Security News

Otorio's incident response team identified a high-score vulnerability in OSISoft's PI System. Installed in some of the world's largest critical infrastructure facilities, OSIsoft Software's PI System is a data management platform that accesses a broad range of core OT network assets in the sites it serves.

Trend Micro has pulled the Privacy Browser from its Dr Safety Android security suite following the discovery of a reoccurring flaw that could be abused to trick people into thinking malicious pages were legit. Trend responded by pulling the app from its Android security suite.

"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all." "This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".

Firefox 77 and Tor Browser 9.5 were released this week with patches for a variety of vulnerabilities, including several rated high severity. Mozilla's browser arrived with a total of 8 security fixes, including 5 that address high severity issues.

The Tor Project this week rolled out an update to its browser that attempts to make the anonymity-protecting onion routing scheme more approachable. The Tor Project itself emerged from federally funded research led by the US Office of Naval Research and DARPA. Tor is an acronym for the original name of the project, The Onion Router, an encrypted networking protocol designed to support anonymous communication - although paradoxically a popular website for Tor users is Facebook.

Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches.

People can generally hear audio frequencies ranging from 20 Hz and 20,000 Hz, though individual hearing ranges vary. Samuel Weiler, a web security engineer with MIT CSAIL and a member of the W3C's Privacy Interest Group, recently pushed to re-open a discussion about limiting the Web Audio API so that it cannot be used to generate or listen for ultrasonic signals without permission.

Recorded Future this week announced the availability of Express, a free web browser extension designed to help security teams prioritize vulnerability patching and alerts from security information and event management tools. The extension is currently available for Chrome and Firefox, and once it's installed an icon with the Recorded Future logo will be added to the browser's toolbar.

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.

If you own a Xiaomi smartphone or have installed the Mi browser app on any of your other brand Android device, you should enable a newly introduced privacy setting immediately to prevent the company from spying on your online activities. The smartphone maker has begun rolling out an update to its Mi Browser/Mi Browser Pro and Mint Browser after concerns were raised over its practice of transmitting web browsing histories and device metadata to the company servers.