Windows

Microsoft issues Internet Explorer zero-day warning, but there’s no patch yet

Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.

27% of Windows users are still running Windows 7. They need to stop now

At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system.

tripwire.com

BlueKeep: What you need to know

Currently BlueKeep attacks have been causing computers to crash, and drawing attention to themselves.

But that may be about to change…

Read more in my article on the Tripwire State of Security blog.

bitdefender.com

Untitled Goose Game security hole could have allowed hackers to wreak havoc

The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer.

Read more in my article on the Hot for Security blog.

bitdefender.com

Microsoft warns of wormable vulnerabilities in Windows

Microsoft’s security team warns that the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction. Patch your systems now!

Read more in my article on the Hot for Security blog.

tripwire.com

Thousands of NHS computers are still running Windows XP from beyond the grave

Two years after the WannaCry ransomware outbreak shone a light on the computer security of the the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2,300 PCs running the outdated operating system.

Read more in my article on the Tripwire State of Security blog.

BlueKeep – everyone agrees, you should patch PCs running legacy versions of Windows

I have this horrible feeling that the only way we’re going to wake the world up to the need to patch their ageing versions of Windows against the BlueKeep vulnerability is to wait until a malicious worm begins to spread around the world.

Prove me wrong. Patch now.

Smashing Security #131: Zap yourself from the net, and patch now against BlueKeep

Microsoft issues warning to unpatched Windows users about worm risk, and how do you delete all traces of yourself off the internet after you murder your podcast co-host?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system

Users have shared the private photos stored in their email and social networks with Ever – not realising that they were being used to feed a facial recognition system.

A third-party patch for Microsoft’s Internet Explorer zero-day vulnerability

Don’t want to wait for Microsoft to fix the problem in how Internet Explorer handles .MHT files? Other security researchers come to the rescue.

bitdefender.com

It doesn’t matter if you don’t use Internet Explorer, you could still be at risk from this IE zero-day vulnerability

Even if you don’t use Internet Explorer any more, it may still be posing a potential risk by being installed on your Windows PCs.

Read more in my article on the Hot for Security blog.

Smashing Security #121: Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Hackers poison Asus software updates, may have infected one million PCs

Hundreds of thousands of Asus PCs may have been infected with malware installed by Asus’s own automatic Live Update tool.

Android apps infected with umm… *Windows* malware

Security researchers at Palo Alto Networks recently discovered 145 apps in the official Google Play Android store that were “infected by malicious Microsoft Windows executable files.”

Yes, you read that correctly. Android apps carrying malicious Windows executables.

WannaCry ransomware scam tries to extort money without actually infecting your computer

Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.

tripwire.com

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

This month’s Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks.

Read more in my article on the Tripwire State of Security blog.