Displaying items by tag: Patching

A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that can turn into a complete compromise of the targeted device. Not exactly what you want to leave open. The good news is that Microsoft released a patch for it in January.

Published in Security Talk
Friday, 28 January 2022 07:22

Apple Patches Safari WebKit Bug and a 0-Day

Yesterday Apple released several patches for their different operating systems. One that we have talked about before is a core bug in Apple’s WebKit based Safari. This bug could potentially leak personal information regardless of the privacy settings you had enabled. In macOS you could always change to another browser that was not WebKit based. On iOS, iPadOS, watchOS and other app store locked devices there was no option as Apple requires every browser to use WebKit for its render engine.

Published in Security Talk
Thursday, 13 January 2022 05:09

All-in Vulnerability and Risk Management

It is a common belief that vulnerability management is nothing more than scanning and patching. However, as we have seen in many breaches and attacks, this is far from true. Vulnerability management is about understanding your organization and the risks it faces. Risks that an organization faces can include insider threats, public exposure, data leakage, improper configurations or safeguards, data integrity models, and quite a bit more. It is not enough to simply scan with a specific flavor of vulnerability scanner, it is a much larger effort and requires buy-in from every team and person in an organization.

Published in Security Talk

Although not a new subject here at DecryptedTech we thought it was time for us to dive into three of serious issues in the security world (out of many). The three we are covering today are emerging technologies, stale technologies and how the security, and IT, skill set seems to be diminishing. All three are cause for concern and often seen as at least contributing factors in breaches. What make this more interesting is that in many cases the three are connected.

Published in Editorials
Monday, 04 February 2019 12:07

When updates go wrong, horribly wrong

When you think about operating system updates you probably do not think about the security team. Sure, there are security patches and such, but those are on the operations team and not really pushed out by the security team. Well, that is when they are done properly by the OS vendor.

Published in Editorials

It seems that someone may have found a way around at least one of the latest hot fixes for OpenSSL. According to some talk around the darker places on the internet, a rehash of metadata can allow a malicious individual to get around the latest hot fix designed to stop someone from bypassing the CA check in OpenSSL. The original flaw was found to exist during certificate validation. When OpenSSL checks the certificate chain it will try to build an alternate route if the first attempt fails. Due to a flaw in the way this is done can allow a “bad guy” to actually force some of the secondary checks to be bypassed and allow an invalid cert to pass.

Published in News
Page 2 of 2