microsoft – Page 33 – Computer Security Articles

Credit to Author: Woody Leonhard| Date: Thu, 23 Jan 2020 07:17:00 -0800

The big patching problems this month fell at the feet of admins who had to deal with an unholy mess of pressing exposures: Fixing the holes in Microsoft’s RD Gateway (CVE-2020-0610; see Susan Bradley’s Patch Watch, paywalled); dealing with Server 2008 R2 systems that booted to Recovery mode after installing the January patches; scrambling to pick up after breaches in Citrix networking products; or the 334 Oracle security patches. They all took a toll.

To read this article in full, please click here

Security Sophos

January 22, 2020 admin

Microsoft corrige errores críticos en CryptoAPI, RD Gateway y .NET

Credit to Author: Naked Security| Date: Fri, 17 Jan 2020 10:06:22 +0000

El error criptográfico CryptoAPI del que Microsoft informó el martes de parches de esta semana fue tan importante que justificó su propia historia. Aquí, desvelamos algunos de los otros problemas que arregló Microsoft. Entre los errores más graves se encuentran los defectos de ejecución remota de código (RCE) que afectan a Windows Remote Desktop Gateway, […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/aH7nHIo3Qso” height=”1″ width=”1″ alt=””/>

MalwareBytes Security

January 22, 2020 admin

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

Credit to Author: Jérôme Segura| Date: Wed, 22 Jan 2020 16:00:00 +0000

We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.

Categories:

Threat analysis

Tags: 404Browlock 404error browlock browlocks Browser guard browser locker chrome Edge firefox malvertising malvertising campaigns microsoft scams Social Engineering steganography tech support tech support scams TSS WOOF

ComputerWorld Independent

January 21, 2020 admin

Don’t worry about CurveBall just yet — get your Citrix systems patched

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.”

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781.

To read this article in full, please click here

ComputerWorld Independent

January 17, 2020 admin

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

Credit to Author: Woody Leonhard| Date: Fri, 17 Jan 2020 06:42:00 -0800

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor’s nine-year-old, even the bleeping NSA. It’s a little patch. Why not just install it and be done with it?

To read this article in full, please click here

ComputerWorld Independent

January 15, 2020 admin

Windows 7 end of support: Separating the bull from the horns

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 13:20:00 -0800

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer.

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

ComputerWorld Independent

January 15, 2020 admin

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.
To read this article in full, please click here

ComputerWorld Independent

January 14, 2020 admin

Microsoft to Windows 7: Beat it, you bum

Credit to Author: Gregg Keizer| Date: Tue, 14 Jan 2020 12:36:00 -0800

Microsoft today figuratively told Window 7 – which ended support with a final security update – not to let the door hit it on the way out.

“Ten-year-old tech just can’t keep up,” Jared Spataro, an executive on the Microsoft 365 team, wrote in a post to a company blog. “As we end support for Windows 7, I encourage you to transition to these newer options right away.”

Not surprisingly, Spataro named those newer options as Windows 10 to replace Windows 7, and Office 365 to fill in for the retiring-in-October Office 2010. Combined, they make up the bulk of Microsoft 365, the business subscription plan Microsoft wants all customers to adopt.

To read this article in full, please click here