Jump to content

Search the Community

Showing results for tags 'patch'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 22 results

  1. Google patches 8th Chrome zero-day exploited in the wild this year Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux to fix seven security vulnerabilities, one of them a high severity zero-day vulnerability exploited in the wild. "Google is aware of reports that an exploit for CVE-2021-30563 exists in the wild," the company revealed. The new Chrome release has started rolling out worldwide to the Stable desktop channel and will become available to all users over the following days. Google Chrome will automatically update itself on the next launch, but you can also manually update it by checking for the newly released version from Settings > Help > 'About Google Chrome.' Eighth exploited zero-day patched this year The zero-day patched on Thursday and reported by Google Project Zero's Sergei Glazunov is described as a type confusion bug in V8, Google's open-source C++-based and high-performance WebAssembly and JavaScript engine. Even though type confusion weaknesses would generally lead to browser crashes following successful exploitation by reading or writing memory out of the bounds of the buffer, they can also be exploited by threat actors to execute arbitrary code on devices running vulnerable software. While Google said that it is aware of CVE-2021-30563 in the wild exploitation, it did not share info regarding these attacks to allow the security update to deploy on as many systems as possible before more threat actors start actively abusing. "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed." In all, Google has patched eight Chrome zero-day bugs exploited by attackers in the wild since the start of 2021. Besides CVE-2021-30563, the company previously addressed: CVE-2021-21148 - February 4th, 2021 CVE-2021-21166 - March 2nd, 2021 CVE-2021-21193 - March 12th, 2021 CVE-2021-21220 - April 13th, 2021 CVE-2021-21224 - April 20th, 2021 CVE-2021-30551 - June 9th, 2021 CVE-2021-30554 - June 17th, 2021 More details on previously patched Chrome zero-days The Google Threat Analysis Group (TAG) has shared additional details earlier this week regarding in-the-wild exploitation of CVE-2021-21166 and CVE-2021-30551 Chrome zero-days. "Based on our analysis, we assess that the Chrome and Internet Explorer exploits described here were developed and sold by the same vendor providing surveillance capabilities to customers around the world," Google said. On Thursday, Microsoft and Citizen Lab linked the vendor mentioned in Google TAG's report to Israeli spyware vendor Candiru Threat actors deployed the surveillance vendor's spyware to infect iOS, Android, macOS, and Windows devices using Chrome zero-days and Windows unpatched flaws. Microsoft researchers found that Candiru's malware was used to compromise the systems of "politicians, human rights activists, journalists, academics, embassy workers, and political dissidents." In all, Microsoft said it discovered "at least 100 victims in Palestine, Israel, Iran, Lebanon, Yemen, Spain, United Kingdom, Turkey, Armenia, and Singapore." Google patches 8th Chrome zero-day exploited in the wild this year
  2. Kaseya patches VSA vulnerabilities used in REvil ransomware attack Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their servers or utilize Kaseya's cloud-based SaaS solution. In April, the Dutch Institute for Vulnerability Disclosure (DIVD) disclosed seven vulnerabilities to Kaseya: CVE-2021-30116 - A credentials leak and business logic flaw, to be included in 9.5.7 CVE-2021-30117 - An SQL injection vulnerability, resolved in May 8th patch. CVE-2021-30118 - A Remote Code Execution vulnerability, resolved in April 10th patch. (v9.5.6) CVE-2021-30119 - A Cross Site Scripting vulnerability, to be included in 9.5.7 CVE-2021-30120 - 2FA bypass, to be resolved in v9.5.7 CVE-2021-30121 - A Local File Inclusion vulnerability, resolved in May 8th patch. CVE-2021-30201 - A XML External Entity vulnerability, resolved in May 8th patch. Kaseya had implemented patches for most of the vulnerabilities on their VSA SaaS service but had not completed the patches for the on-premise version of VSA. Unfortunately, the REvil ransomware gang beat Kaseya to the finish line and utilized these vulnerabilities to launch a massive attack on July 2nd against approximately 60 MSPs using on-premise VSA servers and 1,500 business customers. It is unclear which vulnerabilities were used in the attack, but it is believed to be one or a combination of CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120. Kaseya releases security updates Since the attack, Kaseya has urged on-premise VSA customers to shut down their servers until a patch is ready. Almost ten days after the attacks, Kaseya has released the VSA 9.5.7a (9.5.7.2994) update to fix the vulnerabilities used in the REvil ransomware attack. With this release, Kaseya has fixed the following vulnerabilities: Credentials leak and business logic flaw: CVE-2021-30116 Cross Site Scripting vulnerability: CVE-2021-30119 2FA bypass: CVE-2021-30120 Fixed an issue where secure flag was not being used for User Portal session cookies. Fixed an issue where certain API responses would contain a password hash, potentially exposing any weak passwords to brute force attack. The password value is now masked completely. Fixed a vulnerability that could allow unauthorized upload of files to the VSA server. However, Kaseya is urging customers to follow the 'On Premises VSA Startup Readiness Guide' steps before installing the update to prevent further breaches and make sure devices are not already compromised. Below are the basic steps that admins should perform before starting up VSA servers again and connecting them to the Internet: Ensure your VSA server is isolated Check System for Indicators of Compromise (IOC) Patch the Operating Systems of the VSA Servers Using URL Rewrite to control access to VSA through IIS Install FireEye Agent Remove Pending Scripts/Jobs Of these steps, it is critical that on-premise VSA servers not be publicly accessible from the Internet to prevent compromise while installing the patch. Kaseya also urges customers to utilize their "Compromise Detection Tool," a collection of PowerShell scripts to detect whether a VSA server or endpoints have been compromised. The scripts will check VSA servers for the presence of 'Kaseya\webpages\managedfiles\vsaticketfiles\agent.crt' and 'Kaseya\webpages\managedfiles\vsaticketfiles\agent.exe,' and 'agent.crt' and 'agent.exe' on endpoints. The REvil affiliate used the agent.crt and agent.exe files to deploy the REvil ransomware executable. For additional security, Kaseya is also suggesting on-premise VSA admin restrict access to the web GUI to local IP addresses and those known to be used by security products. "For VSA On-Premises installations, we have recommended limiting access to the VSA Web GUI to local IP addresses by blocking port 443 inbound on your internet firewall. Some integrations may require inbound access to your VSA server on port 443. Below are a list of IP addresses you can whitelist in your firewall (allow 443 inbound to FROM ), if you are using these integrations with your VSA On-Premises product." explains Kaseya. After installing the patch, all users will be required to change their password to one using new password requirements. Kaseya patches VSA vulnerabilities used in REvil ransomware attack
