Skip to main content
Please wait...

Patch Tuesday: 99 holes, 'exploited' IE fix, Win7 mayhem and UEFI ghost

1 month 2 weeks ago

What a month it’s been – and the Patch Tuesday patches have only been out for 24 hours. There are many February patching foibles to report.

Every version of Windows 10, stretching back to the beginning of time (except for the long-neglected version 1511) got patches this month.

Welcome to the new, improved, paid-for Win7 patches

There was no free Windows 7 update this month, even though Microsoft released a Monthly Rollup Preview in January. Anyone concerned about the well-documented “Stretch” black wallpaper bug caused by last month’s Win7 Monthly Rollup apparently can pound sand – or manually download and install the fix. Your choice.

To read this article in full, please click here

Woody Leonhard

Thought you already paid for Win7 Extended Security Updates? Think again.

1 month 2 weeks ago

I’m hearing lots of complaints from people who spent good money to get Win7 Extended Security Updates, but don’t see this month’s patches. There’s a reason why. Microsoft didn’t bother to tell us that you need a new patch, released yesterday, in order to start receiving Win7 ESU updates. You have to download the new patch, KB 4538483, from the Microsoft Catalog, and install it manually before the updates even appear.

Folks who spent money to get the February and later patches are livid. 

Yesterday, after releasing the February updates, Microsoft modified its ESU Procedure page to add this step:

To read this article in full, please click here

Woody Leonhard

Why the Fed is considering a cash-backed cryptocurrency

1 month 2 weeks ago

The Federal Reserve is investigating the potential of a central bank digital currency (CBDC) as the backbone for a new, secure real-time payments and settlements system.

The move toward a form of government-backed digital currency is being driven by Fintech firms and a banking industry already piloting or planning to pilot cash-backed digital tokens, according to Lael Brainard, a member of the U.S. Federal Reserve's Board of Governors.

“Today, it can take a few days to get access to your funds. A real-time retail payments infrastructure would ensure the funds are available immediately – to pay utility bills or split the rent with roommates, or for small business owners to pay their suppliers,” said Brainard, who serves as chair of the committees overseeing Financial Stability and Payments, Clearing and Settlements.

To read this article in full, please click here

Lucas Mearian

UEM to marry security — finally — after long courtship

1 month 2 weeks ago

The days of enterprise security being a separate entity from mobile and desktop endpoint management are coming to an end, which should delight infrastructure and security teams who’ll eventually have more powerful machine learning-enabled tools at their disposal — and a single console through which to control them.

Security around mobile and desktop infrastructures has traditionally depended on what's being managed; you purchase one for mobile devices and another for the rest of your endpoints, whether laptop or desktop.

[ Related: Enterprise mobility 2019: Dawning of the age of UEM ]

While security threats are growing, particularly phishing attacks via email, SMS or hyperlinks, the amount of money companies spend on mobile security appears to be shrinking. And yet, the percentage of organizations that admit to having suffered a mobile compromise grew in 2019, according to a Verizon survey.

To read this article in full, please click here

Lucas Mearian

Smart lighting security flaw illuminates risk of IoT

1 month 3 weeks ago

The latest smart home security nightmare highlights the risk you take each time you add another connected item to your home, office or industrial network. And even market leading brands make mistakes.

The story of Hue

Philips Hue smart lighting systems are probably among the most widely installed smart home solutions in the world, so plenty of people needs to know about the latest Check Point research, which warns of a major security flaw in them.

To read this article in full, please click here

Jonny Evans

U.S. Air Force to pilot blockchain-based database for data sharing

1 month 3 weeks ago

The U.S. Air Force (USAF) is planning to test a blockchain-based graph database that will allow it to share documents internally as well as throughout the various branches of the Department of Defense and allied governments.

The permissioned blockchain ledger comes from a small Winston-Salem, N.C. start-up, Fluree PBC, which announced the government contract this week. Fluree is working with Air Force’s Small Business Innovation Research AFWERX technology innovation program to launch a proof of concept of the distributed ledger technology (DLT) later this year.

To read this article in full, please click here

Lucas Mearian

Is Apple's iCloud Folder Sharing a shadow IT problem?

1 month 3 weeks ago

After a long delay, Apple is preparing to introduce iCloud Folder Sharing across both its Mac and iOS platforms. This looks like it is a big blessing for collaboration, but is it safe?

