[Last Call] Learn how to a build a cloud-first strategyRegister Now

x

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Microsoft Patch Tuesday December 2017 updates


Microsoft Patch Tuesday December 2017 is here, with a list of 34 critical security updates & 2 key fixes, for 7 products. Since the vacation isn't two far, make sure all the patches are updated in your network and have a happy vacation. Adobe also has released its security update

Key fixes:

  1. CVE-2017-11940
  2. CVE-2017-11937

Adobe:

APSB17-42

Potential impact for 34 security updates:

  • Remote code execution
  • Elevation of privilege
  • Information disclosure
  • Spoofing
  • Security feature bypass

Products:

  • Microsoft Exchange Server
  • ChakraCore
  • Microsoft Windows
  • Microsoft Edge
  • Internet Explorer
  • Microsoft Malware Protection Engine
  • Microsoft Office Services and Web Apps
  • Microsoft Office

You can read a complete report on https://goo.gl/mwbq1Q
1
What does it mean to be "Always On"?
LVL 5
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

5 tips for seamless endpoint security

Hey there,

Are you worried about your endpoints being hacked or breached?

Here is a simple tips to build the best endpoint security in your enterprise.

Building an effective endpoint security has become all time priority for enterprises. With the amount of cyber attacks evolving day by day, enterprises have to practice certain simple best practices tosimple tips to build the best endpoint security keep them vigilant against any unforeseen vulnerability breaches.

Read more: https://goo.gl/taAmSB
0
In exchange 2007, wondering if anyone knows how to limit the view of specific public fodders to certain people or security groups.

I know how to limit access (ie author, contributor, editor, etc) but a client has asked that only certain people be able to see certain public folders to reduce the overall amount of viewable public folders (to reduce "clutter" if you will) for everyone viewing the public folder structure. ....
0
 
LVL 12

Administrative Comment

by:Andrew Leniart
Hi classanets,

What you've done here is made a "Post".  The Post function is designed to share information with the Experts Exchange community.

You'll get much better results if you use the Ask a Question button.

It's the big blue button at the top of your browser screen. See below...

Ask a Question

Hope that's helpful.

Andrew
EE TA
1
Good morning, Everyone!

Yesterday Apple released a security update for Mac that you should download and install immediately. To be brief, it closes a hole that allows a user to bypass Administrator authentication without using the Administrator password. The download isn't very big, so it won't take too much time out of your day to update your system.

Have a great day EE fans and Experts!

3
2
1
 
LVL 1

Author Comment

by:Michael Arciniega
They rolled out a patch quickly. Update asap. https://support.apple.com/en-us/HT208315
0
Uber paid hackers $100,000 to keep data breach quiet  

The BBC reported earlier today that Uber did not tell anyone about the breach that affected 57 million customers and drivers.

David Kennerly, director of threat research at security company Webroot, criticized Uber for paying a ransom to the hackers.

"Given the current climate around data security and breaches, it is astonishing that Uber paid off the hackers and kept this breach under wraps for a year. The fact is there is absolutely no guarantee the hackers didn't create multiple copies of the stolen data for future extortion or to sell on further down the line."

What's worse than being hacked? Covering up a hack.
4
Warning Uber users!

And they are using this discovery to make a point that they are cleaning up their act. Interesting.  

Hackers stole the personal data of 57 million customers and drivers from Uber Technologies Inc., a massive breach that the company concealed for more than a year. This week, the ride-hailing firm ousted its chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers.

https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
3
 
LVL 2

Expert Comment

by:Juana Villa
WOW!!!
0
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
And now they are buying 27,000 cars for self driving service.

How do you  hop in a car and ask nobody where is the best secrete hidden place for pizza?
0
2
I see this over and over and over in here:  "Windows 10 forces me to update and my decade old legacy software won't work with the newest updates"

I wonder if these poor souls can connect the dots.

They turned off Windows 7 Updates to keep their legacy software running, and then they complained to Microsoft that their machine was hacked. It was hacked because security updates were turned off.