  3. Call of Duty patch brings 'biggest download day on record' Virgin Media says it recorded the "biggest download day on record" on the same day as the latest Call of Duty update. The average user downloaded more than 20GB (gigabytes) on 25 February. Call of Duty: Warzone is known in the industry for its huge download sizes, and the update in question clocked in at up to 26.5 GB for some users. BT also said that day was immensely busy, but not quite a record on its network. Unlike Virgin, BT's provided data about the network as a whole rather than the average used by individual customers. It said the surge it saw, driven by both the Call of Duty patch and the live streaming of four European football games, hit a peak network traffic of 20.86 Tbps (terabits per second). It had seen Christmas peaks of above 21 Tbps. Virgin, however, said its traffic record reflected a constant increase since the first pandemic lockdown. The first lockdown saw a sudden burst of activity on home broadband networks, prompting fears that the national network would be unable to cope - fears which proved to be unfounded, as systems stayed largely stable. During January and February's cold snap, usage was up 7.4GB a day compared with the same months last year, pre-lockdown. But Virgin says downloads are up in the current lockdown compared with the first in 2020, with the average user downloading an extra 3.1GB a day. Habits have changed too, with weekday afternoons between 14:00 and 16:00 becoming the busiest period for "upstream traffic" - that is, sending data to the internet, whether through emails, uploads or video calls - for the first time The information was based on an analysis of some five million broadband customers' accounts, the company said. Gaming growth One caveat is that the amount of data being pushed through the nation's broadband networks is constantly growing as demand increases. Mark Jackson, editor of industry site ISPreview, wrote that "demand for data is constantly rising and so new peaks of usage are being set all the time". Usage typically went up by 30% or more each year, he added. However, Covid-19 lockdowns have accelerated that trend as demand has shifted away from offices to home broadband users. Video calls, remote learning and other high-data usage have also risen. Gaming also makes a big contribution, due to the fact that many gamers download all their titles rather than buying discs these days - and even those who do prefer physical copies need to download large updates on a constant basis. Activision has said that fully-installed and updated versions of Call of Duty: Black Ops Cold War and Warzone may no longer fit on a 500GB PS4 https://t.co/JYyo3afNx9 pic.twitter.com/MAttQjXwTi — IGN (@IGN) February 25, 2021 The BBC is not responsible for the content of external sites.View original tweet on Twitter In November, the launch of new Xbox consoles led to a previous record being set by several internet providers as gamers downloaded the required data for the shift to next-generation gaming. Call of Duty: Warzone, the popular battle royale shooter, is a well-known contributor to such statistics. Its minimum requirements for PC gamers include having 175GB of free space - a huge chunk of most computers' storage space. PlayStation 4 owners have even been advised that they may need to delete some of the game's own data packs in order to download new updates and have them fit on the console's 500GB hard drive. Source: Call of Duty patch brings 'biggest download day on record'
  4. Winzip 18 Pro (x86) and (x64) Please do visit my blog: softhacks123.blogspot.com NEW WinZip®18 Zip, protect and share anywhere with the world's #1 zip utility. Zip and unzip files and folders instantly Protect your privacy by encrypting as you zip Share to cloud services securely and seamlessly Convert to PDF, add watermarks and resize photos Express Add-Ons bring WinZip power to other apps* For more info on Winzip visit Winzip Official Website. Download from here: https://kickass.to/winzip-18-pro-x86-and-x64-with-patch-and-serial-key-t8142143.html EnJoY!! :rolleyes: :showoff: :wub: :lol: B) ;) :P :D
  5. Respawn Entertainment on Thursday released a hefty title update for Titanfall across all platforms. The patch adds several new features and addresses multiple bugs that have cropped up since the game’s March 11 release date. The patch allows gamers to create private matches, a feature that was notably absent in the initial release. Private matches can support two to 12 players with one to six players on each team. As expected, gamers won’t be able to earn XP nor will they be able to make progress in challenges or unlock achievements in this new mode. The update also reduces the requirements to complete a Gen 5 challenge called “Gooser.” Previously, the challenge required gamers to kill 50 ejecting pilots while they were in mid-air. Considering the unique conditions that have to be met just to have the opportunity to get a kill on an ejecting pilot, Respawn said they went a bit too far with this challenge and have reduced the number of kills needed from 50 down to just five. Those that did manage to complete the 50-kill challenge as well as players that already had more than five qualifying kills before the patch was released will be recognized for their accomplishments in a future game update. Other changes include the removal of a wall hack exploit, multiple game balance changes and a bevy of bug fixes. The full change log can be viewed on Titanfall’s official website. Source
  6. In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software. WordPress released a 5.5.2 update to its ubiquitous web publishing software platform. The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. In all, the WordPress Security and Maintenance Release tackled 10 security bugs and also brought a bevy of feature enhancements to the platform. WordPress said the update was a “short-cycle security and maintenance release” before the next major release version 5.6. With the update, all versions since WordPress 3.7 will also be current. Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website. “The vulnerability allows a remote attacker to compromise the affected website,” WordPress wrote in its bulletin posted Friday. “The vulnerability exists due to improper management of internal resources within the application, which can turn a denial of service attack into a remote code execution issue.” The researcher who found the bug, Omar Ganiev, founder of DeteAct, told Threatpost that the vulnerability’s impact may be high, but the probability an adversary could reproduce the attack in the wild is low. “The attack vector is pretty interesting, but very hard to reproduce. And even when the right conditions exist, you have to be able to produce a very accurate DoS attack,” he told Threatpost via a chat-based interview. “The principle is to trigger the DoS on the MySQL so that WordPress will think that it’s not installed and then un-DoS on the DB under the same execution thread,” Ganiev said. The bug was found by Ganiev three years ago, however he only reported it to WordPress on July 2019. The delay, he said, was to research different types of proof-of-concept exploits. Neither WordPress or Ganiev believe the vulnerability has been exploited in the wild. Four bugs rated “medium risk” by WordPress were also patched. All of the flaws affected WordPress versions 5.5.1 and earlier. Three of the four vulnerabilities – a cross-site scripting flaw, improper access control bug and a cross-site request forgery vulnerability – can each be exploited by a “non-authenticated user via the internet.” The fourth medium-severity bug, a security restriction bypass vulnerability, can be triggered only by a remote authenticated user. Of the medium-severity bugs the cross-site scripting flaw is potentially the most dangerous. A successful attack lets a remote attacker steal sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks, according to WordPress. Because of insufficient WordPress data sanitization of user-supplied data to an affected website, the security release said a remote attacker “can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.” Source
  7. Newly revealed exploit gave anyone root access on Linux systems Canonical has issued an urgent security fix to the ‘sudo’ package in the Ubuntu archives following the discovery of a major security flaw. A critical fix has rolled out to all users of Ubuntu 16.04 LTS, 18.04 LTS, 19.04 and 19.10 (and one assumes Ubuntu 14.04 ESR too) — just run a sudo apt upgrade to install it. But what about the flaw inquisition? Well, if you’re yet to hear about it I appreciate meditative disconnect from social media. The oft toxic waste pools of chatter were with wet with alarm — some manufactured, the rest well weighted — over CVE-2019-14287 when it was announced yesterday, October 14. The exploit, described by TheHackerNews, who also first reported the flaw, is thus: “The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the “sudoers configuration” explicitly disallows the root access.” In other words: anyone could gain root access to a Linux system just by specifying the user ID “-1” . Now, I am not a security expert by any stretch — I use automatic login on everything — but I have to say this specific flaw is rather novel in that it’s so…basic. Like many, I’m used to headline exploits being obtuse and complicated, requiring a highly targeted and unconventional attack vector or unique deployment method. But this one? It could, in theory, be triggered on an affected system — which in this instance is almost anything running Linux — by a single command… Although the implications of the issue is mildly terrifying, it is mercifully redundant now that a security patch is available. So if you haven’t installed it, stop reading and go do it! Source
  8. On Halloween, Google releases Chrome 78.0.3904.87 to patch a Chrome zero-day discovered by Kaspersky exploited in the wild. Yesterday, on late Halloween night, Google engineers delivered the best scare of the evening and released an urgent update for the Chrome browser to patch an actively exploited zero-day. "Google is aware of reports that an exploit for CVE-2019-13720 exists in the wild," Google engineers said in a blog post announcing the new v78.0.3904.87 release. The actively-exploited zero-day was described as a use-aster-free bug in Chrome's audio component. Google credited Anton Ivanov and Alexey Kulaev, two malware researchers from Kaspersky, with reporting the issue. Use-after-free vulnerabilities are memory corruption bugs that occur when an application tries to reference memory that was previously assigned to it but has been freed or deleted in the meantime. This usually causes a program to crash, but can also sometimes lead to other, unintended consequences. Back in March, Google patched another Chrome zero-day (CVE-2019-5786 in Chrome 72.0.3626.121), which at the time was being used together with a Windows 7 zero-day (CVE-2019-0859, fixed in the April Patch Tuesday). In April, Kaspersky said both exploits were used together by a yet-to-be-named APT (a term used to describe a nation-state hacking group). The March Chrome zero-day was also a use-after-free vulnerability. It is unclear if this recent Chrome zero-day is used by itself to launch attacks on Chrome users, or is part of a more complex exploit chain, like the March attacks. A Kaspersky spokesperson was not immediately available for comment on this issue. Chrome 78.0.3904.87 is available for Windows, Mac, and Linux. The release will slowly roll out to all Chrome users in the coming weeks but users can trigger a manual update right now by visiting the browser's Help > About Google Chrome section. Source: On Halloween night, Google discloses Chrome zero-day exploited in the wild (via ZDNet)
  9. Microsoft releases new patch for Windows 10 version 1803 Microsoft has just released a new cumulative update for Windows 10 version 1803, aka the April 2018 Update (via Neowin). The build 17134.677 (KB4489894) is an optional release that won’t automatically be downloaded on your PC, but because all Windows 10 updates are now cumulative, all fixes included in this patch will end up in next month’s “Patch Tuesday” update for this version of Windows 10. There’s a pretty long list of fixes in this update, though the release notes also mention five known issues that will be addressed in an upcoming release. Anyway, here are the general fixes and improvements in this build: Addresses an issue with a Microsoft Access 97 database that stops a requested operation when a table or column has custom properties. Addresses an issue that prevents Microsoft Office updates from downloading from the Microsoft Store. Updates time zone information for Buenos Aires, Argentina. Addresses an issue with Microsoft Office Visual Basic for Applications that fails to use the Japanese Era registry settings for dates in the Japanese format. For more information, see KB4469068. Updates time zone information for Kazakhstan. Updates time zone information for São Tomé and Príncipe. Addresses an issue that prevents users from enabling gan-nen support for the Japanese Era. For more information, see KB4469068. Addresses an issue that causes a device to periodically stop responding when using an East Asian locale. Addresses a reliability issue that may cause a laptop screen to remain black after resuming from Sleep if you close the lid when disconnecting from a docking station. Addresses an issue with the Group Policy, “Turn off app notifications on the lock screen”. Addresses an issue that may prevent users from signing in and cause account lockouts when using the App-V client to start applications. The