Independent – Page 203 – Computer Security Articles

Credit to Author: Gregg Keizer| Date: Fri, 16 Mar 2018 07:51:00 -0700

Microsoft this week lifted the security update blockade on Windows 10 PCs that do not have approved antivirus software, but kept the no-patches-for-you rule in place for the more popular Windows 7.

The update roadblock was assembled in early January, when Microsoft issued mitigations against the Spectre and Meltdown vulnerabilities. Those vulnerabilities stemmed from design flaws in virtually all modern processors made by Intel, AMD and ARM. According to Microsoft, the security updates could brick PCs equipped with antivirus (AV) software that had improperly tapped into kernel memory.

To read this article in full, please click here

Independent Krebs

March 16, 2018 admin

Who Is Afraid of More Spams and Scams?

Credit to Author: BrianKrebs| Date: Fri, 16 Mar 2018 13:55:45 +0000

Security researchers who rely on data included in Web site domain name records to combat spammers and scammers will likely lose access to that information for at least six months starting at the end of May 2018, under a new proposal that seeks to bring the system in line with new European privacy laws. The result, some experts warn, will likely mean more spams and scams landing in your inbox.

ComputerWorld Independent

March 14, 2018 admin

Massive March Patch Tuesday relaxes antivirus restrictions, but there are problems

Credit to Author: Woody Leonhard| Date: Wed, 14 Mar 2018 06:55:00 -0700

On a scale from 1 to 10, Microsoft in March has ratcheted the patching pace up to 11. The good news is that there are no known exploits for any of the “Critical” rated security holes. (Worth repeating: There are still no known exploits for Meltdown or Spectre.) The bad news? Reports of another forced upgrade to Win10 Fall Creators Update. Still waiting for confirmation on that one.

By the numbers

As usual, Martin Binkmann on ghacks.net, has the best summary:

To read this article in full, please click here

Independent Securiteam

March 14, 2018 admin

SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Credit to Author: SSD / Noam Rathaus| Date: Wed, 14 Mar 2018 19:01:53 +0000

Vulnerability Summary A critical vulnerability in the EmbedThis HTTP library, and Appweb versions 5.5.x, 6.x, and 7.x including the latest version present in the git repository. In detail, due to a logic flaw, with a forged HTTP request it is possible to bypass the authentication for form and digest login types. Confirmed Vulnerable Appweb version … Continue reading SSD Advisory – AppWeb Authentication Bypass (Digest, Basic and Forms)

Independent Securiteam

March 14, 2018 admin

SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Mar 2018 10:51:34 +0000

Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social networking service. It is available in several languages. VK allows users to message each other publicly or privately, to create groups, public pages … Continue reading SSD Advisory – VK Messenger (VKontakte) vk:// URI Handler Commands Execution

Independent Krebs

March 13, 2018 admin

Flash, Windows Users: It’s Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 13 Mar 2018 19:36:28 +0000

Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release. The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server. All of the critical vulnerabilities from Microsoft are in browsers and browser-related technologies, according to a post from security firm Qualys.

ComputerWorld Independent

March 13, 2018 admin

Essential Facebook security tips for iPhone users

Credit to Author: Jonny Evans| Date: Tue, 13 Mar 2018 05:05:00 -0700

The world of grey IT means both enterprise and consumer users frequently use popular social networking service Facebook on their devices. It makes sense, then, to stay safe while using it.

Manage Facebook Security settings

First things first: Always use a complex passcode with your account and do make sure to set up two-factor authentication.

Now that you’ve done that, you’ll find Facebook’s own privacy settings live inside Privacy Shortcuts in the iOS app. Get to these by tapping the three-line icon at bottom right of the Facebook app and scrolling down to Privacy Shortcuts. The first thing you should do is run Privacy check-up (at the top of the page). Facebook will guide you through your existing settings, change them for maximum privacy, and delete any Facebook apps you’ve forgotten about or no longer use.

To read this article in full, please click here

ComputerWorld Independent

March 13, 2018 admin

Just one, um, great idea after another

Credit to Author: Sharky| Date: Tue, 13 Mar 2018 03:00:00 -0700

Sysadmin pilot fish is approached by the IT director, who tells fish to create an account for the director that has the same capabilities as the lead programmer’s account.

“Seems he had some kind of beef with the lead programmer,” sighs fish. “But I created the account, set the privileges and gave him the user name and password.

“Three months later, he came into my office accusing me of not complying with his directive.

“I told him that I had indeed complied with his instructions, including showing him that the login capability worked as advertised.

“He told me he couldn’t perform a certain operation when he logged in. I explained that neither could the lead programmer. Only system administrators could.

To read this article in full, please click here