Microsoft's response:  "We have had enough!  New systems will update like it or not"

Is this any surprise to anyone?
1
 
LVL 52

Expert Comment

by:Jackie Man
Pull off the access to the Internet is the only way to keep legacy application working...
0
Put Machine Learning to Work--Protect Your Clients
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Not many people realise that the General Data Protection Regulation is effective now; however, come May 25th 2018 it will be enforceable. Our be.privacy course has been designed to help you understand basic practice data security. Read more here:  https://www.beinfoready.co.uk/2017/06/07/security-and-data-protection-gdpr/
0
1
 
LVL 2

Expert Comment

by:Juana Villa
I wish people use their intelligence in an ethical way :(
1
4
This is a recent tech related issue that happened to someone I know.  A scam unfortunately and the hacker took advantage of a very fragile situation too.  Its amazing at what lengths hackers will go to take advantage of a person during their plight.

A friend of mine lost their dog so they made a post on Facebook about that and if anyone could help them find their missing dog.  They put their email and phone number out there in that post.  Their post was shared numerous times.  A few weeks went by and someone contacted them saying they found their dog.  My friend was very excited to hear the news and asked how they can get in touch.  The person said they need to verify my friend really owns the dog and asked them for the security code that was just sent to their phone.  Not thinking of anything other than having a chance to see their loyal friend again, they provided the security code that was sent to their phone to this stranger.

Boom.  Their email was hacked.

Guard your phone number and email folks.  Facebook is a new way to spread the word and get some traction for things we need urgency on, but displaying private information publicly, even in dire situations, can bite you in the butt.  Even if a person who is friends with you on Facebook prods for private information you have to guard yourself and consider if they've even been hacked and someone is posing as them.

It happens and it sucks.  Many of us here probably wouldn't fall for something like this, but …
1
 
LVL 25

Expert Comment

by:Brian B
what use the PIN number would be without the physical card?

Scammers probably already have the card number. It is possible to make a new card, so once they have the PIN they can do whatever they want just like they had the real card. Fortunately the new chip enabled cars make this scam more difficult.
1
 
LVL 3

Expert Comment

by:Nichole LaRue
Please verify it's your dog:

"What color is your dog?" Brown and white
"Does it have any characteristics that stand out?" Underbite and lousy attitude
"What color is it's collar?" Black
"What is your social security number?" uhhhh
0
2-Post-Native-Image-360-x-200.jpgThe Private Question Feature is back on-site! Learn how we are protecting your tech question security.
2
Black Friday Hosting.

About this time every year, my hosting clients begin asking about resizing hosting to handle Nov-Dec traffic increases, both real traffic + attack traffic (from competitors).

Here's the simple answer about how to handle traffic for any site.

Disk I/O is the killer. Database writes are the worst.

For MariaDB/MySQL installations, the fix is simple. Run mysqltuner + fix all diagnostics. Then enable the Performance Schema + track table i/o (file_summary_by_instance stats table) + track any table which has a huge amount of writes for no good reason.

Usually tables will relate to specific offender plugins, like those which handle security or link tracking or link rewriting (redirection). Simply replace these offending plugins, so your database writes approach zero.

These few simple activities allow sites to maintain speed + stability, independent of whatever traffic occurs.
1
Hello, Apple Geeks & EE Experts!

