Microsoft: Watch out for zero days; deferred patches, not so much

Credit to Author: Woody Leonhard| Date: Fri, 08 Feb 2019 08:32:00 -0800

Matt Miller’s presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft’s Security Response Center. The numbers starkly confirm what we’ve been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here

Read more

Get TotalAV Essential AntiVirus for $19.99 (80% off)

Credit to Author: DealPost Team| Date: Thu, 07 Feb 2019 11:11:00 -0800

The term “computer virus” calls to mind imagery of pathogenic creepy-crawlies bringing down a device’s operating system, their flagella wriggling as they multiply into hordes that infiltrate its chips and wires. And while it’s true that our computers can be infected with literal biological bacteria like staphylococci, per Science Illustrated, the threat of malicious codes and programs intent on corrupting data and files looms far larger: According to a recent study from the University of Maryland’s Clark School of Engineering, attacks on computers with internet access is virtually ceaseless, with an incident occurring every 39 seconds on average, affecting a third of Americans every year.

To read this article in full, please click here

Read more

Why Apple is disabling Safari’s Do Not Track feature

Credit to Author: Jonny Evans| Date: Thu, 07 Feb 2019 03:34:00 -0800

Apple takes privacy very seriously. It takes its leadership in that care seriously, and getting rid of the voluntary ‘Do Not Track’ setting in its Safari browser is the right decision.

Why disabling Safari’s Do Not Track feature is the right thing to do

Apple introduced support for Do Not Track (DNT) in iOS 7, but removed the feature in Safari 12.1.

The problem with DNT is that the signal it sends to websites, analytics firms, plug-in makers and ad networks is a voluntary request, and can be ignored.

To read this article in full, please click here

Read more

Throwback Thursday: Pick a card, any card …

Credit to Author: Sharky| Date: Thu, 07 Feb 2019 03:00:00 -0800

This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”

Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here

Read more

The January Windows and Office patches are good to go

Credit to Author: Woody Leonhard| Date: Fri, 01 Feb 2019 09:15:00 -0800

Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We’ve seen a few more problems raise their ugly heads in the past few days:

  • Microsoft has confirmed that the latest version of Office Click-to-Run (which you’re likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016.
  • The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We’re still waiting for confirmation on that one.
  • Citrix confirms (but Microsoft hasn’t acknowledged) that the latest Win10 1803 cumulative update, KB 4480976, causes page file problems when the page file isn’t sitting on C:. More details on Tenforums.

Those are typical Microsoft edge-use bugs: They don’t affect many people, but if you’re one of the stuckees, you’re up the ol’ creek.

To read this article in full, please click here

Read more

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read more

It's a hack!

Credit to Author: Sharky| Date: Wed, 30 Jan 2019 03:00:00 -0800

It’s a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company’s website.

“Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment,” fish says.

“After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked.”

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here

Read more

Blockchain: The complete guide

Credit to Author: Lucas Mearian| Date: Tue, 29 Jan 2019 16:13:00 -0800

Blockchain, which began to emerge as a real-world tech option in 2016 and 2017, is poised to change IT in much the same way open-source software did a quarter century ago. And in the same way Linux took more than a decade to become a cornerstone in modern application development, Blockchain will likely take years to become a lower cost, more efficient way to share information and data between open and private business networks.

Based on a distributed, peer-to-peer (P2P) topology, blockchain or distributed ledger technology (DLT) allows data to be stored globally on thousands of servers – while letting anyone on the network see everyone else’s entries in real-time. That makes it difficult for one user to gain control of, or game, the network.

To read this article in full, please click here

Read more

Get 140+ Hours Of CompTIA Certification Training For $59 (90% Off)

Credit to Author: DealPost Team| Date: Tue, 29 Jan 2019 10:35:00 -0800

Read more

Apple’s Group FaceTime: A place for spies?

Credit to Author: Jonny Evans| Date: Tue, 29 Jan 2019 05:30:00 -0800

Apple has disabled Group FaceTime following discovery of a flaw that could potentially let people hear audio from other people’s devices without permission. What’s going on and what can you do about it?

The bug, in brief

9to5Mareport based on a video published to Twitter by @BmManski revealed that this flaw lets a user listen to audio captured using another person’s device before they accept or reject the call requesting a FaceTime chat. The problem only affects iOS devices running iOS 12.1 or later (pending an update).

To read this article in full, please click here

Read more