Security News

NSA Uncovers 'Severe' Microsoft Windows Vulnerability
2020-01-14 21:33

The U.S. National Security Agency took the unusual step Tuesday of announcing what it calls a "Severe" vulnerability in Microsoft's Windows 10 operating system ahead of Microsoft's Patch Tuesday security update. The U.S. Department of Homeland Security released a statement Tuesday ordering all federal agencies to patch the vulnerability and urging all Windows users to apply the security patch provided by Microsoft within 10 days.

Welcome to the 2020s: Booby-trapped Office files, NSA tipping off Windows code-signing bugs, RDP flaws...
2020-01-14 21:33

Amid Uncle Sam's dire warnings, Microsoft said there is no evidence of the flaw being targeted in the wild and its severity level is listed as "Important," a step below the critical remote code execution bugs in RDP,.NET and Internet Explorer. The American spying agency wants everyone to know - to the point of even holding a press conference about CVE-2020-0601 - that it privately found and reported this diabolical cert flaw to Microsoft, and that it is a totally friendly mass-surveillance system that has turned a new leaf, wants to be on the good side of infosec researchers, and cares about your ongoing ability to verify the origin and integrity of executable files and network connections.

January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSA
2020-01-14 20:18

As forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the "Star of the show" is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications. The flaw only affects newer versions of Windows and Windows Server, and is found in the Windows CryptoAPI, which validates Elliptic Curve Cryptography certificates.

NSA Discloses Serious Windows Vulnerability to Microsoft
2020-01-14 20:12

The U.S. National Security Agency has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle attacks. The NSA reached out to reporters to inform them about the vulnerability before Microsoft released its patches.

How to protect your Windows 7 computers and data after Microsoft cuts off support
2020-01-14 19:21

With no bug fixes or patches available for Windows 7 after Jan. 14, Veritas CIO John Abel offers tips to safeguard the PCs in your organization.

Windows 7 computers will no longer be patched after today
2020-01-14 15:58

Simply put, we took the next 10 Windows malware samples that showed up for analysis at SophosLabs, checked that they ran on the previous versions of Windows and then threw them at the all-new Windows 7. The problem is that "New" malware samples, together with new vulnerabilities and exploits, are likely to work on old Windows 7 systems in much the same way, back in 2009, that most "Old" malware worked just fine on new Windows 7 systems.

Hundreds of Millions of PCs Remain Vulnerable as Windows 7 Reaches End of Life
2020-01-14 14:24

Windows 7 has reached end of life on Tuesday, January 14, 2020, but hundreds of millions of PCs worldwide still run the operating system, which likely makes them a more tempting target for malicious cyber actors. It's worth noting that when Windows XP reached end of life in April 2014, the operating system also had a market share estimated at roughly 30%. The most obvious solution is to upgrade to Windows 10, which provides significant benefits both in terms of functionality and security.

Windows 7: Microsoft Ceases Free Security Updates
2020-01-14 12:05

Microsoft on Tuesday will offer its final, free updates and security fixes for its Windows 7 operating system as well as Office 2010. "After 10 years, support for Windows 7 is coming to an end on Jan. 14 in a planned activation to transition users towards Windows 10," a Microsoft spokeswoman tells Information Security Media Group.

Warning: Quickly Patch A New Critical Windows 10 Flaw Discovered by the NSA
2020-01-14 10:48

What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency of the United States. What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.

What to do if you're still running Windows 7
2020-01-14 09:00

Organizations still running Windows 7 are now officially living on borrowed time. SEE: What to do if you're still running Windows 7.