RSS Reader for Computer Security Articles
Credit to Author: Woody Leonhard| Date: Fri, 02 Aug 2019 10:09:00 -0700
With one glaring exception, July was a rather benign patching month. The Win10 versions got their usual two cumulative updates (the second considered “optional”). Visual Studio had some hiccups, but they’re fixed now.
Credit to Author: Woody Leonhard| Date: Tue, 30 Jul 2019 09:33:00 -0700
This month, Microsoft Patch Land looks like a stranger Stranger Things Upside Down, where Security-only patches carry loads of telemetry, Visual Studio patches appear for the wrong versions… and we still can’t figure out how to keep the Win10 1903 upgrade demogorgon from swallowing established drivers.
As we end the month, we’ve seen the second “optional” monthly cumulative updates for all Win10 versions — the 1903 patch was released, pulled, then re-released — and fixes for Visual Studio’s transgressions. There’s a kludge for getting the Win10 1903 upgrade to work. And BlueKeep still looms like a gorging Mind Flayer.
Those of you who have been dodging Windows 7 telemetry by using the monthly Security-only patches — a process I described as “Group B” three years ago — have reached the end of the road. The July 2019 Win7 “Security-only” patch, KB4507456, includes a full array of telemetry/snooping, uh, enhancements.
Credit to Author: David Ruiz| Date: Thu, 25 Jul 2019 15:59:59 +0000
 | |
| Before the California Senate returns from its summer recess, we look at the authors, supporters, opponents, and donors involved in an extended fight to change California’s privacy law, the California Consumer Privacy Act. Categories: Tags: AB 1416AB 1564AB 25AB 846AB 873ACLU of CaliforniaamazonAT&TAutumn BurkeBig TechCalifornia Consumer Privacy ActCCPAdeidentifiedEd ChauEFFfacebookGoogleInternet AssociationJacqui IrwinKen Cooleyloyalty programMarc Bermanmicrosoftpersonal informationPrivacy Rights ClearinghouseSenate Judiciary CommitteeSenator Hannah-Beth JacksonTechnet |
The post Changing California’s privacy law: A snapshot at the support and opposition appeared first on Malwarebytes Labs.
Read More
You have several options to set up alerts in Azure Active Directory to help spot risky user behavior.
Credit to Author: Woody Leonhard| Date: Thu, 11 Jul 2019 03:16:00 -0700
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.
Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.
The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.
Credit to Author: Woody Leonhard| Date: Mon, 01 Jul 2019 04:36:00 -0700
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?
Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.
In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.
Credit to Author: BrianKrebs| Date: Thu, 27 Jun 2019 17:00:38 +0000
A digital intrusion at PCM Inc., a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned.
Read More
Credit to Author: Gregg Keizer| Date: Wed, 26 Jun 2019 11:49:00 -0700
Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.
The new feature – dubbed OneDrive Personal Vault – was trumpeted as a special protected partition of OneDrive where users could lock their “most sensitive and important files.” They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user’s smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)