Rapid7 – Computer Security Articles

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

January 11, 2022 admin 0 Comments cve-2021-22947, cve-2021-36976, cve-2022-21846, cve-2022-21907, dustin childs, Exchange Server, http protocol stack, Latest Warnings, microsoft patch tuesday january 2022, national security agency, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Trend Micro, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Independent Krebs

Patch Tuesday Lowdown, April 2019 Edition

April 9, 2019 admin Chris Goettl, CVE-2019-0803, CVE-2019-0859, Ghacks.net, Greg Wiseman, Ivanti, Martin Brinkmann, Microsoft Patch Tuesday April 2019, Qualys, Rapid7, sans internet storm center, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 10 Apr 2019 00:07:33 +0000

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.

Independent Krebs

Dell Lost Control of Key Customer Support Domain for a Month in 2017

October 24, 2017 admin Abuse.ch, Carbon Black, Celedonio Albarran, Chris Baker, Dell, Dell Backup and Recovery Application, dell service tag scams, Dellbackupandrecoverycloudstorage.com, digital river, Dmitrii Vassilev, Dyn, Ellen Murphy, Equifax, Equity Residential, Fireclick, Other, parkingcrew, Rapid7, SoftThinks.com, Team Internet, Trans Union

Credit to Author: BrianKrebs| Date: Wed, 25 Oct 2017 03:22:34 +0000

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was central to PC maker Dell’s customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell’s contractor regained control over it.

Independent MotherBoard Security

Researchers Find Vulnerability in Smart Home Control Apps

September 26, 2017 admin Android, encryption, hackers, Internet of Things, malware, Rapid7, Security, smart home, wink

Credit to Author: Lucian Constantin| Date: Tue, 26 Sep 2017 11:00:00 +0000

Apps used to control Wink Hub and Insteon Hub are vulnerable—the Internet of Hackable things rears its head once again.