Connect with us

Cyber Security

Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday

Published

on

This month’s Patch Tuesday brought fixes for 23 critical vulnerabilities, including a notable flaw in Microsoft Exchange.

Microsoft today released patches for 129 CVEs (common vulnerabilities and exposures) as part of its monthly Patch Tuesday rollout. This marks seven consecutive months of 110+ bugs fixed and brings the yearly total close to 1,000.

September’s Patch Tuesday addressed vulnerabilities in Microsoft Windows, the Edge browser, ChakraCore, Internet Explorer, SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, Exchange Server, ASP.NET, OneDrive, and Azure DevOps. Of the 129 bugs fixed, 23 are classified as critical, 105 are important, and one ae moderate in severity.

None of the flaws patched today were publicly known or under active attack; however, there are a few that stand out due to their severity. One of these is Microsoft Exchange memory corruption vulnerability CVE-2020-16875, a critical flaw that could be exploited by sending a malicious email containing exploit code to a vulnerable Exchange server. If successful, an attacker could then install programs; view, edit, or delete data; or create new user accounts.

“We have seen the previously patched Exchange bug CVE-2020-0688 used in the wild, and that requires authentication,” writes Dustin Childs of Trend Micro’s Zero-Day Initiative in a blog post. “We’ll likely see this one in the wild soon. This should be your top priority.”

Today brought fixes for seven critical remote code execution vulnerabilities in SharePoint 2010 through 2019. Five of these (CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, and CVE-2020-1576) exist in how SharePoint fails to check the source markup of an application loaded to the server, and exploitation could let an attacker run malicious code on the server. Given SharePoint is often installed on large business networks, these patches are important.

Microsoft has addressed a couple of critical remote code execution bugs in Windows Codecs Library. Both of these could be exploited by crafting a malicious image file and having any program process the malicious image, explains Chris Hass, director of information security and research at Automox. If successful, they could obtain data to further compromise the system.

“With the number of images being shared constantly on Slack, Zoom, or email, this vulnerability could prove enticing for attackers to leverage,” Hass explains. Today’s updates addresses CVE-2020-1129 and CVE-2020-1319 by correcting how Codecs Library handles objects in memory. 

Hass also points to CVE-2020-0878, a memory corruption bug in Microsoft browsers, as an issue to patch. The flaw exists in the way Microsoft browsers access objects in memory and affects versions of Microsoft Edge and Internet Explorer. An attacker could host a specially crafted site designed to exploit the flaw and convince a user to view it, or they could take advantage of compromised websites, or submit crafted content to sites that host user-provided content.

However, the vulnerability cannot be exploited by simply viewing the malicious content. An attacker must convince users to take action, whether through an email or instant message, to get them to open an attachment. If the user is logged in with administrative rights, a successful attacker could take control of an affected system.

“Although there have been many memory corruption RCE vulnerabilities disclosed this month, Microsoft currently has around 13% of the total market share when it comes to browsers, possibly presenting enough attack surface to make it worthwhile for attackers to explore,” Hass says. 

Businesses should also prioritize CVE-2020-0922, a critical RCE flaw in the Microsoft Common Object Model (COM) that would allow an attacker to execute malicious code on a target device by luring a victim to open a specially crafted file or visit a website hosting malicious JavaScript. Today’s patch addresses the vulnerability by correcting how COM handles objects in memory.

This fix is important because COM is the base framework of Microsoft services such as ActiveX, OLE, DirectX, and Windows Shell. If the flaw is left unpatched, it could give an attacker a large target to explore when seeking out vulnerabilities in a network, says Richard Melick, senior technical product manager for Automox.

“Given that the exploit can be taken advantage of through a simple malicious JavaScript or website, potentially delivered through a phishing email, it is necessary to address to minimize a network’s attack surface,” he explains.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

Recommended Reading:

More Insights

Source: https://www.darkreading.com/vulnerabilities—threats/microsoft-fixes-129-vulnerabilities-for-septembers-patch-tuesday/d/d-id/1338863?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

Galaxy S17

Published

on

Table of Contents

Samsung Galaxy S17 2021: Release Date, Specifications, Price and More!
This is what it looks like!

