Security – Page 250 – PossibleThreat Articles

Credit to Author: Woody Leonhard| Date: Tue, 24 Sep 2019 12:13:00 -0700

I’ve seen a lot of confusion about the security hole known as CVE-2019-1367 and what normal Windows customers should do about it. Part of the reason for the confusion is the way the fix was distributed – the patching files were released on Monday, Sept. 23, but only via manual download from the Microsoft Update Catalog.

On a Monday.

In the past few hours, Microsoft released a hodge-podge of patches that seem to tackle the problem. They’re “optional non-security” and “Monthly Rollup preview” patches, so you won’t get them unless you specifically go looking for them.

To read this article in full, please click here

Security Wired

Trump’s Ukraine Mess Feels a Little Too Familiar

September 24, 2019 0 Comments Opinion, Security, Security / National Security

Credit to Author: Garrett M. Graff| Date: Tue, 24 Sep 2019 14:42:28 +0000

The unfolding drama brings together two key threads of the Trump era: foreign interference in US elections and the president’s distrust of his own intel agencies.

Security Wired

All the Code Connections Between Russia’s Hackers, Visualized

September 24, 2019 0 Comments Security, Security / Cyberattacks and Hacks

Credit to Author: Andy Greenberg| Date: Tue, 24 Sep 2019 13:00:00 +0000

A sort of constellation chart for Kremlin malware, made by two cybersecurity firms, demonstrates the scale of Russia’s distinct hacking operations.

ComputerWorld Independent

Microsoft delivers emergency security update for antiquated IE

September 24, 2019 0 Comments Browsers, Microsoft, Security, Windows

Credit to Author: Gregg Keizer| Date: Tue, 24 Sep 2019 03:00:00 -0700

Microsoft on Monday released an emergency security update to patch a vulnerability in Internet Explorer (IE), the legacy browser predominantly used by commercial customers.

The flaw, which was reported to Microsoft by Clement Lecigne, a security engineer with Google’s Threat Analysis Group (TAG), has already been exploited by attackers, making it a classic “zero-day,” a vulnerability actively in use before a patch is in place.

In the security bulletin that accompanied the release of the IE patch, Microsoft labeled the bug a remote code vulnerability, meaning that a hacker could, by exploiting the bug, introduce malicious code into the browser. Remote code vulnerabilities, also called remote code execution, or RCE, flaws, are among the most serious. That seriousness, as well as the fact that criminals are already leveraging the vulnerability, was reflected in Microsoft’s decision to go “out of band,” or off the usual patching cycle, to plug the hole.

To read this article in full, please click here

Security Wired

Google Tightens Its Voice Assistant Rules Amid Privacy Backlash

September 23, 2019 0 Comments Security, Security / Privacy

Credit to Author: Lily Hay Newman| Date: Mon, 23 Sep 2019 07:01:00 +0000

Following Apple, Amazon, and others, Google will put in new safeguards against accidental voice assistant collection and transcription.

Security Wired

Edward Snowden in His Own Words: Why I Became a Whistle-Blower

September 23, 2019 0 Comments Backchannel, Security

Credit to Author: Edward Snowden| Date: Sun, 22 Sep 2019 11:00:00 +0000

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act.

Security Wired