ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Miscellaneous Tech News

    Scheduled Pinned Locked Moved News
    7.4k Posts 83 Posters 3.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CloudKnightC
      CloudKnight @Obsolesce
      last edited by

      @obsolesce said in Miscellaneous Tech News:

      @stuartjordan said in Miscellaneous Tech News:

      @obsolesce said in Miscellaneous Tech News:

      @scottalanmiller said in Miscellaneous Tech News:

      @stuartjordan said in Miscellaneous Tech News:

      @mlnews said in Miscellaneous Tech News:

      Disable the Windows print spooler to prevent hacks, Microsoft tells customers

      The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
      Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

      What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

      What is going on with companies that would intentionally continue to deploy this crap in a "business"?

      Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

      https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

      Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

      At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

      We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

      Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

      ObsolesceO 1 Reply Last reply Reply Quote 0
      • ObsolesceO
        Obsolesce @CloudKnight
        last edited by Obsolesce

        @stuartjordan said in Miscellaneous Tech News:

        @obsolesce said in Miscellaneous Tech News:

        @stuartjordan said in Miscellaneous Tech News:

        @obsolesce said in Miscellaneous Tech News:

        @scottalanmiller said in Miscellaneous Tech News:

        @stuartjordan said in Miscellaneous Tech News:

        @mlnews said in Miscellaneous Tech News:

        Disable the Windows print spooler to prevent hacks, Microsoft tells customers

        The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
        Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

        What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

        What is going on with companies that would intentionally continue to deploy this crap in a "business"?

        Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

        https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

        Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

        At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

        We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

        Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

        I never said I wasn't a Linux fan myself. My point was that neither OS is perfect and you'll easily find anecdotal evidence for absolutely any point anyone wishes to make.

        CloudKnightC 1 Reply Last reply Reply Quote 1
        • CloudKnightC
          CloudKnight @Obsolesce
          last edited by

          @obsolesce said in Miscellaneous Tech News:

          @stuartjordan said in Miscellaneous Tech News:

          @obsolesce said in Miscellaneous Tech News:

          @stuartjordan said in Miscellaneous Tech News:

          @obsolesce said in Miscellaneous Tech News:

          @scottalanmiller said in Miscellaneous Tech News:

          @stuartjordan said in Miscellaneous Tech News:

          @mlnews said in Miscellaneous Tech News:

          Disable the Windows print spooler to prevent hacks, Microsoft tells customers

          The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
          Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

          What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

          What is going on with companies that would intentionally continue to deploy this crap in a "business"?

          Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

          https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

          Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

          At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

          We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

          Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

          I never said I wasn't a Linux fan myself. My point was that neither OS is perfect and you'll easily find anecdotal evidence for absolutely any point anyone wishes to make.

          Fair Enough, It just come across you was anti linux with your post. I could of read it wrong. Both have exploits but I'm saying id rather put my trust in linux because windows has a larger user base and is targeted more with exploits and malware. Windows is becoming a big pile of bloat for no reason as well. They got things right with windows 7 finally but this windows as a service has been one big fuck up and that's because Microsoft wasn't used to that update model.

          ObsolesceO 1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @CloudKnight
            last edited by Obsolesce

            @stuartjordan said in Miscellaneous Tech News:

            @obsolesce said in Miscellaneous Tech News:

            @stuartjordan said in Miscellaneous Tech News:

            @obsolesce said in Miscellaneous Tech News:

            @stuartjordan said in Miscellaneous Tech News:

            @obsolesce said in Miscellaneous Tech News:

            @scottalanmiller said in Miscellaneous Tech News:

            @stuartjordan said in Miscellaneous Tech News:

            @mlnews said in Miscellaneous Tech News:

            Disable the Windows print spooler to prevent hacks, Microsoft tells customers

            The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
            Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

            What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

            What is going on with companies that would intentionally continue to deploy this crap in a "business"?

            Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

            https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

            Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

            At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

            We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

            Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

            I never said I wasn't a Linux fan myself. My point was that neither OS is perfect and you'll easily find anecdotal evidence for absolutely any point anyone wishes to make.

            Fair Enough, It just come across you was anti linux with your post. I could of read it wrong. Both have exploits but I'm saying id rather put my trust in linux because windows has a larger user base and is targeted more with exploits and malware. Windows is becoming a big pile of bloat for no reason as well. They got things right with windows 7 finally but this windows as a service has been one big fuck up and that's because Microsoft wasn't used to that update model.

