As the cost of fixing security mistakes in Jeep Chrysler Dodge vehicles mounts, so does the need for manufacturers to weigh cybersecurity risks in the product development process, alongside features and benefits.
The post Cybersecurity and manufacturers: what the costly Chrysler Jeep hack reveals appeared first on We Live Security.
Yesterday Microsoft released an emergency security update for all of the supported Windows version (this means Windows 7, Windows 8/8.1, Windows RT and apparently even the unreleased Windows 10). The patch is supposed to fix an exploit that would allow hackers to access another computer easily. According to the company the flaw lies in the way the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
“An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says in their security bulletin. “There are multiple ways an attacker could exploit this vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage that contains embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.“
Microsoft also says that while they had information that indicates that the issue was public there is no evidence that the vulnerability was used in any actual attack on customers.
The vulnerability itself was apparently found after going through loads of data from the Hacking Team email breach.
The post Patch now: Microsoft Emergency Fix appeared first on Avira Blog.
Yup, I get annoyed by the Windows Update popup reminders as well. Still – updating is important and at the end of the day I am quite happy that there actually are updates to patch vulnerabilities and fix issues. Which is why it is so shocking to find out that this time it’s not actual malware that is trying to disable it but a well know company: Samsung.
Microsoft MVP Patrick Barker discovered the issue when assisting a user with a Windows Update issue. According to him “it was figured out eventually after using auditpol.exe and registry security auditing (shown below later) that the program that was responsible for disabling Windows Update was Disable_Windowsupdate.exe, which is part of Samsung’s SW Update software.”
Luckily the Samsung SW Update tool does not come with PCs by default: Users have to download it from Samsung’s website and install it. But let’s be honest: If you buy a new laptop you often download available tools in order to keep the system up to date as easy as possible. According to VentureBeat doing so is a common practice since there were people complaining about having an update problem before.
Now, Baker even got in touch with Samsung, whose support team had to say the following: “When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.”
Well. Disabling the Windows Update does seem a very crass solution when it comes to making sure your updates and drivers will not break with new Windows updates …
The post Samsung’s SW Update Says “NO” To Windows Update appeared first on Avira Blog.
The Cisco 2015 Annual Security report shows that CISOs and other security personnel are confident about their strategies despite that they are not patching.
The marketplaces set up to provide health insurance to Americans under Obamacare are generally doing a good job of protecting personally identifiable information but can also improve security practices.
Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.