Monthly Archives: January 2017
Data Breach Exposes US Army Doctor Details
Avast cyber security predictions for 2017
The explosive growth of personal mobile devices, the huge shift towards cloud applications and the growing impact of the Internet of Things (IoT) in the last year has set the scene for a complex and challenging threat landscape in 2017.
samba-4.4.9-0.fc24
Update to Samba 4.4.9
—-
Security fix for CVE-2016-2125, CVE-2016-2126
pcsc-lite-1.8.20-1.fc24
New upstream release
The Dangers of the New Windows 10 Update System
The latest version of the Microsoft OS has become once again a topic of discussion, and this time it may carry bad news for your company’s security. As the cybersecurity expert Sami Laiho revealed on his blog, every Windows 10 update poses a serious risk. Namely, while your system updates, anyone can take control of your corporate computers.
“This is a big issue and it has been there for a long time,” explains Laiho. This serious flaw comes into play when the OS restarts after installing a new update. Once the system is being updated, all you need to do to gain control of it is to push Shift-F10 to access the command prompt with admin level clearance.
In light of this, the dangers that your company faces are multifaceted. Indeed, any employee can take control of their computer as administrator, access confidential documents, or access the corporate network and create a serious problem from within the company itself.
Laiho points out that it is not necessary to use any specific software to carry out this cyberattack. Just that innocent combination of keys is enough to sow chaos. As if that wasn’t enough, the threat is not limited to those who have physical access to the computer: “An external threat having access to a computer waits for it to start an upgrade to get into the system,” explains Laiho.
Microsoft is apparently working to fix this serious flaw. Meanwhile, the most important thing to prevent threats is to rely on an adequate security solution, and not to postpone Windows 10’s tedious updates.
Forget about how long the update takes. Ideally you would authorize it immediately and stay with the computer at all times. This is the only way to be sure that no bystanders take the driver’s seat of your computer. It is obviously very important to explain this to employees.
In the meantime, we’ll have to trust that they will not commandeer the system themselves and wait for Microsoft to resolve this critical vulnerability.
The post The Dangers of the New Windows 10 Update System appeared first on Panda Security Mediacenter.
thunderbird-45.6.0-2.fc24
For changes see: https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
thunderbird-45.6.0-2.fc25
For changes see: https://www.mozilla.org/en-US/thunderbird/45.6.0/releasenotes/
springframework-security-3.2.10-1.fc25
update to 3.2.10.RELEASE, fix CVE-2016-9879
qpid-java-6.0.4-5.fc25
fix CVE-2016-8741 (rhbz#1409836,1409835)