June 10, Softpedia – (International) Microsoft patches zero-day used in targeted attacks. Microsoft released eight security bulletins, including vulnerability in Windows’ kernel-mode driver Win32k.sys that was leveraged by threat actors to elevate privileges and execute arbitrary code on affected machines. The bulletins also included two critical security patches for Internet Explorer and Windows Media Player that could have allowed the possibility of remote code execution. Source
June 10, Help Net Security – (International) Financial impact of SaaS storage breaches now $13.85 million. Findings from analysis in Elastica’s Shadow Data Report revealed that the direct financial impact of exposed data in software as a service models can be up to $13.85 million, and that 1.34 percent of all accounts had signs of malicious activities. Analysis also indicated that the healthcare industry suffers the highest frequency of policy violations due to leaks of protected health information, among other findings. Source
June 10, Securityweek – (International) VMware fixes critical security issues in Workstation, Fusion, Horizon View. VMware published fixes for several memory manipulation issues and denial-of-service (DoS) vulnerabilities affecting its Workstation, Player, and Horizon View Client for Microsoft Windows. Source
June 9, Softpedia – (International) DDoS attacks increase in Q2 2015, largest one over 253Gbps strong. Incapsula released findings from a report on distributed denial-of-service attacks in the second quarter of 2015 which revealed that powerful user datagram protocol (UDP) and synchronize (SYN) floods were the preferred method of network-layer attacks, while botnet-for-hire services were typically used to probe defenses. Incapsula reported that out of 56 percent of UDP and SYN floods seen, 8 percent were launched from “Internet of Things” (IoT) devices, among other findings. Source
June 9, Softpedia – (International) Flash Player 18.0.0.160 fixes 13 vulnerabilities. Adobe released updates for Flash Player addressing 13 security flaws, including vulnerabilities that could be leveraged for information disclosure, privilege escalation, and remote code execution, among others. Source