The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organizations that use digital identity services.
Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine. The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.
A targeted user who had real-time protection turned on wasn't required to click on the booby-trapped file or take any other action other than visit the malicious website or receive the malicious e-mail or instant message. Even when real-time protection was off, malicious files would be executed shortly after a scheduled scan started. The ease was the result of the vulnerable x86 emulator not being protected by a security sandbox and being remotely accessible to attackers by design. That's according to Tavis Ormandy, the Google Project Zero researcher who discovered the vulnerability and explained it in a report published Friday.
Ormandy said he identified the flaw almost immediately after developing a fuzzer for the Windows Defender component. Fuzzing is a software testing technique that locates bugs by subjecting an application to corrupted data and other types of malformed or otherwise unexpected input.
Read the full post at darknet.org.uk
The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, private debt collection, and scams that target taxpayers with limited English proficiency.