What is phishing? Learn how this attack works
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this increasingly sophisticated form of cyberattack.
ComputerWorld
Microsoft offers free post-2020 Windows 7 support for Win 10 Enterprise subscribers
Credit to Author: Gregg Keizer| Date: Mon, 26 Aug 2019 03:00:00 -0700
Microsoft is giving away one year of post-retirement support for Windows 7 to customers with active Windows 10 subscriptions.
“Enterprise Agreement and Enterprise Agreement Subscription (EA and EAS) customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security will get Windows 7 Extended Security Updates for Year 1 as a benefit,” Microsoft said in a FAQ about the end of support for Windows 7 and Office 2010.
Windows 10 Enterprise E5 and Microsoft 365 E5 are the top-tier subscriptions of the OS or packages that include the operating system. They are the highest-priced plans in their specific lines.
Texas ransomware attacks: to pay or not to pay? | TECH(feed)
Nearly two dozen cities in Texas have been hit by a ransomware attack executed by a single threat actor. These attacks beg the question: Is it ever worth it to pay a cyber attacker’s ransom? In this episode of TECH(feed), Juliet discusses the pattern of ransomware attacks on local governments, how municipalities have responded and how to prevent a ransomware attack in the first place.
Throwback Thursday: Eyes only
Credit to Author: Sharky| Date: Thu, 22 Aug 2019 03:00:00 -0700
Programmer pilot fish goes online to a message board for a development system that’s used for one of his company’s applications.
But he gets a message that the site is blocked. He can either forget about it, click a link to continue, or click a link to see the company’s access policy.
He clicks to continue, gets what he needs, and then, just out of curiosity, he clicks to see the access policy to get an idea of why this site is being blocked.
But instead of seeing the access policy, fish sees this message: Content blocked. Click here to access our internet resource policy.
Sputters baffled fish, “It actually blocked the policy!”
How to avoid using RDP in Windows
Several new vulnerability disclosures in Windows Remote Desktop Protocol suggest it’s time to stop using it. Here’s how.
Safari to ape Firefox, go all-in on anti-tracking
Credit to Author: Gregg Keizer| Date: Tue, 20 Aug 2019 11:53:00 -0700
The WebKit project – the open-source initiative that generates code for Apple’s Safari browser – quietly announced last week that it would follow in Mozilla’s footsteps and quash tracking technologies designed to follow users across the web.
In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects.
“We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy,” the document read. “If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques.”
Installing Windows 7 from a backup? You need a BitLocker patch right away
Credit to Author: Woody Leonhard| Date: Mon, 19 Aug 2019 09:33:00 -0700
No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.
A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.
Microsoft warns of Visual Basic, VBA and VBScript 'procedure call' errors after August patches
Credit to Author: Woody Leonhard| Date: Thu, 15 Aug 2019 05:28:00 -0700
August is going to be a perilous patching month.
We’re tracking down credible reports of the Server 2012 R2 Monthly rollup breaking RDP logins, a conflict between the Win10 1903 cumulative update and last month’s version of Outlook 365, confusion about Win7 patches being branded as “IA64 only,” dealing with the lack of telemetry (!) in the August Win7 Security Only patch, much mayhem trying to install SHA-2 signed patches (including the Win7 Monthly Rollup) on systems using Symantec Endpoint Protection, even more confusion over the difference between Symantec Endpoint Protection and Norton Security Suite, and lots of the usual installation failures and rollbacks.
3 Google privacy tips for Mac and iOS users
Credit to Author: Jonny Evans| Date: Thu, 15 Aug 2019 04:15:00 -0700
Alternative search engines such as DuckDuckGo are attracting growing numbers of privacy focused users, but there’s no doubt that Google dominates the industry, even on Apple products. Fortunately, there are several ways to make your Google activity more private.
Do you have a Google account? (You probably do)
Do you use Gmail? Did you one use Google +? Perhaps you employ Google Drive, Google Docs or any of the company’s other products. If so, you have a Google account.
Chrome, Firefox to expunge Extended Validation cert signals
Credit to Author: Gregg Keizer| Date: Thu, 15 Aug 2019 03:00:00 -0700
Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.
The certificates, dubbed “Extended Validation” (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They’re also more expensive.
The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy – and phishy – URL run by It’s Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)