Cisco security warning: Patch Webex Teams for Windows and surveillance camera now

Cisco has released security updates for high-severity security flaws affecting Webex Teams for Windows, its Identity Services Engine, and Video Surveillance 8000 Series IP Cameras. 

In this month’s first round of security updates from Cisco, the most serious vulnerability addressed is a remote code-execution (RCE) and denial-of-service (DoS) bug affecting its Video Surveillance 8000 Series IP Cameras.

The flaw, tracked as CVE-2020-3544, has a severity rating of 8.8 out of 10, on par with similar RCE and DoS flaws it disclosed in August affecting the Video Surveillance 8000 Series IP Cameras. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

Both sets of vulnerabilities were reported by Qian Chen of Qihoo 360 Nirvan Team and both concern flaws in the Cisco Discovery Protocol, a Layer 2 or data link layer protocol in the Open Systems Interconnection (OSI) networking model. 

Similarly, both are due to “missing checks when an IP camera processes

Read More

Make Your Next Pumpkin Patch Visit A Math And Science Field Trip

ACROSS AMERICA — There’s a contest for everything, and pumpkins are no exception. You may be rightfully proud of that enormous pumpkin in your patch, but unless it weighs upward of 2,500 pounds, you’re not flirting with any kind of record.

Turning this year’s pumpkin patch visit on its end — and let’s face it, everything about 2020 is upended — why not give the kids in your coronavirus pandemic classroom a field trip?

Oodles of STEM — science, technology, engineering and math — lessons are possible while trudging around the hills of pumpkins.

Teach them a little about pi — not pumpkin pie, but the mathematical formula to calculate the circumference of a circle — or how to convert pounds to kilograms.

The largest pumpkin ever recorded in the United States was grown by Steve Geddes. The pumpkin that the Boscawen, New Hampshire, man grew in 2018 tipped the

Read More

Rocket League Free-To-Play Update Now Live, Official Patch Notes Outlined

Now that Rocket League is free-to-play, developer Psyonix has outlined the official patch notes for the soccar game’s latest update. It mirrors last week’s patch but adds a few more notes about Competitive and the start of Season 1.

The inaugural season of Rocket League, now that the game is free-to-play, began on September 22. Season 1 introduces three new ranks to Competitive, removes the Solo Standard mode, adds a level 10 requirement for Competitive play, and more. There’s also a new Tournament system that Psyonix said feels like Rocket League esports but for all ranks, where players can participate in daily tournaments to rank up and receive rewards.

The most prominent addition to Rocket League thanks to the free-to-play update is cross-progression. This feature lets players carry over their save data from Nintendo Switch, PC, PlayStation 4, and Xbox One by connecting to an Epic Games account. Furthermore, claiming

Read More

Feds issue emergency order for agencies to patch critical Windows flaw

Close-up photograph of computer networking components.

The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions.

Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday.

An unacceptable risk

The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept

Read More

Windows Server: Patch this critical flaw now says Homeland Security in emergency warning

Government agencies in the US have until today to patch a Windows Server vulnerability that could give hackers control over federal networks.

The Department of Homeland Security (DHS) has given system administrators until today (21 September) to patch a critical vulnerability in Windows Server that could allow an attacker to hijack federal networks, via a flaw in the Netlogon authentication system.

On 18 September, the DHS’s cybersecurity division issued an emergency directive giving government agencies a four-day deadline to patch the CVE-2020-1472 vulnerability, also known as Zerologon, citing the “unacceptable risk” it posed federal networks.

The flaw enables an unauthorized user to assume control of a network via a flaw in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), by simply sending a series of Netlogon messages with input fields filled with zeros.

Once compromised, an attacker could make themselves domain admin and reset the domain control password, effectively giving them

Read More

Marvel’s Avengers Patch Will Fix More Than 1,000 Issues

The first major patch for Marvel’s Avengers since its September 4 launch fixes more than 1,000 issues that gamers have helped identify.

Crystal Dynamics said that Patch v1.3.0 fixes bugs in the game’s campaign and multiplayer modes, as well as issues in animations, user interface, combat, and rewards, among many others. The developer has also started a thread on Reddit where players can report bugs with the patch to make it easier to keep track of all the problems that players have encountered.

Meanwhile, in a separate thread on Reddit, Crystal Dynamics lists all the known issues and workarounds for Marvel’s Avengers, which may help players who are having problems with the game.

According to the patch notes, the focus for the update was resolving bugs, but upcoming near-term patches include quality-of-life adjustments and features driven by player feedback.

Digital Trends has reached out to Crystal Dynamics for more

Read More