Samsung Galaxy S172021: Hello Friends. How are you? I hope you are all well. For those who want to buy a replacement phone, it may be great news that Samsung Galaxy S 2021, which is the most famous brand in the world, will bring a new Samsung phone or sell. We heard this phone news via online media. There are many types of videos that can be shared on video sharing media. The Samsung Galaxy S17 2021 smartphone is one of the most awaited mobiles in the world.

This phone will be the most expensive mobile of the year. If you are able to understand the phone, the Samsung Galaxy S17 will come with a replacement Android OS model. This smartphone’s Release Date, Price and Full Specification is shared. Keep reading and stay with us.

Samsung Galaxy 17’s display contains many types of news that we know. However, not all information is accurate. Experts have stated that this collection will have a full-screen display. The display resolution will be 1445×3040 pixels. Let’s take a look at the full specifications of this phone. The Galaxy S17 specifications include a 6. 1-inch Super AMOLED full-screen display with 1445×3040 pixels. This smartphone also features a 19:5:9 ratio.

Full Specification for Samsung Galaxy S17

A chipset snapdragon 870+ processor will be found. The storage will be 12GB RAM and 256GB ROM. Support for 1TB external SD cards will be provided. 6G Network technology could be added to it with support for 5G, 4G and 3G Networks, but that’s a rumor. No one can guarantee it. The specifications for the Samsung Galaxy S17 include:

  • 48 MP Front Camera
  • 5 Cameras with LED Flash (96MP + 64MP+ 48MP + 32MP+ 32MP + 16MP).
  • 16 K video Opportunity
  • Super AMOLED Display with 1440×3040 Pixel Resolution
  • Water and scratch-resistant glass (Corning Gorilla Glass7+), Light sensor Proximity sensor, Accelerometer Compass, Gyroscope
  • Processor: Octa-core, 2840 MHz, Kryo 500, 64-bit, 7nm.
  • Android Q 10 OS
  • 7000 mAh Battery
  • Fast Charging supported
  • Support via wireless
  • video 3840×2160 (4K HD) (60 FPS), 1920×1080(Full HD), (240fps), 1280×720(HD) (1280fps), 960 FPS)
  • Dimension: 5.90×2.77×0.31 inches (149.4×7.8 mm).
  • Fingerprint Sensor
  • Face ID
  • Waterproof
  • Dual Nano SIM Card
  • Many more features

Samsung Galaxy S17 2021: Battery and RAM.

Samsung Galaxy 17 2021 battery is a great choice for those who use the internet and want to play online games. The batteries are fast and can be charged quickly and last a long time. The massive 6360mAh battery in this Samsung smartphone is impressive. The massive 6360mAh lithium-ion battery in this Samsung smartphone is impressive. The Samsung Galaxy S17 has a 64MP + 43MP + 32MP + 16MP rear camera. There’s also a 48MP camera for video calls and selfies. Two storage options and two RAM options are available on the Samsung smartphone. This smartphone has 10GB/12GB RAM and 256GB or 512GB internal memory. A MicroSD card can be used to expand storage up to 1TB.

Samsung Galaxy S17 Price

This phone is not expensive, and it’s usually $1270. When Samsung officially announces the value, we will keep you informed. Keep watching our website to see all the latest updates and get the ultimate phone, the most capable.

Samsung Galaxy S17 Release Date

It is expected to be released 10 Oct 2020, but we will inform you about the exact date after the official announcement by Samsung, the largest worldwide company. We will have to wait and see.

Samsung Galaxy S17 Price

This phone is expected to be $1270. We will keep you informed about the official announcement by Samsung. Keep checking our website for all the latest information.

