Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates.

Source Code of Windows XP, Server 2003 leaked

Security Affairs

The source code for Microsoft’s Windows XP and Windows Server 2003 operating systems was published as a torrent file on bulletin board website 4chan. The post Source Code of Windows XP, Server 2003 leaked appeared first on Security Affairs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Developer successfully compiled leaked source code for MS Windows XP and Windows Server 2003 OSs

Security Affairs

Last week, the source code for MS Windows XP and Windows Server 2003 OSs were leaked online, now a developer successfully compiled them. The expert has no problem while compiling the source code for Windows server 2003.

Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008

Dark Reading

Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited

How AI Could Become the Firewall of 2003

Dark Reading

An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks

A Trippy Visualization Charts the Internet's Growth

WIRED Threat Level

In 2003, Barrett Lyon created a map of the internet. In 2021, he did it again—and showed just how quickly it's expanded. Security Security / Security News

IT 107

When Older Windows Systems Won't Die

Dark Reading

Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises

69

To Prevent Another WannaCry, Microsoft Patches Old OSs

Data Breach Today

Vulnerability in XP, Windows 7 and Server 2008 Could Be 'Wormable' Microsoft has taken the extraordinary step of issuing patches for its old XP, Windows 2003, Windows 7 and Windows Server 2008 operating systems. The problem is an easy-to-exploit Remote Desktop Services vulnerability that could be turned into a worm

First American Mortgage Faces NY Regulator Inquiry, Lawsuit

Data Breach Today

The company is also offering free credit monitoring for anyone who used its title and settlement services since 2003 Pressure Mounts on Title Company That Exposed 885 Million Records Online First American Mortgage Corp., the title insurance company that left hundreds of millions of personal documents exposed on the internet, is now facing a lawsuit and an inquiry by New York's financial regulator.

First American Faces NY Regulator, Lawsuit Over Exposure

Data Breach Today

The company is also offering free credit monitoring for anyone who used its title and settlement services since 2003 Pressure Mounts on Title Company that Exposed 885 Million Records Online First American Mortgage Corp., the title insurance company that left hundreds of millions of personal documents open on the internet, is now facing a lawsuit and an inquiry by New York's financial regulator.

Personal Data Left on Used Laptops

Schneier on Security

Simson Garfinkel performed the same experiment in 2003, with similar results. A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. computersecurity dataloss dataprotection

First American may have exposed millions of client records

Information Management Resources

title insurers, may have allowed unauthorized access to more than 885 million records related to mortgage deals going back to 2003. The firm, one of the largest U.S. Data security Customer data Cyber security Cyber attacks

Netezza evolves into the IBM Integrated Analytics System

IBM Big Data Hub

The world of data in 2018 is much different than in 2003. We now see a drive towards AI, the emergence of cloud and the prevalence of big data across industries.

What Are the Penalties for FACTA Noncompliance

Record Nations

The Fair and Accurate Credit Transactions Act, FACTA, was enacted in 2003 by the Federal Trade Commission (FTC). Businesses collect lots data on a daily basis. Whether it’s business, employee, or customer information, it’s important to keep this data secure.

Is It Time to Make Mobile Internet a Human Right?

Cllax

In 2003, the World Summit on the Information Society declared internet access to be a human right. If your internet provider isn’t working properly and you have no access for. Guest Post

Ubiquitous Surveillance by ICE

Schneier on Security

Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives.

GUEST ESSAY: The Top 5 online privacy and data security threats faced by the elderly

The Last Watchdog

He has been a member of the California State Bar since 2003. What is it about the elderly that makes them such attractive targets for cybercriminals? A variety of factors play a role. Related: The coming of bio-digital twins. Unlike many younger users online, they may have accumulated savings over their lives — and those nest eggs are a major target for hackers. Now add psychological variables to the mix of assets worth stealing.

This is the old ChiefTech blog.: Case Study: Success at Ernst & Young's Center for Business Knowledge

ChiefTech

Sunday, 20 May 2007 Case Study: Success at Ernst & Young's Center for Business Knowledge I wrote this case study, Online Collaboration Tools, Knowledge Managers, and a Cooperative Culture , in 2003 while working at Ernst & Young in Sydney, Australia, as the Ernst & Young Online Program Manager for Asia. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

Paper 44

Georgia’s Ballot-Marking Devices

Schneier on Security

If Georgia had still been using the paperless touchscreen DRE voting machines that they used from 2003 to 2019, then there would have been no paper ballots to recount, and no way to disprove the allegations that the election was hacked.

Paper 98

Gartner 2018 IDPS Magic Quadrant: Alert Logic Places as Challenger

Adapture

In fact, Gartner predicted the demise of the entire precursor to this category back in 2003 because, at the time, intrusion prevention systems (IPS) and intrusion detection systems (IDS) were just not delivering the [ ] The post Gartner 2018 IDPS Magic Quadrant: Alert Logic Places as Challenger appeared first on ADAPTURE. The Gartner Magic Quadrant’s Intrusion Detection and Prevention Systems (IDPS) category is relatively new. But it’s not without its rough beginnings.

