Caution: KB4515384 is breaking audio on Windows 10

If you’ve already installed KB4515384, and you want to try and fix the audio problem before you attempt the uninstall it, there is really only solution that you can try. Open the Control Panel sound settings.

On the Playback tab, double-click your speakers to open their Properties. The properties window should have an ‘Enhancements’ tab though, it may be missing as in the case of the screenshot below. If the tab is there, go to it and enable all enhancements, and click Apply. Next, disable them all, and click Apply again.

Lilocked ransomware (Lilu) affects thousands of Linux-based servers [Ed: This is not about "Linux"; they're repeating ZDNet (tabloid) talking points from their anti-Linux trolls, whom CBS hired to attack Linux (the real issue here is malware being installed)]

A ransomware strain named Lilocked or Lilu has been affecting thousands of Linux-based servers all over the world since mid-July and the attacks got intensified by the end of August, ZDNet reports.

From PowerShell to auditing: Expand your cybersecurity know-how at SANS London 2019 [Ed: PowerShell is used a lot by CRACKERS. Why does The Register associate NSA back-doored stuff with security? (clue/hint: money)]

DigitalOcean Continues Working On Linux Core Scheduling To Make HT/SMT Safer

With Hyper Threading continuing to look increasingly unsafe in data centers / shared computing environments in light of all the speculative execution vulnerabilities exposed thus far particularly with L1TF and MDS having no SMT-secure mitigation, DigitalOcean continues working on their Linux kernel "core scheduling" patches so they can still make use of HT/SMT in a sane and safe manner.

DigitalOcean's core scheduling work is their way to make Hyper Threading safe by ensuring that only trusted applications run concurrently on siblings of a core. Their scheduler also tries to be smart about not using SMT/HT in areas where it could degrade performance.

The New Target That Enables Ransomware Hackers to Paralyze Dozens of Towns and Businesses at Once

On July 3, employees at Arbor Dental in Longview, Washington, noticed glitches in their computers and couldn’t view X-rays. Arbor was one of dozens of dental clinics in Oregon and Washington stymied by a ransomware attack that disrupted their business and blocked access to patients’ records.

But the hackers didn’t target the clinics directly. Instead, they infiltrated them by exploiting vulnerable cybersecurity at Portland-based PM Consultants Inc., which handled the dentists’ software updates, firewalls and data backups. Arbor’s frantic calls to PM went to voicemail, said Whitney Joy, the clinic’s office coordinator.

If you're not using SSH certificates you're doing SSH wrong

None of these issues are actually inherent to SSH. They're actually problems with SSH public key authentication. The solution is to switch to certificate authentication.

SSH certificate authentication makes SSH easier to use, easier to operate, and more secure.

Your phone can be [cracked] - and there's nothing you can do about it

Finally, another benefit of Simjacker from the attacker's perspective is that many of its attacks seems to work independent of handset types, as the vulnerability is dependent on the software on the UICC and not the device. We have observed devices from nearly every manufacturer being successfully targeted to retrieve location: Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards. One important note is that for some specific attacks handset types do matter. Some, such as setting up a call, require user interaction to confirm, but this is not guaranteed and older phones or devices with no keypad or screens (such as IoT device) may not even ask for this.

Security updates for Wednesday

Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8). 

Duty Of Care

Put differently, when Toyota recalls hundreds of thousands of cars for potential defects in which exactly zero people were harmed, we consider that responsible stewardship of their product.

The California Consumer Privacy Act

Next January, California is set to have one of the strongest laws in the nation, passed last year with unusual bi-partisan support, seeking to add some first-of-their-kind state protections over our personal data. It is called the California Consumer Privacy Act (CCPA) of 2018. It nicely reflects the fact that our state is one of the only states in the country whose constitution in Article 1, Section 1, actually contains an express right of privacy guaranteed to all Californians.

This past year, since the bill’s passage, Purism has worked tirelessly–and dedicated substantial staff resources–to help make sure the new law is not substantially thrashed by Big Tech’s huge army before the fledgling law can even take effect: an army of highly-paid lobbyists. The stakes for Big Tech are large, but the stakes for consumer privacy, and for Purism’s philosophy of consumer privacy protection and control, are so much bigger.

To try to stem the extraordinary political muscle of Big Tech in Sacramento, Purism has worked in close collaboration with California’s top privacy protection groups including the ACLU, EFF, Consumers Union, Common Sense Kids Action and the Privacy Rights Clearinghouse, and many others to try to stop the onslaught of Big Tech-sponsored bills seeking to vitiate the new law.

Our CEO has testified in legislative hearings against the weakening measures, and has recently co-written a powerful editorial published in the Mercury News, the newspaper in the backyard of Big Tech in Silicon Valley, against these bills. As Purism’s legislative advocate, I have met with key California legislators to try to thwart Big Tech’s predictable onslaught against this new law.

Equifax Victims Jump Through Hoops To Nab Settlement Money They Won't Get Anyway

So we've noted that the FTC's settlement over the Equifax hack that exposed the public data of 147 million Americans is a bit of a joke. The FTC originally promised that impacted users would be able to nab 10 years of free credit reporting or a $125 cash payout if users already subscribed to a credit reporting service. But it didn't take long for the government to backtrack, claiming it was surprised by the number of victims interested in modest compensation, while admitting the settlement failed to set aside enough money to pay even 248,000 of the hack's 147 million victims.

Exim patches a major security bug found in all versions that left millions of Exim servers vulnerable to security attacks [Ed: If only we saw similar headlines about Microsoft Windows each time a hole was found in Photoshop...]

A vulnerability was found in all the versions of Exim, a mail transfer agent (MTA), that when exploited can let attackers run malicious code with root privileges.

KeePass Password Safe 2.43

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass is really free, and more than that: it is open source (OSI certified). You can have a look at its full source and check whether the encryption algorithms are implemented correctly.

Live Patching Case Study of GESIS

You can save time and resources by using Live Patching. GESIS is one of the many organizations who achieved excellent results using SUSE Linux Enterprise Live Patching. Here we outline some of those results so you can make an assessment about how these can apply to your environment.

Linux Kernel flexcop_usb_probe Function NULL Pointer Dereference Vulnerability [CVE-2019-15291]

A vulnerability in the Linux Kernel could allow a local attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a NULL pointer dereference condition that exists in the flexcop_usb_probe function, as defined in the drivers/media/usb/b2c2/flexcop-usb.c source code file of the affected software.

An attacker with physical access to a targeted system could exploit this vulnerability by inserting a USB device that submits malicious input to the targeted system. A successful exploit could cause a DoS condition on the system.

Here's How Vivaldi for Android Protects Your Privacy and Keeps Your Data Secure

After announcing the Vivaldi for Android mobile web browser, Vivaldi Technologies shared with us some details on how they managed to build a secure and privacy-aware browser on Android.
We all know that Google's Android mobile operating system ships with a built-in web browser core, which is based on the same code that Google Chrome was built it. This internal browser core lets users view basic web pages when setting up their Android device for the first time.

Once the device is all set up, most probably the user has installed his favorite web browser app from the Play store. This is where Vivaldi for Android comes to fill the gap, as it's not using Android's built-in browser core, which makes it secure and privacy-aware.