Please update your Apple devices when you get home (iOS 11.1 & macOS High Sierra 10.13.1). This update is to fix the WPA2 KRACK vulnerability (the Wi-Fi issue). Kudos to John Hurst (one of EE's top Experts) for sounding the horn.
4
 
LVL 99

Expert Comment

by:John Hurst
Thank you for your very gracious comment. I appreciated it. IOS 11.1 is working just fine on both our phones here. IOS 11.1 is also supposed to protect against KRACK Wi-Fi attacks.
1
 
LVL 99

Expert Comment

by:John Hurst
11.1.1 is now out. Updating now. Fix to a keyboard issue and Siri not working.
1
I've written a very simple PowerShell Script to connect to the following Microsoft Online Services from one Powershell Window:

Office365 Admin Center
Exchange Online
Sharepoint Online
Skype for Business
Security and Compliance Center

You can find the Script here:
https://davidatkin.com/blog/powershell-script-connect-microsoft-online-services-office365/

I know there are alot of these scripts out there but thought I would Share it anyway.
1
2-Post-Native-Image-360-x-200.jpgBack by popular demand, the Private Question feature allows Premium Members, Team Accounts, and Qualified Experts to ask questions that can only be seen by Experts Exchange Members, while still linking to their profile for building rapport and connections on site. The return of Private Question adds to the question security options available to these member groups, including Anonymous Question.
2
2017 Webroot Threat Report
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Tech spooks happen to every business owner. Check out my top solutions to these issues and share a story of your own! Simply submit your #TechorTreat article before October ends and be entered to win a  tech gadget.
8
Hello, EE Experts!

I wanted to make sure that all Apple users understand what's going on with the new Wi-Fi (WPA2) vulnerability "KRACK."

Apple is working on a fix to roll out as soon as possible to all its users. They've stated that there is a fix for this vulnerability in the beta versions, but that the fix is not in the latest update you have on your device.

So, what can you do?

Don't connect to Wi-Fi at hotels, coffee shops, or anywhere outside your place of business or home. Even at your house or area of work use a VPN.

Wait, even at my house?

Yes. Essentially the attacker can read all the information that is being transmitted wirelessly throughout your home. That said, if you use a VPN you're making an encrypted tunnel around the information you're sending and not relying on the WPA2 protocol that should keep your data safe. So, even if the attacker is looking at the data on your home network, the VPN is making it unreadable.

Also, if you're out and about, please turn off the Wi-Fi capability on your iPhone or iPad. By turning off the Wi-Fi, you're making your iPhone or iPad solely dependent upon cellular data, which is not susceptible to this attack.

Where can I get a VPN?

I use Encypt.me because it's fast, simple, relatively cheap, and works on all of my devices without In-app purchases. However, there are free VPNs that you can grab …
4
 
LVL 99

Expert Comment

by:John Hurst
IOS 11.1 is out today to address the Wi-Fi vulnerability. I am updating both phones here. Carrier settings are being updated at the same time.
0
Gmail just launched a physical Security Key access option, dubbed as Advanced Protection, for their service:
https://landing.google.com/advancedprotection/

You'll need to purchase two physical security keys to enroll in it.

Here is the announcement from their blog:
https://www.blog.google/topics/safety-security/googles-strongest-security-those-who-need-it-most/

Good to see a big email service provider taking security seriously, for 'personal' users.

7
 
LVL 54

Expert Comment

by:Scott Fell, EE MVE
Good post. Because I am lazy, I made a request to have this type of thing save to my ee knowledgebase or browser bookmark.

https://www.experts-exchange.com/bugs/21366/Save-posts-to-knowledge-base-as-a-bookmark.html
1
October Month!! National Cyber security Month
1
5
 
LVL 17

Expert Comment

by:Kyle Santos
A Bug Has No Name
+1 for the Game of Thrones reference.
2
Hello, EE Experts!

If you haven't already updated your iOS devices to 11.0.3, please do so. I've tested it out (it's only been out two days), and it seems stable. That's it! Take care everyone.

Side note: Be on the lookout for my article on the Apple Watch 3 Series with LTE, since my wife and I are pushing them to the limits to give you the best information on whether or not you should buy one.
6
 
LVL 99

Expert Comment

by:John Hurst
IOS 11.1 is now out and addresses the wireless vulnerability.
1
 
LVL 15

Author Comment

by:Justin Pierce, CEH
Hi, John!

10.13.1 for Mac is also available (of course the updates usually come in pairs).  ;)
0

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.