Skip to main content
Please wait...

Microsoft releases emergency IE patches inside 'optional, non-security' cumulative updates

3 weeks 4 days ago

I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

[ Related: How to clean up your Windows 10 act ]

In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.

To read this article in full, please click here

Woody Leonhard

Microsoft delivers emergency security update for antiquated IE

3 weeks 4 days ago

Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.

The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google's Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic "zero-day," a vulnerability actively in use before a patch is in place.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft's decision to go "out of band," or off the usual patching cycle, to plug the hole.

To read this article in full, please click here

Gregg Keizer

iOS 13: Apple's big BYOD improvements help enterprise pros

3 weeks 5 days ago

Apple may place much of its focus on Apple Arcade and consumer-friendly iPad/iPhone features, but there are numerous enterprise-focused enhancements wrapped up inside iOS 13.

The BYOD enterprise

The company’s latest operating systems introduce a host of productivity-enhancing upgrades, particularly for the iPad.

Yet the biggest improvements specifically for enterprise users aim to make a more robust division between personal and enterprise data for Bring Your Own Device (BYOD) deployments, solving one of the big challenges in the space.

To read this article in full, please click here

Jonny Evans

Change these 4 new security settings in iOS 13 now

4 weeks 1 day ago

If you’ve (successfully) upgraded to iOS 13 or just got hold of a new iPhone 11 or 11 Pro, there are new security settings in Apple’s latest operating system you need to learn and use. Here's what's important to understand.

Fight back against robocalls

There were 26.3 billion robocalls in the U.S. in 2018. It’s a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. those you don’t have in your Contacts book) to voicemail. It’s a useful feature that isn’t enabled by default.

To read this article in full, please click here

Jonny Evans

Now change these 4 new security settings in iOS 13

4 weeks 1 day ago

If you’ve (successfully) upgraded to iOS 13 or just got hold of an iPhone 11 device, here are the new security settings inside Apple’s new operating system you need to learn and use.

Fight back against robocalls

There were 26.3 billion robocalls in the U.S. in 2018. It’s a a sickness.

You can stop the contagion thanks to a new in iOS 13 feature that directs incoming calls from unknown numbers (ie. Those you don’t have in your Contacts book) to voicemail.

It’s a useful feature that isn’t enabled by default.

To read this article in full, please click here

Jonny Evans

Throwback Thursday: Ultimatum

1 month ago

It’s 1977, and this pilot fish’s company is moving to a new data center. “The old facility was in the basement of the headquarters building,” says fish. “Access was via an ancient magnetic strip reader with no special capabilities. You either got in or you didn’t.

The new facility has state-of-the-art card readers, supported by a small midrange system. It has lots of capabilities — which can be a bit of trouble when you have a security department that’s paranoid about access to the facility.

And trouble does arrive, about a month after the move to the new building, when the security department programs the system to allow admission only during scheduled working hours.

To read this article in full, please click here

Sharky

Wayback Wednesday: When you said ‘gone for good,’ I only heard ‘good’

1 month ago

User comes to this support pilot fish complaining that his PC is acting strangely.

“It turns out he had gotten his computer so jammed up with spyware and Trojans that it was basically nonfunctional,” says fish. “We had to rebuild the computer from scratch.” They were able to recover much of user’s work and files, but some were irretrievably damaged — or just plain gone .

Fish explains what happened and points out the probable infection vectors. And he explains that they had recovered as much as they could, but some stuff was simply gone for good. There would be no way to get anything more.

“Two days later, he called to ask when I’m going to bring him the rest of his missing files.”

To read this article in full, please click here

Sharky

Why France and Germany fear Facebook’s cryptocurrency – and plan to block it

1 month ago

Facebook's plans to launch its own Libra cryptocurrency next year is getting resistance from France and Germany who have promised to block it and plan to create their own national cryptocurrencies.

Last week, the two nations said Libra could threaten the Euro's value and unlawfully privatize money. Last year, the Reserve Bank of India (RBI), the country's central bank, announced a ban on the use of cryptocurrencies by any regulated financial entity because of risks associated with it.

To read this article in full, please click here

Lucas Mearian

Mozilla first reveals, then conceals, paid support plan for Firefox

1 month ago

Mozilla earlier this month quietly outlined paid support for enterprise users of Firefox, but last week scrubbed the reference from its website, saying that it is "still exploring that option."

The offering - labeled "Mozilla Enterprise Client Support" - was to start at $10 per "supported installation," which likely referred to per-device, not per-user, pricing. It's unclear whether that was an annual or monthly fee, and Mozilla declined to say which it was when asked.