Country Price (Expected)
1. Samsung Galaxy S17 Price in India 54900 INR.
2. Samsung Galaxy S17 Price in Pakistan 119500 PAK.
3. Samsung Galaxy S17 Price in USA Country 1270 USD

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/galaxy-s17/

Continue Reading

Cyber Security

How To Connect AirPods To Lenovo Laptop?

Published

on

We now live in a wireless earbud era, which has revolutionized and changed the way we listen to and experience music. Apple AirPods are one of the most popular wireless earbuds on the market, and they’ve completely transformed our way of listening to and consuming music, especially as we learned to use Bluetooth to connect directly with our ThinkPad.

One of the amazing features of the AirPods that people don’t seem to talk about is their ability to connect to non-Apple devices that accept Bluetooth, such as a ThinkPad or other Lenovo laptop.

In this article, I’ll go through how to connect AirPods to a Lenovo laptop, as well as what to do if they refuse to pair. I’ll also show you what you can do if your Lenovo laptop doesn’t have Bluetooth capability and you want to connect your Airpods.

In a few simple steps, learn how to connect your AirPods to your Windows PC.

Apple’s AirPods are Bluetooth earbuds that are completely cordless and developed specifically for iOS devices like the iPhone and iPad. However, AirPods are compatible with a wide range of other devices, including Android phones and computers.

Of course, if you use AirPods with a PC, you won’t be able to use Siri because that feature is only available when the buds are connected to an iPhone or iPad.

SEE ALSO:

Top 5 Best Text to Speech (TTS) Softwares

However, if you want to use your AirPods with your |along with your > PC while they aren’t paired with your iPhone, here’s how to do it.

It is extremely possible to connect any type of AirPods to your Lenovo laptop or ThinkPad, and if you are in a hurry, follow these instructions.

How to connect AirPods to a Lenovo laptop is as follows:

  1. To access settings, press Windows key + I.
  2. Select Devices from the Settings menu.
  3. Bluetooth should be enabled.
  4. Add Bluetooth or other devices is the option to choose.
  5. Bluetooth is a good option.
  6. Now, take your AirPods case and open the cover.
  7. Press and hold the button on the back of your AirPods case.
  8. When you see a white light, release the button.
  9. Choose your AirPods from the list of devices that have been discovered.
  10. To finish, click Done.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/how-to-connect-airpods-to-lenovo-laptop/

Continue Reading

Cyber Security

Bitdefender Ransomware Vaccine

Published

on

The “Bitdefender ransomware vaccine” can be seen here.

To address the escalating ransomware menace, Bitdefender is distributing a ‘vaccine.’

Bitdefender, a Romanian security software provider, has released a free replacement programme to prevent your machine from being infected by ransomware.

Table of Contents

Bitdefender Ransomware Vaccine

The Bitdefender Antiransomware vaccine protects your system from crypto-ransomware such as CTB-Locker, Locky, and TeslaCrypt by making it appear as though it has already been infected with malware.

Various ransomware strains, such as variants of Locky and TeslaCrypt, frequently employ a mechanism that detects if a computer has already been infected with the malware and had its files encrypted. Bitdefender’s new software, on the other hand, claims to be able to mimic these checks, meaning that if your computer is ever infected with ransomware, the virus will bypass it.

“In some ways, the new technology is an offshoot of the Cryptowall vaccine programme,” said Catalin Cosoi, Bitdefender’s senior security strategist. “We had been looking for a solution to prevent this ransomware from encrypting files even on PCs that were not covered by Bitdefender antivirus, and we recognised we could expand the thought.”

SEE ALSO:

Dell informed customers that updates released patch to fix critical vulnerabilities

The original Cryptowall vaccine tool functioned similarly, but it may soon become obsolete and in need of an upgrade to keep up with how ransomware evolves and becomes more complex.

Bitdefender’s latest tool covers many more ransomware variants than before, but it’s not an all-in-one solution or blatant prevention tool.

Ransomware has recently taken on new forms, including a strain that targets WordPress sites rather than computers. As a result, this new anti-ransomware vaccine should not be viewed as a long-term solution, as more sophisticated threats may arise sooner rather than later.

