some good tips here - what they are and how to enable them, especially:
- PUA
- Memory Integrity
Source: bleepingcomputer.com
A few listed specifically, but not a comprehensive list:
- Touchpad and TrackPoint Firmware in Lenovo ThinkPad X1 Carbon 6th Gen laptop: firmware update with no cryptographic signature checks.
- HP Wide Vision FHD Camera Firmware in HP Spectre x360 Convertible 13-ap0xxx laptop: unencrypted firmware update with no auth checks.
- WiFi Adapter on Dell XPS 15 9560 a laptop: modified firmware still successfully loads despite Windows 10 signing checks.
- USB Hub firmware: VLI USB Hub firmware for Linux is unsigned.
Source: bleepingcomputer.com
Source: mudwerks
just a mouse hover will trigger this PowerPoint related malware
Microsoft has disclosed a potentially catastrophic vulnerability in virtually all versions of Windows. People operating Windows systems, particularly those who run websites, should immediately install a patch Microsoft released Tuesday morning.
The vulnerability resides in the Microsoft secure channel (schannel) security component that implements the secure sockets layer and transport layer security (TLS) protocols, according to aMicrosoft advisory. A failure to properly filter specially formed packets makes it possible for attackers to execute attack code of their choosing by sending malicious traffic to a Windows-based server.
While the advisory makes reference to vulnerabilities targeting Windows servers, the vulnerability is rated critical for client and sever versions of Windows alike, an indication the remote-code bug may also threaten Windows desktops and laptop users as well. Amol Sarwate, director of engineering at Qualys, told Ars the flaw leaves client machines open if users run software that monitors Internet ports and accepts encrypted connections...
Source: Ars Technica
Part skyscraper and part sculpture, the tower appropriately named Aqua has a rippling effect with waves of balconies and windows appearing like vertical bodies of water on its facade. The contemporary design garnered awards for American architect Jeanne Gang and the Studio Gang Architects. For $300 million, the 82-story building was completed within 2 years in downtown Chicago located near Lake Michigan.
Source: blog.flickr.net
Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple's Macintosh platform.
While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday's unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible.
The Mac exploits target users of the Safari browser included in Apple's OS X, as well as those using Mozilla's Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin's Computer Incident Response Team, and MITRE with discovery of the critical bug.
The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content. It was discovered by researchers from antivirus provider Kaspersky Lab...
Hackers are actively exploiting a critical vulnerability in Microsoft's Windows operating system that allows them to remotely execute malicious code when victims visit a booby-trapped website.
"These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents," Andrew Lyons, a Google security engineer, wrote in a blog post published Tuesday. "Users running Windows XP up to and including Windows 7 are known to be vulnerable."
In their own advisory, Microsoft officials confirmed the active attacks and encouraged customers to apply a temporary fix as soon as possible. The vulnerability exploits an uninitialized variable in XML Core Services, which is installed by default in all supported versions of Windows. Users of Microsoft Office 2003 and 2007 are also susceptible.
Attacks work when a vulnerable system uses Internet Explorer to visit a website that contains XML code that corrupts memory in a way that can execute malicious code. The code has the same privileges of the logged-on user, so accounts that don't include administrative privileges may be less affected.
The warnings came the same day that Microsoft issued seven updates that patch at least 26 vulnerabilities in its software as part of its monthly Patch Tuesday. Lyons said Google researchers alerted Microsoft to the attacks on the XML package two weeks ago and that "Microsoft has been responsive to the issue and has been working with us.
mudwerks reblogged
frenchtwist
Legs by Emila Medkova, 1949 “If there is no mystery in a photograph, if its reality has no other design, then it is empty. It is not a matter of description of objects, it is not a matter of describing a head, a face inscribed in another object, but rather a matter of what is evoked.” Emila Medkova Also
Windows (by thomaslewandovski)
sprinkenhof / hans und oskar gerson, fritz höger - hamburg, germany
Source: flickr.com
Windows (by Pieter Musterd)
Source: Flickr / piet_musterd
mudwerks reblogged
mudwerks reblogged
airows