Collaborate Disseminate
Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year’s special Valentine’s Day Patch Tuesday includes fixes for a whopping three different “zero-day” vulnerabilities that are already being used in active attacks. Continue reading Microsoft Patch Tuesday, February 2023 Edition
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites. Continue reading Your Phone May Soon Replace Many of Your Passwords
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is being overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Continue reading Microsoft Patch Tuesday, December 2021 Edition
The disclosure and recent analysis of thousands of leaked telnet credentials paints a bleak picture of the state of IoT security. Continue reading Telnet Credential Leak Reinforces Bleak State of IoT Security
Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly. Continue reading 1 Million Gmail Users Impacted by Google Docs Phishing Attack
Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly. Continue reading 1 Million Gmail Users Impacted by Google Docs Phishing Attack
Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming Patch Tuesday. Continue reading Microsoft Waits for Patch Tuesday to Fix SMB Zero Day
Admins have to hold their breath for two more weeks on the Badlock vulnerability. Which will come first: the patch, or a public exploit? Continue reading Badlock Vulnerability Clues Few and Far Between