Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.
Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the Windows DNS server. It’s considered a low-complexity attack, but does require local network access to pull off. CVE-2021-26867 is another of the patched vulnerabilities that sounds very serious, allowing an attacker on a Hyper-V virtual machine to pierce the barrier and run code on the hypervisor. The catch here is that the vulnerability is only present when using the Plan 9 filesystem, which surely limits the scope of the problem to a small handful of machines.
The most interesting fixed flaw was CVE-2021-26411 a vulnerability that allowed remote code execution when loading a malicious web page in either IE or pre-chromium Edge. That flaw was actively being exploited in a unique APT campaign, which we’ll cover right after the break.
Continue reading “This Week In Security: APT Targeting Researchers, And Someone Watching All The Cameras”
I can’t help but wonder how long it will be before the movie title “Dial M for Murder” becomes mysterious to most of the population. After all, who has seen a dial phone lately? Sure, there are a few retro phones, but they aren’t in widespread use. It may not be murder, but it turns out that the dial telephone has its roots in death — or at least the business of death. But to understand why that’s true, you need to go back to the early days of the telephone.
Did you ever make a tin can phone with a string when you were a kid? That dates back to at least 1667. Prior to the invention of what we think of as the telephone, these acoustic phones were actually used for specialized purposes.
We all know that [Alexander Graham Bell] made a working telephone over a wire, drawing inspiration from the telegraph system. However, there’s a lot of dispute and many others about the same time were working on similar devices. It is probably more accurate to say that [Bell] was the first to successfully patent the telephone (in 1876, to be exact).
Continue reading “Rotary Phones And The Birth Of A Network”