Security News > 2020
You appear to be a knowledgable individual, however I just think is a disservice to humanity to iterate Donald Rumsfelds saying about unknown unknowns, and so to clarify, it was you that brought along the saying about 'known knows', 'unknowns knowns' and 'unknown unknowns'. A danger here imo, in having this exclusive way of describing things, in thinking that the very things projected in a theory, are real, such that doubts or questions about their existence becomes something of an impossibility because they are not only speculatively assumed, but they presumably become something like an existential, like an tangible emotion or required thinking, a very powerful influencing moment in thinking, because of how such actualizes your understanding of the world, even when confronted with say objections.
Adobe's February 2020 Patch Tuesday updates fix a total of 42 vulnerabilities across the company's Framemaker, Acrobat and Reader, Flash Player, Digital Editions and Experience Manager products. While the vulnerabilities have been classified as critical, Adobe believes they are unlikely to be exploited in attacks any time soon.
Swiss encryption machine company Crypto AG was secretly owned by the CIA and a West Germany spy agency at the height of the Cold War, according to explosive revelations in Swiss and German media today. Although rumours had swirled for decades around Crypto AG and the backdooring of its products by the West - cough, cough, NSA - and not forgetting careless remarks by former US prez Ronald Reagan, today's publications by Swiss broadcaster SRF and German broadcaster ZDF confirm those old suspicions.
Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution. Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity.
A switch to an alternative DNS provider may deliver faster, more secure, or more reliable results. In my experience, both Cloudflare and Google DNS services often perform better than ISP-provided DNS services.
Second, industrial networks have extremely long lifecycles; many have been operational for 35 years or more. As these aging networks began to be connected to IT systems for automation and inputs, they lacked security controls.
Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool
Dell has copped to a flaw in SupportAssist - a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS - that allows local hackers to load malicious files with admin privileges. SupportAssist scans the system's hardware and software, and when an issue is detected, it sends the necessary system state information to Dell for troubleshooting to begin.
Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos' security researchers report. A document-imaging developer toolkit, ImageGear was designed to provide users with the ability to convert, create, and edit images, among others.
Why not make Safer Internet Day the excuse you need to do all those cybersecurity tweaks you've been putting off. Such as picking proper passwords, turning on two-factor authentication, downloading the latest security updates, making backups of your most important files, and revisiting your privacy settings in case you're oversharing by mistake?
A researcher has discovered another DLL hijacking vulnerability in Dell SupportAssist that can be used to execute code with elevated privileges, and exploitation only requires low permissions. In an advisory published last week, Dell revealed that Dell SupportAssist for both business and home PCs is affected by an uncontrolled search path vulnerability that allows a local user with low privileges to execute arbitrary code with elevated permissions by getting the SupportAssist binaries to load arbitrary DLLs. The flaw, tracked as CVE-2020-5316 and classified as high severity, has been patched by Dell with the release of SupportAssist for business PCs version 2.1.4 and SupportAssist for home PCs version 3.4.1.