patching – Page 9 – WindowsTechs.com

Software development: Why security and constant vigilance are everyone’s responsibilities

Posted on November 5, 2021 by Help Net Security

An report from May 2021 has found that 81% of developers admit to knowingly releasing vulnerable apps, and 76% experienced pressure to sacrifice mobile security for expediency. What needs to change so we can break out of this cycle and where does it ne… Continue reading Software development: Why security and constant vigilance are everyone’s responsibilities→

Do anti-cheat software actually "patch" the UEFI firmware on your motherboard?

Posted on October 28, 2021 by Sir Muffington

I’ve recently read about the new game called Bloodhunt containing an Anti-Cheat, which had a bug, in which the anti-cheat service would stay installed even though the game is removed. The top Steam review called it out as Spyware and the r… Continue reading Do anti-cheat software actually "patch" the UEFI firmware on your motherboard?→

Patch management complexity increased by remote work is putting organizations at risk

Posted on October 8, 2021 by Help Net Security

71% of IT and security professionals found patching to be overly complex, cumbersome, and time consuming, an Ivanti survey reveals. In fact, 57% of respondents stated that remote work has increased the complexity and scale of patch management. Today’s … Continue reading Patch management complexity increased by remote work is putting organizations at risk→

Android 10 smartphone run out of service – evaluating the risk

Posted on September 21, 2021 by Oidipous_REXX

I have a Nokia 6.1 Android One phone which has reached EOL in terms of security updates last april.
Now I’m trying to evaluate the risk that comes from using an outdated phone. I’m using it for WhatsApp, browsing, some mailing, and my bloo… Continue reading Android 10 smartphone run out of service – evaluating the risk→

What’s the difference between CentOS and RHEL security patches? [migrated]

Posted on September 21, 2021 by spitfire

So I’ve been compiling security advisories for various OSs, including both CentOS and RHEL. What I find confusing is CentOS should be a "similar but different" OS from RHEL counterpart, most notably from support for security patc… Continue reading What’s the difference between CentOS and RHEL security patches? [migrated]→

The complexities of vulnerability remediation and proactive patching

Posted on September 21, 2021 by Mirko Zorz

In this interview with Help Net Security, Eran Livne, Director, Product Management, Endpoint Remediation at Qualys, discusses vulnerability remediation complexity, the challenges related to proactive patching, as well as Qualys Patch Management. What m… Continue reading The complexities of vulnerability remediation and proactive patching→

Zero-Click iMessage Exploit

Posted on September 17, 2021 by Bruce Schneier

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware.
Apple patched the vulnerability; everyone needs to update their OS immediately.
News articles on the exploit.
Continue reading Zero-Click iMessage Exploit→

Importance of OS security patches for devices only used in home network

Posted on August 20, 2021 by Jonny

(This question bugs me because I am not willing to upgrade for Windows 10)
If we are talking about a device (i.e. a PC) in the following scenario:

The device is located behind a router that is up-to-date and all inbound ports are closed
T… Continue reading Importance of OS security patches for devices only used in home network→

Cobalt Strike Vulnerability Affects Botnet Servers

Posted on August 11, 2021 by Bruce Schneier

Cobalt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product.

The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific “malleability” customizations, such as how often the client is to report to the server or specific data to periodically send…

Continue reading Cobalt Strike Vulnerability Affects Botnet Servers→

Paragon: Yet Another Cyberweapons Arms Manufacturer

Posted on August 3, 2021 by Bruce Schneier

Forbes has the story:

Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted.

[…]

Two industry sources said they believed Paragon was trying to set itself apart further by promising to get access to the instant messaging applications on a device, rather than taking complete control of everything on a phone. One of the sources said they understood that Paragon’s spyware exploits the protocols of end-to-end encrypted apps, meaning it would hack into messages via vulnerabilities in the core ways in which the software operates…

Continue reading Paragon: Yet Another Cyberweapons Arms Manufacturer→