(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
 
Who doesn't love some new Windows?

Enlarge / Who doesn't love some new Windows? (credit: Peter Bright / Flickr)

The ill-fated Windows 10 October 2018 Update has hitherto been offered only to those Windows users who manually sought it, either by using the dedicated upgrade and media creation tools or by manually checking for the update in Windows Update. Three months after its initial release, Microsoft has at last started pushing it to Windows users automatically.

The update was originally withdrawn because of a data loss bug. A month after the initial release, the bug was fixed and the fixed update was made available. Even this release was limited, with a number of blocks in place due to known incompatibilities. As described above, it was then only offered to those taking certain manual steps to update their machines. One month ago, these blocks were largely removed.

Even with automatic deployment and installation now enabled, the beleaguered update is still rolling out in phases. Initially, it will be offered to spaces where Microsoft is most confident that the update will be trouble-free—machines with configurations already known and tested. As the tap is slowly opened more and the update is made available to a wider range of hardware, the company will use operating system telemetry to detect any lingering incompatibilities with device drivers or unusual software.

Read 1 remaining paragraphs | Comments

 
Poppler CVE-2017-14517 Denial of Service Vulnerability
 
Ghostscript 'shading_param' Remote Code Execution Vulnerability
 

Posted by InfoSec News on Jan 17

https://www.gofundme.com/computer-for-cybersecurity-bsdos

[I saw this on InfoSec Twitter and figured they're in need a signal boost of
their message. Spend enough time in this community, you might have
the opportunity in 10-15 years to say you remembered seeing this SecBSD
tool on InfoSec News, just as I remember some years back learning about
this guy H.D. Moore and Metasploit. :) - WK]

Hi! i am a main developer of SecBSD, is an...
 

Posted by InfoSec News on Jan 17

https://motherboard.vice.com/en_us/article/7xy5ky/the-american-military-sucks-at-cybersecurity

By Matthew Gault
Motherboard.vice.com
Jan 15 2019

The Department of Defense is terrible at cybersecurity. That's the assessment
of the Pentagon's Inspector General (IG), who did a deep dive into the American
military's ability to keep its cyber shit on lockdown. The results aren't
great. "As of September 30, 2018, there...
 

Posted by InfoSec News on Jan 17

http://english.donga.com/Home/3/all/26/1610238/1

By Kwan-Seok Jang
The Dong-A Ilbo
January. 15, 2019

It has been turned out that 30 computers installed on the internal system of the
Defense Acquisition Program Administration, in charge of arms procurement such
as next-generation fighter jets, have come under simultaneous virtual attacks
and 10 out of them saw internal data leaked. As cyberattacks have continued on
major Korean foreign affairs...
 

Posted by InfoSec News on Jan 17

https://www.scmp.com/business/companies/article/2182473/hong-kongs-smaller-businesses-think-were-too-small-be-hacked

By Linda Lew
South China Morning Post
17 January, 2019

Hacking is on the rise in Hong Kong. But many smaller businesses have a "we're
too small to be hacked" mindset that leaves them vulnerable, according to
insurance company Chubb

Chubb surveyed 300 of Hong Kong's small and medium sized businesses and...
 

Posted by InfoSec News on Jan 17

https://scroll.in/article/909663/how-a-young-man-hacked-the-mumbai-police-website-became-notorious-and-got-caught

By Bhupen Patel
Scroll.in
January 16, 2019

In early June 2001, I started receiving anonymous calls from someone who
sounded like he could not be more twenty-two years old. He never told me his
name and every call was to inform me about his hacking achievements. Sometimes
he would say he had hacked websites in other countries or...
 

Posted by InfoSec News on Jan 17

https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/

By Catalin Cimpanu
ZDNet News
January 14, 2019

All SCP (Secure Copy Protocol) implementations from the last 36 years, since
1983, are vulnerable to four security bugs that allow a malicious SCP server to
make unauthorized changes to a client's (user's) system and hide malicious
operations in the terminal.

The vulnerabilities have been...
 

Posted by InfoSec News on Jan 17

https://www.cyberscoop.com/raise-security-awareness-researchers-spent-months-hacking-mock-building-systems/

By Sean Lyngaas
CyberScoop
JAN 15, 2019

Security experts have in recent months warned that building-automation lags
behind other critical infrastructure sectors when it comes to awareness of
cyberthreats and appreciation of their potential impact. Now an 18-month
research project, which tested malware and exploits on gear made by top...
 
Internet Storm Center Infocon Status