Should I upgrade to Windows 10?
We've been getting questions from users regarding whether or not they should upgrade to Windows 10. Our answer is usually the same for everyone: ask yourself if you need it.
For the business environment, Windows (any version) is a tool to get work done. If you get a tool that breaks your work environment and requires you re-learn the basic functionality, then the answer is of course "no".
You should upgrade if
- There's a functionality in Windows 10 that is not available in the current version that you are using.
- You are tired of the old look and feel of your current Windows
- You are feeling adventurous and would like to learn the new Windows.
Attacks with New Microsoft Office Vulnerability
There's a zero-day Microsoft office vulnerability out in the wild, which infects fully patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. Using Protected View in word prevents the execution of the malicious code:
FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office documents exploiting the vulnerability that download and execute malware payloads from different well-known malware families.
Microsoft is shutting down CodePlex
Microsoft corporate vice president Brian Harry announced that they are shutting down CodePlex, its service for hosting repositories of open source software. CodePlex is Microsoft's free open source project hosting site. You can create projects to share with the world, collaborate with others on their projects, and download open source software. "As of this post, we've disabled the ability to create new CodePlex projects," Harry wrote. "In October, we'll set CodePlex to read-only, before shutting it down completely on December 15th, 2017." Microsoft claims that most open source projects have moved to GitHub and so should you.
Firefox for Linux is now Netflix compatible
In the past, Netflix was not available for traditional Linux-based operating systems. This was mainly due to the use of Silverlight. Netflix has adopted HTML5, which made both Chrome and Chromium for Linux capable of playing the videos. Firefox -- the open source browser choice for many Linux users -- was not yet compatible.
DoubleAgent: can take control over your antivirus
Cybellum security has discovered a zero-day vulnerability, which can turn any antivirus into a malicious application. Called DoubleAgent (DoubleAgent, since antivirus is treated as a trusted application, but through that exploit can take full control over Windows) exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10.
GNOME 3.24 Desktop Environment Released
The GNOME Project is proud to announce the official availability of the long-anticipated GNOME 3.24 desktop environment for Linux-based operating systems.
Next level ransomware: a group of hackers extorting Apple in exchange for access to user accounts
Instead of extorting individual people, hackers have moved on to corporations. In the age of clouds, it is very easy to do. A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.
Shellshock bug testing for vulnerability
There's a new bug that has been discovered recently, requiring affecting most linux systems running bash. You can read more about it here, but the question most often asked is: how to check if you are vulnerable? Here's a simple way to find out. Login to your Linux box and run the following:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
The output will be, if you are not vulnerable:
bash: warning: x: ignoring function definition attemptbash: error importing function definition for `x'this is a test
If you are vulnerable:
vulnerablethis is a test
Update (Oct 2): Here's a newer version of the test script. It incorporates tests for all of the other bugs related to shellshock
Test results are self explanatory:
If not vulnerable (will appear in a healthy-green colour):
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
If vulnerable:
Variable function parser active, maybe vulnerable to unknown parser bugs
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Microsoft Patches all versions of Internet Explorer
This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Patch can be downloaded from here:
