Skip to main content
Please wait...

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year

2 months ago

Editor's note: An earlier version of this story incorrectly included references to a re-released version of Windows 10 1809. That version of Windows has not been re-released.

The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109 

Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:

To read this article in full, please click here

Woody Leonhard

Patch Tuesday alert: Make sure Windows Auto Update is temporarily disabled

2 months 1 week ago

For those of you who haven’t patched since May, there’s exceedingly bad news on the horizon. Per Catalin Cimpanu at ZDNet, Metasploit’s working-but-just-barely BlueKeep exploit is about to get a significant bug fix. That'll put BlueKeep infection capabilities in the hands of mere mortals. The script kiddies won’t be far behind.

If you’re using — or you know someone who’s using — Windows XP, Vista, Win7, Server 2003, Server 2008 or Server 2008 R2, get patched now. The fix is easy. Even  Aunt Martha can handle it.

To read this article in full, please click here

Woody Leonhard

Why you should begin using Sign in with Apple

2 months 1 week ago

Apple has published a lot of information explaining how its newly introduced Sign in With Apple service solves a problem most of us didn’t know existed – something many of us would very much like to solve.

Who watches the watchmen?

The issue: Most social sign-in services act a little like user-tracking honey pots: You come to use a website or service and stay because the people providing the authorization use that moment to gather even more information about what you do.

What happens is that the persistent identity used by those services can be combined with other data to identify where you go, what you look for and more. It sounds innocuous enough, but over time the individual profiles grow, and can be leaked, stolen or sold – and you don’t know by whom or to whom.

To read this article in full, please click here

Jonny Evans

Duck Duck Go offers Mac users even more privacy

2 months 1 week ago

People are finally waking up to the importance of privacy and the risk of entities over whom we have no control hoovering up the details of our digital lives, and that’s why the latest news from Duck Duck Go is so worthwhile.

Apple’s good privacy just got better

We know Apple is working to protect privacy – its newly updated privacy website shares a huge amount of information on its efforts, while the newly-published Safari white paper confirms the browser’s privacy protections include (among other things):

To read this article in full, please click here

Jonny Evans

Duck Duck Go gives Mac users even more privacy

2 months 1 week ago

People are finally waking up to the importance of privacy and the risk of entities over whom you have no control hoovering up the details of our digital lives, and that’s why the latest news from Duck Duck Go is so worthwhile.

Apple’s good privacy just got better

We know Apple is working to protect our privacy – its newly updated privacy website shares a huge amount of information on this, while the newly-published Safari white paper confirms the browser’s privacy protections include (among other things):

To read this article in full, please click here

Jonny Evans

Apple updates its privacy pages; you should take a look

2 months 1 week ago

Apple has updated its privacy website and published several white papers explaining its approach to the issue and how its products protect your privacy.

Apple offers more information than ever

The updated website delivers much more information now, with a broad overview of what the company is doing. It details features and controls as well as the company's  privacy policy and transparency report. 

The site also offers a selection of understandable white papers that explain how  privacy controls work in Safari, Location Services, Photos and Sign-in With Apple. These contain a large amount of information on Apple and its services.

To read this article in full, please click here

Jonny Evans

Boeing's insecure networks threaten security and safety

2 months 1 week ago
Aircraft manufacturer Boeing's insecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Boeing's unsecure networks threaten security and safety

2 months 1 week ago
Aircraft manufacturer Boeing's unsecure networks leave the company--and potentially its aircraft--at risk of exploitation. Security researcher Chris Kubecka uncovered these threats in April, and new reporting by CSO's J.M. Porup reveals little has been done to patch these vulnerabilities. They both join Juliet to discuss how Kubecka discovered this information and what it means for national security and passenger safety.

Microsoft Intune can now block unauthorized BYOD hardware

2 months 2 weeks ago

Microsoft has integrated third-party mobile threat defense (MTD) software with its Intune unified endpoint management (UEM) platform, enabling corporate systems to detect when an employee's unenrolled, smartphone or tablet has an app potentially infected by malware.

The new Intune capability is particularly useful for companies with bring-your-own device (BYOD) policies in that it can block access to enterprise systems on devices flagged by the MTD software.

[ Related: How to get the most from Microsoft Intune ]

The mobile threat detection feature on Intune will initially allow it to work with software from Lookout for Work, Better Mobile and Zimperium. "In future, we expect other partners to add support for this integration," Microsoft said via a Monday blog post released during its Ignite conference.

To read this article in full, please click here

Lucas Mearian

Do you really need a Chief Mobility Officer? (Spoiler alert: nope)

2 months 2 weeks ago

While one in three large enterprises has a chief mobility officer (CMO), according to one survey, that role is now largely duplicative and unnecessary – and creating it can hit a company's bottom line.

Management consultancy Janco Associates, which lists job descriptions and conducts bi-annual salary surveys, last week updated its description of a Chief Mobility Officer (CMO) to include privacy compliance policies in light of the California Consumer Privacy Act (CaCPA), which goes into effect in January.

To read this article in full, please click here

Lucas Mearian

With a few exceptions, all’s clear to install Microsoft’s October patches

2 months 2 weeks ago

If you had automatic update turned on at the beginning of October, you got clobbered with a bug-infested, out-of-band update for an IE-related zero-day that never appeared in real life. Later in the month, those with automatic update turned on were treated to a wide assortment of bugs (Start and Search fails, RDP redlines, older Visual Basic program blasts) – only some of which were solved with the month’s final, optional, non-security patches.

To read this article in full, please click here

Woody Leonhard

Google strengthens Chrome's site isolation to protect browser against its own vulnerabilities

2 months 2 weeks ago

Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser's Blink rendering engine.

Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Łukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. "Site Isolation in Chrome 77 now helps defend against significantly stronger attacks," the two said. "Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors."

To read this article in full, please click here

Gregg Keizer

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

2 months 3 weeks ago

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

Woody Leonhard

Memory-Lane Monday: Please tell me his name wasn’t Jones

2 months 3 weeks ago

Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, “I'm going to reset your password to your last name, with the first letter capitalized.”

Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

“Surreal doesn’t even begin to describe how this felt!”

To read this article in full, please click here

Sharky

Name game

2 months 3 weeks ago

This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here

Sharky
Checked
1 minute 16 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.