Yesterday Microsoft issued thirteen security bulletins, five of them rated "critical." Among the vulnerabilities patched is the one Google publicly disclosed last week, to Redmond's displeasure. That fix closes a privilege escalation hole in Windows that can be used to escape security sandboxes.
Adobe and Google also patched. Adobe addressed issues in Flash Player and Adobe Connect, fixing nine remote code execution vulnerabilities. Google addressed twelve critical vulnerabilities in Android, including the bit-flipping privilege-escalation risk known as Drammer, but Mountain View left a comprehensive fix for the Dirty Cow Linux kernel rooting vulnerability to a further round of patching. A supplemental patch did deal with Dirty Cow for Nexus and Pixel devices; other handsets will get their fix next month. Google also noted that Chrome's Safe Browsing will henceforth crack down on sites determined to be repeat offenders.
Banking malware is evolving this week. Svpeng, a mobile Trojan Kaspersky sees lurking in the AdSense network, is troubling bank customers, especially in India. IBM X-Force warns that TrickBot, a Dyre competitor, is using serverside injection and redirection against its targets.
Tesco resumes full operations, but says £2.5 million pounds were lost to debit card fraud. The money seems to have gone to crooks in Spain and Brazil.
FireEye reports a rise in Cerber ransomware attacks, largely driven by the Dridex botnet.
Oh—the US held elections yesterday, little disturbed by hacking, despite fears and a precautionary DHS all-hands-on-deck. WikiLeaks' Assange assumes the unlikely mantle of good-government advocacy—tell it to Vlad.