Microsoft released patches against the infamous Wannacrypt (SMB) vulnerability for older operating systems going back to Windows XP. Get them from the Microsoft website: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ They later issued warning about “potential nation state activity” and issued additional security patches. Again, get them from the Microsoft website. Those patches can be found at the URL below. […]
If you, your family or friends have used that website, please warn them. Here is what happens: Go to the website and put anything into the shopping cart. Click “checkout”. Enter an email address when prompted. If the email address is already in their database the name, address and phone number associated with that email […]
Discovery by Red Canary: https://blog.redcanary.com/ask-partner-network-compromise “On 5 November, Red Canary detected suspicious activity associated with Windows applications distributed by the Ask Partner Network (a.k.a. APN, Ask.com, or simply Ask). Upon further inspection, we discovered that Ask’s software was being co-opted by a malicious actor to execute malicious software on victims’ endpoints. “
Cite: http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/
It’s a good step forward in protecting users from malvertizing, but not a panacea. Cite: https://blogs.windows.com/msedgedev/2016/04/07/putting-users-in-control-of-flash/ By the way, have you updated Flash recently on your local computer? Please do so. You can check the version you have installed here.
https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java How were Oracle deceptive? By only removing the most recent vulnerable version of Java from user’s computers, leaving older versions in situ. “In 2011, according to the FTC’s complaint, Oracle was aware of the insufficiency of its update process. Internal documents stated that the “Java update mechanism is not aggressive enough or simply not […]
Details here: http://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx