Security patch – Page 4 – WindowsTechs.com

Sen. Warner wants action on WannaCry patching from DHS, OMB

Posted on May 16, 2017 by Shaun Waterman

Democratic Sen. Mark Warner has written to federal officials asking for details about how agencies patched their systems to protect them against the fast-spreading WannaCry ransomware. White House homeland security adviser Thomas Bossert told reporters during the daily briefing Monday that no federal systems had been infected, but Warner noted in his letter that despite a National Institute of Standards and Technology recommendation that security-related software updates “be installed within a defined timeframe (in many cases seven to 30 days for critical patches),” the Government Accountability Office last year found “numerous instances where agencies failed to comply with those deadlines.” Microsoft included a fix for the vulnerability in a regularly scheduled patch in mid-March. Over the weekend, the company took the unprecedented step of releasing a patch for several discontinued but still widely used software products, including Windows XP. In the letter, released Monday afternoon, the Virginia senator asks Homeland Security Secretary John Kelly and Office of […]

The post Sen. Warner wants action on WannaCry patching from DHS, OMB appeared first on Cyberscoop.

Continue reading Sen. Warner wants action on WannaCry patching from DHS, OMB→

WannaCry Ransomware: Everything You Need To Know Immediately

Posted on May 15, 2017 by Mohit Kumar

By now I am sure you have already heard something about the WannaCry ransomware, and are wondering what’s going on, who is doing this, and whether your computer is secure from this insanely fast-spreading threat that has already hacked nearly 200,000 Windows PCs over the weekend.

The only positive thing about this attack is that — you are here — as after reading this easy-to-understandable

Continue reading WannaCry Ransomware: Everything You Need To Know Immediately→

Microsoft hurries to patch ‘worst’ Windows vulnerability

Posted on May 9, 2017 by Shaun Waterman

Microsoft has rushed out a self-installing patch for a zero-day vulnerability in a Windows security program that allows hackers to take over a computer just by sending an email. “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” reads the advisory about the patch Microsoft issued Monday. That means hackers can exploit the flaw simply by sending an email with a specially designed attachment. As soon as the malware engine scans the attachment, the code opens the vulnerability and the attacker can take control. Remote code execution bugs are considered the most severe kind of security vulnerability, and flaws in security software are often especially bad because of its trusted status on the machine. The Microsoft security advisory said there was no evidence the vulnerability— designated CVE-2017-0920 — “had been publicly used to attack customers” at the time of publication. The company added […]

The post Microsoft hurries to patch ‘worst’ Windows vulnerability appeared first on Cyberscoop.

Continue reading Microsoft hurries to patch ‘worst’ Windows vulnerability→

Intel chip vulnerability gets quick patch in some products, longer timeline in others

Posted on May 5, 2017 by Shaun Waterman

Manufacturers of the millions of business PCs, laptops and servers using Intel chips with a newly discovered critical security vulnerability say they are working as fast as they can to distribute the fix to customers. But only two companies so far issued a timetable for rolling out patches, and the schedule already stretches deep into June, meaning many users will have to wait more than a month for a fix. In a statement sent Friday to CyberScoop, Intel said, “We have implemented and validated a firmware update to address the problem and we are collaborating with computer-makers to facilitate a rapid and smooth integration with their software.” The vulnerability, which the company reported May 1, allows an attacker to bypass the password protection on Intel’s special remote-administration firmware, known as Advanced Management Technology. AMT is firmware, meaning it runs on the microprocessor chip itself, beneath the operating system, completely bypassing any security precautions or software. Unless manufacturers ship products with […]

The post Intel chip vulnerability gets quick patch in some products, longer timeline in others appeared first on Cyberscoop.

Continue reading Intel chip vulnerability gets quick patch in some products, longer timeline in others→

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch

Posted on February 6, 2017 by Swati Khandelwal

Last weekend a security researcher publically disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months.

The zero-day memory corruption flaw resides in the implementat… Continue reading Windows SMB Zero-Day Exploit Released in the Wild after Microsoft delayed the Patch→

NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws

Posted on November 23, 2016 by Mohit Kumar

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.

The vulnerability has been p… Continue reading NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws→

Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File

Posted on October 25, 2016 by Mohit Kumar

What’s worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod.

Yes, attackers can take over your vulnerable Apple’s iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system.

That’s a terrible

Continue reading Warning! Your iPhone Can Get Hacked Just by Opening a JPEG Image, PDF or Font File→

Mobile security updates are a mess. The FCC and FTC want to know why.

Posted on May 11, 2016 by John Zorabedian

The FCC and FTC are investigating the mobile industry’s practices for shipping updates to patch security vulnerabilities in mobile devices. Continue reading Mobile security updates are a mess. The FCC and FTC want to know why.→

High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

Posted on May 5, 2016 by Mohit Kumar

OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.

OpenSSL is an open-source cryptographi… Continue reading High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic→