Microsoft has released updates to fix a security issue for Remote Desktop Services on Windows 10, 7, and 8.1, as well as Windows Server 2008 and 2012. Windows 10 Home and Windows 10 Pro computers will be updated automatically as part of the standard Windows Update process.
Category: Security
Microarchitectural Data Sampling (MDS) security vulnerability in CPUs
Intel released information regarding a new set of CPU vulnerabilities called Microarchitectural Data Sampling (MDS). A list of affected Intel products may be found here.
Updates are available from major technology companies for this issue, including:
AMD states that their CPUS are not affected by this vulnerability.
Docker security incident
Docker became aware that a single Docker Hub database was unsecured on April 25th 2019. The security issue was resolved and Docker is continuing to investigate this matter. An estimated 190,000 accounts may have been affected and those passwords were reset and user tokens and access keys were revoked.
Google offers free replacement BLE Titan Security Keys for security issue
Google issued a security notice on its Bluetooth Low Energy (BLE) Titan Security Keys and is offering a free replacement for affected keys. A new key may be requested at google.com/replacemykey.
Microsoft releases Remote Desktop Services update for older Windows versions
Microsoft found a security vulnerability in Remote Desktop Services or Terminal Services for older versions of Windows and has released updates. This does not affect the Remote Desktop Protocol (RDP). The issue was logged as CVE-2019-0708.
Data breach lists and identity theft victim resources
Some of the more comprehensive lists of known data breaches include:
- USA Today list of largest data breaches and hacks
- CNN.com – biggest data breaches in history
- Bloomberg.com – worst corporate hacks list
- Wikipedia data breach list
- State of California data breaches list
Identity theft victims can receive advice from these websites:
Facebook stored millions of unencrypted user passwords on internal servers
Facebook released a notice in March 2019 stating several million user passwords were kept in a readable unencrypted format on their own internal servers. However, Facebook maintains that this data was never publicly available or misused and will notify individual users affected by this issue.
Apple disables FaceTime until security bug is fixed
Update: Apple released iOS 12.1.4 on February 7, 2019 to fix the FaceTime issue. FaceTime is now available at the Apple System Status page.
USA Today and the Washington Post have reported that some iPhone FaceTime users have been able to listen to people they are calling before the call is answered. FaceTime runs on iPhones and iPads running iOS 12.1 as well as Macs running macOS Mojave.
Apple is currently working on a fix for this security issue. FaceTime has been temporarily taken down as noted on the Apple System Status page.
HaveIBeenPwned website checks for emails and passwords included in data breaches
Security researcher Troy Hunt recently published his findings about a huge store of 773 million email accounts with some password information that had previously been stored at a location available to hackers.
To verify if a specific email address was included in his list of data breaches, enter it at Troy Hunt’s website haveibeenpwned.com. Passwords can be verified separately at haveibeenpwned.com/Passwords.
Companies that track U.S. consumer data
The Consumer Financial Protection Bureau (CFPB), a U.S. government agency that enforces federal consumer financial laws, publishes a list of companies that track data of U.S. consumers. The Fair Credit Reporting Act (FCRA) requires companies to give consumers copies of their personal data reports.
Some of the more relevant companies on this list include:
-
- Credit reporting agencies such as Equifax, Experian, TransUnion, LexisNexis, CoreLogic and Innovis
- Employment screening
- Tenant screening
- Check and bank screening such as ChexSystems and TeleCheck
- Insurance screening such as Comprehensive Loss Underwriting Exchange (CLUE), Insurance Information Exchange (iiX), and Automated Property Loss Underwriting System (A-PLUS)
- Medical screening including MIB Group
- Utilities screening including National Consumer Telecom & Utilities Exchange (NCTUE)
LexisNexis has a free personal report available which shows data compiled from various public sources.
An online dispute can be filed with Equifax, Experian, TransUnion, and LexisNexis if there are errors in a credit file.