issue occurs because Kerberos authentication fails when trying to get user information from the domain name server (DNS). Modify the following registry key: Setting: UseDcForGetUserInfo Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Shared\ Type: REG_DWORD Value: Setting the following DWORD to nonzero will enable the solution. Addresses an issue with the Windows lock screen that prevents users from unlocking a device after multiple smart card users have used the same device. This issue occurs when you attempt to use a workstation that another user has locked. Addresses an issue that prevents the authentication credentials dialog from appearing when an enterprise web server attempts to connect to the Internet. Addresses an issue that causes a client or server to restart when using a smart card to log in with User Name Hints to an Azure Active Directory (AAD) joined machine using Remote Desktop Services. Addresses an issue in which multiple device entries exist for a single, hybrid domain joined device. Addresses an issue that removes the ALLOWCLSIDS policy from the policy XML file when you run the Add-SignerRule for Windows Defender Application Control. Addresses an issue that prevents a virtual smart card from starting when running in conjunction with Citrix 7.15.2000 Workstation VDA software. Addresses an issue that prevents a user from authenticating and causes Windows Account Manager (WAM) to fail when using a Trusted Platform Module (TPM). Addresses an issue that causes certificate renewal to fail when using CERT_RENEWAL_PROP_ID with the ICertPropertyRenewal interface. Adds a new Group Policy setting called “Enable Windows to soft-disconnect a computer from a network”. This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network. If enabled, Windows will soft-disconnect (disconnection is not immediate or abrupt) a computer from a network. If disabled, Windows disconnects a computer from a network immediately. If not configured, the default behavior is soft-disconnect. For more information about soft-disconnect, see Understanding and configuring Windows Connection Manager. Path: Computer Configuration\Policies\Administrative Templates\Network\Windows Connection Manager Addresses an issue that may cause the error, “Stop 0x133” in NTFS.sys. Addresses an issue that causes Windows to reuse an expired Dynamic Host Configuration Protocol (DHCP) lease if the lease expired while the OS was shutdown. Addresses an issue that may cause the Virtual Machine Management Service (VMMS) to stop working. This issue occurs when executing a Live Migration using a Measure-VM cmdlet or any metric Windows Management Instrumentation (WMI) query. Addresses an issue in which the graphics device interface (GDI) DeleteObject() may cause the calling process to stop working when both of the following conditions are true: The calling process is a WOW64 process that handles memory addresses larger than 2 GB. The DeleteObject() is called with a device context that is compatible with a printer device context. Provides seamless integration with Microsoft Cloud App Security (MCAS) to discover cloud app usage inside and outside the corporate network for Windows Defender Advanced Threat Protection (ATP) customers. Enhances automated investigation and remediation, including memory forensics, for Windows Defender ATP customers. Addresses an issue that prevents the “Turn off app notifications on the lock screen” policy from working. The path is “Computer Configuration\Administrative Templates\System\Logo”. Addresses minor issues with unknown options (unknown OPT) in the Extension Mechanisms for DNS (EDNS) for the Windows DNS Server role. Microsoft also released today new cumulative updates for Windows 10 versions 1709 and 1703, but there’s nothing for the latest version 1809 today. This may change later this month, as it’s now rare that Microsoft doesn’t release at least two cumulative updates for a specific version of Windows 10 every month. Stay tuned to OnMSFT as we’ll let you know as soon as a new patch is out. Source
  10. Google patches Chrome zero-day vulnerability currently being exploited Google has released an update for Chrome that patches three security bugs, one of which is a zero-day vulnerability that is currently being exploited. The vulnerability, under the identifier CVE-2020-6418, was discovered by Clement Lecigne, a member of Google's Threat Analysis Group, on February 18. While it is known that the vulnerability is being exploited in the wild, information on how it is being used is not public yet. The vulnerability has been patched in Chrome version 80.0.3987.122. The update is rolling out to all Windows, Mac, and Linux users. However, it is not known when an update with the patch will make it to the mobile versions of the browser. As for the vulnerability itself, it is described as a ‘type confusion in V8’. V8 is Chrome’s component responsible for processing JavaScript code. Type confusion refers to a logical bug that occurs when a program accesses resources using an incompatible type, leading to logical errors. The vulnerability, when exploited, can allow attackers to run unrestricted code on the affected applications. The search giant patched Chrome’s first zero-day vulnerability back in March 2019 when it disclosed the security risk along with a vulnerability in Windows 7. Since the patch fixes a zero-day that is currently being exploited in the wild, it is best for users to update their browsers to the latest version (80.0.3987.122). You can download the update using the offline installer here, or head to the three-dot menu on Chrome > Help > About Google Chrome, and force the update. Source: Clement Lecigne (Twitter) via ZDNet Source: Google patches Chrome zero-day vulnerability currently being exploited (Neowin)
  11. Hackers are exploiting many of the same security vulnerabilities as last year and they all impact Microsoft Windows products - but a bug in Adobe Flash was the most exploited in 2019. Over half of the most common security vulnerabilities exploited by criminals to conduct cyber attacks and distribute malware are more than a year old, and some are over five years old, demonstrating how failure to apply security updates is leaving organisations vulnerable to hacking and malicious compromise. Researchers at Recorded Future analysed the top vulnerabilities, exploit kits and malware attacks deployed by cyber criminals during the course of 2019. There are patches from vendors to fix all of these bugs, but software patching is often forgotten or ignored by companies and individuals. Recorded Future found that six of the most commonly exploited vulnerabilities for the year were repeats from 2018. All of these repeats are to do with vulnerabilities in Microsoft products, and in total eight of the top ten vulnerabilities are related to Microsoft software such as Internet Explorer and Microsoft Office. However, the two other most common vulnerabilities in the top ten list both target Adobe Flash Player and one of these Flash flaws - CVE-2018-15982 - was the most commonly