In return for the fee, Mozilla said on the now-absent Firefox enterprise site - still visible through the Internet Archive's Wayback Machine - customers would be able to privately report bugs via a new web portal and receive fixes on a timeline dependent on the impact and urgency of the problem. Customers would also be able to file requests for help with Firefox's installation and deployment, management policies, functionality and customization.

To read this article in full, please click here

Gregg Keizer

All about U.S. tech antitrust investigations | TECH(feed)

1 month ago
Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering the practices these companies engage in to eliminate competition. In this episode of TECH(feed), Juliet discusses the House investigation into big tech and how Congress plans to investigate potential wrongdoing by these companies.

Now let me guess your password

1 month ago

This pilot fish IT guy gets a call from an irate client one day complaining (incorrectly) that we had changed his administrative password on his Windows 2000 server without his knowledge.

“As I walked him through the logon process, I asked if the username in the login prompt was ‘Administrator,’ says fish. “His reply: “Oh, do I need to change that?”

Feed the Shark! Send me your true tales of IT life at sharky@computerworld.com. You can also subscribe to the Daily Shark Newsletter.

To read this article in full, please click here

Sharky

Mozilla previews Firefox VPN, will charge for service at some point

1 month ago

Mozilla this week resurrected its Test Pilot preview program, offering Firefox users a free VPN-like service to encrypt browser-to-site-and-back transmissions over public networks.

"The Firefox Private Network is an extension which provides a secure, encrypted path to the web to protect your connection and your personal information anywhere and everywhere you use your Firefox browser," wrote Marissa Wood, vice president of product, in a post to the Mozilla blog.

[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]

The free service is available immediately, but only to U.S.-based users running the desktop version of Firefox. A Firefox account - typically used for syncing copies of the browser on multiple devices - and an accompanying add-on are required.

To read this article in full, please click here

Gregg Keizer

Heads up: Microsoft is back to snooping with this month’s Win7 and 8.1 'security-only' patches

1 month 1 week ago

Two months ago, the July Win7 security-only patch was found to install telemetry software, triggered by newly installed scheduled tasks called ProgramDataUpdater, Microsoft Compatibility Appraiser, and AitAgent. As best I can tell, Microsoft never admitted that its security-only patch dropped a telemetry component.

The August security-only update didn’t include that bit of snooping, so it looked like the July snooping was a one-off aberration.

To read this article in full, please click here

Woody Leonhard

Throwback Thursday: Let’s get an expert opinion

1 month 1 week ago

Card-reader door locks are installed at this pilot fish’s company, and she’s tasked with setting up the software, configuring the locks and assigning employee access and times.

A VP gives her a handwritten sheet of paper with the employee door access and times, reports fish. Then he promptly takes a one-week vacation.

“The day the system goes live, the employees are standing in front of me yelling because their cards won’t let them in the door they want to use. They now have to use the main door instead.

“The VP comes along hearing all the complaints, then starts yelling at me that this is not the way it should be set up.

“I pull out his handwritten instructions. He looks at it and says, ‘That’s not my handwriting!’”

To read this article in full, please click here

Sharky

Lemonade is changing the way we insure our homes

1 month 1 week ago

Your home can be broken into or destroyed by a natural disaster when you least expect it. When that happens, how will you get back on your feet? Ideally, you would’ve been paying homeowner’s or renter’s insurance to cover your losses. Unfortunately, it can take weeks or even months to receive your money after filing a claim. 

Lemonade is here to save the day in less than a day. With rates starting as low as $5/mo for renter’s insurance and $25/mo for homeowner’s insurance, you can rest assured that your property claims can be approved and reimbursed within seconds. 

To read this article in full, please click here

DealPost Team

How to take full advantage of Android 10's privacy-reclaiming powers

1 month 1 week ago

Well, gang, it's here. In case you've been hibernating over the past week (or maybe just, ahem, on an unfortunately timed week off), Google brought Android 10 into this wacky ol' world of ours this past Tuesday.

There's really only so much to say about the Android 10 basics at this point — because, quite frankly, it's the same software we've seen evolving in plain view over the past several months.

Yes, Android 10 has new gestures for getting around your phone. Yes, it has a new system-wide switch for making the entire operating system dark. And yes, it has a nifty new Focus Mode for limiting distractions on an app-by-app basis.

To read this article in full, please click here

JR Raphael

Heads up: A free, working exploit for BlueKeep just hit

1 month 1 week ago

There’s been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it’s a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine – if you have Remote Dekstop turned on, it’s accessible directly from the internet, and you haven’t installed the May patches.

[ Related: Microsoft Windows 10 vs. Apple macOS: 18 security features compared ]

Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I’ve seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here

Woody Leonhard
Checked
6 minutes 24 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.