windows

ComputerWorldIndependent

Russia is losing the cyberwar against Ukraine, too

Credit to Author: Preston Gralla| Date: Mon, 02 May 2022 03:00:00 -0700

When Russia launched its all-out attack against Ukraine in February, the world expected the invaders to roll over the country quickly. That didn’t happen, and Ukraine today, though still under assault, has so far thwarted Russia’s ambitions to conquer it.

Russia has also been fighting a quieter war against Ukraine, a cyberwar, deploying what had been considered the most feared state-sponsored hackers in the world. And in the same way that Ukraine has fended off Russia’s military might, it’s been winning the cyberwar as well.

In that cyberwar, as always, the terrain is primarily Windows, because it represents the largest and most vulnerable attack surface in the world. The facts about what exactly is going on have been shadowy. But there’s plenty of evidence that Ukraine may keep the upper hand.

To read this article in full, please click here

Read More
ComputerWorldIndependent

April's Patch Tuesday: a lot of large, diverse and urgent updates

Credit to Author: Greg Lambert| Date: Fri, 15 Apr 2022 10:40:00 -0700

This week’s Patch Tuesday release was huge, diverse, risky, and urgent, with late update arrivals for Microsoft browsers (CVE-2022-1364) and two zero-day vulnerabilities affecting Windows (CVE-2022-26809 and CVE-2022-24500). Fortunately, Microsoft has not released any patches for Microsoft Exchange, but this month we do have to deal with more Adobe (PDF) printing related vulnerabilities and associated testing efforts. We have added the Windows and Adobe updates to our “Patch Now” schedule, and will be watching closely to see what happens with any further Microsoft Office updates. 

To read this article in full, please click here

Read More
ComputerWorldIndependent

Do you know where your software comes from?

Credit to Author: Susan Bradley| Date: Mon, 14 Mar 2022 08:56:00 -0700

Where does your software come from?

That’s one of the questions online users at AskWoody.com have asked in recent weeks. Obviously, this comes up as the world sees what’s going on in Ukraine. For many years, one security software vendor in particular was tagged as possibly having Russian ties — and as far back as 2017, the US Government banned the use of Kaspersky antivirus over fears the security software could spy on defense contractors for Russia.

To read this article in full, please click here

Read More
ComputerWorldIndependent

Microsoft delivers a solid, low-impact Patch Tuesday

Credit to Author: Greg Lambert| Date: Sat, 12 Mar 2022 05:10:00 -0800

March brings us a solid set of updates from Microsoft for Windows, Microsoft Office, Exchange, and Edge (Chromium), but no critical issues requiring a “Patch Now” release schedule (though Microsoft Exchange will require some technical effort this month). We have published some testing guidelines, with a focus on printing, remote desktop over VPN connections, and server-based networking changes. We also recommend testing your Windows installer packages with a specific focus on roll-back and uninstall functionality.

You can find more information about the risk of deploying these Patch Tuesday updates with this useful infographic. And, if you are looking for more information on .NET updates, there is a great post from Microsoft that highlights this month’s changes.

To read this article in full, please click here

Read More
ComputerWorldIndependent

Change my password? AGAIN?

Credit to Author: Susan Bradley| Date: Mon, 07 Mar 2022 10:02:00 -0800

Every year at this time, I have to fill out my firm’s cyber insurance application — and every year they ask whether we encourage strong passwords and change them often. This question annoys me tremendously, because we really shouldn’t be changing passwords often. We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.

First, think about the information and data a website is keeping on you. The sites we want to offer the most protections often have the weakest. Where you can, always add two-factor authentication to a site’s access. (Not all multi-factor authentication is created equally, but some sort of multi-factor is better than none. If it encourages attackers to go elsewhere, it’s done its job.

To read this article in full, please click here

Read More