How Instagram accounts get hijacked
Credit to Author: Nadezhda Demidova| Date: Fri, 24 Aug 2018 13:00:07 +0000
Instagram hacking has been on the rise lately. Here’s what you need to know to avoid losing your precious account
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Month: August 2018
Transatlantic Cable Podcast, Episode 51
Credit to Author: David Buxton| Date: Fri, 24 Aug 2018 09:55:04 +0000
This week’s episode of the Kaspersky Podcast looks at Google tracking (and possible lawsuits as a result), Gatwick screen fails and Trello board fails.
Read MoreSophos gets top marks in CRN’s 2018 Annual Report Card
Credit to Author: Matthew Phillion| Date: Fri, 24 Aug 2018 12:14:16 +0000
We won the Network Security and Endpoint Security awards!<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/BsTobq2S1Oc” height=”1″ width=”1″ alt=””/>
Read MoreGet serious about privacy with the Epic, Brave and Tor browsers
Credit to Author: Barbara Krasnoff| Date: Fri, 24 Aug 2018 03:00:00 -0700
Privacy is one of the hardest things to find today — and one of the most prized, especially online. Most people, even those not technologically adept, are concerned about the amount of personal information that is being harvested by governments, corporations, third-party advertising agencies and/or unethical hackers.
To read this article in full, please click here
(Insider Story)
Read MoreMicrosoft Patch Alert: Mainstream August patches look remarkably good, but watch out for the bad boys
Credit to Author: Woody Leonhard| Date: Thu, 23 Aug 2018 14:01:00 -0700
So far this month we’ve only seen one cumulative update for each version of Windows 10, and one set of updates (Security only, Monthly Rollup) for Win7 and 8.1. With a few notable exceptions, those patches are going in rather nicely. What a difference a month makes.
We’ve also seen a massive influx of microcode updates for the latest versions of Windows 10, running on Intel processors. Those patches, released on Aug. 20 and 21, have tied many admins up in knots, with conflicting descriptions and iffy rollout sequences.
Big problems for small niches
At this point, I’m seeing complaints about a handful of patches:
- The original SQL Server 2016 SP2 patch, KB 4293807, was so bad Microsoft yanked it — although the yanking took almost a week. It’s since been replaced by KB 4458621, which appears to solve the problem.
- The Visual Studio 2015 Update 3 patch, KB 4456688, has gone through two versions — released Aug. 14, pulled, then re-released Aug. 18 — and the re-released version still has problems. There’s a hotfix available from the KB article, but you’d be well advised to avoid it.
- Outlook guru Diane Poremsky notes on Slipstick that the version of Outlook in the July Office 365 Click-to-Run won’t allow you to start Outlook if it’s already running. “Only one version of Outlook can run at a time” — even if the “other version” is, in fact, the same version.
- The bug in the Win10 1803 upgrade that resets TLS 1.2 settings persists, but there’s an out-of-the-blue patch KB 4458116 that fixes the problem for Intuit QuickBooks Desktop.
- The Win10 1803 cumulative update has an acknowledged bug in the way the Edge browser interacts with Application Guard. Since about two of you folks use that combination, I don’t consider it a big deal. The solution, should you encounter the bug, is to uninstall the August cumulative update, manually install the July cumulative update, and then re-install the August cumulative update — thus adding a new dimension to the term “cumulative.”
- The Win7 Monthly Rollup has an old acknowledged bug about “missing file (oem<number>.inf).” Although Microsoft hasn’t bothered to give us any details, it looks like that’s mostly a problem with VMware.
The rest of the slate looks remarkably clean. Haven’t seen that in a long while.
SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution
Credit to Author: SSD / Ori Nimron| Date: Thu, 23 Aug 2018 10:57:33 +0000
Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the … Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution
Read MoreExperts Urge Rapid Patching of ‘Struts’ Bug
Credit to Author: BrianKrebs| Date: Thu, 23 Aug 2018 20:22:35 +0000
In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before attackers can use it to wriggle inside.
Read MoreChina once again cracks down on cryptocurrencies, news outlets
Credit to Author: Lucas Mearian| Date: Thu, 23 Aug 2018 10:06:00 -0700
In an ongoing campaign to tamp down the growth of once-flourishing cryptocurrencies it sees as a threat, the Chinese government has ordered more than a half dozen online news outlets to shut down and banned physical venues from hosting crypto-related events.
On Tuesday, eight blockchain and cryptocurrency-focused media outlets were banned on WeChat, China’s most influential instant communication and mobile payment app, for allegedly violating new government regulations forbidding the publishing of information related to initial coin offerings (ICOs) or cryptocurrency trading speculation.