Quite amazing in just 19 months time. Also, in that same timespan the percentage of page loads over HTTPS across the Web has gone from 40% to 58%.
Systemd-resolved provides network name resolution and could be exploited by a malicious DNS server with a specially crafted TCP packet. Ubuntu, Fedora, Arch and some others are affected. Updates are available.
EMET stands for Enhanced Mitigation Experience Toolkit, a tool that aims to make vulnerabilities harder to exploit.
Related, Windows 10 Fall Creators Update will also include protected folders to try and fight ransomware.
They suspect that Kaspersky is under influence of the Russian government, although no evidence has been shown so far.
Kaspersky's founder, Eugene Kaspersky, is willing to open it's source code to the US for review to show he has nothing to hide.
They say it wasn't their network that was breached. Rather it was an employee's Github account that was hacked, which had access to a system that made backups of the user database.
Azure AD Connect allows a company to hook up existing Active Directory infrastructure to Azure. If you use this service you'll have to update to the latest version of Connect. You can find Microsoft's advisory here.
The firewall aims to help telecom providers with defending against the myriad of SS7 vulnerabilities, which allow, among other things, to hijack two-factor text messages.
These scammers have registered, among others, google.feedback. They ask the companies for money to receive the feedback or take the website down.
Bloomberg reports on an interesting trend where more and more M&A deals include an evaluation of cyber-security risks. This seems to have been prompted by Yahoo's breach making it worth $350 million less to Verizon.
Great article from Fortune.com on Google's Project Zero, providing background on how it was started, how CloudBleed was handled, and how other companies look at the initiative. Worth the read. (Warning though: possible auto-playing video ahead).
Guido Vranken, the researcher who recently discovered a set of vulnerabilities in OpenVPN, makes a case for preferring automated fuzzing over manual code reviews. Afterwards he takes a deep technical dive in the vulnerabilities themselves.
It's a free tool created by Elad Erez, Director of Innovation at Imperva. It scans your network to see if any machines are still vulnerable to the SMB exploit that gave us WannaCry and NotPetya. You can get the tool here.
Fun project that replies to port scans with movie spoilers :-)