Security News

You can easily add a fingerprint reader to your computer if one isn't already built in. If you have a laptop without a built-in reader, or you want to add fingerprint recognition to your desktop PC, you can enlist the aid of a third-party reader.

A vulnerability in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found. The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.

Additional updates to the KACE solution line include Windows 10 enrollment and new Cloud Settings for KACE Cloud MDM, as well as KACE Service Desk - a standalone, strategic ticketing product. Traditional management is still available leveraging the KACE Systems Management Appliance and modern management is available from KACE Cloud Mobile Device Management.

Microsoft is preparing to once and for all drop support for the SHA-1 hash algorithm. "To support evolving industry security standards, and continue to keep you protected and productive, Microsoft will retire content that is Windows-signed for Secure Hash Algorithm 1 from the Microsoft Download Center on August 3, 2020," Microsoft said in a tech bulletin.

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.

A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide-including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. GRUB2 Bootloader Vulnerability Discovered by researchers from Eclypsium, BootHole is a buffer overflow vulnerability that affects all versions of GRUB2 and exists in the way it parses content from the config file, which typically is not signed like other files and executables-leaving an opportunity for attackers to break the hardware root of trust mechanism.

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft Windows Bounty Program, launched in 2017, which encompasses flaws in all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Microsoft announced last week that it has added scenario-based rewards to the Windows Insider Preview Bounty Program, with a top bounty of $100,000. As part of the WIP program, eligible researchers are invited by Microsoft to find vulnerabilities in the Windows Insider Preview Dev Channel, with general rewards ranging between $500 for denial-of-service issues and $5,000 for remote code execution flaws.

The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems." "CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.

The US Cybersecurity and Infrastructure Security Agency has instructed government agencies to immediately address a vulnerability affecting Windows DNS servers. The flaw, which impacts Windows Server versions released in the past 17 years, allows a remote, unauthenticated attacker to run arbitrary code on affected Windows DNS servers using specially crafted requests.