Javascript added to Excel. Backdooring npm and Python packages.  

News

On vacation: minimal mode enabled

I'm currently on vacation with my family in beautiful Greece, and want to make the most of my time here with them.
But I didn't want to leave you out of sync with the security world, so I selected the stories that jumped out, just with a little less filtering and summarising. The result is a bit rougher, but I hope you still get value out of it :-)

Cheers!

Dieter Van der Stock

Microsoft adds support for JavaScript functions in Excel

Days later a PoC came out for a CoinHive miner in an Excel sheet.

bleepingcomputer.com

Somebodytried to hide a backdoor in a popular Javascript npm package

bleepingcomputer.com

Backdoored Python library caught stealing SSH credentials

bleepingcomputer.com

Major OS vendors misinterpret Intel docs, and now kernels can be hijacked

threatpost.com

Copenhagen city's bicycle sharing system hacked; 1,800 bikes affected

hackread.com

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

tripwire.com

350,000 cardiac devices need a security patch

sophos.com

The Pentagon bans Huawei and ZTE smartphone sales at military bases worldwide

grahamcluley.com

Updates

  • Multiple vulnerabilities in PHP found, update to your latest version: link
  • Microsoft and Adobe patch cycle: link
  • Lenovo patches remote code execution flaw: link
  • Another critical Cisco WebEx flaw patched: link
  • Critical bug in 7-zip patched: link
Dieter Van der Stock

GDPR Rails: GDPR compliance tool for Ruby on Rails

helpnetsecurity.com

Securing your Linux web server

hackernoon.com

Sponsorships

Vulnerable web applications allow hackers to bypass corporate firewalls

A detailed technical article which explains how malicious attackers can target vulnerable web applications running on developers' workstations to bypass corporate firewalls. This might sound far fetched, but it is very typical for developers to run vulnerable (still being developed) web applications on their computers.

netsparker.com

New security features to manage your company Macs

Fleetsmith just launched new security features: remote lock and wipe of employees' devices and kernel extension whitelisting. You can also escrow each Mac's FileVault recovery key, and enforce a company policy for password and screen saver settings. I use Fleetsmith every day, much recommended :)

fleetsmith.com

No spam, ever. We'll never share your email address and you can opt out at any time.