Patch Tuesday, December 2019 Edition

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in … [Read more…]

CISO Magazine Honors KrebsOnSecurity

CISO Magazine, a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “Cybersecurity Person of the Year” in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are … [Read more…]

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected … [Read more…]