Bitdefender isn’t the only company working on a ransomware vaccination. Sean Williams, a developer, is working on a tool called Cryptostalker to prevent ransomware from infecting Linux systems, while researcher Sylvain Sarméjeanne is working on a Locky-fighting tool.

Bitdefender Antivirus Free Edition with Combination Crypto-Ransomware Vaccine User Questions

Bitdefender Antivirus Free Edition is what I’m using. Is it required or suggested to utilise this Bitdefender tool in addition?

The Position of Bitdefender on Ransomware and Decryptors

Remediation for Ransomware: Bitdefender Ransomware Protection can help you recover ransomware-encrypted files (& etc.)
Does BitDefender Anti-Virus Free come with the ransomware protection that BitDefender Anti-Ransomware Free offers?

Vaccine Against Crypto-Ransomware in Combination Has Been Released

By leveraging gaps in the crypto ransomware families’ spreading mechanisms, Bitdefender anti-malware experts have created a replacement vaccine tool that may guard against known and possibly future versions of the CTB-Locker, Locky, and TeslaCrypt crypto ransomware families.

SEE ALSO:

Microsoft Detailed the Steps Involved in the Processing of Vulnerability Reports

“In some ways, the new tool is an offshoot of the Cryptowall vaccine programme.” Catalin Cosoi, the Chief Security Strategist, explained. “We had been looking for a solution to prevent this ransomware from encrypting files even on PCs that were not covered by Bitdefender antivirus, and we recognised we could expand the thought.”

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/bitdefender-ransomware-vaccine/

Continue Reading

Cyber Security

Windows Firewall Allow Ping

Published

on

Table of Contents

Using Group Policy, enable ICMP (PING) over the Windows Firewall with Advanced Security

Prerequisites

On Windows 7, Windows 8, Windows Server 2008, Windows, or Server 2012, you’ll need the Group Policy Management Tools. These are part of the Remote Server Administration Tools (RSAT), which may be downloaded from Microsoft’s website.

Instructions

Please follow these instructions to activate ICMP on devices using Windows Firewall with Advanced Security (Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2012).

  1. Using the Group Policy Management Tool, you can edit an existing Group Policy object or create a new one.
  2. Expand the node pc Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Inbound Rules in the pc Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/
  3. Click Next after selecting the Custom radio button.
  4. Select the radio box for All Programs and then click Next.
  5. Select ICMPv4 from the Protocol Type: sink list and click Customize…
  6. Check the radio selection for All ICMP types and then click OK.
  7. Note: If you want to limit ICMP to specific types, you need allow at least Echo Request.
  8. You can either limit which IP addresses ICMP can and cannot communicate with, or tick the Any IP address radio buttons to allow all, then click Next.
  9. Click Next after checking the Allow Connection radio option.
  10. Select which profiles will be affected by the rule. At the very least, tick the Domain profile checkbox and then click Next.
  11. Remove the Name: field from the rule and give it a relevant name. If desired, create an outline and then click Finish to depart and save the new law.
  12. Using the Group Policy Management Tool, verify that the Group Policy Object is applied to the appropriate computers.
    Allow pings over the Windows firewall.

SEE ALSO:

Top 10 Best Android Emulator for Windows Mobile Applications-2019

Overview

Ping requests are prohibited by default if you have the Windows Firewall Allow Ping option activated. The University Information Security Office’s (ISO) vulnerability scanners are unable to work as a result of this. Follow the procedures below to configure your firewall to allow pings.

To complete these tasks, you may be asked for administrator access.

Firewall in Windows

  1. Open Windows Firewall by searching for it and clicking on it.
  2. On the left, select Advanced Settings.
  3. Click Inbound Rules in the left pane of the resultant window.
  4. File and Printer Sharing (Echo Request – ICMPv4-In) is one of the fundamentals.
  5. Enable each rule by right-clicking it and selecting Enable Rule.

Firewalls from third parties

See Vulnerability Scanners if you use a third-party firewall application or appliance.

