Windows 10 zero-day vulnerability dropped on Twitter without warning

Security Digest Information security news and advice from TechTarget's network| September 5, 2018 FEATURED STORY Windows 10 zero-day disclosed on Twitter, no fix in sight by Michael Heller, Senior Reporter Security researcher SandboxEscaper released proof-of-concept code for a Windows 10 zero-day on Twitter, but Microsoft has no details for a potential patch. (SearchSecurity.com) Advertisement NEWS   Congress wants CVE program changes from DHS and MITRE In a letter to DHS and MITRE, Congress said CVE program management has been 'insufficient' and called for the program to receive more consistent funding and additional oversight. (SearchSecurity.com)   Five Eyes wants to weaken encryption, or legislation may be needed Five Eyes -- the government intelligence alliance between Australia, Canada, New Zealand, the U.K. and the U.S. -- vows not to weaken encryption, while pushing for encryption backdoors. (SearchSecurity.com)   Another patched Apache Struts vulnerability exploited News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more. (SearchSecurity.com)   Risk & Repeat: Are the Meltdown and Spectre flaws overhyped? In this week's Risk & Repeat podcast, SearchSecurity editors discuss whether or not Meltdown and Spectre deserved to be nominated for the Pwnie Awards' Most Overhyped Bug. (SearchSecurity.com) EXPERT ADVICE   How insider fraud can be detected and avoided in the enterprise IT sabotage and insider threats can put an organization at great risk. Guest expert Peter Sullivan details preventative measures to take and employee training techniques. (SearchSecurity.com)   How hard-coded credentials threaten industrial control systems Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors. Expert Ernie Hayden explains the threat and what enterprises can do about it. (SearchSecurity.com)   How to monitor and detect a cloud API vulnerability A REST API vulnerability in Salesforce's Marketing Cloud service put users at risk of data disclosure. Learn how to detect cloud API vulnerabilities from expert Rob Shapland. (SearchCloudSecurity.com)   SamSam ransomware: How can enterprises prevent an attack? SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.