All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    Yeah, I know Samsung Magician isn't a replacment for AV Security software bundled with all sorts of bloat as performance optimization tools etc:)


    And only Samsung know what they put into "many other improvements" for their latest release :rolleyes: Not the first time they have to fix own flawed software.

    CERT/CC warns for security issue with Samsung Magician SSD ...
     
  2. Spartan

    Spartan Super Tweaker

    Reputations:
    26,177
    Messages:
    21,788
    Likes Received:
    32,823
    Trophy Points:
    931
    It's not even close to replacing an Antiviurs, it has nothing to do with viruses, all it can do is encrypt a disk or shred files but the program falls into the category of disk maintenance apps no one ever thinks Security when the word Magician is mentioned. [​IMG]

    [​IMG]
     
    jclausius likes this.
  3. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    31,668
    Messages:
    36,089
    Likes Received:
    58,827
    Trophy Points:
    931
    Old tech dudes, like old rockers, always rock the hardest. Because we know how.
     
    Ashtrix, jclausius and Papusan like this.
  4. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    [​IMG]
    Microsoft Warns of Zero-Day Remote Code Execution Bugs Being Exploited in the Wild Wccftech.com | Today

    Microsoft has warned attackers are actively exploiting an unpatched Windows zero-day vulnerability on fully updated devices. The vulnerability impacts devices running Windows 7, 8.1, and Windows 10. "Microsoft has become aware of limited targeted Windows 7 based attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library," the company said in an advisory.

    The workarounds include disabling the Preview Pane and Details Pane in Windows Explorer and the WebClient service, among others. IT administrators are recommended to check out this advisory for workarounds.
     
    Mr. Fox and jclausius like this.
  5. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    I can't in my wildest dream understand that smart people want this installed on their computers.

    HP Support Assistant, marketed by HP as a "free self-help tool," is pre-installed on new HP desktops and notebooks, and it is designed to deliver automated support, updates, and fixes to HP PCs and printers.

    "Improve the performance and reliability of your PCs and printers with automatic firmware and driver updates," HP says. "You can configure your options to install updates automatically or to notify you when updates are available."

    Improve the performance? What? And for what reason? No computers will get improved performance from so-called optimization software. It's scam, as all other similar paid or free tools you find on the web.

    [​IMG]

    SECURITY
    Windows PCs Exposed to Attacks by Critical HP Support Assistant Bugs bleepingcomputer.com | Today
    Several critical HP Support Assistant vulnerabilities expose Windows computers to remote code execution attacks and could allow attackers to elevate their privileges or to delete arbitrary files following successful exploitation.

    "It is important to note that because HP has not patched three local privilege escalation vulnerabilities, even if you have the latest version of the software, you are still vulnerable unless you completely remove the agent from your machine," Demirkapi explained in his detailed technical description.

    This is not the first time Demirkapi found critical vulnerabilities within software that comes pre-installed on major vendors' computers, including Lenovo and Dell.
     
    6730b and Mr. Fox like this.
  6. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    Apple and Google join forces to spy on Android and iPhone users for Coronavirus purposes betanews.com | April 10, 2020

    [​IMG]
    We are in the midst of a worldwide pandemic, so Americans should allow their rights to be trampled if it means beating the virus, right? Hell no! Not at all. Look, everyone wants to see the COVID-19 virus eradicated, but we shouldn't allow the tragedy to be amplified by allowing governments and corporations to take away our rights.

    Sadly, Google and Apple are teaming up to do just that. You see, as a way to help governments, the two companies are planning to spy on smartphone users to help fight the Coronavirus. It will first be done with an optional app, but later integrated into both Android and iOS. Essentially, Bluetooth will be leveraged in tracking those infected with COVID-19 and warning those that come near them. While it sounds good on the surface, you are not wrong to be very worried.

    Let's not forget, there is the possibility of hackers stealing collected data and either leaking or selling it to others. Law enforcement may even subpoena the data to convict those that opt in! Imagine ending up in jail because you thought you were helping fight disease.