It’s difficult to hide all conceivable ways of enabling ping on all possible firewalls because each third-party firewall is set differently.

However, to fill out the form to configure your firewall, you’ll need the following information:

  • Many firewalls allow you to whitelist specific IP addresses or ranges. Vulnerability Scanners has the IP ranges for UISO scanners.
  • Some firewalls allow specified protocols or services to pass through. You should enable ping in certain instances. The setting is known as “ping” or “incoming ping” on some firewalls. Others inquire about it using the technical term “ICMP Echo Reply.” Allow this protocol in either case.
  • Many firewalls also include options for allowing specific ports to communicate (do not confuse networking TCP ports with the physical serial, parallel, USB, or Ethernet ports). Don’t worry about those settings for the UISO scanner; only “ping” (ICMP Echo Reply), which doesn’t require ports, has to be enabled. With other reasons, you’ll want to allow or disallow specific ports, but it’s pointless to try to do so for the UISO scanner.

SEE ALSO:

Windows Defender Mistakenly Considered Citrix Services as Malware

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://cybersguards.com/windows-firewall-allow-ping/

Continue Reading
Energy31 mins ago

AutoGrid To Provide Turnkey ‘Virtual Power Plant’ to Clean Power Alliance’s Power Response Program to Improve Reliability of California Grid

Energy48 mins ago

Silvercorp to Highlight Innovative Waste Reduction Initiatives in Upcoming Annual Sustainability Report

Energy53 mins ago

Mountain Province Diamonds Announces Quarterly Sales Results

Energy1 hour ago

La flotte d’équipements de construction de routes sans pilote de XCMG, la plus importante au monde, termine un projet national d’entretien routier

Energy1 hour ago

Quanta Services to Participate in the Wolfe Research Utilities, Midstream and Clean Energy Conference

Energy1 hour ago

Maverix Acquires Gold Stream and Enters into Strategic Partnership with Auramet

Energy1 hour ago

Applied Blockchain, Inc. Provides Business and Partnership Update

Esports2 hours ago

Will New World be released on console?

Esports2 hours ago

How to watch today’s ALGS Pro League qualifiers

Energy2 hours ago

Ranked: The 50 Companies That Use the Highest Percentage of Green Energy

Esports2 hours ago

Asuna’s VALORANT settings: Keybinds and crosshair

Esports2 hours ago

How to add a lurk command on Twitch

Esports2 hours ago

How to add a lurk command on Twitch

Esports2 hours ago

Visitors from Verdansk: How Apex gained viewers and players as Warzone struggled

Esports2 hours ago

Visitors from Verdansk: How Apex gained viewers and players as Warzone struggled

Esports2 hours ago

The top 10 players at Worlds 2021

Esports2 hours ago

The top 10 players at Worlds 2021

Australia
Esports3 hours ago

IEM Fall initial matchups announced

Esports3 hours ago

Hard vs. soft mouse pads: Which is better for gaming?

Esports3 hours ago

Best full-backs in FIFA 22 Ultimate Team

Esports3 hours ago

5 Things We Don’t Want in League of Legends Patch 11.20

Esports3 hours ago

League of Legends Patch 11.20 Release Date

Esports3 hours ago

Pokemon GO Master League Breakdown: Sept. 27-Oct. 11

Esports3 hours ago

How to get ‘No Shirt’ in NBA 2K22

Esports3 hours ago

When Does League of Legends Season 11 End?

Esports3 hours ago

5 Things We Want in League of Legends Patch 11.20

Esports3 hours ago

Overwatch 2 Erases All Mention of Jeff Kaplan Following New Reference Protocol

Esports3 hours ago

Overwatch 2 Erases All Mention of Jeff Kaplan Following New Reference Protocol

Esports3 hours ago

VALORANT fans can watch NA VCT Last Chance Qualifier in select theaters

Energy4 hours ago

Stealth Power Launches Electric Power Take-Off (ePTO) Solution Expanding the Company’s Offerings for Utilities Sector

Trending