Tag Search: security
Posted on Wednesday February 26, 2020 | android, iphone, privacy, security, Wireless Networking
Billions of devices -- many of them already patched -- are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. From a report: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126. Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. "This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual's control) that is vulnerable," Eset researchers wrote in a research paper published on Wednesday. "The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself)."
Posted on Monday February 17, 2020 | security
An anonymous reader quotes a report from ZDNet: WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes in order to patch a critical bug that can let attackers wipe their sites. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill, a web development company that sells commercial WordPress themes. The plugin, which is installed on more than 200,000 sites, allows site owners to import demo content inside their ThemeGrill themes so they'll have examples and a starting point on which they can build their own sites. However, in a report published yesterday, WordPress security firm WebARX says that older versions of the ThemeGrill Demo Importer are vulnerable to remote attacks from unauthenticated attackers. Remote hackers can send a specially crafted payload to vulnerable sites and trigger a function inside the plugin. The vulnerable function resets the site's content to zero, effectively wiping the content of all WordPress sites where a ThemeGrill theme is active, and the vulnerable plugin is installed. Furthermore, if the site's database contains a user named "admin" then the attacker is granted access to that user with full administrator rights over the site.
Posted on Saturday February 15, 2020 | microsoft, security, windows
Slashdot reader golden_donkey quotes Forbes: Are you booting up your Windows 10 machine and discovering you can't log in to your profile? It appears you're not alone. Reports are increasing across Twitter and Microsoft forums that following the most recent Patch Tuesday update (KB4532693), users are complaining that their profiles and desktop files are missing, and that custom icons and wallpaper have all been reset to their default state... The KB4532693 update is allegedly causing much more serious headaches for some users. A newer report by Windows Latest cites multiple users in their comments section complaining that the data is nowhere to be found and allegedly not recoverable. Microsoft has now "yanked KB4524244 from its update servers..." reports ZDNet, "after acknowledging reports of an issue affecting a sub-set of devices." Microsoft says customers who have successfully installed the update don't need to take any further steps. Those who have configured PCs to defer installation of updates by at least four days should also be unaffected. For those who are experiencing issues related to this update, Microsoft recommends uninstalling the update. Forbes also shared a video "on a related note." Its title? "How To Choose A Linux Distro That's Right For You..."
Posted on Friday February 14, 2020 | security, productivity, it, strategy, profit, solution, consulting, technology business review
Businesses need technology to be profitable and productive. But not all technologies are capable of delivering on their perceived benefits. To make sure your investments are worth keeping, you need to perform technology business reviews.
Posted on Tuesday January 14, 2020 | microsoft, security, windows
Microsoft on Tuesday patched an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. The vulnerability was spotted and reported by the NSA. CNBC reports: The flaw affected encryption of digital signatures used to authenticate content, including software or files. If exploited, the flaw could allow criminals to send malicious content with fake signatures that make it appear safe. The finding was reported earlier by The Washington Post. It is unclear how long the NSA knew about the flaw before reporting it to Microsoft. The cooperation, however, is a departure from past interactions between the NSA and major software developers such as Microsoft. In the past, the top security agency has kept some major vulnerabilities secret in order to use them as part of the U.S. tech arsenal. In a statement, Microsoft declined to confirm or offer further details. "We follow the principles of coordinated vulnerability disclosure as the industry best practice to protect our customers from reported security vulnerabilities. To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available." Jeff Jones, a senior director at Microsoft said in a statement Tuesday: "Customers who have already applied the update, or have automatic updates enabled, are already protected. As always we encourage customers to install all security updates as soon as possible." Microsoft told CNBC that it had not seen any exploitation of the flaw "in the wild," which means outside a lab testing environment.
Posted on Friday January 03, 2020 | security, microsoft, privacy, windows 10, biometrics, login, windows hello, facial recognition, fingerprints, passwordless, sign on
You can now log in faster and more securely to your laptop, tablet, websites, or apps with Microsoft's Windows Hello. You only have to use your camera to recognize your face or a fingerprint reader.
Page: 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
Phone: +1-989-776-2080
Toll Free: +1-855-674-2968
Email: info (at) netservicesgroup dot com
DUNS 155892800
SPIN 143027933
100% Michigan
NSG is owned & operated, offering enterprise-level IT service & support, right in your own back yard.