All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
    Update Your Logitech Wireless Dongle Right Now howtogeek.com | July 17, 2109

    To fix the problem, visit this page on Logitech’s website, download the appropriate update, and install it. For Logitech unifying receivers (USB dongles), updates are available for both Windows PCs and Macs. There’s also a separate update to install if you have a Logitech G900 gaming mouse.

    ------------------------------------------------

    Bluetooth Flaw Enables Tracking on Windows PCs Tomshardware.com | July 17, 2019
    Boston University researchers have discovered flaws in the Bluetooth Low Energy (BLE) implementations of Windows 10, macOS and iOS that could allow devices running those operating systems to be tracked. ZDNet reported that the researchers shared details about the flaw at the Privacy Enhancing Technologies Symposium today in an effort to raise awareness for the flaw in a nigh-ubiquitous protocol.
     
    Dr. AMK likes this.
  2. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    4,018
    Messages:
    3,037
    Likes Received:
    2,072
    Trophy Points:
    231
    "Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege"

    - A former Microsoft software engineer was arrested on Tuesday and charged with mail fraud for allegedly attempting to steal $10m in digital currency from his former employer

    - ... was a member of Microsoft's Universal Store Team (UST), tasked with handling the company's e-commerce operations.

    - ... bought some Microsoft goods himself and also sold much of the currency – $10m worth, it's claimed – to third-parties, at a discount to its face value.

    - ... bought himself a $162,000 Tesla and $1.6m home

    https://www.theregister.co.uk/2019/07/17/exmicrosoft_engineer_arrested_fraud/



    No wonder I got this XBox One soooo cheap on Ebay!
     
    Papusan and Dr. AMK like this.
  3. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
    Nvidia addresses five big security issues in Windows driver
    by Guru3d.com | 08/05/2019 08:41 AM | source: nvidia

    Nvidia solved five security issues in its Windows drivers for GeForce, Quadro, NVS and Tesla video cards. Three of the problems are classified as 'serious', the other two vulnerabilities are of 'medium' risk. None of the issues could be triggered remotely though.

    Nvidia has announced that the problems will be resolved in the August 2019 security update, and drivers can already be downloaded. NVIDIA has released a software security update for the NVIDIA GPU Display Driver. This update addresses issues that may lead to local code execution, denial of service, or escalation of privileges.
     
    Dr. AMK likes this.
  4. 6730b

    6730b Notebook Evangelist

    Reputations:
    622
    Messages:
    571
    Likes Received:
    945
    Trophy Points:
    106
    jclausius and Papusan like this.
  5. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
    Fixed from what I know with last Windows 10 patch.
     
    jclausius and Dr. AMK like this.
  6. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
    Dr. AMK likes this.
  7. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    4,018
    Messages:
    3,037
    Likes Received:
    2,072
    Trophy Points:
    231
    "Windows 10 security: Microsoft dismissed RDP flaw until it saw Hyper-V was affected"

    - Microsoft recently reversed a decision not to patch a flaw in its Remote Desktop Protocol (RDP) client after realizing the same flaw could be used to target its Hyper-V virtualization software in Windows 10 and Azure.

    - Check Point researcher Eyal Itkin informed Microsoft of a flaw in its RDP client but was told his finding "is valid but does not meet our bar for servicing", so it didn't warrant a patch.

    - Microsoft recently reversed its decision and released a patch for the remote code execution bug CVE-2019-0887 in July

    https://www.zdnet.com/article/windo...d-rdp-flaw-until-it-saw-hyper-v-was-affected/


    A security issue in a Microsoft product? Say it ain't so!
     
    Papusan and Dr. AMK like this.
  8. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
    Drivers from Over 40 Manufacturers Including Intel, NVIDIA, AMD Vulnerable to Privilege Escalation Malware Attacks
    Techpowerrup.com Today, 16:59
    Cybersecurity research firm Eclypsium published a report titled "Screwed Drivers," chronicling a critical flaw in the design of modern device driver software from over 40 hardware manufacturers, which allows malware to gain privilege from Ring 3 to Ring 0 (unrestricted hardware access). The long list of manufacturers publishing drivers that are fully signed and approved by Microsoft under its WHQL program, includes big names such as Intel, AMD, NVIDIA, AMI, Phoenix, ASUS, Toshiba, SuperMicro, GIGABYTE, MSI, and EVGA. Many of the latter few names are motherboard manufacturers who design hardware monitoring and overclocking applications that install kernel-mode drivers into Windows for Ring-0 hardware-access.
     
    hmscott, jclausius and Dr. AMK like this.
  9. Papusan

    Papusan JOKEBOOK's Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    24,284
    Messages:
    24,346
    Likes Received:
    42,594
    Trophy Points:
    931
  10. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    4,018
    Messages:
    3,037
    Likes Received:
    2,072
    Trophy Points:
    231
    "All Windows users should update immediately as ‘Complete Control’ hack is confirmed"

    - The tool is available on Dark Web for free

    - Eclypsium revealed that almost all the major hardware manufacturers have a flaw that can allow malicious applications to gain kernel privileges at the user level, thereby gaining direct access to firmware and hardware.

    - The flaw also affects all the new versions of Windows which includes Windows 7, 8, 8.1 and Windows 10.

    - While Microsoft has already released a statement confirming that Windows Defender is more than capable of handling the issue, they didn’t mention that users need to be on the latest version of Windows to take benefit of the same.

    - In case you were underestimating the tool, it can allow a hacker to remoting shutdown or reboot the system, remotely browse files, access and control the Task Manager, Registry Editor, and even the mouse. Not only that, but the attacker can also open web pages, disable the webcam activity light to spy on the victim unnoticed and capture audio and video.


    https://mspoweruser.com/all-windows...iately-as-complete-control-hack-is-confirmed/


    Looks like this vulnerability first posted by Papu was utilized (weaponized?) and has now made it into the wild. WIndows users be careful out there!
     
    Papusan and hmscott like this.
Loading...

Share This Page