Monday, November 25, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

windows

ComputerWorld Independent 

Microsoft: Watch out for zero days; deferred patches, not so much

admin , ,

Credit to Author: Woody Leonhard| Date: Fri, 08 Feb 2019 08:32:00 -0800

Matt Miller’s presentation at Blue Hat yesterday included some startling statistics, based on data gathered by Microsoft’s Security Response Center. The numbers starkly confirm what we’ve been saying for years: The chances of getting hit with malware by delaying Windows and Office patches for up to 30 days is tiny compared to all the other ways of getting clobbered.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Throwback Thursday: Pick a card, any card …

admin , ,

Credit to Author: Sharky| Date: Thu, 07 Feb 2019 03:00:00 -0800

This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”

Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here

Read more
ComputerWorld Independent 

The January Windows and Office patches are good to go

admin , ,

Credit to Author: Woody Leonhard| Date: Fri, 01 Feb 2019 09:15:00 -0800

Compared to some months last year, January has been a Microsoft patching cakewalk. We had several rounds of close calls and missed calls, as I posted earlier this week, but almost everything is cleared up.

We’ve seen a few more problems raise their ugly heads in the past few days:

  • Microsoft has confirmed that the latest version of Office Click-to-Run (which you’re likely using if you have Office 365) makes the conversation window disappear in Skype for Business 2016.
  • The Windows 8.1 Monthly Rollup, KB 4480963, breaks the Live Migration feature on older AMD Opteron machines. We’re still waiting for confirmation on that one.
  • Citrix confirms (but Microsoft hasn’t acknowledged) that the latest Win10 1803 cumulative update, KB 4480976, causes page file problems when the page file isn’t sitting on C:. More details on Tenforums.

Those are typical Microsoft edge-use bugs: They don’t affect many people, but if you’re one of the stuckees, you’re up the ol’ creek.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Microsoft Patch Alert: January patches include a reprisal of KB 4023057 and a swarm of lesser bugs

admin , , , ,

Credit to Author: Woody Leonhard| Date: Wed, 30 Jan 2019 09:12:00 -0800

In general, the January patches look relatively benign, but for some folks in some situations they can bite. Hard.

On the surface we’ve seen the usual Patch Tuesday Cumulative Updates and secondary Cumulative Updates for all versions of Windows 10. Microsoft calls the secondary Cumulative Updates “optional” because you only get them if you click “Check for updates.”

Windows 7 and 8.1 got their usual Monthly Rollups, but there’s a problem. Specifically, this month’s Win7 Monthly Rollup has a couple of bugs that are only fixed if you install the preview of February’s Monthly Rollup. Which makes no sense at all, but that’s Microsoft. There’s another Win7 Monthly Rollup bug that’s fixed by installing a different “silver bullet” patch.

To read this article in full, please click here

Read more
MalwareBytes Security 

Browser push notifications: a feature asking to be abused

admin , , , , , , , , , , , , , , , , , , ,

Credit to Author: Pieter Arntz| Date: Tue, 22 Jan 2019 18:03:05 +0000

Whoever invented browser push notifications must have been able to guess they would be abused for advertising. This post explains what they are and how to disable them.

Categories:

Tags:

(Read more…)

The post Browser push notifications: a feature asking to be abused appeared first on Malwarebytes Labs.

Read more
ComputerWorld Independent 

Microsoft Patch Alert: Mystery patches for IE and Outlook 2013 leave many questions, few answers

admin , , , ,

Credit to Author: Woody Leonhard| Date: Fri, 21 Dec 2018 08:21:00 -0800

Just when you’re ready to settle in for some egg and nog and whatever may accompany, Windows starts throwing poison frog darts. This month, a fairly boring patching regiment has turned topsy turvey with an unexplained emergency patch for Internet Explorer (you know, the browser nobody uses), combined with an Outlook 2013 patch that doesn’t pass the smell test.

Mysterious bug fix for IE

Microsoft set off the shower of firecrackers on Dec. 19 when it released a bevy of patches for Internet Explorer:

Win10 1809KB 4483235 – build 17763.195

To read this article in full, please click here

Read more