united states of america usa  linkedinfacebookgoogle

Should I upgrade to Windows 10?

windows 10We've been getting questions from users regarding whether or not they should upgrade to Windows 10. Our answer is usually the same for everyone: ask yourself if you need it.

For the business environment, Windows (any version) is a tool to get work done. If you get a tool that breaks your work environment and requires you re-learn the basic functionality, then the answer is of course "no".

You should upgrade if

  • There's a functionality in Windows 10 that is not available in the current version that you are using.
  • You are tired of the old look and feel of your current Windows
  • You are feeling adventurous and would like to learn the new Windows.

Continue Reading

Attacks with New Microsoft Office Vulnerability

Microsoft Support and ConsultingThere's a zero-day Microsoft office vulnerability out in the wild, which infects fully patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. Using Protected View in word prevents the execution of the malicious code:

FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office documents exploiting the vulnerability that download and execute malware payloads from different well-known malware families.

Continue Reading

Microsoft is shutting down CodePlex

Microsoft corporate vice president Brian Harry announced that they are shutting down CodePlex, its service for hosting repositories of open source software. CodePlex is Microsoft's free open source project hosting site. You can create projects to share with the world, collaborate with others on their projects, and download open source software. "As of this post, we've disabled the ability to create new CodePlex projects," Harry wrote. "In October, we'll set CodePlex to read-only, before shutting it down completely on December 15th, 2017." Microsoft claims that most open source projects have moved to GitHub and so should you.

Continue Reading

Firefox for Linux is now Netflix compatible

linux-icon-19In the past, Netflix was not available for traditional Linux-based operating systems. This was mainly due to the use of Silverlight. Netflix has adopted HTML5, which made both Chrome and Chromium for Linux capable of playing the videos. Firefox -- the open source browser choice for many Linux users -- was not yet compatible.

Continue Reading

DoubleAgent: can take control over your antivirus

double-agent

Cybellum security has discovered a zero-day vulnerability, which can turn any antivirus into a malicious application. Called DoubleAgent (DoubleAgent, since antivirus is treated as a trusted application, but through that exploit can take full control over Windows) exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10.

Continue Reading

Shellshock bug testing for vulnerability

There's a new bug that has been discovered recently, requiring affecting most linux systems running bash. You can read more about it here, but the question most often asked is: how to check if you are vulnerable? Here's a simple way to find out. Login to your Linux box and run the following:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The output will be, if you are not vulnerable:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you are vulnerable:

vulnerable
this is a test

Update (Oct 2): Here's a newer version of the test script. It incorporates tests for all of the other bugs related to shellshock

Download link

Test results are self explanatory:

If not vulnerable (will appear in a healthy-green colour):

Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs

If vulnerable:

Variable function parser active, maybe vulnerable to unknown parser bugs
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1)

 

Microsoft Patches all versions of Internet Explorer

This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Patch can be downloaded from here:

https://technet.microsoft.com/library/security/ms14-021

More Articles...

Tel: (786) 646-6461   |   Toll-Free: (877) 454-0758
18350 NW 2nd Ave, Ste 406E | Miami, FL33169