exploited during 2019. This Flash zero-day has helped power GandCrab ransomware as well as various forms of malware powered with the Fallout exploit kit which provides criminals with a selection box of exploits. Such is the danger of the vulnerability that it was assigned a Common Vulnerability Scoring System (CVSS) score of 10 when it emerged – and was patched – in December 2018. Behind this, the next three most common vulnerabilities exploited by cyber attackers are all repeats from the previous year with last year's number one – CVE-2018-8174 – sliding to number two. The vulnerability in Internet Explorer – known as Double Kill – is deployed in a wide variety of cyber attacks and is associated with hacking campaigns which deliver Trickbot trojan malware, as well as number of common exploit kits. The vulnerability was patched in May 2018, but the way in which is still exploited demonstrates that there are large numbers of users who haven't applied it. The same goes for CVE-2017-11882, a vulnerability in Microsoft Office which was disclosed in December 2016 and still ranks as the third most commonly exploited vulnerability in the list. It's become associated with a large number of Trojans and keyloggers, as well as Emotet, one of the most prolific botnets in the world today. Alarmingly, CVE-2012-0158 remains one of the most common vulnerabilities targeted by hackers, despite being almost eight years old. The critical bug in Microsoft Office can be exploited to conduct remote code execution attacks and despite slightly dropping in popularity, remains in the top ten. CVE-2015-2419 – a vulnerability which allows attackers to execute arbitrary code via Internet Explorer also features in the top ten, despite being known about since 2015. EternalBlue was one of the most potent vulnerabilities in recent years, helping to power the WannaCry ransomware attack and it's still commonly used today. However, Recorded Future researchers haven't included EternalBlue – or EternalRomance – in the report because they were first adopted by nation-state backed hacking operations, rather than emerging through the cyber criminal underground. All of the vulnerabilities in the list have received patches – but there are still enough users and enterprises which aren't applying the updates and therefore leaving the door open for cyber attackers. "The problem is that there are tens of thousands of people looking to exploit Microsoft products, simply because it's such a large target," Kathleen Kuczma, sales engineer at Recorded Future told ZDNet. The most effective thing which can be done to protect networks from falling victims to attacks which use these vulnerabilities is to ensure all products – particularly Microsoft ones – are up to date and that if a new security patch is released, to apply it as soon as possible. And because the most commonly exploited vulnerability targets Adobe Flash, the advice from Recorded Future is simple: automatically disable it, especially as Adobe will be ending support on December 31 2020. The top ten most commonly exploited vulnerabilities – and the technology they target – according to the Recorded Future Annual Vulnerability report are: CVE-2018-15982 – Adobe Flash Player CVE-2018-8174 – Microsoft Internet Explorer CVE-2017-11882 – Microsoft Office CVE-2018-4878 – Adobe Flash Player CVE-2019-0752 – Microsoft Internet Explorer CVE-2017-0199 – Microsoft Office CVE-2015-2419 – Microsoft Internet Explorer CVE-2018-20250 – Microsoft WinRAR CVE-2017-8750 – Microsoft Internet Explorer CVE-2012-0158 – Microsoft Office Source
  12. Microsoft will patch a lingering zero-day vulnerability in Internet Explorer next Tuesday, one of five bulletins it will release as part of its March 2014 Patch Tuesday security updates. The IE 10 zero-day was disclosed close to a month ago when researchers at FireEye reported on Operation SnowMan, an espionage campaign that compromised the U.S. Veterans of Foreign Wars website. The attackers, experts said, were targeting the computers of active military personnel who visit the site seeking benefits information. FireEye said a Flash exploit was used via an iFrame to trigger the use-after-free vulnerability in the browser. Compromised computers were hit with a remote access Trojan that stole data; experts speculate the attackers were hoping to gain steal military secrets from the active service members who use the site as a resource. It was soon discovered that a second and unrelated group of attackers was also exploiting the IE 10 zero day, this time to impersonate a number of French aerospace companies, redirecting legitimate traffic to the hacker-controlled domains. Researchers at Seculert said malware that changes host files on infected machines in order to add in these malicious domains had previously been the domain of pharming attacks used for fraud. “This is the first time we have seen a malware change a host file for a purpose other than fraud perpetuated by pharming or for disabling access to specific websites,” Seculert CTO Aviv Raff said. Microsoft had shipped a Fix-It mitigation for the zero-day as a stopgap until a patch was ready. Microsoft said IE 9 also contains the same vulnerability, but it was not being exploited. IE 11 users running the Enhanced Mitigation Experience Toolkit (EMET) were also protected against these attacks. The IE update is one of two critical bulletins expected next week. The other is also a remote code execution vulnerability in Windows. All five bulletins announced by Microsoft today affect versions of Windows or IE all the way back to Windows XP, which Microsoft will no longer support with security updates as of April 8. “Windows XP is affected by all five updates and there is really no reason to expect this picture to change: Windows XP will continue to be impacted by the majority of vulnerabilities found in the WIndows ecosystem, but you will not be able to address the issues anymore,” said Qualys CTO Wolfgang Kandek. “You need a strategy for the XP machines remaining in your infrastructure. We are still seeing significant number of XP machines in our scans.” The remaining three bulletins were rated “important” by Microsoft and include elevation of privilege vulnerability and security feature bypass issues in Windows and another security feature bypass issue in Silverlight. “Of the remaining issues, one is an important privilege issue, probably going to be a kernel or kernel driver patch; never something to ignore but less important than a critical/remote issue,” said Ross Barrett, senior manager of security engineering at Rapid 7. “The other two are the seldom seen ‘security mechanism bypasses’, probably the same issue being patched in Windows and in Silverlight. We will have to wait and see how exploitable this turns out to be. If it turns out that some of these issues are in the wild and under exploitation, then that will be change the circumstances of what to prioritize.” Silverlight, meanwhile, has relatively limited adoption and given Microsoft’s support of Flash in IE 11, it’s not out of the question it will be discontinued eventually, said Tyler Reguly, manager of security research at Tripwire. “In a world filled with so many web technologies, vendors could better serve the public by simply limiting choice and removing dead weight,” Reguly said. Source
