Windows

X-Rays Behaving Badly: Devices Give Malware Foothold on Hospital Networks

In-brief: serious breaches of hospital networks are almost certainly more common than has been reported, as compromised medical devices often hide the telltale signs of malware infection and data theft, according to a report from the security firm TrapX. 

Windows Bug From 1997 Enables Credential Theft

In-brief: Researchers from the firm Cylance warned that an unpatched security flaw first discovered in 1997 could be used to attack a wide range of popular applications and steal user credentials. 

Microsoft Plays for IoT with Windows 10 for Raspberry Pi

In-brief: Microsoft is making good on promises that its next version of Windows will be a player on the Internet of Things, announcing support for Raspberry Pi 2. 

Microsoft Issues Critical, Emergency Patch: MS14-068

Microsoft on Tuesday released a critical security patch outside of its normal, monthly software update cycle to fix what it described as a serious, privately reported vulnerability in Microsoft Windows Kerberos Key Distribution Center (KDC). If left unpatched, the security hole could allow an attacker to impersonate any user on a domain, including domain administrators. They could use that access to install programs; view, change or delete data; or create new accounts on any domain-joined system, Microsoft said. The security hole affects a wide range of Windows versions and is rated Critical for all supported editions of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2, Microsoft said. Kerberos is an encryption technology that is the default authentication method for Windows systems, starting with Windows 2000. The Kerberos Key Distribution Center is a standard network service for issuing temporary session keys to users and computers […]

Dusting For Malware’s Bloody Prints

Malicious software is nothing new. Computer viruses and worms have been around for decades, as have most other families of malware like remote access tools (RATs) and key loggers. But all our experience with malware hasn’t made the job of knowing when our organization has been hit by it any easier. In fact, recent news stories about breaches at Home Depot, Target, Staples and other organizations makes it clear that even sophisticated and wealthy corporations can easily overlook both the initial compromise and endemic malware infections – and at great cost. That may be why phrases like “dwell time” or “time to discovery” seem to pop up again and again in discussions of breach response. There’s no longer any shame in getting “popped.” The shame is in not knowing that it happened. Greg Hoglund says he has a fix for that latter problem. His new company, Outlier Security, isn’t “next generation […]