Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs. Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library. The two issues are remote code execution vulnerabilities

Tripwire’s June 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, BIND and Oracle.Up first on the Patch Priority Index this month are patches for Microsoft, BIND and Oracle for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for BIND (CVE-2020-8617), Oracle

Zero-day vulnerabilities enable threat actors to take advantage of security blindspots. Typically, a zero-day attack involves the identification of zero-day vulnerabilities, creating relevant exploits, identifying vulnerable systems, and planning the attack. The next steps are infiltration and launch.  This article examines three recent zero-day atta

Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves wil

Last week, a few major tech companies informed the public that they will not provide facial recognition software to law enforcement. These companies are concerned about the way in which their technology might be used. What happens when software that threatens our privacy falls into the hands of organization which we no longer trust? In general, being awar

Government agencies’ usage of Microsoft Office 365 and Teams has skyrocketed (over 900% for some agencies). Unfortunately, the cyber threats to the GFE and BYOD mobile devices that are accessing O365 has also significantly increased. Without implementing mobile threat defense (MTD) solutions, agencies and their “Zero Trust” initiatives are exposed and

byDanny BradburyRemember when as a server operator all you had to worry about were people scanning for open ports and then stealing secrets via telnet shells? Those were the days, eh?Things got a lot more complicated when the cloud got popular. Now, hackers are gaining access to cloud-based systems via the web, and they’re using them to mine for cryptocurren

Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use. Microsoft has joined Amazon and IBM in banning the sale of facial recognition technology to police departments, the tech giants are also urging for federal laws to regulate the use of these solutions. Mi

byDanny BradburyWhoosh. You hear that? It’s the sound of Microsoft’s security fire hose spraying out a river of CVE fixes. That’s right – Patch Tuesday was this week and the software giant released patches to fix 129 CVEs.The lion’s share of the bugs are rated important, but there are 11 CVEs rated critical. They are remote code

Microsoft addressed a Server Message Block (SMB) protocol issue, named SMBleed, that could allow an attacker to leak kernel memory remotely, without authentication. Recently released Microsoft June 2020 Patch Tuesday updates also address a vulnerability in the Server Message Block (SMB) protocol dubbed SMBleed (CVE-2020-1206) that could allow an atta

Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal

byDanny BradburyWindows 10 release 2004 is out, with a slew of new features. They include several updates to its security and privacy. Here’s what you get when you download it, as outlined in the company’s blog post.Microsoft has updated its System Guard Firmware Measurement. This feature, launched in Windows 10 1903, helps guarantee the integrit

byJohn E DunnAfter a flurry of zero-day vulnerabilities in recent editions, May’s Patch Tuesday finally gives Windows users a month off having to fix ‘big’ exploited or public flaws.The catch is it’s still one of the biggest patch rounds Microsoft has ever released, featuring 111 CVE-level bug fixes (the record being March’s 115 fixes), nearly half of which

byPaul DucklinThis month’s Patch Tuesday fixes just came out in what we’re calling a “bumper update“.Microsoft pushed out fixes for 111 different CVE-tagged vulnerabilities, 16 of which are deemed critical.That includes bugs that could in theory be remotely exploited, for example via rogue attachments or booby-trapped web pages, to im

byDanny BradburyMicrosoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10. In Build 19628 and higher, you’ll be able to encrypt your DNS traffic to prevent your geeky flatmate, that hoodie-wearing person in your local coffee shop, and possibly your ISP from snooping on your browsing destinations.We