            Man Windows 7 was horrible. It's never been easier to do deploy Windows and manage updates than it is currently. Your service desk doesn't even need to touch new devices anymore before giving them to an end user. It's ridiculously easy now, straight from the distributer to the end user, up and running within 10-15 minutes of unboxing. And that's with it being fully on boarded with the company, required apps, compliance, etc. I absolutely could not imagine going back to Win7 times. No more imaging or maintaining images or that Wsus bullshit. What a crazy time sink.

            1 Reply Last reply Reply Quote 0
            • mlnewsM
              mlnews
              last edited by

              Pegasus: Spyware sold to governments 'targets activists'

              Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.
              They are on a list of some 50,000 phone numbers of people believed to be of interest to clients of the company, NSO Group, leaked to major news outlets. It was not clear where the list came from - or how many phones had actually been hacked. NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records. It said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was "full of wrong assumptions and uncorroborated theories".

              DashrenderD 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @mlnews
                last edited by

                @mlnews said in Miscellaneous Tech News:

                Pegasus: Spyware sold to governments 'targets activists'

                Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.
                They are on a list of some 50,000 phone numbers of people believed to be of interest to clients of the company, NSO Group, leaked to major news outlets. It was not clear where the list came from - or how many phones had actually been hacked. NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records. It said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was "full of wrong assumptions and uncorroborated theories".

                I thought this was pretty much known fact about nearly any spying software? 😉

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @dashrender said in Miscellaneous Tech News:

                  @mlnews said in Miscellaneous Tech News:

                  Pegasus: Spyware sold to governments 'targets activists'

                  Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm, media reports say.
                  They are on a list of some 50,000 phone numbers of people believed to be of interest to clients of the company, NSO Group, leaked to major news outlets. It was not clear where the list came from - or how many phones had actually been hacked. NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records. It said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was "full of wrong assumptions and uncorroborated theories".

                  I thought this was pretty much known fact about nearly any spying software? 😉

                  Right? What else would it be for? Targeting housewives to see if Dawn truly is the best at cutting stuck on grease?

                  1 Reply Last reply Reply Quote 0
                  • mlnewsM
                    mlnews
                    last edited by

                    China accused of cyber-attack on Microsoft Exchange servers

                    The UK, US and EU have accused China of carrying out a major cyber-attack earlier this year.
                    The attack targeted Microsoft Exchange servers, affecting at least 30,000 organisations globally. Western security services believe it signals a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating. The Chinese Ministry of State Security (MSS) has also been accused of wider espionage activity and a broader pattern of "reckless" behaviour. China has previously denied allegations of hacking and says it opposes all forms of cyber-crime. The unified call-out of Beijing shows the gravity with which this case has been taken. Western intelligence officials say aspects are markedly more serious than anything they have seen before.

                    1 Reply Last reply Reply Quote 0
                    • mlnewsM
                      mlnews
                      last edited by

                      Apple under pressure over iPhone security after NSO spyware claims

                      Apple urged to work with rivals after alleged surveillance of journalists, activists.
                      Apple has come under pressure to collaborate with its Silicon Valley rivals to fend off the common threat of surveillance technology after a report alleged that NSO Group’s Pegasus spyware was used to target journalists and human rights activists. Amnesty International, which analyzed dozens of smartphones targeted by clients of NSO, said Apple’s marketing claims about its devices’ superior security and privacy had been “ripped apart” by the discovery of vulnerabilities in even the most recent versions of its iPhones and iOS software.

                      1 Reply Last reply Reply Quote 1
                      • mlnewsM
                        mlnews
                        last edited by

                        Zoom offers app store with team-building games

                        Zoom is integrating third-party apps into its video conferences, as it looks to stay ahead in the post-pandemic world.
                        It hopes that the addition of apps will "make meetings more engaging, more productive and actually even more fun". Zoom is betting on a future of hybrid working, and hoping to maintain its 300 million daily meeting participants. Experts say it is also keen to compete with rivals such as Microsoft Teams. Zoom already has a marketplace that has 1,500 apps, but they need to be downloaded and added to meetings separately. At launch, 50 apps will be available, including meeting planning app Asana and Dot Collector, which allows for real-time feedback and polling. In an interview with the BBC, Zoom's product lead for Apps, Ross Mayfield, explained how he saw apps being used in Zoom: "Using apps for things like taking notes, whiteboarding, logging action items and managing your tasks to make you more productive."