What is iCloud Folder Sharing?

iCloud Folder Sharing was first announced at WWDC 2019, but delayed until – well, at present it is still delayed and was only recently made available inside the latest iOS and macOS developer betas. Which means it should be on the way.

Probably.

So how's it work? It's similar to iCloud file sharing, except you can define shared folders as well as shared files.

To read this article in full, please click here

Jonny Evans

It’s not too late to get an Extended Security Update license for Windows 7

1 month 3 weeks ago

Worried about the future of your Win7 machine? Welcome to the family.

Right now, we have a promise that Microsoft will fix the “Stretch” wallpaper bug it rolled out last month, and there’s some hope that it will fix the Internet Explorer JScript engine security hole CVE-2020-0674 noted last month in Security Advisory ADV200001. We don’t know how/when the fix(es) will be distributed, or if Microsoft will soften its “no free Win7 patches after January 14” edict in some other way.

To read this article in full, please click here

Woody Leonhard

Iowa Caucus chaos likely to set back mobile voting

1 month 3 weeks ago

A coding flaw and lack of sufficient testing of an application to record votes in Monday's Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting.

While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election.

“This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it's just delayed results and egg on the face of the people who built and purchased the technology.”

To read this article in full, please click here

Lucas Mearian

The problem with mobile and app voting

1 month 3 weeks ago
It's the day after the 2020 Iowa caucuses, and the Iowa Democratic Party has yet to announce the winner. The app that precinct leaders were supposed to use to report final tallies recorded inconsistent results. Party leaders blamed a "coding issue" within the app, not a hack or attack. Computerworld's Lucas Mearian joins Juliet to discuss the problem with mobile voting and how this snafu may affect the reputation of app voting in the future.

Come on, NSA, it’s time to join the fight against Windows hacking

1 month 3 weeks ago

It’s no secret that hackers the world over target Windows vulnerabilities in order to wreak havoc, hold up data and networks for ransom, pull off money-making scams, and disrupt elections and the workings of democracy. They target Windows for a simple reason: volume. The operating system is on the vast majority of desktop and laptop computers worldwide.

Over the years, the U.S. National Security Agency (NSA) has unwittingly helped hackers in some of the world’s most dangerous and notoriously successful attacks by developing tools to exploit Windows security holes, rather than alert Microsoft to those vulnerabilities. Some of the tools have been leaked to hackers and used in massive attacks, including the EternalBlue cyber-exploit, which was used in the WannaCry global ransomware attack that affected computers in more than 150 countries and is estimated to have caused billions of dollars in damage.

To read this article in full, please click here

Preston Gralla

The perils of shouting 'fire' in a crowd of PC patchers

1 month 4 weeks ago

Time and again we see the same drama play out. Microsoft releases a security patch and scary warnings appear from every corner. When your local news broadcast tells you that you better patch Windows right now…, more temperate advice should prevail.

A little over two weeks ago, on Patch Tuesday, Microsoft released a patch for a security hole known as  CVE-2020-0601 – the Crypt32.dll vulnerability also called ChainOfFools or CurveBall

To read this article in full, please click here

Woody Leonhard

Fed rule on patient access to healthcare data gets EMR vendor pushback

1 month 4 weeks ago

The largest electronic medical record (EMR) vendor in the U.S. is fighting a proposed government rule to allow patients and their physicians greater access to electronic health information – regardless of the technology platform – to promote data exchange.

According to a number of recent reports, EMR vendor Epic Systems is lookng to derail the finalization of a rule from the Department of Health and Human Services (HHS) that would implement some provisions of the 21st Century Cures Act. In particular, the rules governing information-blocking of patient healthcare information and EMR interoperability are at the heart of the fight.

To read this article in full, please click here

Lucas Mearian

Seattle tries out mobile voting

2 months ago

About 1.2 million Seattle area voters will be able to use their smartphone, laptop or a computer at their local library to vote in a current election this year.

This will be the first time online voting is available to all eligible registered voters of a district, according to a foundation behind the initiative.

The King Conservation District in Washington State is the third region in the U.S. to partner with the nonprofit Tusk Philanthropies on a national effort to expand mobile voting, and Washington is the fifth state to pilot mobile voting in general. The King Conservation District is a state environmental agency that includes Seattle and 33 other cities, but it is separate from the King County Elections agency and operates under a different budget.

To read this article in full, please click here

Lucas Mearian
Checked
50 minutes 2 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.