PossibleThreat Articles

Articles for the experts…

Security

ComputerWorld Independent 

Heads up: A free, working exploit for BlueKeep just hit

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 11:33:00 -0700

There’s been a lot of discussion about BlueKeep, its ramifications and various strategies for blocking it. In a nutshell, it’s a security hole in the Windows Remote Desktop Protocol that allows a malicious program to enter your machine – if you have Remote Dekstop turned on, it’s accessible directly from the internet, and you haven’t installed the May patches.

Two weeks ago, Susan Bradley posted a CSO article that details ways admins can  avoid using RDP. I’ve seen reams of advice about blocking ports, disabling services, setting authentication levels, deploying voodoo dolls, reading chicken entrails…, but the simplest way for almost everybody to avoid the problem is to install the May (or later) Windows patches.

To read this article in full, please click here

Read more
ComputerWorld Independent 

How the California Consumer Privacy Act (CCPA) will affect you and your business | TECH(talk)

0 Comments , , , , ,


The California Consumer Privacy Act (CCPA) is, in some ways, similar to Europe's GDPR. This rule, which goes into effect in 2020, gives individual users more ownership over their own data. Users can even refuse to allow companies to sell their online data. As the compliance deadline approaches, CSO Online contributor Maria Kolokov and senior editor Michael Nadeau discuss with Juliet how CCPA may shift business models, change online behavior and reveal where exactly our data has been. Some tech companies, like Google, are even trying to exempt themselves from regulation. Failure to adhere to the rule could be an "extinction level" event.

Read more
ComputerWorld Independent 

Time to install the August Windows patches — but watch out for the bugs

0 Comments , ,

Credit to Author: Woody Leonhard| Date: Fri, 06 Sep 2019 08:16:00 -0700

August brought loads of drama to the Windows and Office patching scene. Microsoft’s first round of patches killed Visual Basic, Visual Basic for Applications and VBScript in certain situations — on all versions of Windows. Fixes for the bugs dribbled out three, four, six and 17 days after the original infection. 

Those Microsoft-introduced bugs were all the more daunting because the August patches are the ones intended to protect us from DejaBlue — the recently announced “wormable” malware infection vector that (thankfully!) has yet to be exploited. The mainstream press picked up the Chicken Little cry to install August patches right away. Then the buggy offal hit the impeller, and the press fell silent.

To read this article in full, please click here

Read more
Security TrendMicro 

This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

0 Comments ,

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 06 Sep 2019 13:05:31 +0000

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went…

The post This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams appeared first on .

Read more
ComputerWorld Independent 

FTC fines YouTube, but do fines really encourage change? | TECH(feed)

0 Comments


The FTC hit yet another tech company with a seemingly massive fine for mishandling user data. This time, YouTube, owned by Google, is forced to pay $170 million for collecting data about children under 13 without parental consent. The Federal Trade Commission slapped Facebook with a $5 billion fine just a few months ago. In this episode of TECH(feed), Juliet asks whether or not these fines are effective in regulating the tech industry.

Read more