Archive for the ‘security’ Category

Microsoft Publishes Long-Awaited February 2017 Flash Update KB4010250

Wednesday, February 22nd, 2017

Better late than never, I guess …

Microsoft announced last week that it would not release security patches on February’s Patch Day. In fact, the February Patch Day was canceled completely by the company; a first in the Patch Day’s history. Microsoft revealed that it would delay the February Patch Day to the March Patch Day. This means that the February 2017 security patches will be released alongside the March 2017 patches by the company. This would not be a problem where it not for known unpatched security issues. A SMB security issue was revealed on February 3rd, 2017 that affects Windows 8, Windows 10 and Windows Server.

(more…)

Google Discloses Another Unpatched Windows Vulnerability

Monday, February 20th, 2017

This bug was discovered way back in November, 2016, but at present it doesn’t look like Microsoft has addressed the vulnerability yet.

Google Project Zero member Mateusz Jurczyk disclosed a gdi32.dll vulnerability in the Windows operating system to Microsoft on November 16, 2016. The report itself is quite technical and it would go too far to go into details here on the site. The following describes the turn of events however.

(more…)

SMB Zero-Day Affects Windows 8, 10 and Server

Friday, February 3rd, 2017

If your system is displaying a blue screen, this might help to explain it …

The United States Computer Emergency Readiness Team (US-CERT) published a vulnerability note yesterday about a new zero-day vulnerability affecting Microsoft Windows 8, 10 and Server editions.

(more…)

Large Number of Android VPN Apps Insecure

Wednesday, February 1st, 2017

It turns out that a lot of Android apps that rely on VPN services, aren’t as private and secure as we were lead to believe.

Virtual Private Networks (VPN) have evolved from a technology used mostly by businesses to one that is used by more and more home users as well. Reasons are manifold, but improved privacy and security are certainly two key features that make a growing number of home users use VPN services and apps. Without going into too much detail; a VPN protects a device’s IP address as traffic flows through it instead of directly to the user’s system.

(more…)

Microsoft – Windows 10 Hardening Against 0-Day Exploits

Tuesday, January 24th, 2017

Windows 10 does indeed do a fine job with security issues … but I still wish they could learn to resist the temptation to tweak my Start Menu and Task Bar every three or four upgrades or so.

One key focus of Microsoft when it comes to promoting the company’s latest operating system Windows 10 is to hammer home that Windows 10 is better for security. The company published a blog post recently on the Microsoft Malware Protection Center blog which exemplified that by analyzing how Windows 10 handled two 0-day exploits, or better, how it protected customer systems from those exploits.

(more…)

WhatsApp Security – Make This Change Right Now!

Friday, January 13th, 2017

Heads up, WhatsApp users; it’s time to adjust your security settings.

Security researchers found a backdoor in the popular messaging application WhatsApp recently that could allow WhatsApp to intercept and read user messages. Facebook, the owner of WhatsApp, claims that it is impossible to intercept messages on WhatsApp thanks to the services end-to-end encryption. The company states that no one, not even itself, can read what is sent when both sender and recipient use the latest version of the application.

(more…)

Browser Autofill Data May be Phished

Friday, January 6th, 2017

This certainly comes as no surprise. Fortunately, some browsers offer ways to protect against phishing access to autofill data, but that still might not completely eliminate the problem.

Most modern web browsers support comfortable features like auto-filling forms on sites using data that you have entered in the past. Instead of having to enter your name, email address or street address whenever you sign up for a new account for instance, you’d fill out the data once only and have the browser fill out the fields for you any time they are requested afterwards.

(more…)

Netgear Releases First Final Firmware Updates for Router Security Issue

Wednesday, December 21st, 2016

If you’ve got a Netgear router in your office or home, it’s probably a good idea to be aware of this fix for a recent security glitch.

Netgear has released the first batch of production firmware fixes for company routers affected by a serious security vulnerability. Cert issued a warning on December 9, 2016 that several Netgear routers are vulnerable to arbitrary command injection. Cert listed only two router models but has since then added other models to the list.

(more…)

Password Use Study – Massive Reuse of Passwords

Friday, December 9th, 2016

The only surprise here is that someone thought that a study was needed in order to prove that people reuse passwords … heck, I could have told them that without a study.

A recent password use study by the German Hasso-Plattner-Institute of roughly 1 billion user accounts concluded that 20% of users were reusing passwords. Additionally, 27% of users used password that were nearly identical with other account passwords. User accounts and passwords are still the dominating method of authentication both locally and online.

(more…)