Computer Safety & News

Microsoft Edge is offerning support for the new W3C “Web Authentication” as an alternative to password in its latest “beta” build. https://redmondmag.com/articles/2018/07/30/microsoft-edge-web-authentication-support.aspx https://blogs.windows.com/msedgedev/2018/07/30/introducing-web-authentication-microsoft-edge/#IXHA8Dz2fQTPPh0O.97 Microsoft announced on Monday that its Microsoft Edge browser now supports the Web Authentication spec at the preview stage, enabling the testing of an alternative means of carrying out user authentications besides […]

While printing may not seem like a major security risk, there have been occasional past vulnerabilities & malware exploits.  As the “Internet of Things” further develops printers are adding more “smart” device capabilities to phone home to vendor or corporate ADMIN team when needs surface.  HP is offering up to $10,000 to researchers who can […]

The W3C standards committee has developed a new Web Authentication alternative to passwords where users are pre-registered & later verified using FIDO approved devices such as biometrics, one-time PIN from smartphone, etc. Web Authentication — API for accessing Public Key Credentials https://w3c.github.io/webauthn/ This specification defines an API enabling the creation and use of strong, attested, scoped, […]

The John Maxwell leadership training center shares value of adding an ROI to their leadership development programs to further enhance the future health of their organizations. http://johnmaxwellcompany.com/blog/driving-key-performance-outcomes-through-high-roi-leadership-development Every successful business trains its employees. But how is this leadership development measured? Is it measured at all? Attaching an ROI to leadership development is critical to building […]

The John Maxwell leadership training center shares value of adding a “business coach” as a mentor for your own career development: http://johnmaxwellcompany.com/blog/personal-trainer-but-no-business-coach There are professionals and programs available to help people achieve all types of goals — people hire coaches to help them lose weight, get fit, get sober, improve their finances and their relationships.  […]

Microsoft Azure is introducing a new “beta” version of a Firewall facility designed to protect cloud based applications.  In it’s 1st iteration it is mainly designed to protect OUTBOUND traffic initially, as described below: What is Azure Firewall? https://docs.microsoft.com/en-gb/azure/firewall/overview In this post, I will explain what the new Azure Firewall, recently launched in preview, can […]

Black Hills Information Security has introduced an open source security vulnerability analysis tool called RITA (Real Intelligence Threat Analytics) as described below https://isc.sans.edu/forums/diary/Using+RITA+for+Threat+Analysis/23926/ https://www.blackhillsinfosec.com/ I installed and tested this open source framework called Real Intelligence Threat Analytics (RITA) that was recently updated against my BRO logs.  “This open source project, born from Black Hills Information […]

Microsoft removed the .NET Framework security updates from the JULY 2018 Patch Tuesday updates after some corporate users were impacted by server application issues.  Replacement security patches will likely be introduced in future, after further testing & refinement to ensure issues don’t materialize again. https://redmondmag.com/articles/2018/07/23/microsoft-pulls-july-net-patches.aspx https://blogs.msdn.microsoft.com/dotnet/2018/07/20/advisory-on-july-2018-net-framework-updates/ Microsoft’s Friday announcement specifically pointed to an “Important” security […]

US CERT, SANS Internet Storm center, and other security firms are sharing awareness of increased malicious spam (malspam) featuring Emotet malware. As noted in these warnings, Emotet continues to evolve with new capabilities: https://www.us-cert.gov/ncas/alerts/TA18-201A https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/ Overview — Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking […]

The recent JULY 2018 Oracle security patch CVE-2018-2893 for the Weblogic development suite is being exploited in-the-wild & all applicable corporate users should expediently patch for safety reasons https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/ On 18-JUL-2018 Oracle released a Critical Patch Update. Yesterday exploit targeting CVE-2018-2893 impacting Oracle Weblogic Server appeared publicly. We do see first exploit attempts. The exploit […]