks, which are in fact already a weekly occurrence. It seems it has the potential for an amplification factor of over 300.
Avast and French police take over malware botnet and disinfect 850,000 computers
They took control of the command & control servers of the Retadup botnet, ordering the malware to delete itself from over 850.000 Windows systems. Kudos.
Google Chrome to warn if logins are found in a data breach
They couldn't let Firefox have all the glory right? :-)
Windows 7 end of life: months from patch cut-off, millions still haven't upgraded
The deadline is January 14, 2020. Better start looking into this if you're still on Windows 7.
Python 2 scheduled to be end-of-life soon, update to Python 3
More EOL news! The deadline here is January 1st, 2020. Good to keep on your radar.
Starbucks left subdomain open to hijacking
Good reminder to check your records for orphaned entries.
Blocking newly-registered domains as a security measure?
I mean, it obviously has issues. But depending on the company I can see it making sense. Simple and rather effective.
Sponsorships
1Password for Teams and Business
We use 1Password to share passwords and secure notes at my current job, same as at my last job. I've tried many alternatives, but always found them to be the best option.