You can’t determine what happened if you don’t have some sort of history of events. That’s why people install surveillance cameras. It’s also why software developers have logging capability. Many of our security and forensic investigations are significantly crippled because logs don’t exist or minimal data is captured. That’s because most applications don’t enable logging by default. The same is true for Microsoft Office 365. The good news is that starting February 1, Microsoft will…

When software goes out of support, it no longer receives any updates including security patches. Windows XP has been in that state for some time and Windows 7 goes out of support in a year on January 14, 2020. Windows 7 is still one of the most widely used operating systems. In December 2018, NetMarketShare reported that 39.2% of machines are using Windows 10 and 36.9% are running Windows 7. So budget now for the…

Approximately 30% of websites are powered by WordPress. Obviously, it is an extremely popular platform for a lot of businesses. It’s also an environment that is subject to a lot of attacks trying to take advantage of vulnerabilities since it is the most popular platform. According to Bleeping Computer, WordPress related vulnerabilities increased by 300% in 2018. But wait. The base WordPress platform isn’t the problem. WordPress plugins are responsible for 98% of the WordPress…

Some recent updates of Windows 10 have failed because there wasn’t enough disk space available to complete the update process. Windows doesn’t currently check for available disk space prior to attempting to install an update. A change is coming with a future Microsoft update. ZDNet reports, “Microsoft is introducing ‘reserved storage’, which will keep around 7GB of disk space — but possibly more — available purely so that updates can be installed smoothly.” We’ll…

Snake oil has been around for hundreds of years. Unfortunately, promises and deception still surround us every day. The latest example targets AT&T users with phones running the Android operating system. Apparently, AT&T is pushing out an update that changes the cellular connection icon from 4G LTE to 5G E. Shocker, but you won’t believe that the network is not really a 5G network. Some marketing “geniuses” at AT&T think it is totally acceptable to…

Normally, Adobe releases fixes around the middle of the month to coordinate with Microsoft’s Patch Tuesday. However, there have been more out-of-band releases recently. Adobe just released such patches to fix some critical vulnerabilities. One fix is for a use-after-free bug that could be exploited to take control of a target system by using a maliciously crafted PDF. The second fix is for a security bypass targeting JavaScript API restrictions on Adobe Reader DC. If…

Yesterday I mentioned how USB-C connectors are helping us get to a standardized way to provide power and data transfer. Eweek has reported the announcement of the USB Type-C Authentication Program on January 2nd. Malware delivered by a USB connection (in the old days devices would automatically open when connected) is a common attack point. There are even USB devices that act like keyboards and can automatically execute commands as if someone was sitting at…