Sunday, June 29, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

The trials and tribulations of Microsoft’s KB5012170 patch

KB5012170 is many things to many Windows users. First, it’s a patch that either installs with no problems or leads to a blue screen of death (BSOD). It can also be an indicator we have a problem getting updated drivers on our systems. It can demonstrate how users don’t keep up with Bios updates. And it shows that some OEMs enable Bitlocker on the systems they sell (not necessarily in a good way).

In short, it’s a problematic patch that just keeps rearing its head.

Also known as “Security Update for Secure Boot DBX,” KB5012170 was released earlier this year and makes improvements to the Secure Boot Forbidden Signature Database (DBX).  Windows devices that have Unified Extensible Firmware Interface (UEFI)-based firmware have Secure Boot enabled. It ensures only trusted software can be loaded and executed on during the boot process by using cryptographic signatures to verify the integrity of the process and the software being loaded.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Patch Tuesday: Two zero-day flaws in Windows need immediate attention

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Patch Tuesday: Two zero-day flaws in Windows zero-days immediate attention

Microsoft’s December Patch Tuesday updated delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).

Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. (The team at Readiness has provided a helpful infographic that outlines the risks associated with each of these updates.)

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Jamf Protect adds powerful telemetry to protect Mac enterprise

Security and privacy go hand in hand in the connected enterprise. So as we approach the holiday break, there’s good news for security-conscious Mac-using enterprises from Jamf: powerful new telemetry tools in Jamf Protect.

Because complex security is sexy

We know that enterprise users don’t just have a responsibility to keep things secure, they also need to prove they’re doing so. Beyond that, many regulated industries must maintain ever more complex security event logging and insight to show how hard they’re working to protect their systems.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft calls time out on Apple Watch Authenticator

Using an Apple Watch as a device to authenticate access to enterprise sites and services using Microsoft Authenticator is a convenience that’s about to go away. Microsoft says the feature will stop working after an Authenticator update scheduled for next month.

Apple Watch auth out

Microsoft Authenticator makes it easy to sign into Microsoft accounts, supported apps or services using two-step verification. Authenticator also generates one-time use codes, so you needn’t wait for text messages or calls to access your accounts.

To read this article in full, please click here

Read More
ComputerWorldIndependent
admin

Microsoft’s EU data boundary plan to take effect Jan. 1

Microsoft on Thursday said it will begin rolling out the first phase of its European Union data boundary plan from January 1, 2023 that’ll allow customers to store and process their customer data within the EU. The move comes two days after the EU commission said it had officially begun the process of approving the EU-US Data Privacy Framework.

Under the first phase of the plan, companies that use Microsoft products and services will be able to store and process their customer data within the EU. Microsoft has included Azure, Power BI, Dynamics 365 and Office 365 under the first phase.

To read this article in full, please click here

Read More
IndependentKrebs
admin

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 19:58:00 +0000

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Read More
IndependentKrebs
admin

Microsoft Patch Tuesday, December 2022 Edition

Credit to Author: BrianKrebs| Date: Wed, 14 Dec 2022 17:01:07 +0000

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Read More