Windows Archives - Page 6 of 8 - Cyber Security Minute

TeamViewer flaw could be exploited to crack users’ password

Issued by: Help Net Security

A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. About TeamViewer TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry…

Software Security

Latest Microsoft Windows security update options explained

Issued by: CSO

The need to manage patching on home machines that have no Group Policy, Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) control means that you may be looking for alternatives. Employees’ personal machines might run Windows 10 Home version, which has limited ability to control updates. With corporate-owned machines you have more…

Vulnerabilities

Adobe Patches 22 Vulnerabilities in Bridge, Illustrator

Issued by: Security Week

A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution. Three of the patched security holes, described as important…

Malware & Threats

How to prepare Microsoft Office and Windows for ransomware and email attacks

Issued by: CSO

The headlines make it clear that we are in unusual times. Working from home will be the new norm for many of us for the near term at least. As IT and security teams work to meet the challenge of supporting and protecting employees working remotely, the last thing they need is a malware infection…

Vulnerabilities

Windows users under attack via two new RCE zero-days

Issued by: Help Net Security

Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems, Microsoft warns. The attacks are limited and targeted, the company noted, and provided workarounds to help reduce customer risk until a fix is developed and released. More about the new Windows zero-days According…

Vulnerabilities

How to prevent attackers from using Windows against you

Issued by: CSO

One of the topics covered In a recent RSA Conference presentation was how attackers are using the victims’ own Windows operating system against them to avoid detection. This concept of “living off the land” (LotL) — the use of binaries, DLLs and other computer code that is already on our system — makes it harder…

Vulnerabilities

Microsoft Issues 9 Critical Security Patches

Issued by: Dark Reading

Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity. None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate. The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office…

Network Security

43% of businesses are still running Windows 7, security threats remain

Issued by: Help Net Security

With one year to go until Microsoft ends support for its ten-year-old operating system Windows 7, as many as 43% of enterprises are still running the outdated platform. Kollective’s research found that nearly a fifth (17%) of IT departments don’t know when the end of support deadline is, while 6% are aware of the end…

Malware & Threats

Fileless malware: getting the lowdown on this insidious threat

Issued by: Blog Malwarebytes

Traditionally, malware attacks as we have always known them are files written to disk in one form or another that require execution in order to carry out their malicious scope. Fileless malware, on the other hand, is intended to be memory resident only, ideally leaving no trace after its execution. The malicious payload exists dynamically…

Malware & Threats

PowerShell Threats Grow Further and Operate in Plain Sight

Issued by: Symantec Blog

The preinstalled and versatile Windows PowerShell has become one of the most popular choices in cyber criminals’ arsenals. We have observed an increase of 661 percent in computers where malicious PowerShell activity was blocked from the second half of 2017 to the first half of 2018—a clear indication that attackers are still growing the use…