Issue 76

On vacation: minimal mode enabled

I'm currently on vacation with my family in beautiful Greece, and want to make the most of my time here with them.
But I didn't want to leave you out of sync with the security world, so I selected the stories that jumped out, just with a little less filtering and summarising. The result is a bit rougher, but I hope you still get value out of it :-)


Microsoft adds support for JavaScript functions in Excel

Days later a PoC came out for a CoinHive miner in an Excel sheet.

Somebodytried to hide a backdoor in a popular Javascript npm package

Backdoored Python library caught stealing SSH credentials

Major OS vendors misinterpret Intel docs, and now kernels can be hijacked

Copenhagen city's bicycle sharing system hacked; 1,800 bikes affected

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

350,000 cardiac devices need a security patch

The Pentagon bans Huawei and ZTE smartphone sales at military bases worldwide


  • Multiple vulnerabilities in PHP found, update to your latest version: link
  • Microsoft and Adobe patch cycle: link
  • Lenovo patches remote code execution flaw: link
  • Another critical Cisco WebEx flaw patched: link
  • Critical bug in 7-zip patched: link

GDPR Rails: GDPR compliance tool for Ruby on Rails

Securing your Linux web server


Vulnerable web applications allow hackers to bypass corporate firewalls

A detailed technical article which explains how malicious attackers can target vulnerable web applications running on developers' workstations to bypass corporate firewalls. This might sound far fetched, but it is very typical for developers to run vulnerable (still being developed) web applications on their computers.

New security features to manage your company Macs

Fleetsmith just launched new security features: remote lock and wipe of employees' devices and kernel extension whitelisting. You can also escrow each Mac's FileVault recovery key, and enforce a company policy for password and screen saver settings. I use Fleetsmith every day, much recommended :)