Posts Tagged ‘vulnerability’

Report – Non-Admin Accounts Mitigate 94% of Critical Windows Vulnerabilities

Wednesday, March 1st, 2017

This probably goes without saying, but here it is anyway, just in case anyone needs a reminder.

A new report suggests that Windows admins and users could mitigate 94% of all critical vulnerabilities automatically by running non-admin accounts. It is common sense that using standard user accounts on Windows, opposed to accounts with elevated privileges, is a good security practice. The main reason behind this practice is simple: if a user cannot perform certain operations due to limited rights, then malware can’t perform those operations either.

(more…)

Flash Tops the Exploit Kits Chart in 2016 Again

Wednesday, December 7th, 2016

This is the reason why so many browsers and websites are abandoning Flash in favor of HTML5.

If you needed another reason not to use Flash anymore, a new security report by Recorded Future may convince you to consider this at the very least. The company analyzed 141 exploits kits that were available between November 16, 2015 and November 15, 2016. The main takeaway of the research study is that Adobe Flash vulnerabilities made up six of the top ten chart spots.

(more…)

LastPass Remote Compromise Vulnerability

Thursday, July 28th, 2016

More evidence that it’s probably safer to just write your passwords out on a business card rather than relying on a password manager.

LastPass has a bunch of critical problems of which at least one allows attackers to compromise the password manager remotely according to Google researcher Tavis Ormandy. LastPass is one of the most popular online password management services on today’s Internet. The service offers extensions for various browsers, mobile apps, and dedicated solutions for various operating systems and devices.

(more…)

Firefox Cross-Extension vulnerability discovered

Wednesday, April 6th, 2016

This is definitely a problem. Firefox appears to be working on the problem and although there are tools that help to detect vulnerability to extension re-use, at present there is no solution for preventing it.

Nine of the ten most popular Firefox add-ons, based on users, are vulnerable to extension reuse vulnerabilities that allow malicious extensions to leverage these vulnerabilities. Add-ons are one of the hallmarks of the Firefox web browser. The most popular Firefox add-ons are used by millions of users, and since the extension system in place does not limit add-on developers as much as on other platforms, some add miraculous things to the browser that are not possible elsewhere.

(more…)

And the Product with the Most Distinct Vulnerabilities in 2015 is …

Monday, January 4th, 2016

The three manufacturers that lead this list are somewhat surprising.

Rarely a day goes by without news of another vulnerability hitting an operating system, software, device, or service on the web.  These reports have become part of everyone’s online life and all users can do is stay informed and close security issues as soon as companies make available patches for them to do so. While it is sometimes possible to mitigate vulnerabilities, often users are left with no other recourse but to wait for a company to release a patch. Sometimes, that patch is never produced.

(more…)

Emergency Patch for Windows Vulnerability MS15-078 Released (KB3079904)

Tuesday, July 21st, 2015

I guess this explains why my PC rebooted itself last night …

Microsoft pushed out an emergency patch yesterday via automatic updates to all supported versions of its Windows operating system that patches a critical issue that could allow remote code execution when exploited successfully. Specifically, the vulnerability exploits an issue in the Windows Adobe Type Manager Library when specially crafted documents with OpenType fonts are loaded on the system.

(more…)

Microsoft Security Bulletins for April 2015

Friday, April 17th, 2015

Here we are half way through April already … which means that it’s time for another round of Microsoft Security Bulletins.

Microsoft has just released security updates for April 2015 on today’s Patch Day. Security updates are published regularly by the company on the second Tuesday of each month. This guide offers information about all security updates released on today’s Patch Day as well as security and non-security updates released for Windows since the last Patch Day on March 10, 2015.

(more…)

Apple Tops Operating System, Microsoft Application Vulnerability Chart

Monday, February 23rd, 2015

As the story states, there might be problems with the manner in which the data was analyzed, but the report does appear to challenge the prevailing notion of Apple’s superiority when it comes to system security.

If you had to guess the operating system with the highest number of reported vulnerabilities, which would you pick? I guess it is fairly certain that the majority would pick Windows 7 or Windows in general but that is not the case, at least not when you grab data from the 2014 NVD database.

(more…)

Microsoft Releases Hotfix for Internet Explorer 8 Security Vulnerability

Friday, May 10th, 2013

The most surprising thing about this article is the news that the US Department of Labor and Department of Energy are still using IE8!

A security bug in Microsoft’s Internet Explorer 8 web browser was confirmed by the company on Friday in a security advisory. Reports of attacks began to appear two days earlier when security firm Invincea reported that attacks were carried out against the US Department of Labor and Department of Energy exploiting a new vulnerability in the Internet browser. Another security company, FireEye confirmed the reports.

(more…)