Issue 76

On vacation: minimal mode enabled

I'm currently on vacation with my family in beautiful Greece, and want to make the most of my time here with them.
But I didn't want to leave you out of sync with the security world, so I selected the stories that jumped out, just with a little less filtering and summarising. The result is a bit rougher, but I hope you still get value out of it :-)

Cheers!



Microsoft adds support for JavaScript functions in Excel

Days later a PoC came out for a CoinHive miner in an Excel sheet.
bleepingcomputer.com


Somebodytried to hide a backdoor in a popular Javascript npm package


bleepingcomputer.com


Backdoored Python library caught stealing SSH credentials


bleepingcomputer.com


Major OS vendors misinterpret Intel docs, and now kernels can be hijacked


threatpost.com


Copenhagen city's bicycle sharing system hacked; 1,800 bikes affected


hackread.com


Zero-day flaw exploited in targeted attacks is fixed by Microsoft


tripwire.com


350,000 cardiac devices need a security patch


sophos.com


The Pentagon bans Huawei and ZTE smartphone sales at military bases worldwide


grahamcluley.com


Updates

  • Multiple vulnerabilities in PHP found, update to your latest version: link
  • Microsoft and Adobe patch cycle: link
  • Lenovo patches remote code execution flaw: link
  • Another critical Cisco WebEx flaw patched: link
  • Critical bug in 7-zip patched: link


GDPR Rails: GDPR compliance tool for Ruby on Rails


helpnetsecurity.com


Securing your Linux web server


hackernoon.com


Sponsorship

Vulnerable web applications allow hackers to bypass corporate firewalls

A detailed technical article which explains how malicious attackers can target vulnerable web applications running on developers' workstations to bypass corporate firewalls. This might sound far fetched, but it is very typical for developers to run vulnerable (still being developed) web applications on their computers.
netsparker.com


New security features to manage your company Macs

Fleetsmith just launched new security features: remote lock and wipe of employees' devices and kernel extension whitelisting. You can also escrow each Mac's FileVault recovery key, and enforce a company policy for password and screen saver settings. I use Fleetsmith every day, much recommended :)
fleetsmith.com