September 2019 Patch Tuesday forecast: Microsoft security update will be complete
Microsoft began an aggressive six-month campaign in March of this year to switch the digital signature on all operating system and product updates from using Secure Hash …
Researchers discover 40+ insecure drivers for Windows
Spurred by several past instances of attackers abusing device drivers to install a kernel rootkit or malicious firmware implants, Eclypsium researchers have decided to probe …
If you’re struggling with Windows 10 migration, updates will be an even bigger challenge
With the end of Windows 7 support on the horizon, many companies remain significantly behind in completing their Windows 10 migration, new data from 1E shows. Of 600 senior IT …
A fileless campaign is dropping the Astaroth info-stealer
Attackers are delivering the Astaroth info-stealing backdoor by leveraging a combination of fileless malware and “living off the land” techniques, …
Most SMB devices run Windows versions that are expired or will expire by January 2020
There is a steady increase in attacks and changes in attack methods that target weaknesses in encryption, workload configuration, limited visibility into vulnerabilities and …
July Patch Tuesday forecast: Rules are changing for companies with custom applications
Every month I discuss the regular patches released for operating system or applications, but today I want to focus on some of the development components that are often …
June 2019 Patch Tuesday: A little something for everybody
For June 2019 Patch Tuesday, Microsoft has fixed a whooping 88 CVE-numbered vulnerabilities, Adobe has plugged many critical security holes in ColdFusion and Flash Player, and …
Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These …
June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets
Can you believe it is June already? Summer is rapidly approaching, but it’s been slow to warm up our temperatures here in the US. I can’t say the same thing about the …
BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable …
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …
Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new …