Archive

Archive for December 10, 2019

TikTok Said to Be Under National Security Review by JACK NICAS, MIKE ISAAC and ANA SWANSON

December 10, 2019 Leave a comment


By JACK NICAS, MIKE ISAAC and ANA SWANSON

The review comes after lawmakers raised concerns about TikTok’s growing influence in the United States.

Published: October 31, 2019 at 06:00PM

from NYT Technology https://ift.tt/2JFYYqI
via IFTTT

Categories: Internet Tags: ,

On Data Privacy, India Charts Its Own Path by VINDU GOEL

December 10, 2019 Leave a comment


By VINDU GOEL

A new law would give the country’s 1.3 billion people more power over data collected by companies but allow the government to exempt itself from the rules.

Published: December 9, 2019 at 06:00PM

from NYT Technology https://ift.tt/2sdhn8s
via IFTTT

Categories: Internet Tags: ,

Patch Tuesday, December 2019 Edition

December 10, 2019 Leave a comment

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

By nearly all accounts, the chief bugaboo this month is CVE-2019-1458, a vulnerability in a core Windows component (Win32k) that is present in Windows 7 through 10 and Windows Server 2008-2019. This bug is already being exploited in the wild, and according to Recorded Future the exploit available for it is similar to CVE-2019-0859, a Windows flaw reported in April that was found being sold in underground markets.

CVE-2019-1458 is what’s known as a “privilege escalation” flaw, meaning an attacker would need to previously have compromised the system using another vulnerability. Handy in that respect is CVE-2019-1468, a similarly widespread critical issue in the Windows font library that could be exploited just by getting the user to visit a hacked or malicious Web site.

Chris Goettl, director of security at Ivanti, called attention to a curious patch advisory Microsoft released today for CVE-2019-1489, which is yet another weakness in the Windows Remote Desktop Protocol (RDP) client, a component of Windows which lets users view and manage their system from a remote computer. What’s curious about this advisory is that it applies only to Windows XP Service Pack 3, which is no longer receiving security updates.

“The Exploitability Assessment for Latest Software Release and Older Software Release is 0, which is usually the value reserved for a vulnerability that is known to be exploited, yet the Exploited value was currently set to ‘No’ as the bulletin was released today,” Goettl said. “If you look at the Zero Day from this month (CVE-2019-1458) the EA for Older Software Release is ‘0 – Exploitation Detected.’ An odd discrepancy on top of a CVE advisory for an outdated OS. It is very likely this is being exploited in the wild.”

Microsoft didn’t release a patch for this bug on XP, and its advisory on it is about as sparse as they come. But if you’re still depending on Windows XP for remote access, you likely have bigger security concerns. Microsoft has patched many critical RDP flaws in the past year. Even the FBI last year encouraged users to disable it unless needed, citing flawed encryption mechanisms in older versions and a lack of access controls which make RDP a frequent entry point for malware and ransomware.

Speaking of no-longer-supported Microsoft operating systems, Windows 7 and Windows Server 2008 will cease receiving security updates after the next decade’s first Patch Tuesday comes to pass on January 14, 2020. While businesses and other volume-license purchasers will have the option to pay for further fixes after that point, all other Windows 7 users who want to stick with Windows will need to consider migrating to Windows 10 soon.

Windows 10 likes to install patches and sometimes feature updates all in one go and reboot your computer on its own schedule, but you don’t have to accept this default setting. Windows Central has a useful guide on how to disable or postpone automatic updates until you’re ready to install them. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.

Keep in mind that while staying up-to-date on Windows patches is a good idea, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re probably not losing your mind when the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.

And as always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may even chime in here with some helpful tips.

Finally, once again there are no security updates for Adobe Flash Player this month (there is a non-security update available), but Adobe did release critical updates for Windows and macOS versions of its Acrobat and PDF Reader that fix more than 20 vulnerabilities in these products. Photoshop and ColdFusion 2018 also received security updates today. Links to advisories here.

from Krebs on Security https://ift.tt/2sgIz5Y
via IFTTT

America’s Top Foundations Bankroll Attack on Big Tech by DAVID McCABE

December 10, 2019 Leave a comment


By DAVID McCABE

Major nonprofits and other organizations have pledged millions of dollars toward groups trying to build a modern trust-busting movement.

Published: December 9, 2019 at 06:00PM

from NYT Technology https://ift.tt/36lYrTG
via IFTTT

Categories: Internet Tags: ,

Data Leak Week: Billions of Sensitive Files Exposed Online

December 10, 2019 Leave a comment

A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.

from Dark Reading: https://ift.tt/38ruPWL
via IFTTT

Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019

December 10, 2019 Leave a comment

This month’s batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.

from Dark Reading: https://ift.tt/2LFkfBW
via IFTTT

El misterioso caso del fondo de pantalla que bloquea móviles de Xiaomi

December 10, 2019 Leave a comment
Categories: Internet Tags: , ,