Microsoft – Page 31 – PossibleThreat Articles

Microsoft corrige errores críticos en CryptoAPI, RD Gateway y .NET

January 22, 2020 0 Comments actualidad, actualizacion, Adobe, Microsoft

Credit to Author: Naked Security| Date: Fri, 17 Jan 2020 10:06:22 +0000

El error criptográfico CryptoAPI del que Microsoft informó el martes de parches de esta semana fue tan importante que justificó su propia historia. Aquí, desvelamos algunos de los otros problemas que arregló Microsoft. Entre los errores más graves se encuentran los defectos de ejecución remota de código (RCE) que afectan a Windows Remote Desktop Gateway, […]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/aH7nHIo3Qso” height=”1″ width=”1″ alt=””/>

MalwareBytes Security

WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

January 22, 2020 0 Comments 404browlock, 404error, browlock, browlocks, browser guard, browser locker, chrome, Edge, firefox, malvertising, malvertising campaigns, Microsoft, scams, Social engineering, steganography, tech support, Tech support scams, Threat analysis, tss, woof

Credit to Author: Jérôme Segura| Date: Wed, 22 Jan 2020 16:00:00 +0000

We reveal the inner workings of WOOF locker, the most sophisticated browser locker campaign we’ve seen to date. Learn how this tech support scam evades researchers and ensnares users by hiding in plain sight.

Categories:

Threat analysis

Tags: 404Browlock 404error browlock browlocks Browser guard browser locker chrome Edge firefox malvertising malvertising campaigns microsoft scams Social Engineering steganography tech support tech support scams TSS WOOF

ComputerWorld Independent

Don’t worry about CurveBall just yet — get your Citrix systems patched

January 21, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 21 Jan 2020 08:03:00 -0800

Hey, admins! It’s been an exciting week, eh?

Most of you have been inundated with requests — demands — that you patch all of your systems immediately to protect them from the highly publicized CVE-2020-0601 Crypt32.dll security hole, known as “Chain Of Fools” or “CurveBall.”

While you were scrambling to comply with the NSA’s unique advertising, abetted by almost every security expert on the planet, a funny thing happened. There are no in-the-wild exploits for the ol’ CurveBall. But there are lots and lots of Citrix ADC and Citrix Gateway systems under attack, using a security hole announced in December called CVE-2019-19781.

To read this article in full, please click here

ComputerWorld Independent

Worried about an NSA ChainOfFools/CurveBall attack? There are lots of moving parts. Test your system.

January 17, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Fri, 17 Jan 2020 06:42:00 -0800

If you want to install the January Patch Tuesday patches, by all means, go right ahead. That said, I continue to recommend that you hold off installing the January Microsoft patches until we get a clearer reading on potential bugs.

The pro-patch-now argument generally goes something like this: Everybody is recommending that you install the patches to protect against the Crypto bug — almost all of the major security folks, the researchers, the big online sites, your local news station, your congresscritter, your neighbor’s nine-year-old, even the bleeping NSA. It’s a little patch. Why not just install it and be done with it?

To read this article in full, please click here

Security Sophos

NSA and Github ‘rickrolled’ using Windows CryptoAPI bug

January 16, 2020 0 Comments cryptoapi, Cryptography, cve-2020-0601, Exploit, Microsoft, NSA, rickroll, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Thu, 16 Jan 2020 17:42:09 +0000

We said, “Assume that someone will find out how to do it pretty soon,” and that’s exactly what happened.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/XhJpjHyVCqc” height=”1″ width=”1″ alt=””/>

ComputerWorld Independent

Windows 7 end of support: Separating the bull from the horns

January 15, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 13:20:00 -0800

No, Windows 7 isn’t dead.

No, you don’t need to buy a Win10 computer.

No, you don’t need to upgrade.

No, you don’t need to install the latest Win7 patches right away.

No, Microsoft isn’t withdrawing its unofficial nod-and-a-wink free upgrade from Win7 to Win10. At least, not right away.

No, the old Win7 patches aren’t disappearing.

No, your Internet Service Provider won’t kick you off your network for using Win7.

To read this article in full, please click here

ComputerWorld Independent

Patch Tuesday aftermath: The NSA Crypt32 threat is real, but not yet imminent

January 15, 2020 0 Comments Microsoft, Security, Windows

Credit to Author: Woody Leonhard| Date: Wed, 15 Jan 2020 07:26:00 -0800

Get ready for your local news station’s weather reporter to start lecturing on the importance of installing Windows patches.

Yesterday we were treated to a remarkable Patch Tuesday. “Remarkable” specifically in the sense that the U.S. National Security Agency was moved to put out a press release (PDF):

NSA recommends installing all January 2020 Patch Tuesday patches as soon as possible to effectively mitigate the vulnerability on all Windows 10 and Windows Server 2016/2019 systems.
To read this article in full, please click here

Security Sophos

Microsoft fixes critical bugs in CryptoAPI, RD Gateway and .NET

January 15, 2020 0 Comments Adobe, barcelona, CVEs, Microsoft, Operating Systems, Patch Tuesday, Patches, rce, rd gateway, RDP, remote code execution, security threats, vulnerability, Windows, windows remote desktop gateway, windows server

Credit to Author: Danny Bradbury| Date: Wed, 15 Jan 2020 12:10:33 +0000

Here are the most serious bugs from Microsoft’s Patch Tuesday – Including CryptoAPI and RCE flaws in Windows Remote Desktop Gateway.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/_JcrLmlUQmc” height=”1″ width=”1″ alt=””/>

Security Sophos

Malicious npm package taken down after Microsoft warning

January 15, 2020 0 Comments backdoor, malicious package, Microsoft, microsoft vulnerability research, node package manager, npm, security threats, unix, vulnerability

Credit to Author: John E Dunn| Date: Wed, 15 Jan 2020 11:32:56 +0000

Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/X4lFsmpAVr8″ height=”1″ width=”1″ alt=””/>

Security Sophos

Serious Microsoft crypto vulnerability – patch right now

January 14, 2020 0 Comments Microsoft, Patch Tuesday, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 14 Jan 2020 23:07:10 +0000

It’s a big one. Don’t wait around, get your updates right now!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/3IJEeL8R9bQ” height=”1″ width=”1″ alt=””/>