  13. Microsoft Flight Simulator patch #2 highlights unveiled, release imminent Image via SimTom112 Last week, Microsoft Flight Simulator patch v1.7.14.0 was made available to all users. The focus for the update was primarily the addressing of stability and installation issues with the recently released title. The development update for the week of September 3 was made available a few days later than usual, bringing an updated Development Roadmap, version 9.03 of the Feedback Snapshot, and more. Today, Microsoft has announced that patch #2 for Microsoft Flight Simulator is finishing final testing and being prepped for a release which should arrive in the next 10 days. Highlights for the latest patch have also been revealed, alongside news on other deliverables. As far as the patch is concerned, some of the significant offerings that will be arriving through the update are as follows: Performance improvements ATC updates UI updates Aerodynamic updates Aircraft updates Cockpit visuals and animation updates General aviation system updates General aviation avionic updated Airliner system updates Airliner avionic updates Live Weather updates – (e.g. 225/3kt wind fixed, persistency fixed, etc.) Upgraded multiplayer servers Marketplace updates Content Manager updates Localization updates Accessibility updates Camera updates Bush Trip updates (e.g. completion trigger fixed/Completionist achievement fixed) World updates The list of changes this time around looks to be more detailed in comparison to the previous patch, and this is only an overview; the full patch notes will be made available when patch #2 is released. Image via SteffoHD Moving on, the Marketplace has been updated, bringing a selection of nine new airports to users, including the likes of Paderborn-Lippstadt Airport in Büren, Germany, and the Frasca Field-C16 in the state of Illinois, United States. The Kitfox STi aircraft has also been made available and some airports, landmarks, and aircrafts have been updated. With regards to other deliverables, the Feature Discovery Series and the Partnership Series are noted to have hit a few roadblocks. More information on these will be revealed with next week's development update. Microsoft has also remarked on its official Flight Simulator subreddit, r/flightsim, having crossed the 100K members mark. That is all from this week's development update. If previous releases are something to go by, patch #2 should be pushed out to users around September 16, though the officially stated window runs until September 20. Microsoft Flight Simulator patch #2 highlights unveiled, release imminent
  14. Microsoft delays the fifth Flight Simulator patch by a few days due to autopilot issues Microsoft has announced that it will be delaying the fifth Flight Simulator patch by a few days that was slated to be made available today. The company has cited some last-minute issues with the autopilot on multiple planes, because of which it will need a few more days to iron out the problems. Here is the complete announcement: We encountered some issues related to the autopilot across various planes right before we were set to release Update 5. We decided to take some extra time to address the issues to ensure that everyone will enjoy this update. It’s going to take a few days, but it is close! According to the updated Feedback Snapshot from last week, the patch is expected to bring fixes for issues with the terrain emitting light, the promised removal of the ‘Press Any Key to Start’ prompt – something was originally planned in the earlier patches, the ability to disable cockpit tooltips, and more. It is possible that the company will share an updated snapshot as part of this week’s roadmap containing more information about what it plans to address with the fifth patch. Considering that the announcement says that the patch is delayed just by a “few days”, it will not be surprising if it is released before the end of this week. With the highest voted issue also containing autopilot issues, it is best for the firm to release an update that does not add to the problems. As for other Flight Simulator news, the firm is closer to releasing the VR beta, with emails for the first wave of the closed beta expected to be sent out soon to users running Windows Mixed Reality headsets. Microsoft delays the fifth Flight Simulator patch by a few days due to autopilot issues
  15. Microsoft releases Flight Simulator patch version 1.9.5.0 with a bunch of fixes As promised last week, Microsoft has released a new patch for Flight Simulator, bringing version 1.9.5.0 to all users. Today’s update contains a bunch of fixes and improvements to various areas such as the UI, airports, planes, and more. The changelog also notes that multiplayer has been deactivated in the Japan discovery flight. While the patch notes are short – in comparison to earlier patches –, the download from the Store is a 569MB package, with the in-game content download size reaching 2.4GB. The company is quick to add that these notes do not include “every single item that was updated”. Regardless, fixes for the VFR screen causing game crashes and issues in the Avionics screens will be welcome additions for those who have been experiencing them. There are other fixes for auto-generated scenery. Here is the complete list of fixes in patch version 1.9.5.0: PLANES The VFR map should no longer crash the title during a flight Avionic screens or buttons in the cockpit should no longer be turned off randomly (ghost cockpit) Crashes related to the use of the Smart cam have been fixed AIRPORTS Navblue navigation data has been updated UI Version history is now properly displayed in the Marketplace and Content manager The multiple simultaneous downloads in the content manager are better handled to prevent crashes or freezes The packages downloaded through the content manager should now be correctly loaded without requiring a reboot of the title The airport icons in the world map have been slightly modified AERODYNAMICS Auto Pilot pitch oscillation has been reduced on some planes ACTIVITY Multiplayer has been deactivated in the Japan Discovery Flight MARKETPLACE Quality of life updates for the marketplace WORLD Autogen buildings height has been reviewed TIN luminance (Sendai, Takamatsu, Tokushima, Tokyo, Utsunomiya, Yokohama) Interestingly, the company has not listed if the ‘Press any key to start’ prompt has been removed from the game. The firm listed this ‘Top wishes’ item as fixed and slated for release in the fourth update, which is what today’s patch is. Another item in the latest Feedback Snapshot denoted as fixed in ‘Update 4’ is the issue with the left engine failing to start on the A320, which also isn’t present in the release notes. In addition to the patch notes, the company has also updated the list of known issues and the possible workarounds. These include issues with various aircraft, airports, weather, and more. Users can head here to read through all the known issues and workarounds. Microsoft releases Flight Simulator patch version 1.9.5.0 with a bunch of fixes
