Forbes has the story: Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get … Read More “Paragon: Yet Another Cyberweapons Arms Manufacturer” »
Category: patching
Auto Added by WPeMatico
There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details: The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing … Read More “New Spectre-Like Attacks” »
Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he … Read More “Serious MacOS Vulnerability Patched” »
Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA. Powered by WPeMatico
A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it … Read More “Accellion Supply Chain Hack” »
Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledged the problem immediately. During … Read More “More on the Chinese Zero-Day Microsoft Exchange Hack” »
How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 20132017, which indicates a lack of recent software updates,” the reported stated. 26%!? One in four networks? … Read More “On Not Fixing Old Vulnerabilities” »
Microsoft has issued an emergency Microsoft Exchange patch to fix four zero-day vulnerabilities currently being exploited by China. Powered by WPeMatico
Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year … Read More “Twelve-Year-Old Vulnerability Found in Windows Defender” »
This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »