For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows and similar vulnerabilities. As a result, exploits cause a simple crash rather than a potentially catastrophic system compromise.
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Microsoft today took the unprecedented step of postponing an entire month's slate of security updates for Windows and its other products just hours before the patches were to begin rolling out to customers.
"We discovered a last-minute issue that could impact some customers and was not resolved in time for our planned updates today," Microsoft said in a post to the MSRC (Microsoft Security Research Center) blog. "After considering all options, we made the decision to delay this month's updates."
Today was set as Patch Tuesday, the monthly release of security fixes from Microsoft. Normally, Microsoft issues the updates around 10 a.m. PT (1 p.m. ET). Although Microsoft did not time stamp its blog post, the SAN Institute's Internet Storm Center (ISC) pointed out the delay at 8:22 a.m. PT (11:22 ET).
Ransomware is already a concern for the enterprise, educational facilities, and healthcare providers, and now cybersecurity researchers have demonstrated that it is no challenge for the malware family to take down the core infrastructure our cities need to operate.
On Monday, cybersecurity researchers from the Georgia Institute of Technology revealed the development of a new, custom form of ransomware which was created specifically with industrial systems in mind.
The malware and subsequent attack on a simulated water treatment plant were designed to highlight how cyberattackers could disrupt key services which cater to our critical needs, such as energy providers, water management utilities, heating, ventilation and air conditioning (HVAC) systems, or escalator controllers.