HOTTEST

  • We are only a week away from Black Friday, the major shopping event that signals the start of the holiday season. However, this doesn’t mean that great deals on Apple devices aren’t already available, especially with the arrival of M5-powered iPads and MacBooks — which may lead to deeper discounts on older models. We’ve spotted a range of early deals not only for iPads and MacBooks, but also for cut-price iPhones, AirPods, AirTags, and Apple accessories.Black Friday is an excellent opportunity to save, especially as Apple device sales aren’t historically huge throughout the year. You might not see many bargain Apple products, but given how expensive they can be, even a discount of 5% – 20% can still be worth your while.Also: The best Black Friday deals we’ve found so farZDNET extensively covers the major Black Friday sales event, and we are tracking early Apple discounts across retailers, including Amazon More

  • Image: Oscar Wong/Getty Images Secure Shell (SSH) is the de facto standard for gaining access to remote Linux machines. SSH took the place of telnet long ago, to add a much-needed layer of security for remote logins. That doesn’t mean, however, that the default SSH configuration is the best option for those who are a […] More

  • Microsoft has started rolling out earlier today it’s monthly set of security patches known in the industry as Patch Tuesday.
    In this month’s updates, the Redmond-based company has patched a total of 83 vulnerabilities across a wide range of products, including its Windows operating system, cloud-based products, developer tools, and enterprise servers.
    Microsoft Defender zero-day
    But of all the bugs patched today, the most important one is a zero-day vulnerability in the Microsoft Defender antivirus, which Microsoft said was exploited before today’s patches were released.
    Tracked as CVE-2021-1647, the vulnerability was described as a remote code execution (RCE) bug that allowed threat actors to execute code on vulnerable devices by tricking a user into opening a malicious document on a system where Defender is installed.
    Microsoft said that despite exploitation being detected in the wild, the technique is not functional in all situations, and is still considered to be at a proof-of-concept level. However, the code could evolve for more reliable attacks.
    To counteract future attacks, Microsoft has released patches for the Microsoft Malware Protection Engine, which won’t require any user interaction and will be installed automatically — unless specifically blocked by system administrators.
    Microsoft also fixes publicly disclosed Windows EoP bug
    In addition to the Defender zero-day, Microsoft has also fixed a security flaw in the Windows splwow64 service that could be abused to elevate the privileges of an attacker’s code.

