patching – Page 11 – WindowsTechs.com

How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone

Posted on May 13, 2021 by SecurityExpert

Last year, a Which? investigation found that 31% of resold smartphone models from three of the major used and refurbished handset stores are no longer receiving security updates. Phone manufacturers only schedule data updates for a certain period … Continue reading How to Ensure Security when Buying a Refurbished or Second-Hand Smartphone→

Defending against Windows RDP attacks

Posted on May 10, 2021 by Help Net Security

In 2020, attacks against Windows Remote Desktop Protocol (RDP) grew by 768%, according to ESET. But this shouldn’t come as a surprise, given the massive increase in people working remotely during the pandemic. With enterprises resorting to making RDP s… Continue reading Defending against Windows RDP attacks→

New Spectre-Like Attacks

Posted on May 5, 2021 by Bruce Schneier

There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago.

Details:

The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains in a writeup from the University of Virginia. Even though the processor quickly realizes its mistake and does a U-turn to go down the right path, attackers can get at the private data while the processor is still heading in the wrong direction…

Continue reading New Spectre-Like Attacks→

Is it OK to publish PoC exploits for vulnerabilities and patches?

Posted on May 5, 2021 by Help Net Security

In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were … Continue reading Is it OK to publish PoC exploits for vulnerabilities and patches?→

Serious MacOS Vulnerability Patched

Posted on April 30, 2021 by Bruce Schneier

Apple just patched a MacOS vulnerability that bypassed malware checks.

The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he made an application that was really just a script—code that tells another program what do rather than doing it itself—and didn’t include a standard application metadata file called “info.plist,” he could silently run the app on any Mac. The operating system wouldn’t even give its most basic prompt: “This is an application downloaded from the Internet. Are you sure you want to open it?”…

Continue reading Serious MacOS Vulnerability Patched→

NSA Discloses Vulnerabilities in Microsoft Exchange

Posted on April 16, 2021 by Bruce Schneier

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.
Continue reading NSA Discloses Vulnerabilities in Microsoft Exchange→

Tripwire Patch Priority Index for March 2021

Posted on April 12, 2021 by Lane Thames

Tripwire’s March 2021 Patch Priority Index (PPI) brings together important vulnerabilities from SaltStack, VWware, BIG-IP and Microsoft. First on the patch priority list this month are patches for vulnerabilities in Microsoft Exchange (CVE-2021-27065, … Continue reading Tripwire Patch Priority Index for March 2021→

The growing threat to CI/CD pipelines

Posted on April 1, 2021 by Help Net Security

Before the pandemic, most modern organizations had recognized the need to innovate to support developers’ evolving workflows. Today, rapid digitalization has placed a significant burden on software developers supporting remote business operations. Deve… Continue reading The growing threat to CI/CD pipelines→

Cyber Security Roundup for April 2021

Posted on March 31, 2021 by SecurityExpert

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021.

How not to disclosure a Hack
UK fashion retailer FatFace angered customers in its handli… Continue reading Cyber Security Roundup for April 2021→

Patching is trucking along on Microsoft flaws, but hackers are still meddling

Posted on March 26, 2021 by Shannon Vavra

Over 92% of servers that were vulnerable to recently announced Microsoft flaws have been patched or mitigated around the world, Microsoft announced Thursday. The statistics are no doubt good news, as security researchers have tracked hackers from China exploiting systems and warned of an onslaught of ransomware attackers trying to take vulnerable organizations for a ride and extort them for money. The percentage comes amid a series of other rosy assessments on the number of vulnerable systems that remain. Less than a week ago the White House noted that in the week prior the number of vulnerable machines fell by 45%. But the revelations about high percentages of patching don’t speak to the number of organizations that hackers have already been able to exploit. Patching, while extremely helpful in warding off future hacking, does not evict hackers if they already exploited the vulnerabilities. Already criminal and nation-state hackers have taken […]

The post Patching is trucking along on Microsoft flaws, but hackers are still meddling appeared first on CyberScoop.

Continue reading Patching is trucking along on Microsoft flaws, but hackers are still meddling→