microsoft – Computer Security Articles

Blocking attacks against Windows “CTF” vulnerabilities

August 22, 2019 admin 0 Comments Corporate, CVE-2019-1162, microsoft, windows

Credit to Author: Mark Loman| Date: Thu, 22 Aug 2019 16:53:35 +0000

Operating systems and run-time environments typically provide some form of isolation between applications. For example, Windows runs each application in a separate process. This isolation stops code running in one application from adversely affecting other, unrelated applications. This means a non-administrative user mode process can’t access or tamper with kernel code and data, and an […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/N06wKBdEugM” height=”1″ width=”1″ alt=””/>

MalwareBytes Security

Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks

August 21, 2019 admin 0 Comments apple, awareness, Blackberry, Bluetooth, Cisco, CVE-2019-9506, iOS, Key Negotiation of Bluetooth, KNOB attack, MacOS, man-in-the-middle attack, microsoft, MITM, ret hat, watchos, windows

Credit to Author: Jovi Umawing| Date: Wed, 21 Aug 2019 15:56:45 +0000

Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk?

Categories:

Awareness

Tags: Apple blackberry bluetooth Cisco CVE-2019-9506 iOS Key Negotiation of Bluetooth KNOB attack macOS man-in-the-middle attack microsoft mitm ret hat watchos windows

Independent Krebs

Forced Password Reset? Check Your Assumptions

August 21, 2019 admin 0 Comments A Little Sunshine, Alex Weinert, Anthony Moisant, credential stuffing, Glassdoor, microsoft

Credit to Author: BrianKrebs| Date: Wed, 21 Aug 2019 11:58:53 +0000

Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site’s efforts to identify customers who are reusing passwords from other sites that have already been hacked. But ironically, many companies taking these proactive steps soon discover that their explanation as to why they’re doing it can get misinterpreted as more evidence of lax security. This post attempts to unravel what’s going on here.

ComputerWorld Independent

Installing Windows 7 from a backup? You need a BitLocker patch right away

August 19, 2019 admin 0 Comments microsoft, PCs, Security, windows

Credit to Author: Woody Leonhard| Date: Mon, 19 Aug 2019 09:33:00 -0700

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.

To read this article in full, please click here

Kaspersky Security

Transatlantic Cable podcast, episode 105

August 15, 2019 admin london, microsoft, news, podcast, skype, Threats, Twitter

Credit to Author: Jeffrey Esposito| Date: Thu, 15 Aug 2019 14:06:17 +0000

Jeff and Dave discuss more cameras in Kings Cross, Twitter accidentally using personal data for ads without permission, Microsoft listening in on Skype, and more.

ComputerWorld Independent

Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches

August 15, 2019 admin microsoft, Security, windows

Credit to Author: Woody Leonhard| Date: Thu, 15 Aug 2019 05:28:00 -0700

August is going to be a perilous patching month.

We’re tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month’s version of Outlook 365, confusion about Win7 patches being branded as “IA64 only,” dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even more confusion over the difference between Symantec Endpoint Protection and Norton Security Suite, and lots of the usual installation failures and rollbacks.

To read this article in full, please click here

MalwareBytes Security

Facial recognition technology: force for good or privacy threat?

August 12, 2019 admin Amazon, Brooklyn, CCTV, China, Facial Recognition, Hong Kong, Internet of Things, IoT, LFR, microsoft, orlando, privacy, san francisco, surveillanceware, uk, United States, US

Credit to Author: Christopher Boyd| Date: Mon, 12 Aug 2019 15:00:00 +0000

It seems facial recognition technology, as technology so often does, has raced far ahead of our ability to define its ethical use. We take a hard look at major concerns brewing in cities around the world.

Categories:

Privacy

Tags: amazon brooklyn cctv china facial recognition hong kong Internet of Things IoT LFR microsoft orlando san francisco surveillanceware uk united states us

ComputerWorld Independent

Microsoft relaxes telemetry rule for PCs managed with Windows Update for Business

August 7, 2019 admin microsoft, Security, windows

Credit to Author: Gregg Keizer| Date: Wed, 07 Aug 2019 13:12:00 -0700

Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.

With Windows 10 1903, aka “Windows 10 May 2019 Update,” which debuted in late May, organizations no longer are required to set the “diagnostic data level” for their devices to “Basic” or higher.

That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed “telemetry,” the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.

To read this article in full, please click here

ComputerWorld Independent

How to set up Edge Chromium security options

August 7, 2019 admin microsoft, Microsoft Edge, Security, windows

Edge Chromium can provide more protection for organizations that use older versions of Windows.

ComputerWorld Independent

It’s time to install most of July's Windows and Office patches

August 2, 2019 admin microsoft, Security, windows

Credit to Author: Woody Leonhard| Date: Fri, 02 Aug 2019 10:09:00 -0700

With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered “optional”). Visual Studio had some hiccups, but they’re fixed now.

To read this article in full, please click here

ComputerWorld Independent

Microsoft Patch Alert: Welcome to the Upside Down

July 30, 2019 admin microsoft, Microsoft Office, PCs, Security, windows

Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700

This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.

As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.

Win7 Security-only patch brings telemetry

Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.

To read this article in full, please click here

← Previous