Changes

From Security Weekly Wiki
Jump to navigationJump to search
702 bytes added ,  17:30, 10 December 2019
no edit summary
#[https://www.securityweek.com/hardware-based-password-managers-store-credentials-plaintext Hardware-based Password Managers Store Credentials in Plaintext]
#[https://www.computerworld.com/article/3489036/microsoft-to-end-updates-to-windows-7s-free-av-software-security-essentials.html Microsoft to end updates to Windows 7's free AV software, Security Essentials] - Let's face it, if you're still on Windows 7 you need something better than the built-in A/V from Microsoft: ''"No, your Windows 7 computer is not protected by MSE ((Microsoft Security Essentials)) after January 14, 2020," the company said in a support document mainly concerned about the Extended Security Updates (ESU) being shilled to enterprises. "MSE is unique to Windows 7 and follows the same lifecycle dates for support." Security Essentials, a free antivirus (AV) program that launched in 2008, was originally limited to consumers. However, in 2010, Microsoft expanded the licensing to small businesses, defined as those with 10 or fewer PCs. Two years after that, MSE was replaced by Windows Defender with the launch of Windows 8. Since then, Defender has been baked into each follow-up version of the OS, including Windows 10. Windows 7, though, has been stuck with MSE.''
#[https://www.securityweek.com/new-office-365-feature-provides-detailed-information-email-attack-campaigns New Office 365 Feature Provides Detailed Information on Email Attack Campaigns]- Cool stuff: ''The capabilities will provide security teams with summary details about the campaign, including point of origin, pattern and timeline, size, and the number of victims. Additionally, it shows a list of IP addresses and senders, and data on messages that were blocked, ZAPped, sent to junk or quarantine, or allowed into the inbox. Campaign views will also include data on the URLs used in the attack. This information, Microsoft says, should help organizations more easily secure affected or vulnerable users, improve their security posture by eliminating configuration flaws, investigate related campaigns, and hunt and track threats that use the same indicators of compromise (IOC).''
#[https://nakedsecurity.sophos.com/2019/12/10/snatch-ransomware-pwns-security-using-sneaky-safe-mode-reboot/ Snatch ransomware pwns security using sneaky safe mode reboot] - We covered this technique on [https://wiki.securityweekly.com/Episode482#Interview:_Kobi_and_Doron_Naim.2C_Cyberark_Labs_-_7:00-7:30_PM Paul's Security Weekly Episode 482] with researchers from Cyberark Labs in September 2016.
#[https://www.forbes.com/sites/daveywinder/2019/12/07/google-confirms-critical-android-8-9-and-10-permanent-denial-of-service-threat/ Google Confirms Critical Android 8, 9 And 10 Permanent Denial Of Service Threat]
6,509

edits

Navigation menu