Sunday, May 3, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

What’s up with Windows patching, Microsoft?

Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 22 Feb 2017 08:36:00 -0800

Well, here’s something different. Microsoft, for the first time since it started its monthly Patch Tuesdays in October 2003, has completely blown a deadline. There will be no major patch release in February. Instead, the patch package will be released on March 14.

Why? We don’t know and Microsoft isn’t saying.

Color me concerned.

I have reason to be. Greg Lambert, chairman of Qompat, who covers software patches like paint, had hoped Microsoft would delay the patches by only a week. After all, Lambert observed, “This month’s update cycle from Microsoft is especially important as a now critical zero-day vulnerability (CVE867968) has been reported related to how a component of the Microsoft SMB [Server Message Block] protocol handles traffic. This was initially reported as a denial of service attack, but now looks like to be rated as critical by Microsoft as it may lead to a more serious (RCE) remote code execution scenario.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft pushes out critical Flash Player patches after one-week delay

Credit to Author: Lucian Constantin| Date: Wed, 22 Feb 2017 07:29:00 -0800

After deciding to postpone its February patches for a month, Microsoft released one critical security update for Windows on Tuesday that contains Flash Player patches released by Adobe Systems last week.

The new security bulletin, identified as MS17-005, is rated critical for Windows 8.1, Windows RT 8.1, Windows 10 and Windows Server 2016, and moderate for Windows Server 2012 and Windows Server 2012 R2. On these Windows versions, Flash Player is bundled by default with Internet Explorer 11 and Microsoft Edge, so Microsoft delivers patches for it through Windows Update.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

LinkedIn will help people in India train for semi-skilled jobs

Credit to Author: John Ribeiro| Date: Wed, 22 Feb 2017 04:18:00 -0800

Microsoft has launched Project Sangam, a cloud service integrated with LinkedIn that will help train and generate employment for middle and low-skilled workers.

The professional network that was acquired by Microsoft in December has been generally associated with educated urban professionals, but the company is now planning to extend its reach to semi-skilled people in India.

Having connected white-collared professionals around the world with the right job opportunities and training through LinkedIn Learning, the platform is now developing a new set of products that extends this service to low- and semi-skilled workers, said Microsoft CEO Satya Nadella at an event on digital transformation in Mumbai on Wednesday.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

7 Wi-Fi vulnerabilities beyond weak passwords

Credit to Author: Eric Geier| Date: Wed, 22 Feb 2017 03:00:00 -0800

To keep private Wi-Fi networks secure, encryption is a must-have — and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

Java and Python FTP attacks can punch holes through firewalls

Credit to Author: Lucian Constantin| Date: Tue, 21 Feb 2017 10:11:00 -0800

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.

Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Verizon knocks $350M from Yahoo deal after breaches

Credit to Author: Grant Gross| Date: Tue, 21 Feb 2017 07:23:00 -0800

Verizon Communications will pay $350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.

Verizon will pay about $4.48 billion for Yahoo’s operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.

In October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.

To read this article in full or to leave a comment, please click here

Read More