                        DustinB3403D 1 Reply Last reply Reply Quote 0
                        • DustinB3403D
                          DustinB3403 @mlnews
                          last edited by

                          @mlnews said in Miscellaneous Tech News:

                          Zoom offers app store with team-building games

                          Zoom is integrating third-party apps into its video conferences, as it looks to stay ahead in the post-pandemic world.
                          It hopes that the addition of apps will "make meetings more engaging, more productive and actually even more fun". Zoom is betting on a future of hybrid working, and hoping to maintain its 300 million daily meeting participants. Experts say it is also keen to compete with rivals such as Microsoft Teams. Zoom already has a marketplace that has 1,500 apps, but they need to be downloaded and added to meetings separately. At launch, 50 apps will be available, including meeting planning app Asana and Dot Collector, which allows for real-time feedback and polling. In an interview with the BBC, Zoom's product lead for Apps, Ross Mayfield, explained how he saw apps being used in Zoom: "Using apps for things like taking notes, whiteboarding, logging action items and managing your tasks to make you more productive."

                          Why.... who really needs video games in their video conference software... I just put the VC on mute and play on my console/pc... DUH

                          1 Reply Last reply Reply Quote 0
                          • nadnerBN
                            nadnerB
                            last edited by

                            https://www.itnews.com.au/news/cba-takes-25-percent-stake-in-two-nbn-retail-service-providers-567729

                            CBA is making a surprise play in the Australia broadband market, taking stakes in More Telecom and Tangerine and using its banking app to try to persuade customers to switch their provider.

                            (CBA = Commonwealth Bank of Australia)

                            1 Reply Last reply Reply Quote 0
                            • mlnewsM
                              mlnews
                              last edited by

                              California sues Activision Blizzard over alleged harassment

                              One of the world's largest game companies is being taken to court over an alleged "frat boy" culture that discriminates against women.
                              Activision Blizzard is accused of unequal pay, promoting men over women, and widespread sexual harassment. California's Department of Fair Employment and Housing (DFEH) is taking legal action against the company, following a two-year investigation. ctivision called the action "disgraceful and unprofessional". And it called the DFEH "unaccountable state bureaucrats".

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                https://www.theverge.com/2021/7/22/22588837/internet-outage-psn-steam-banks-trading-gaming-more-911-systems

                                1 Reply Last reply Reply Quote 0
                                • mlnewsM
                                  mlnews
                                  last edited by

                                  Akamai Edge DNS outage brings down Playstation Network, Steam, others

                                  Contrary to popular belief, it's not always DNS... but it is today.
                                  A massive Internet outage today has downdetector.com covered in warnings for popular websites and services such as the PlayStation Network, Steam, Fidelity Investments, Airbnb, FedEx, LastPass, UPS, Amazon, and others. The root cause of the outage appears to be a failure in Akamai's Edge DNS Service. Its system status page reports that Akamai is aware of "an emerging issue with the Edge DNS service"—one downgraded to "Minor Service Outage" with no further explanation as of press time.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    https://www.zdnet.com/article/patch-now-linux-file-system-security-hole-dubbed-sequoia-can-take-over-systems/

                                    travisdh1T JaredBuschJ 2 Replies Last reply Reply Quote 0
                                    • travisdh1T
                                      travisdh1 @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Miscellaneous Tech News:

                                      https://www.zdnet.com/article/patch-now-linux-file-system-security-hole-dubbed-sequoia-can-take-over-systems/

                                      Auto-updates, fixed it before the news story got out.

                                      1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Miscellaneous Tech News:

                                        https://www.zdnet.com/article/patch-now-linux-file-system-security-hole-dubbed-sequoia-can-take-over-systems/

                                        Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.

                                        "If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @JaredBusch
                                          last edited by

                                          @jaredbusch said in Miscellaneous Tech News:

                                          @scottalanmiller said in Miscellaneous Tech News:

                                          https://www.zdnet.com/article/patch-now-linux-file-system-security-hole-dubbed-sequoia-can-take-over-systems/

                                          Not actually ahigh risk unless someone already has local access to the system. I mean serious exploit, yes. But first you need to be on the system.

                                          "If an unprivileged local attacker creates, mounts, and deletes a deep directory structure whose total path length exceeds 1GB, and if the attacker open()s and read()s /proc/self/mountinfo, then" through a series of other maneuvers you can write to out of bounds memory.

                                          Yeah, I'd put it as moderate.

                                          1 Reply Last reply Reply Quote 0
                                          • mlnewsM
                                            mlnews
                                            last edited by

                                            Kaseya gets master decryptor to help customers still suffering from REvil attack

                                            REvil ransomware struck as many as 1,500 networks, but a master key is now available.
                                            Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack. Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 319
                                            • 320
                                            • 321
                                            • 322
                                            • 323
                                            • 372
                                            • 373
                                            • 321 / 373
                                            • First post
                                              Last post