June 23, Help Net Security – (International) Critical RubyGems vulns can lead to installation of malicious apps. Security researchers at Trustwave discovered a vulnerability in the RubyGems package manager in which an attacker could redirect a RubyGem client using hypertext transfer protocol secure (HTTPS) to an attacker controlled gem server, bypassing HTTPS verification and allowing the attacker to install malicious or trojan gems. Source
June 23, Softpedia – (International) Minor Chrome release fixes high severity issues. Google released an update for its Chrome browser addressing issues including a scheme validation error in WebUI, and a cross-origin bypass bug in the browser’s layout engine, among other fixes. Source
June 22, Threatpost – (International) HP releases details, exploit code for unpatched IE flaws. Security researchers at Hewlett-Packard Company’s Zero Day Initiative released details on unpatched Microsoft Internet Explorer vulnerabilities which could allow attackers to fully bypass address space layout randomization (ASLR) mitigation in the browser. Source
June 22, ABC News – (National) Feds feared tens of millions impacted by OPM hack, internal memo says. An internal assessment by the U.S. Office of Personnel Management warned the cyber-assault on its computer systems may have affected as many as 18 million Americans, increasing the number of potential victims from the estimated 4.2 million announced June 4. Source