Independent – Page 91 – PossibleThreat Articles

Credit to Author: Woody Leonhard| Date: Fri, 01 Nov 2019 09:54:00 -0700

If you had automatic update turned on at the beginning of October, you got clobbered with a bug-infested, out-of-band update for an IE-related zero-day that never appeared in real life. Later in the month, those with automatic update turned on were treated to a wide assortment of bugs (Start and Search fails, RDP redlines, older Visual Basic program blasts) – only some of which were solved with the month’s final, optional, non-security patches.

To read this article in full, please click here

ComputerWorld Independent

Google strengthens Chrome's site isolation to protect browser against its own vulnerabilities

October 31, 2019 0 Comments Browsers, Security

Credit to Author: Gregg Keizer| Date: Thu, 31 Oct 2019 04:49:00 -0700

Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser’s Blink rendering engine.

Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Łukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. “Site Isolation in Chrome 77 now helps defend against significantly stronger attacks,” the two said. “Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors.”

To read this article in full, please click here

Independent Krebs Security

Breaches at NetworkSolutions, Register.com, and Web.com

October 30, 2019 0 Comments Data Breaches, domainstate.com, networksolutions breach, register.com breach, web.com breach

Credit to Author: BrianKrebs| Date: Wed, 30 Oct 2019 20:47:34 +0000

Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.

ComputerWorld Independent

How to and why you should disable LLMNR with Windows Server

October 30, 2019 0 Comments Security, Windows

Link-Local Multicast Name Resolution could enable a man-in-the-middle attack, so it’s best to disable the protocol when setting up Windows Server 2019.

Independent Krebs Security

Takeaways from the $566M BriansClub Breach

October 29, 2019 0 Comments A Little Sunshine, andrei barysevich, briansclub breach, Data Breaches, gemini advisory, mastercard, Ne'er-Do-Well News, visa

Credit to Author: BrianKrebs| Date: Tue, 29 Oct 2019 21:47:58 +0000

Reporting on the exposure of some 26 million stolen credit cards leaked from a top underground cybercrime store highlighted some persistent and hard truths. Most notably, that the world’s largest financial institutions tend to have a much better idea of which merchants and bank cards have been breached than do the thousands of smaller banks and credit unions across the United States. Also, a great deal of cybercrime seems to be perpetrated by a relatively small number of people.

ComputerWorld Independent

Microsoft Patch Alert: October updates bring problems with Start, RDP, Ethernet, older VB programs

October 29, 2019 0 Comments Microsoft, Microsoft Office, PCs, Security, Windows

Credit to Author: Woody Leonhard| Date: Tue, 29 Oct 2019 12:18:00 -0700

October started out on an extraordinarily low note. On Oct. 3, Microsoft released an “out of band” security update to protect all Windows users from an Internet Explorer scripting engine bug, CVE-2019-1367, once thought to be an imminent danger to all things (and all versions) Windows.

It was the third attempt to fix that security hole and each of the versions brought its own set of bugs.

To read this article in full, please click here

ComputerWorld Independent

Earn your IoT security certification

October 29, 2019 0 Comments certifications, Internet of Things, IT Leadership, Security, skills and training

Credit to Author: Insider Pro staff| Date: Tue, 29 Oct 2019 04:59:00 -0700

Insider Pro is teaming up with CertNexus to offer subscribers access to an online course that leads to a Certified IoT Security Practitioner (CIoTSP) certification.

ComputerWorld Independent

Memory-Lane Monday: Please tell me his name wasn’t Jones

October 28, 2019 0 Comments passwords, Security

Credit to Author: Sharky| Date: Mon, 28 Oct 2019 03:00:00 -0700

Pilot fish and his help desk colleagues do a lot of password resets and have learned that it’s best to sympathize with the callers and normalize forgetting those strings of letters, numbers and symbols. It can happen to anybody is the message.

But some forgetfulness is more normal than others, finds fish, who told one user, “I’m going to reset your password to your last name, with the first letter capitalized.”

Reports fish: “He said, ‘Wait a minute. Let me get a pencil and paper to write that down.

“I then spelled his last name for him and reminded him to capitalize the first letter. He thanked me and hung up the phone.

“Surreal doesn’t even begin to describe how this felt!”

To read this article in full, please click here

ComputerWorld Independent

Name game

October 25, 2019 0 Comments passwords, Security

Credit to Author: Sharky| Date: Fri, 25 Oct 2019 03:00:00 -0700

This pilot fish builds a lot of Linux systems that have to be compliant with U.S. Department of Defense/Defense Information Systems Agency STIG security requirements, but he tries to lessen the pain by assigning root passwords that are secure but easily remembered. Naturally, he sends them to the owner via encrypted email.

When the Nvidia driver in one of those machines gets corrupted after the system goes down hard in a power outage, fish needs root access to reinstall the driver. Unfortunately, the user of that machine (who, just incidentally, had ignored the warnings about that planned power outage) has no recollection of the root password, and he can’t get it from his email. Why? He has uninstalled all his old encryption certs, so older encrypted emails can no longer be decrypted.

To read this article in full, please click here

Independent Krebs Security

Cachet Financial Reeling from MyPayrollHR Fraud

October 24, 2019 0 Comments The Coming Storm

Credit to Author: BrianKrebs| Date: Fri, 25 Oct 2019 00:50:44 +0000

When NY based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payments processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.