Microsoft this week released Vulnerability-related.PatchVulnerability software updates to fix Vulnerability-related.PatchVulnerability roughly 50 security problems with various versions of its Windows operating system and related software , including one flaw that is already being exploited Vulnerability-related.DiscoverVulnerability and another for which exploit code is publicly available . The zero-day bug — CVE-2018-8453 — affects Vulnerability-related.DiscoverVulnerability Windows versions 7 , 8.1 , 10 and Server 2008 , 2012 , 2016 and 2019 . According to security firm Ivanti , an attacker first needs to log into the operating system , but then can exploit this vulnerability to gain administrator privileges . Another vulnerability patched Vulnerability-related.PatchVulnerability on Tuesday — CVE-2018-8423 — was publicly disclosed Vulnerability-related.DiscoverVulnerability last month along with sample exploit code . This flaw involves a component shipped on all Windows machines and used by a number of programs , and could be exploited Vulnerability-related.DiscoverVulnerability by getting a user to open a specially-crafted file — such as a booby-trapped Microsoft Office document . KrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases Vulnerability-related.PatchVulnerability monthly security updates before installing the fixes , with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out . This month , Microsoft briefly paused Vulnerability-related.PatchVulnerability updates for Windows 10 users after many users reported losing all of the files in their “ My Documents ” folder . The worst part ? Rolling back to previous saved versions of Windows prior to the update did not restore the files . Microsoft appears to have since fixed Vulnerability-related.PatchVulnerability the issue , but these kinds of incidents Vulnerability-related.PatchVulnerability illustrate the value of not only waiting a day or two to install updates but also manually backing up your data prior to installing patches ( i.e. , not just simply counting on Microsoft ’ s System Restore feature to save the day should things go haywire ) . Mercifully , Adobe has spared Vulnerability-related.PatchVulnerability us an update this month for its Flash Player software , although it has shipped Vulnerability-related.PatchVulnerability a non-security update for Flash .

A new variant of the IoT/Linux botnet “ Tsunami ” has been identified by Unit 42 researchers , according to a blog post by Palo Alto Networks . Co-authored by Claud Xiao , Cong Zheng and Yanhui Jia , the post names the new variant as Amnesia , a botnet that targets an unpatched remote code execution vulnerability . This vulnerability was publicly disclosed Vulnerability-related.DiscoverVulnerability over a year ago in March 2016 in DVR ( digital video recorder ) devices made by TVT Digital and branded by over 70 vendors across the globe . This unpatched remote code execution vulnerability affects Vulnerability-related.DiscoverVulnerability about 227,000 devices around the world especially Taiwan , the United States , Israel , Turkey , and India . The researchers note that the Amnesia malware is the first Linux malware to adopt virtual machine evasion techniques to defeat malware analysis sandboxes . Typically , these virtual machine evasion techniques are more commonly associated with Microsoft Windows and Google Android malware . Amnesia aims to detect whether it ’ s running in a VirtualBox , VMware or QEMU-based virtual machine . Once these environments are detected , Amnesia will wipe the virtualized Linux system by deleting all the files in file system . Eventually the deletion will impact Linux malware analysis sandboxes and also some QEMU-based Linux servers on VPS or on public cloud . Although the Amnesia botnet hasn ’ t yet been used to mount large scale attacks , it has the potential to cause large-scale harm using IoT-based botnets .