    And no, this isn't something that can be ignored because it is opt-in. Since it will ultimately be integrated into the operating systems, there is always the possibility of a bug "accidentally" causing users to become opted in. Yes, that really can happen. Google and Apple can talk about privacy until they are blue in the face, but no security is infallible.
     
    Salad Bar Riot and Mr. Fox like this.
  7. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    4,480
    Messages:
    3,067
    Likes Received:
    2,141
    Trophy Points:
    231
    "Windows Defender broken by recent updates, how to fix"

    - When performing a full antivirus scan using Windows Defender, a recent definition update or Windows update is causing the program to crash in the middle of a scan.

    - In BleepingComputer's tests, a Quick Scan will run fine and finish without any errors. When performing a Full Scan, though, it will ultimately hang at a certain number of files scanned.

    - This problem is caused by the Windows Defender Antivirus Service service crashing, which will leads to a cascading series of errors displayed in event viewer and Windows Security.

    - Microsoft has just released new Antivirus/Antispyware definition whose version is 1.313.1687.0 that fixes the issue.

    https://www.bleepingcomputer.com/ne...defender-broken-by-recent-updates-how-to-fix/

    Sigh... We'll let's hope the fix doesn't break something else, which has been par for the course for Microsoft lately.
     
    Papusan and Mr. Fox like this.
  8. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    More messed up coding.

    Window 10 update weakened Google Chrome's security
    bleepingcomputer.com
    A Windows 10 kernel bug made it possible to escape Google Chrome's sandbox, a security researcher with Google Project Zero found. The vulnerability was introduced with version 1903 of the operating system on May 21, 2019.

    "Changing the behavior of Windows is out of the control of the Chromium development team. If a bug is found in the security enforcement mechanisms of Windows then the sandbox can break."

    Small OS changes can lead to major issues
    "I hope this gives an insight into how such a small change in the Windows kernel can have a disproportionate impact on the security of a sandbox environment," the researcher said.
    "It also demonstrates the value of exploit mitigations around sandbox behaviors. At numerous points, the easy path to exploitation was shut down due to the mitigations."
    "It’d be interesting to read the post-mortem on how the vulnerability was introduced. I find it likely that someone was updating the code and thought that this was a mistake and so 'fixed' it.
    Perhaps there was no comment indicating its purpose, or just the security critical nature of the single line was lost in the mists of time. Whatever the case it should now be fixed, which indicates it wasn’t an intentional change."
     
    jclausius and Mr. Fox like this.
  9. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    Zero-day vulnerabilities in iOS Mail are being actively exploited to target high-profile users betanews.com | Today

    [​IMG]
    Security firm ZecOps has published research about security vulnerabilities affecting iPhones and iPads. The critical flaws are yet to patched by Apple and are said to be actively used to target high-profile users such as journalists, employees of Fortune 500 companies and VIPs.

    What's particularly worrying about the flaws is that they can be exploited by sending a message that appears to be blank. Opened in iOS Mail, the message can be used to run code and spy on activity without the need for any interaction from the victim. There is a suggestion that a nation-state could be involved.
     
    jclausius likes this.
  10. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    28,142
    Messages:
    25,392
    Likes Received:
    45,504
    Trophy Points:
    931
    We can talk about new tech and security:D

    [​IMG]
    Microsoft Surface: Security concerns responsible for the lack of Thunderbolt & upgradable RAM (allegedly) notebookcheck.net


    The lack of Thunderbolt 3 on Microsoft's Surface Laptops has been a problem for years. Such expensive products are just expected to support this standard. Now a video surfaced where an alleged Microsoft spokesperson names the reason for the lack of Thunderbolt 3 as well as upgradable RAM: Security.

    Take it as a pinch of salt. But its a nice video showing how disgusting todays tech has become.

    Soldered ram is the future bruh, due security, LOOL
    https://twitter.com/i/status/1253917701719769088
     
    Ashtrix, jc_denton and Mr. Fox like this.
Loading...

Share This Page