Saturday, January 16, 2021

Easing into the new year with a modest January Patch Tuesday

Microsoft rolled into 2021 with a fairly benign update cycle for Windows and Microsoft Office systems, delivering 83 updates for January. Yes, there is an update to Windows defender (CVE-2021-1647) that has been reported as exploited. Yes, there has...

Apple makes welcome change to Big Sur security for Macs

When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system’s security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the...

Apple’s mythical AirTags shimmer slowly to release

Stop me if you’ve heard this before: Apple seems to be closer to actually introducing the near-mythical AirTags, which you’ll no doubt use to track hardware, devices, and the vehicles that make up your transit fleet.What we think we...

The first Patch Tuesday of '21; time to delay updates

It’s Patch Tuesday time — that exciting second Tuesday of each month when we turn towards Redmond, WA, hoping for quality updates — and my advice is to not install updates tomorrow. To be fair, the vast majority of...

6 smart steps to get your Android phone in tip-top shape for 2021

Happy New Year! I don't know about you, but I find the start of a fresh voyage around this shiny ol' sun of ours to be a fine time for tidying up, optimizing, and getting good and organized for...

Solarwinds, Solorigate, and what it means for Windows updates

Microsoft recently announced that its Windows source code had been viewed by the Solarwinds attackers. (Normally, only key government customers and trusted partners would have this level of access to the “stuff” of which Windows is made.) The attackers...

The end-of-the-year patching all-clear

It’s that time of the month to give the final 2020 all-clear for installing updates.Microsoft has already fixed the issue with KB4592438 for Windows 10 20H2 and 2004, where if you were lucky, or rather, unlucky enough to perform...

The patching conundrum: When is good enough good enough?

As Günter Born recently reported at Born's Tech and Windows World, KB4592438 has a bug that triggers a blue screen of death when you run the chkdsk c: /f command, leaving the hardware unable to boot. Several others confirmed...

Android security: Analysis, advice, and next-level knowledge

It's tough to talk about Android security without venturing into sensational terrain.A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android...

Thoughts on Apple versus Facebook

War against Apple on the part of Facebook has officially begun, with the social media giant spending some of its user data targeted ads revenue on a series of press ads against the computer company, presumably because using its...

2020: A look back at patching and the pandemic

As we close out this extraordinary year, it’s important to remember the unusual patching experiences this year that affected many businesses and their processes.  The pandemic effect Not surprisingly, the pandemic impacted patching in a big way. In April, it...

Apple's Privacy Nutrition Labels, available now and good for business

Apple is introducing iOS 14.3, and among a host of improvements the upgrade introduces Privacy Nutrition Labels for apps sold at the App Store. This should be good for developers, enterprises and users.What are Privacy Nutrition Labels? Apple announced Privacy...

Microsoft presents us with a light Patch Tuesday for December

With just 58 updates to deal with this month, the December Patch Tuesday should make for a welcome  light-duty patch-and-test cycle. There were no zero-days or reports of publicly exploited security issues, though there is a critical update to...

December Patch Tuesday round-up: Winding down for the year

At last, we have the final updates for 2020 from Microsoft. For anyone keeping count, we ended up with 1,250 CVEs (Common Vulnerabilities and Exposures) for the year. That’s almost 50% more than the 800 we had to deal...

Windows hackers target COVID-19 vaccine efforts

I’ve written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.To read this article in full, please click here(Insider Story)
The Hacker News

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of...

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.