  16. Valhalla' players can drop the game down to 30 FPS in 'quality' mode for better visuals. Ubisoft Montreal Just in time for Thanksgiving in the US, Ubisoft is releasing the next major patch for Assassin’s Creed Valhalla. Tomorrow you’ll be able to download the game’s 1.04 update. It comes with a host of improvements, but the most notable addition is a new setting that allows you to choose between performance and quality presets on the PlayStation 5, Xbox Series X and Series S. When you pick the performance setting, your new console will try to consistently render the game at 60 frames per second while dynamically adjusting the resolution and other graphical settings. In quality mode, meanwhile, the game will prioritize fidelity while aiming for a 30 frames per second target. Worth noting here is that the game had performance and quality presets already, but you couldn’t set them yourself. Instead, each console stuck with a default performance target. For the PS5 and Xbox Series X, that meant 60 frames per second, while the Xbox Series S stuck to a more modest 30 frames per second. Ubisoft says the update also tweaks the Series X and Series S versions of the game to improve overall performance, including the screen tearing that’s been an issue on those consoles. If you’ve had a chance to play Assassin’s Creed Valhalla, you’ll know it’s a buggy game in its current state. Thankfully, tomorrow’s update also comes with a long list of bug fixes. There are too many to go over all of them, but a couple stand out for addressing some of the more unusual and humorous glitches that slipped through the Q&A process. Once you install the update, you won’t have to worry about dogs levitating when your character pets them, and crows will no longer randomly fall from the sky when you visit Asgard. Oh, and fish in Norway will now spawn in bad weather. Good stuff. The update will start rolling out at approximately 7 AM ET. Depending on the console, you can expect a download between 2.5GB and 5.3GB. Source
  17. Flight Simulator patch version 1.10.11.0 now out with a bunch of fixes Less than two weeks after releasing the fifth Flight Simulator patch to users – which itself arrived slightly behind schedule –, Microsoft has released the sixth patch for the simulator that fixes more issues with the navigation, aircraft behavior, ATC, weather, and more. The patch bears version number 1.10.11.0 and is rolling out to all users now. Today’s release addresses problems mainly with ATC and airplanes. The ATC window now lists the entire names of approaches and there are improvements to responses when trying to switch to an IFR flight plan mid-air, even if a flight plan was already loaded in the GPS, and more. As for enhancements to aircraft behavior, the A320 bank oscillation issue caused by the Fly-by-wire has been fixed, along with other problems affecting cockpit instruments and more. Here is the complete changelog: NAVIGATION Navblue data has been updated Navigation data date is now dynamically set in the avionics ATC ATC window should now list the entire name of approaches ATC should respond to requests for changing an approach into an airport User should now have the option to request an IFR clearance in the air even if they have a flight plan entered / loaded in their GPS ATC should now respond to requests for changing runways while near / on approach to an airport PLANES The Fly-by-wire bank oscillation has been fixed for the Airbus A320neo The overpowered engine of the Boeing 787-10 Dreamliner has been reduced Fixed broken plane instruments when switching to Metrics via the options menu Fixed cockpit interactions that were either getting mixed up or not working on 3rd party airplanes All liveries should now be accessible in game and properly loaded WEATHER Lightning should no longer be triggered in clear skies INPUT The sensitivity curve methodology has been adapted for the different inputs MISC New temporal anti-aliasing (TAA), along with new sharpen filter using AMD FidelityFX CAS While the fifth patch noted a few known issues in the changelog, including problems with the autopilot in VNAV, live weather, and more, today’s release does not mention any known issues. The live weather bug is marked as partially fixed in the latest Feedback Snapshot. A bunch of issues also seem to be marked as ‘backlog’, including taxiway inconsistencies. Responses to the patch release announcement on Twitter also suggest that users are still facing problems with the AI co-pilot feature. It will be interesting to see if the firm adds these issues with the next update or provides more information as part of next week’s development update. Flight Simulator patch version 1.10.11.0 now out with a bunch of fixes
  18. Flight Simulator Patch 1.10.7.0 brings a bunch of fixes and some known issues Microsoft has released the fifth Flight Simulator patch to all users with a bunch of fixes and improvements. There are also some known issues to be aware of, such as problems with VNAV mode in the autopilot that leads to overshooting the climb speed, issues with Live weather, and more. However, the list of fixes in this patch version 1.10.7.0 is extensive and brings improvements to planes, the UI, the installation manager, the Marketplace, and more. As for the UI fixes, the firm has finally removed the ‘press any key to start’ screen, a highly requested change that was supposed to make it in the fourth patch. The firm has also added the ability to switch between metric and U.S. standard units, and more. There are improvements to the autopilot performance for a bunch of planes, and many other visual enhancements including motion blur, improved night light and reflections, and much more. Here is the complete list of the fixes: PLANES Improved sensitivity and twitchiness of control surfaces for the Daher TBM 930, Cessna 152, Cessna 152 Aerobat, Cessna 172 classic and Cessna 172 G1000 Improved autopilot behavior for pitch management, altitude capture and stability for Cessna 208 B Grand Caravan EX, Cessna Citation Longitude, Boeing 747-8 Intercontinental and Daher TBM 930 Fixed Zlin Shock Ultra caution amber light which was always on Fixed Cirrus SR22 windshield deicing not working Fixed Cessna 152 flood light always ON during tutorials Fixed aircraft avionics screens going blank in certain conditions Fixed Boeing 787-10 Dreamliner APU fault light behavior Unlocking longitudinal position of elevator to allow for “Canard” airplanes UI Press any key to start screen is now automatically skipped at launch Option added to the Misc menu to switch between Metric and US standard units Performances has been improved in plane selection menu and marketplace The TrackIR can be enabled/disabled in the camera panel during flight Cockpit tooltips can now be deactivated in the