‘Wormable’ Flaw Leads July Microsoft Patches

Credit to Author: BrianKrebs| Date: Tue, 14 Jul 2020 21:45:28 +0000

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Read more

It's Patch Tuesday; make sure you pause Windows Updates

Credit to Author: Woody Leonhard| Date: Mon, 13 Jul 2020 03:56:00 -0700

Yes, with Windows you have to get patched sooner or later. No, you don’t have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we’re admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here

Read more

Breached Data Indexer ‘Data Viper’ Hacked

Credit to Author: BrianKrebs| Date: Mon, 13 Jul 2020 23:30:39 +0000

Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what can happen when security researchers seeking to gather intelligence about illegal activity online get too close to their prey or lose sight of their purported mission. The incident also highlights the often murky area between what’s legal and ethical in combating cybercrime.

Read more

It's Patch Tuesday time; make sure you pause Windows Updates

Credit to Author: Woody Leonhard| Date: Mon, 13 Jul 2020 03:56:00 -0700

Yes, with Windows you have to get patched sooner or later. No, you don’t have to do it right away.

Every month Microsoft releases buggy Patch Tuesday patches. Every. Single. Month. Every month we’re admonished to get patched right now, lest the bad guys start mining PCs for juicy morsels. Every month we see the same hype, with the same results.

To read this article in full, please click here

Read more

Most bugs in Microsoft's June patches have been fixed; go ahead and patch

Credit to Author: Woody Leonhard| Date: Wed, 08 Jul 2020 07:48:00 -0700

The most obvious problem with June patches was a conflict between Microsoft’s latest version of Windows and Microsoft’s latest version of Office (er, Microsoft 365) Click-to-Run: If you installed patches as soon as they came out, Outlook wouldn’t run. That bug got cleared up when Microsoft fixed Office a week later, even though Windows was to blame.

We also saw a bunch of belated patches for printers that didn’t work after installing the June Windows updates.

To read this article in full, please click here

Read more

E-Verify’s “SSN Lock” is Nothing of the Sort

Credit to Author: BrianKrebs| Date: Sat, 04 Jul 2020 22:24:14 +0000

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security’s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

Read more

13 privacy improvements Apple announced at WWDC

Credit to Author: Jonny Evans| Date: Thu, 02 Jul 2020 07:29:00 -0700

Apple continues to focus on the challenge of providing technology-driven convenience while protecting customer privacy in its upcoming operating system releases. Here are all the privacy-related improvements to expect in iOS 14, macOS 11 and iPad.

Why privacy matters

Fundamentally, the challenge with mobile technologies is the sheer quantity of personal data that can be collected and used against people.

A smartphone, for example, knows when it is picked up, how often, how high, who by, who it is in contact with, which websites you visit and much, much more.

To read this article in full, please click here

Read more

Microsoft Patch Alert: June 2020

Credit to Author: Woody Leonhard| Date: Thu, 02 Jul 2020 06:11:00 -0700

There’s never a dull moment for folks who try to keep Windows and Office patched.

Windows 10 version 2004 continues to make slow inroads among the “Go ahead and kick me” crowd, in spite of its (now documented) lack of update deferral settings, while those of us who are still trying to keep Win10 versions 2009, 2003 and 1809 afloat have our hands full.

June saw two truly innovative patching methods: A fix for a Windows bug delivered as an update to Office Click-to-Run and a fix for a different Windows bug delivered through the Microsoft Store.

If you can’t fix things the normal way, I guess there’s always the back door.

The two printer bugs

All of the Win10 cumulative updates in June broke some printers, some of the time. The damage fell into two heaps:

To read this article in full, please click here

Read more