-
News & Notes: Print Spooler Vulnerability
(Updated July 7, 2021) The #printnightmare nightmare continues. Microsoft is looking at a serious remote code execution (RCE) vulnerability dubbed #printnightmare, or more officially CVE-2021-34527). [1] As reported by IT WORLD CANADA [2], a Chinese security company leaked a proof of concept exploit for a zero day vulnerability that they thought had been plugged, meaning patched or fixed. (It’s common to openly discuss such vulnerabilities after they have been disclosed to the company and a patch issued.) BUT. In this case, the bug, or vulnerability, had NOT yet been patched in that time span. Microsoft has now issued a patch to address the #PrintNightmare Windows Print Spooler vulnerability (CVE-2021-34527). The…
-
News & Notes–June 30, 2021
Data for 700 million Linked In Users Posted for Sale: Linked In says that no public breach occurred so the next likely theory for the source went to the scraping of public profiles, according to the Cybersecurity Headlines podcast. Or more probably the publicly available info of each user. For instance, you can set your profile to be fully open to the public, or private with certain information set to be publicly available. So that info could be publicly available to search engines and the wider internet. (Always check your settings.) This comes after the loss of 500 million records in April. No financial info was released. But the raw…