Accessibility options menu WEATHER Metar data refresh issue has been fixed INSTALLATION MANAGER Solved several installation issues that were affecting edge cases We now display the download speed and amount of packages that are being downloaded INPUT Support for Thrustmaster TCA Quadrant Airbus Edition Ability to move the origin of the sensitivity curve and change the sensitivity value on both side of the origin Fix input values when using deadzones ACTIVITY All Landing challenge scores should now be properly tracked in the leaderboards MARKETPLACE Quality of life updates for the marketplace WORLD Motion blur has been added New temporal anti-aliasing (TAA) has been implemented The temporal upsampling has been fixed (when TAA is active with the render scale below 100%) Night lighting has been improved Water night reflections have been added Huge hole in Brazil has been fixed However, users must also take note of the known issues that persist in the simulator, including a problem with the glide slope in Cessna Citation Longitude, and more. Here are all the known issues: VNAV can overshoot the climb speed. Disconnecting the AP after take off and re engaging it will limit the overshoot impact The Cessna Citation Longitude can be slightly below the glide slope as you get close to the airport Once activated, the Switch to Mach units knob won’t return to knots on the Airbus A320neo Live weather fails to save properly after restarting the game UI fails to refresh after you Buy & Download any item, letting the download button appear Interestingly, though the company claimed that the decision to delay the patch was to fix some autopilot issues, many responses on Twitter to the patch release announcement suggest that there are still problems with both the autopilot and the AI co-pilot feature. The team also acknowledged that it was investigating crash issues and that it will be providing an update about a resolution today. Flight Simulator Patch 1.10.7.0 brings a bunch of fixes and some known issues
  19. Microsoft releases Flight Simulator patch version 1.7.14.0 Microsoft Flight Simulator was released for the PC on August 18. While the title had been in testing for a little more than a year, there were a few known issues at launch such as problems with the download and more. The firm also made available the first public SDK on August 21. Now, just as promised last week, Microsoft has released a patch for Flight Simulator that addresses a few known issues with the latest simulation title. The patch, version 1.7.14.0 should be rolling out to all users. To install the patch, users will have to simply close the game and re-open it. The firm, however, says that those that faced issues when attempting to install the game at launch should perform a clean install. The Redmond firm has also provided instructions for uninstalling the game, both for those that purchased and installed via Steam or the Microsoft Store. The team has also posted installation guidelines in a support article here. As for the patch itself, here are the fixes and improvements that are being made: STABILITY ISSUES The title will no longer crash when different input devices/peripherals are disconnected The title will no longer crash when the TBM 930 package is deleted INSTALLATION ISSUES The install process will no longer be blocked after a partial decompression of a package The install process will no longer be blocked when a local user account includes non-ASCII characters The install process will no longer be blocked after a failed connection to servers The install process will no longer display an empty onboarding screen under certain conditions The title will download a critical missing/deleted package to access the main menu even if the save data preference is set to offline (when an internet connection is available) CONTENT MANAGER The title will no longer automatically download packages that have been deleted through the content manager The content manager will no longer get stuck in an infinite loading state when checked offline The Creator name of the packages should now be properly updated SIMCONNECT Significant FPS drop when using Simconnect should no longer affect the experience OPTIMIZATION The performance of the title has been improved when the Display name plate option is set to active MARKETPLACE The correct currency is now properly updated in the marketplace Further updates to Flight Simulator and the deliverables planned for the next few months should come as part of the next development update, which usually arrives on Thursdays. In all, the performance improvements and stability fixes should be a welcome addition for those that have faced problems with the game. Microsoft releases Flight Simulator patch version 1.7.14.0
  20. Wondershare MobileGo for Android 4.0.0.245 Eng/Rus + Patch Wondershare MobileGo for Android - a popular tool, which has already become almost indispensable for users of Android-smartphone to control their cell mates with a PC. The application works with virtually all of the content or data to be operated on a smartphone: it is, of course, the obligatory synchronize content via cable or via a wireless connection, contact management, multimedia content, SMS and MMS messaging, converting video files for further viewing on your phone, backup or data recovery. Features: • Support for the wireless connection, and USB devices. • Ability to manage a contact. • Manage your media files to your smartphone. • Save / delete / edit and SMS messages and various applications. • Support converting video files for their further viewing on a mobile device. • Simplify the process of backing up and restoring data. Site: *BANNED FILE HOST REMOVED* Sharecode: *CONTENT REMOVED*
  21. TreeDBNotes Pro 4.34 Build 01 ML + Patch TreeDBNotes Pro - easy-to-use application combining the functions of an organizer, contact manager, password manager, text editor, and database. The program has an intuitive, customizable interface, the Russian language is present. Features: The search function records on several criteria, including the pre-defined keywords.The Replace records, history records, etc.Insert file, link, image, time, date, html page.Import and export data in formats TXT, WRI, RTF, XLS, DOC, HTML, etc.Supports simultaneous operation of multiple organizers.The ability to insert files, links, dates, symbols, etc.Encryption and password protection of any data.Support for HTML tables and Word.Screen capture tool.Editor electronic books.Password generator.What's new in this version: New: Export notes to DocX (Microsoft Word 2009/2012/2013) formatNew: phrases manager CTRL + Double click - copy to clipboard.Impr: Export to htmlImpr: better drawing underlines in print previewFix: export notes to web site (incorrect export for notes with hyperlinks)Fix: remember export folderA lot of minor changes and fixesSite:http://www.tusfiles.net Sharecode:/ms34gvdwmvpb
  22. Guest

    diskeeper 12

    can anyone update diskeeper 12 patch because it was outdated http://www.nsanedown.com/?request=25690302
×
×
  • Create New...