News

No, Windows Autopatch didn't kill the monthly patchapalooza

Patch Tuesday  Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live — with a slew of caveats — the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. …

Three vulnerabilities in one line of code

AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…

Speculative execution side-channels continue to haunt silicon world

Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.…

By then you won't be able to install the suite on Windows 8.1

Microsoft has warned users clinging to Windows 7 and Windows 8.1 that the end really is nigh.…

Sure, stuff got done fast – but personal information was put at risk

The UK Information Commissioner's Office (ICO) on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care (DHSC).…

But first, there's a whole lot of AD and Intune prep to be done

Microsoft's promised service to enable automatic patching of Windows has gone live.…

ACLU hits back at 'unprecedented power grab'

San Francisco lawmakers are mulling a proposed law that would allow police to use private security cameras – think: those in residential doorbells, medical clinics, and retail shops – in real time for surveillance purposes.…

Former Aerojet Rocketdyne employee cites failure to meet minimums for NASA, Pentagon

Aerojet Rocketdyne, which makes propulsion and power systems for launch vehicles, missiles and satellites for NASA and the US military, has agreed to pay $9 million to settle charges it misrepresented its products' compliance with cybersecurity requirements in federal government contracts.…

Difficult to detect, hiding its window by using the ShowWindow function in Windows

A new ransomware family is being delivered as a bogus Google Software Update, using Microsoft functionality as part of its attack.…

Biden blacklist a stumbling block for any possible deal

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports.…

Working outside power blocs, without policy, leaves Blighty a likely rule-taker says Foreign Affairs Committee

The UK's response to China's well-publicized efforts to use technology standards to shape the world in its image has been "incoherent and muted" according to report by the House of Commons Foreign Affairs Committee.…

Record-breaking dump thanks to password-less Kibana endpoint?

Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it.…

G-Core Labs' XDP-based DDoS protection platform filters bad traffic across a network of high capacity CDNs

Sponsored Post  If you do any sort of business via the web, the damage caused by a distributed denial of service (DDoS) attack could be catastrophic for your bottom line.…

Based on 'feedback'. Which one of you asked for this, and why?

Microsoft appears set to roll back its decision to adopt a default stance of preventing macros sourced from the internet from running in Office unless given explicit permission.…

Cohesity beefs up protection services for Microsoft 365 users in South East Asia

Sponsored Post  Enterprises often forget that SLAs with cloud providers cover access to the service, but not necessarily protection for the data.…

Alleged campaign involved stalking via GPS and hidden cameras, fake interviews, confidential government data

Five suspects were indicted in a federal court in Brooklyn, New York on Wednesday for alleged crimes related to a campaign to silence dissidents in the US who opposed the government of the People's Republic of China (PRC).…

1,300 packages from 1,000 automated user accounts set the stage for something big

A burst of almost 1,300 JavaScript packages automatically created on NPM via more than 1,000 user accounts could be the initial step in a major crypto-mining campaign, according to researchers at Checkmarx.…

A two-pronged approach that combines agent and agentless tools may offer the best protection

Webinar  Agents sit on devices to perform security scanning and reporting, system restarts/reboots, software patching, configuration and general system monitoring. Agentless security tools do much the same, just without the agents, making them a better bet for security vulnerability scanning on remote machines where its harder to install an agent – like the cloud.…

Update addresses heap buffer overflow and type confusion bugs in Google's browser engine

Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.…

Major supplier to US government and enterprise only just getting back on its feet

New Jersey-based IT reseller and service provider SHI International was knocked off the web after a July 4 cyberattack.…