IT 40

15-Year-Old Malware Proxy Network VIP72 Goes Dark

Krebs on Security

Between 2003 and 2006, Corpse focused on selling and supporting his Haxdoor malware. Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems.

ICE Is a Domestic Surveillance Agency

Schneier on Security

Since its founding in 2003, ICE has not only been building its own capacity to use surveillance to carry out deportations but has also played a key role in the federal government’s larger push to amass as much information as possible about all of our lives.

APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Security Affairs

Credential Roaming was introduced by Microsoft in Windows Server 2003 SP1 and is still supported on Windows 11 and Windows Server 2022. Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity.

How FACTA Impacts Records Management

Record Nations

The Fair and Accurate Credit Transactions Act (FACTA) was enacted in 2003 to ensure the protection of consumers’ personal data. It provides consumers with the means to monitor their credit scores and dispute inaccuracies. FACTA guarantees that businesses are taking precautions to prevent identity theft. FACTA’s Impacts on Businesses A Plan Since FACTA has strict […]. The post How FACTA Impacts Records Management appeared first on Record Nations.

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

Krebs on Security

NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The earliest document number available on the site – 000000075 — referenced a real estate transaction from 2003. The Web site for Fortune 500 real estate title insurance giant First American Financial Corp.

NY Charges First American Financial for Massive Data Leak

Krebs on Security

had exposed approximately 885 million records related to mortgage deals going back to 2003. In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp.

My work, my way: Life as a Principal Systems Engineer at OpenText

OpenText Information Management

Matthias Specht, Principal Systems Engineer, started his career with OpenText™ in 2003 as an intern. You never know where your first work experiences might lead you. Today, 15 years later, Matthias continues to enjoy OpenText because of the large clients his development work supports, the challenging projects he works on, and the kind colleagues he … The post My work, my way: Life as a Principal Systems Engineer at OpenText appeared first on OpenText Blogs.

49

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.-based

Experts devised a new attack to bypass Microsoft PatchGuard

Security Affairs

The feature was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1. A security researcher discovered a bug in PatchGuard Windows security feature that can allow loading unsigned malicious code into the Windows kernel.

IT 105

It's time for a serious debate about vaccine passports | Shami Chakrabarti

The Guardian Data Protection

Related: After Covid, the climate crisis will be the next thing the right says we ‘just have to live with’ | Aditya Chakrabortty Lady Shami Chakrabarti was shadow attorney general for England and Wales from 2016 to 2020, and was director of Liberty from 2003 to 2016 Continue reading.

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

Finally, since we’re on the subject of major ransomware attacks and scary exploits, it’s a good time to remind readers about the importance of applying the latest security updates from Microsoft, which took the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003. ” That vulnerability exists in Windows XP, Windows 2003, Windows 7, Windows Server 2008 R2, and Windows Server 2008.

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

on the CVSS scale and affects Windows Server versions 2003 to 2019. in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response.

Security Affairs newsletter Round 283

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

IoT 93

US: FTC adopts updated Safeguards Rule and seeks comment on security event notification requirement

DLA Piper Privacy Matters

This is the first significant update to the FTC’s Safeguards Rule since it took effect in 2003. In adopting the Safeguards Rule (2003), the FTC sought to provide financial institutions with flexibility in the implementation of their information security programs.

International data transfers: an opinion the EDPB (probably) won’t publish

Data Protector

One of the consequences of the Scherms II decision is that EU organisations need to take greater care in determining how best to protect the flows of personal data outside the EU.

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers

Security Affairs

on the CVSS scale and affects Windows Server versions 2003 to 2019. in the Windows DNS server that affects Windows Server versions 2003 to 2019, and can be triggered by a malicious DNS response.

Risk 67

4 issues in Microsoft Office component allow weaponizing docs

Security Affairs

GRAPH.EXE), a component that was included in the suite since Office 2003 or earlier. Experts found four security flaws in the Microsoft Office suite that cloud allow attackers to weaponize Word and Excel docs.

Cloud 75

Security Affairs newsletter Round 284

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

On May 24, KrebsOnSecurity broke the news that the Web site for Fortune 500 real estate title insurance giant First American Financial [NYSE:FAF] leaked 885 million documents related to mortgage deals going back to 2003, until notified by KrebsOnSecurity. Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm.

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

“That extradition should be refused because it would be unjust and oppressive by reason of Mr. Assange’s mental condition and the high risk of suicide pursuant to section 91 of the EA 2003;” said District Judge (Magistrates’ Court) Vanessa Baraitser In the Westminster Magistrates’ Court.