Rapid7 – Page 2 – Computer Security Articles

Microsoft Patch Tuesday, August 2022 Edition

August 9, 2022 admin cve-2022-21980, cve-2022-24477, cve-2022-24516, cve-2022-30133, cve-2022-30134, cve-2022-34713, cve-2022-35743, follina, Greg Wiseman, immersive labs, kevin breen, microsoft patch tuesday august 2022, Rapid7, sans internet storm center, Time to Patch, visual studio, Windows Hello

Credit to Author: BrianKrebs| Date: Tue, 09 Aug 2022 23:01:10 +0000

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.

Independent Krebs

Microsoft Patch Tuesday, July 2022 Edition

July 12, 2022 admin cve-2022-22022, cve-2022-22029, cve-2022-22038, cve-2022-22039, cve-2022-22041, cve-2022-22047, cve-2022-30206, cve-2022-30221, cve-2022-30226, Dan Goodin, Greg Wiseman, immersive labs, kevin breen, microsoft patch tuesday july 2022, Rapid7, Security Tools, sergiu gatlan, Tenable, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 13 Jul 2022 01:02:49 +0000

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.

Independent Krebs

Microsoft Patch Tuesday, May 2022 Edition

May 10, 2022 admin adobe, cve-2022-26925, cve-2022-26937, dustin childs, Greg Wiseman, local security authortity, microsoft patch tuesday may 2022, petitpotam, Rapid7, Satnam Narang, Tenable, Time to Patch, trend micro zero day initiative, windows print spooler

Credit to Author: BrianKrebs| Date: Wed, 11 May 2022 02:34:59 +0000

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month’s patch batch includes fixes for seven “critical” flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.

Independent Krebs

Microsoft Patch Tuesday, March 2022 Edition

March 9, 2022 admin cve-2022-21967, cve-2022-21990, cve-2022-23277, cve-2022-23285, cve-2022-24459, cve-2022-24503, cve-2022-24508, cve-2022-24512, dustin childs, Greg Wiseman, immersive labs, kevin breen, microsoft exchange server, microsoft patch tuesday march 2022, Rapid7, remote desktop, Time to Patch, trend micro zero day initiative, windows smbv3

Credit to Author: BrianKrebs| Date: Wed, 09 Mar 2022 16:22:12 +0000

Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users (that we know of), and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.

Independent Krebs

Microsoft Patch Tuesday, February 2022 Edition

February 8, 2022 admin Allan Liska, andrew cunningham, Ars Technica, cve-2022-21989, cve-2022-21996, cve-2022-22005, Greg Wiseman, immersive labs, kevin breen, print spooler, Rapid7, Recorded Future, Time to Patch, win32k

Credit to Author: BrianKrebs| Date: Tue, 08 Feb 2022 22:38:16 +0000

Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents.

Independent Krebs

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

February 2, 2022 admin cve-2021-22947, cve-2021-36976, cve-2022-21846, cve-2022-21907, dustin childs, Exchange Server, http protocol stack, Latest Warnings, microsoft patch tuesday january 2022, national security agency, Rapid7, Satnam Narang, Tenable, The Coming Storm, Time to Patch, Trend Micro, Zero Day Initiative

Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.

Independent Krebs

Patch Tuesday Lowdown, April 2019 Edition

April 9, 2019 admin Chris Goettl, CVE-2019-0803, CVE-2019-0859, Ghacks.net, Greg Wiseman, Ivanti, Martin Brinkmann, Microsoft Patch Tuesday April 2019, Qualys, Rapid7, sans internet storm center, Time to Patch

Credit to Author: BrianKrebs| Date: Wed, 10 Apr 2019 00:07:33 +0000

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.

Independent Krebs

Dell Lost Control of Key Customer Support Domain for a Month in 2017

October 24, 2017 admin Abuse.ch, Carbon Black, Celedonio Albarran, Chris Baker, Dell, Dell Backup and Recovery Application, dell service tag scams, Dellbackupandrecoverycloudstorage.com, digital river, Dmitrii Vassilev, Dyn, Ellen Murphy, Equifax, Equity Residential, Fireclick, Other, parkingcrew, Rapid7, SoftThinks.com, Team Internet, Trans Union

Credit to Author: BrianKrebs| Date: Wed, 25 Oct 2017 03:22:34 +0000

A Web site set up by PC maker Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called “Dell Backup and Recovery Application.” It’s designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name — DellBackupandRecoveryCloudStorage.com — which until recently was central to PC maker Dell’s customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell’s contractor regained control over it.