The big Windows 10 patchstart today. It incudes many different things but here are the highlights.

Security:

  • Windows Hello (BiometricLogin)
  • Windows Defender (Better Logs and Notifications)
  • Windows Defender Advanced Threat Protection (Built-in)
  • Windows Information Protection">(Built-in)

Other:

  • Windows Ink
  • Cortanaupdate
  • Edge update

How to Defer Install

If you want to defer the install for four months you can go to:Settings Update and Security Advanced Options and click the Defer Upgrades check box.

For GPO:Computer Configuration Administrative Templates Windows Components Windows Update. Enable and select the number of months 0-8.

How to Get it Faster

Windows Central has a good write-up on the different ways you can install the update (http://www.windowscentral.com/how-get-windows-10-anniversary-update).

For more information on the updatesee :https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/

--

Tom Webb

@twsecblog

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Wireshark CORBA IDL Dissector Denial of Service Vulnerability
 
Wireshark 'epan/dissectors/packet-packetbb.c' Denial of Service Vulnerability
 
Wireshark WSP Dissector 'epan/dissectors/packet-wsp.c' Denial of Service Vulnerability
 
Wireshark RLC Dissector Denial of Service Vulnerability
 
OpenSSH CVE-2016-6210 User Enumeration Vulnerability
 
OpenSSH 'session.c' Local Security Bypass Vulnerability
 
Apache Struts CVE-2016-1182 Security Bypass Vulnerability
 
Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
 
Nettle RSA Code Information Disclosure Vulnerability
 
Oracle Integrated Lights Out Manager CVE-2015-5600 Remote Security Vulnerability
 

An image sent by DNC staffer Alexandra Chalupa shows a warning message she received from Yahoo Mail. (credit: Alexandra Chalupa)

An e-mail message within the Wikileaks dump of Democratic National Committee data suggests that the Yahoo account of one DNC staffer may have been specifically targeted by Russian hackers. The leaked message from DNC staffer Alexandra Chalupa includes a photo of a screen displaying a pop-up alert in Yahoo Mail warning, "We strongly suspect that your account has been the target of state-sponsored actors."

"Since I started digging into [Trump campaign chairman Paul] Manafort, these messages have been a daily occurrence on my Yahoo account despite changing my password often," Chalupa reported in the message. Chalupa was looking into Manafort's work in Ukraine, where Manafort managed the campaign of former Ukraine President Viktor F. Yanukovych (who fled to Russia after violent protests against his regime) and worked with pro-Russian and Communist Party politicians forming an opposition block to the current government.

The detail, spotted by cybersecurity researcher Matt Tait and posted to the Twitter account @pwnallthethings, offers another hint at the scope of the campaign to collect intelligence on DNC operations by what appears to be Russia-based "actors" operating on the behalf of Russian intelligence. Earlier evidence collected by SecureWorks detected phishing attacks against the personal Gmail accounts of some DNC staffers as well as attacks on DNC and Clinton campaign e-mail addresses.

Read 2 remaining paragraphs | Comments

 
[security bulletin] HPSBUX03632 SSRT110194 rev.1 - HP-UX Mail Server running Sendmail, Local Unauthorized Disclosure of Information
 

Some may like it hot, but probably not quite this hot. (credit: Climate.gov)

This summer has been particularly hot across the US, and scorching temperatures have forced most of us to take refuge somewhere with air-conditioning. This leads to high electricity demand, especially in the hottest regions. As climate change continues, we are likely to experience similar hot temperatures more frequently.

Climate change modeling also forecasts that these increased temperatures will result in increased storm intensity and flooding. These types of extreme weather-related events could have a profound impact on the population distribution, if populations shift away from regions affected by extreme storms.

Combined, the change in weather and population movement can present regional infrastructure challenges due to significant changes in electricity demand. Understanding where electricity service is most vulnerable is of utmost importance if we're going to plan ahead for these future challenges. In an investigation recently published in Nature Energy, researchers have predicted how this combination of climate and population stresses will influence electricity demand using high-resolution, spatially explicit tools.

Read 7 remaining paragraphs | Comments

 
Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin
 
[CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c
 
Kaspersky Safe Browser iOS Application - MITM SSL Certificate Vulnerability (CVE-2016-6231)
 
Car CMS v3.00.30 - Search Cross Site Scripting Vulnerability
 
Fortinet FortiManager & FortiAnalyzer - (filename) Persistent Web Vulnerability
 
Cross-Site Scripting in Contact Bank WordPress Plugin
 
SQL injection vulnerability in Booking Calendar WordPress Plugin
 
Cross-Site Scripting vulnerability in Booking Calendar WordPress Plugin
 
[SECURITY] [DSA 3637-1] chromium-browser security update
 
Multiple vulnerabilities in All In One WP Security & Firewall plugin login CAPTCHA
 
Stored Cross-Site Scripting vulnerability in Easy Testimonials WordPress Plugin
 
[SECURITY] [DSA 3634-1] redis security update
 
[SECURITY] [DSA 3636-1] collectd security update
 
Elevation of Privilege Vulnerability in MediaTek Driver ( CVE-2016-6492)
 
Internet Storm Center Infocon Status