Here's an easier way to block the IE XXE zero day security hole

Credit to Author: Woody Leonhard| Date: Thu, 18 Apr 2019 09:57:00 -0700

The latest Internet Explorer XXE zero-day depends on you opening an infected MHT file. MHT is an old file format that’s almost always opened by IE — no matter which browser you’re using, no matter which version of Windows. Catalin Cimpanu has a good overview of this XXE vulnerability on ZDNet.

It’s a doozy of a security hole as it affects every recent version of IE, and it infects whether you’re actively browsing with IE or not.

To read this article in full, please click here

Read more

Win7/8.1/Server patch conflicts abated, somewhat, but it’s still too early to install the April crop

Credit to Author: Woody Leonhard| Date: Tue, 16 Apr 2019 08:02:00 -0700

A week ago, Microsoft released six patches that brought many machines to their knees. As I explained last Friday, when the dust cleared, it was apparent that all six of these April patches:

  • Win7 and Server 2008 R2 Monthly Rollup (KB 4493472) and Security-only (KB 4493448) patches
  • Win8.1 and Server 2012 R2 Monthly Rollup (KB 4493446) and Security-only (KB 4493467) patches
  • Server 2012 Monthly Rollup (KB 4493451) and Security-only (KB 4493450 ) patches

would trigger blue screens on reboot on most systems running Sophos antivirus products, and many systems running AV products from Avast and Avira.

To read this article in full, please click here

Read more

Google, Hyperledger launch online identity management tools

Credit to Author: Lucas Mearian| Date: Mon, 15 Apr 2019 03:00:00 -0700

Read more

You Can Now Get This Award-Winning VPN For Just $1/month

Credit to Author: DealPost Team| Date: Wed, 10 Apr 2019 12:33:00 -0700

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work.

That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here

Read more

Massive bank app security holes: You might want to go back to that money under the mattress tactic

Credit to Author: Evan Schuman| Date: Fri, 05 Apr 2019 10:24:00 -0700

A new report from a well-regarded payments consulting firm has found a lengthy list of security insanity while examining several major fintech company mobile apps. Although the very nature of apps that manage and move money would suggest presumably strong security, banks and their cohorts tend to adopt new technology slower than almost any other vertical, which puts them in a bad place when it comes to security.

My favorite finding from the Aite Group report: “Several mobile banking apps hard-coded private certificates and API keys into their apps. [Thieves] could exploit this by copying the private certificates to their computers and running any number of free password-cracking programs against them,” the report noted. “Should the [attackers] successfully crack the private key, they would be able to decrypt all communication between the back-end servers and mobile devices, among other things. The API keys allow an adversary to then begin targeting the [financial institution’s] API servers, gaining them access to data in the back-end databases. This allows [attackers] to authenticate the device with the back-end servers of that app, since this is what APIs use for authentication and authorization.”

To read this article in full, please click here

Read more

Microsoft Patch Alert: Most March patches look good

Credit to Author: Woody Leonhard| Date: Mon, 01 Apr 2019 16:04:00 -0700

March was an unusually light patching month – all of Office only had one security patch – and there don’t appear to be any immediate patching worries. Just as in the past few months, Microsoft’s holding off on its second cumulative update for Windows 10 1809, raising hopes that it’s taking Win10 quality more seriously.

Win10 1809 deployment proceeded at a positively lethargic rate, even though Microsoft declared the OS fit for business consumption last week, leading to all sorts of speculation about the next-next update, Win10 version 1903, ultimately overtaking its younger sibling.

To read this article in full, please click here

Read more

With its Apple Card, Apple edges further into financial services

Credit to Author: Lucas Mearian| Date: Fri, 29 Mar 2019 03:00:00 -0700

Apple’s Monday announcement of a credit card – the Apple Card – represented a natural progression of the company’s journey into financial services that began with the Apple Wallet app and its contactless digital payment service, Apple Pay.

apple card iphonexs entertainment 032519 carousel.jpg.medium 2x Apple

The Apple Card, as described by the company this week, will offer users some attractive features: up to 3% cash back on daily purchases, no late or international transaction fees, and a physical chipped card make of titanium (sans any credit card numbers – just your name and an Apple symbol).

To read this article in full, please click here

Read more

Microsoft connects rival browsers to Windows 10's Application Guard

Credit to Author: Gregg Keizer| Date: Tue, 26 Mar 2019 03:00:00 -0700

Microsoft earlier this month released a pair of add-ons for Google’s Chrome and Mozilla’s Firefox to cobble together an unwieldy connection between those browsers, Edge and Windows 10’s advanced security technology, Windows Defender Application Guard (WDAG).

The debut of the browser extensions – separate add-ons for Chrome and Firefox – was quietly plugged at the end of a March 15 blog post relating a recent Windows Insider build. That build, 18358, will lead, presumably next month, to Windows 10’s next feature upgrade, labeled 1903 and also Windows 10 April 2019 Update.

To read this article in full, please click here

Read more

ASUS Live Update Utility cracked, installs ShadowHammer backdoor on 1M PCs, but only 600 targeted

Credit to Author: Woody Leonhard| Date: Mon, 25 Mar 2019 09:28:00 -0700

Great way to wake up on Monday morning, especially if you own an ASUS machine.

Kaspersky just published a teaser for a more thorough explanation to come in two weeks at the Kaspersky Security Analysts Summit in Singapore. It’s quite an eye-opener.

Apparently somebody broke into the ASUS update servers, and swapped out a valid software/firmware update with one of their own. The bogus update looked like the genuine thing, with a valid certificate, and its size matched the original’s size. As a result, the bad update stayed on ASUS’s servers “for a long time.”

To read this article in full, please click here

Read more

How blockchain is becoming the 5G of the payment industry

Credit to Author: Lucas Mearian| Date: Mon, 25 Mar 2019 03:00:00 -0700

As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry.

“I think you’re starting to see a growing consensus,” said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. “I do quite a bit of FinTech and I can tell you my clients… the banks, are inherently conservative – at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion.”

To read this article in full, please click here

Read more

How blockchain is becomming the 5G of the payment industry

Credit to Author: Lucas Mearian| Date: Mon, 25 Mar 2019 03:00:00 -0700

As more blockchain-based payment networks and fiat-backed digital currencies – including one from the largest U.S. bank – emerge, experts and analysts are predicting a sea change for the financial services industry.

“I think you’re starting to see a growing consensus,” said Matt Savare, a partner who works in the technology group of New Jersey-based law firm of Lowenstein Sandler LLP. “I do quite a bit of FinTech and I can tell you my clients… the banks, are inherently conservative – at least the large ones. But once they see other banks adopt new technologies, you see it snowball. Other banks will often join on in pretty quick fashion.”

To read this article in full, please click here

Read more