RSS Reader for Computer Security Articles
Credit to Author: Lucian Constantin| Date: Mon, 11 Sep 2017 09:00:00 +0000
‘Bashware’ is a clever new type of malware that major antivirus programs can’t detect.
Read More
Credit to Author: Woody Leonhard| Date: Fri, 08 Sep 2017 06:55:00 -0700
No doubt you’ve heard about the stolen data at credit reporting agency Equifax. The company’s official disclosure appeared yesterday:
Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. … The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.
To read this article in full or to leave a comment, please click here
Credit to Author: Woody Leonhard| Date: Tue, 05 Sep 2017 05:37:00 -0700
August was a banner month for Windows and Office customers. If I counted correctly, we saw patches on 14 different days last month. The current list of outstanding problems with those patches weighs heavily on my mind, but with the first September non-security Office patches due today, and the September security patches due in a week, it’s time for you to get the August patches out of the way.
To read this article in full or to leave a comment, please click here
Credit to Author: Woody Leonhard| Date: Wed, 30 Aug 2017 12:36:00 -0700
August has seen a flurry of buggy patches:
Win10 1607 – KB 4033637, which arrived last Friday via Auto Update, is still undocumented. A Reddit thread credits Microsoft as saying it’s a July security patch for Flash. Abbodi86 on AskWoody has a different view: it’s an update to the Compatibility Appraiser, which is the software that scans a PC to see whether it’s ready to move to the next version. Günter Born concurs with Abbodi86. (I wonder if it’s a precursor to the Fall Creators Update.) There’s no explanation about why Microsoft refuses to document it, or talk about it.
To read this article in full or to leave a comment, please click here
Credit to Author: Woody Leonhard| Date: Tue, 29 Aug 2017 05:18:00 -0700
There’s no official confirmation, and no explanation of course, but overnight Microsoft pulled a patch that was supposed to fix the main problems in this month’s Windows 7 security updates. I talked about the repair hotfix yesterday in “Microsoft repairs buggy Win7 security patch with buggy hotfix KB 4039884.” Today, the repair hotfix isn’t available any more.
All we know for sure is that, sometime last night, the Microsoft Update Catalog entry for KB 4039884 disappeared. As of early Tuesday morning, Eastern time, the KB article is still available, and it hasn’t been modified — it still points to the Update Catalog.
To read this article in full or to leave a comment, please click here
Credit to Author: Woody Leonhard| Date: Mon, 28 Aug 2017 05:57:00 -0700
Two weeks ago, I talked about a bug in Windows 7’s August Monthly patch rollup KB 4034664 that left many people who have two monitors reeling. After installing the security patch, the first monitor would work properly, but the second monitor could have all sorts of rendering problems.
Günter Born had a full writeup about the problem, and Christian Schwarz not only nailed the problem, but he wrote a “proof of concept” program demonstrating what was happening and when.
To read this article in full or to leave a comment, please click here
Credit to Author: Richard Hoffman| Date: Wed, 23 Aug 2017 03:11:00 -0700
It used to be that the most intrusive experience business travelers faced at airport security was a possible pat-down, or a customs check of luggage. These days, border control agents are searching passengers’ phones, tablets and laptops for … well, anything they want to see. Your complying with the request grants them access to documents, emails, passwords, contacts and social media account information. So travelers carrying confidential or privileged corporate information (in addition to the merely personal) need to take steps ahead of time to ensure that private data stays private.
The laws around data privacy at checkpoints are murky, and border control officers in the U.S. and elsewhere have been making full use of the allowable gray areas, asking travelers to turn over email logins and social media passwords, searching devices and making forensic copies of data. If this concerns you and your company, these tips could prove useful. While legal issues vary by country, most of these suggestions will provide a measure of data security in a variety of situations.
To read this article in full or to leave a comment, please click here
Credit to Author: Woody Leonhard| Date: Thu, 17 Aug 2017 04:33:00 -0700
Wednesday night, Microsoft claims, it issued KB 4034661 for Windows 10 Anniversary Update, bringing version 1607 up to build 14393.1613. It was supposed to go out the Automatic Update chute. But as of early Thursday morning, U.S. time, nobody’s seen it. There may be a good reason why. Or maybe not. Such are the vagaries of patching Windows.
It’s a laundry-list patch, rolling out on a Wednesday (or Thursday, or …), nine days after the regular Patch Tuesday patch, KB 4034658 wiped out the Update History on many Win10 Anniversary Update machines. The KB 4034661 article lists dozens of small bug fixes (that’s “quality improvements” in Microsoft Speak).
To read this article in full or to leave a comment, please click here