A Windows zero-day bug has made the news . By zero-day , it means that a vulnerability has been exposed Vulnerability-related.DiscoverVulnerability but it is not yet patched Vulnerability-related.PatchVulnerability . Darren Allan in TechRadar was one of the tech watchers reporting Vulnerability-related.DiscoverVulnerability on the vulnerability , which could occur through a privilege escalation bug . `` The user linked to a page on GitHub which appears to contain a proof-of-concept ( PoC ) for the vulnerability , '' said Charlie Osborne in ZDNet . `` CERT/CC ( the US cybersecurity organization which looks to counter emerging threats ) has confirmed Vulnerability-related.DiscoverVulnerability that this vulnerability can be leveraged against a 64-bit Windows 10 PC which has been fully patched Vulnerability-related.PatchVulnerability up to date , `` said TechRadar , in turn referring to a story in The Register , Richard Chergwin , The Register , had reported Vulnerability-related.DiscoverVulnerability that `` CERT/CC vulnerability analyst Will Dormann quickly verified Vulnerability-related.DiscoverVulnerability the bug . '' CERT/CC did a formal investigation , and posted an advisory . `` 'Microsoft Windows task scheduler contains Vulnerability-related.DiscoverVulnerability a vulnerability in the handling of ALPC , which can allow a local user to gain SYSTEM privileges , ' the alert stated . '' This can be leveraged to gain SYSTEM privileges . We have confirmed Vulnerability-related.DiscoverVulnerability that the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems . We have also confirmed Vulnerability-related.DiscoverVulnerability compatibility with 32-bit Windows 10 with minor modifications to the public exploit code . Compatibility with other Windows versions is possible with further modifications . '' Should we worry ? Allan said it is a local bug . The attacker would have to be already logged into the PC to exploit it , or be running code on the machine . But wait . Though local , Ars Technica 's Peter Bright let its readers know what the flaw allows one to do . Not pretty . Bright wrote that `` The flaw allows anyone with the ability to run code on a system to elevate their privileges to 'SYSTEM ' level , the level used by most parts of the operating system and the nearest thing that Windows has to an all-powerful superuser . '' Osborne in ZDNet said that while the impact was limited , `` the public disclosure of a zero-day is still likely a headache for the Redmond giant . ''

JobStreet is informing clients by email whether they were caught up in a Malaysia-based data breach Attack.Databreach that affected 19 different companies . “ We are writing to notify you that we recently identified a post claiming that personal information from the databases of 19 corporations and associations had been made public , including ours , ” the email says . According to website haveibeenpwned.com , 3,883,455 JobStreet accounts were affected by the breach Attack.Databreach . It says the information was freely downloadable on a Tor hidden service . The breach Attack.Databreach also affected more than 46 million Malaysian users and several telecommunications companies . Telecommunications providers caught by the breach Attack.Databreach include Altel , Celcom , DiGi , EnablingAsia , Friendi , Maxis , Merchantrade Asia , PLDT , Redtone , Tunetalk , Umobile and XoX , reports suggest . It also affected organisations such as the Academy of Medicine Malaysia , the Malaysian Dental Association , the Malaysian Medical Association , and the National Specialist Register of Malaysia . Reports speculate that more than 81,000 records were stolen Attack.Databreach from these organisations . “ Our investigations established that some personal candidate information pertaining to accounts created before July 2012 has been exposed Attack.Databreach . To help protect our customers , the team is continuously enhancing our security measures for all user information stored with JobStreet.com , ” JobStreet CEO Suresh Thiru says in an email . According to media reports , that personal information includes identity card numbers , addresses , login IDs , passwords , names , emails and phone numbers . Haveibeenpwned.com also notes that on JobStreet , dates of birth , genders , geographic locations , marital statuses , nationalities and usernames were also compromised Attack.Databreach . The Malaysian Communications and Multimedia Commission ( MCMC ) may have discovered the possible source of the data leaks Attack.Databreach , according to Malaysian Communications Minister Salleh Said Keruak . `` We have identified several potential sources of the leak and we should be able to complete the probe soon , '' he announced .

Allrecipes , the self-described `` food-focused social network '' , has sent an email out to some of its users warning that their email addresses and passwords may have been intercepted Attack.Databreach by an unknown third-party . In the email , the site warns that users who registered an allrecipes.com account or logged on as a registered member of the site prior to June 2013 ( yes , that 's almost four years ago ) , may have had their email address and password stolen Attack.Databreach . Part of the email reads as follows : We recently determined that the email address and password typed into allrecipes.com by members when they created or logged into their accounts prior to June 2013 may have been intercepted Attack.Databreach by an unauthorized third party . Based on information available to us , we can not determine with certainty who did this or how this occurred . Our best analysis is that email addresses and allrecipes.com passwords were intercepted Attack.Databreach during account registration or login by our members . To its credit , the site has advised affected users to change their Allrecipes password , and ensure that they are not using the same password anywhere else on the net : Out of an abundance of caution , we recommend that all members who registered or logged into allrecipes.com prior to June 2013 promptly change their password . We are taking other steps as well and will continue to work diligently to deter unauthorized activity . You should promptly change your password on allrecipes.com and on any other sites for which you use the same username and password . From what I have seen , Allrecipes has only mentioned the breach when asked direct questions about it via Twitter . How hard would it have been to post a link to an advisory on the front page of its website , and tweet out a link to it ? . Clearly plenty of questions remain about how this security breach might have happened , and Allrecipes ' response to it . But at the very least I would have been pleased to see them be more transparent with their users . The data breach Attack.Databreach has , understandably , left an unpleasant taste in the mouths of affected users - some of whom turned to Twitter to express themselves . That Twitter user is correct . It 's not just a problem that their password has been exposed Attack.Databreach . Passwords , after all , can be changed fairly easily and if you 're only using it one place than the risks are , at least , reduced . Most users , however , only have one email address and are n't keen to change them that often . A hacker who has stolen Attack.Databreach your email address and password may not only attempt to use those credentials to unlock other online accounts you own , but might also monetise their theft by launching spam or phishing attacks against your inbox .