Credit to Author: Quickheal| Date: Fri, 13 Mar 2020 03:08:36 +0000
Since last two days, the Internet is rife with news around a critical remote code execution vulnerability in SMBv3.1.1 compression mechanism. Today, on 12th March 2020 Microsoft has released an emergency out-of-band patch to address this vulnerability. As per Microsoft release information, it’s a remote code execution vulnerability in the…
Read more
Credit to Author: John E Dunn| Date: Mon, 16 Mar 2020 11:58:56 +0000
What’s the difference between a scheduled security update and one that’s out-of-band? In this case, it’s two days.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/OqgpMudTrew” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Steven J. Vaughan-Nichols| Date: Wed, 11 Mar 2020 07:47:00 -0700
Yesterday, on Patch Tuesday, as I was finishing up the column that follows lamenting the sorry state of Windows 10 patches and providing copious examples of things gone very wrong, a big, fat example landed in my lap (but happily not in my laptop). Word emerged that Microsoft had accidentally leaked news about a new Server Message Block (SMB) bug with a maximum severity rating, a.k.a. SMBGhost. The leak also said that this bug wasn’t patched in that day’s releases.
Credit to Author: Woody Leonhard| Date: Mon, 09 Mar 2020 07:06:00 -0700
It’s always a good idea to pause Windows updates just before they hit the rollout chute. This month, we’re facing two extraordinary issues that you need to take into account. Wouldn’t hurt if you told your friends and family, too.
Take last month’s Windows patches. Please. We had one patch, KB 4524244, that slid out on Patch Tuesday, clobbered an unknown number of machines (HP PCs with Ryzen processors got hit hard), then remained in “automatic download” status until it was finally pulled on Friday. We had another patch, KB 4532693, that gobbled desktop icons and moved files while performing a nifty trick with temporary user profiles. Microsoft never did fix that one.
Credit to Author: Malwarebytes Labs| Date: Mon, 09 Mar 2020 20:07:46 +0000
 | |
| A roundup of the previous week’s security headlines, including the introduction of a new series on child identity theft, an examination of law enforcement’s cybersecurity woes, a progress check on our stalkerware initiative, and more coronavirus scammers on the prowl. Categories: Tags: a week in securityawiscathay pacificcoronavirusexploitgdprmalwaremicrosoftMobilephishinground upsecurityTESCOweek in securityzynga |
The post A week in security (March 2 – 8) appeared first on Malwarebytes Labs.
Read more
Credit to Author: John E Dunn| Date: Tue, 03 Mar 2020 11:09:05 +0000
In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/YitOMgSO498″ height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Paul Ducklin| Date: Thu, 27 Feb 2020 15:17:26 +0000
What a difference one tiny little character can make to a phone number.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/SwdrGrXbCJw” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Danny Bradbury| Date: Thu, 27 Feb 2020 11:32:13 +0000
Users looking for a privacy-focused browser might want to consider Brave first, according to a study published this week.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/nYYmchFylNA” height=”1″ width=”1″ alt=””/>
Read more
Credit to Author: Woody Leonhard| Date: Wed, 26 Feb 2020 09:44:00 -0800
The real stinker this month, KB 4524244, rolled out the automatic update chute for four full days until Microsoft yanked it – leaving a trail of wounded PCs, primarily HP machines, in its wake. The other big-time bug in this month’s patches, a race condition in the KB 4532693 Win10 version 1903 and 1909 cumulative update installer, hasn’t been officially acknowledged by Microsoft outside of a blog post. But at least it’s well known and understood.
Folks running SQL Server and Exchange Server networks need to get patched right away.
Patch Tuesday brought KB 4524244 for Windows 10 owners, a bizarre single-purpose patch apparently directed at one specific UEFI bootloader. I talked about it last week.
Credit to Author: Danny Bradbury| Date: Tue, 25 Feb 2020 11:47:17 +0000
That smart home speaker isn’t listening to everything you say, according to new research – but it is listening a lot more than it should.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/J0yh5jhzK8w” height=”1″ width=”1″ alt=””/>
Read more