    Details about this bug, tracked as CVE-2021-1648, were made public last month, on December 15, by Trend Micro’s Zero-Day Initiative project.
    However, despite the details being publicly available, this bug wasn’t exploited in the wild, Microsoft said.
    Nonetheless, system administrators are advised to revise and apply today’s patches and avoid future headaches in case any of these vulnerabilities get weaponized and added to attackers’ arsenals.
    Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
    Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
    ZDNet has published this file listing all this month’s security advisories on one single page.
    Adobe’s security updates are detailed here.
    SAP security updates are available here.
    Intel security updates are available here.
    VMWare security updates are available here.
    Chrome 87 security updates are detailed here.
    Android security updates are available here.
    Tag
    CVE ID
    CVE Title
    .NET Repository
    CVE-2021-1725
    Bot Framework SDK Information Disclosure Vulnerability
    ASP.NET core & .NET core
    CVE-2021-1723
    ASP.NET Core and Visual Studio Denial of Service Vulnerability
    Azure Active Directory Pod Identity
    CVE-2021-1677
    Azure Active Directory Pod Identity Spoofing Vulnerability
    Microsoft Bluetooth Driver
    CVE-2021-1683
    Windows Bluetooth Security Feature Bypass Vulnerability
    Microsoft Bluetooth Driver
    CVE-2021-1638
    Windows Bluetooth Security Feature Bypass Vulnerability
    Microsoft Bluetooth Driver
    CVE-2021-1684
    Windows Bluetooth Security Feature Bypass Vulnerability
    Microsoft DTV-DVD Video Decoder
    CVE-2021-1668
    Microsoft DTV-DVD Video Decoder Remote Code Execution Vulnerability
    Microsoft Edge (HTML-based)
    CVE-2021-1705
    Microsoft Edge (HTML-based) Memory Corruption Vulnerability
    Microsoft Graphics Component
    CVE-2021-1709
    Windows Win32k Elevation of Privilege Vulnerability
    Microsoft Graphics Component
    CVE-2021-1696
    Windows Graphics Component Information Disclosure Vulnerability
    Microsoft Graphics Component
    CVE-2021-1665
    GDI+ Remote Code Execution Vulnerability
    Microsoft Graphics Component
    CVE-2021-1708
    Windows GDI+ Information Disclosure Vulnerability
    Microsoft Malware Protection Engine
    CVE-2021-1647
    Microsoft Defender Remote Code Execution Vulnerability
    Microsoft Office
    CVE-2021-1713
    Microsoft Excel Remote Code Execution Vulnerability
    Microsoft Office
    CVE-2021-1714
    Microsoft Excel Remote Code Execution Vulnerability
    Microsoft Office
    CVE-2021-1711
    Microsoft Office Remote Code Execution Vulnerability
    Microsoft Office
    CVE-2021-1715
    Microsoft Word Remote Code Execution Vulnerability
    Microsoft Office
    CVE-2021-1716
    Microsoft Word Remote Code Execution Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1712
    Microsoft SharePoint Elevation of Privilege Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1707
    Microsoft SharePoint Server Remote Code Execution Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1718
    Microsoft SharePoint Server Tampering Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1717
    Microsoft SharePoint Spoofing Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1719
    Microsoft SharePoint Elevation of Privilege Vulnerability
    Microsoft Office SharePoint
    CVE-2021-1641
    Microsoft SharePoint Spoofing Vulnerability
    Microsoft RPC
    CVE-2021-1702
    Windows Remote Procedure Call Runtime Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1649
    Active Template Library Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1676
    Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
    Microsoft Windows
    CVE-2021-1689
    Windows Multipoint Management Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1657
    Windows Fax Compose Form Remote Code Execution Vulnerability
    Microsoft Windows
    CVE-2021-1646
    Windows WLAN Service Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1650
    Windows Runtime C++ Template Library Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1706
    Windows LUAFV Elevation of Privilege Vulnerability
    Microsoft Windows
    CVE-2021-1699
    Windows (modem.sys) Information Disclosure Vulnerability
    Microsoft Windows Codecs Library
    CVE-2021-1644
    HEVC Video Extensions Remote Code Execution Vulnerability
    Microsoft Windows Codecs Library
    CVE-2021-1643
    HEVC Video Extensions Remote Code Execution Vulnerability
    Microsoft Windows DNS
    CVE-2021-1637
    Windows DNS Query Information Disclosure Vulnerability
    SQL Server
    CVE-2021-1636
    Microsoft SQL Elevation of Privilege Vulnerability
    Visual Studio
    CVE-2020-26870
    Visual Studio Remote Code Execution Vulnerability
    Windows AppX Deployment Extensions
    CVE-2021-1642
    Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
    Windows AppX Deployment Extensions
    CVE-2021-1685
    Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
    Windows CryptoAPI
    CVE-2021-1679
    Windows CryptoAPI Denial of Service Vulnerability
    Windows CSC Service
    CVE-2021-1652
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1654
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1659
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1653
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1655
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1693
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows CSC Service
    CVE-2021-1688
    Windows CSC Service Elevation of Privilege Vulnerability
    Windows Diagnostic Hub
    CVE-2021-1680
    Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
    Windows Diagnostic Hub
    CVE-2021-1651
    Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
    Windows DP API
    CVE-2021-1645
    Windows Docker Information Disclosure Vulnerability
    Windows Event Logging Service
    CVE-2021-1703
    Windows Event Logging Service Elevation of Privilege Vulnerability
    Windows Event Tracing
    CVE-2021-1662
    Windows Event Tracing Elevation of Privilege Vulnerability
    Windows Hyper-V
    CVE-2021-1691
    Hyper-V Denial of Service Vulnerability
    Windows Hyper-V
    CVE-2021-1704
    Windows Hyper-V Elevation of Privilege Vulnerability
    Windows Hyper-V
    CVE-2021-1692
    Hyper-V Denial of Service Vulnerability
    Windows Installer
    CVE-2021-1661
    Windows Installer Elevation of Privilege Vulnerability
    Windows Installer
    CVE-2021-1697
    Windows InstallService Elevation of Privilege Vulnerability
    Windows Kernel
    CVE-2021-1682
    Windows Kernel Elevation of Privilege Vulnerability
    Windows Media
    CVE-2021-1710
    Microsoft Windows Media Foundation Remote Code Execution Vulnerability
    Windows NTLM
    CVE-2021-1678
    NTLM Security Feature Bypass Vulnerability
    Windows Print Spooler Components
    CVE-2021-1695
    Windows Print Spooler Elevation of Privilege Vulnerability
    Windows Projected File System Filter Driver
    CVE-2021-1663
    Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
    Windows Projected File System Filter Driver
    CVE-2021-1672
    Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
    Windows Projected File System Filter Driver
    CVE-2021-1670
    Windows Projected File System FS Filter Driver Information Disclosure Vulnerability
    Windows Remote Desktop
    CVE-2021-1674
    Windows Remote Desktop Protocol Core Security Feature Bypass Vulnerability
    Windows Remote Desktop
    CVE-2021-1669
    Windows Remote Desktop Security Feature Bypass Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1701
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1700
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1666
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1664
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1671
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1673
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1658
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1667
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows Remote Procedure Call Runtime
    CVE-2021-1660
    Remote Procedure Call Runtime Remote Code Execution Vulnerability
    Windows splwow64
    CVE-2021-1648
    Microsoft splwow64 Elevation of Privilege Vulnerability
    Windows TPM Device Driver
    CVE-2021-1656
    TPM Device Driver Information Disclosure Vulnerability
    Windows Update Stack
    CVE-2021-1694
    Windows Update Stack Elevation of Privilege Vulnerability
    Windows WalletService
    CVE-2021-1686
    Windows WalletService Elevation of Privilege Vulnerability
    Windows WalletService
    CVE-2021-1681
    Windows WalletService Elevation of Privilege Vulnerability
    Windows WalletService
    CVE-2021-1690
    Windows WalletService Elevation of Privilege Vulnerability
    Windows WalletService
    CVE-2021-1687
    Windows WalletService Elevation of Privilege Vulnerability More

  • More than half of Asia-Pacific consumers are concerned about safeguarding their online and physical wellbeing, 20% are willing to offer up their personal details in exchange for free products or services. Another 24% also will share their social media account details to participate in fun quizzes.  They expressed a willingness to do so even when […] More

  • Pebblebee Clip <!–> ZDNET’s key takeaways The finder tag is equipped with a rechargeable battery, so you won’t have to throw away old button cells It features a bright LED for finding things in low light. The tag is on the pricier side. –> Follow ZDNET: Add us as a preferred source<!–> on Google. I have a […] More

Internet of Things

Artificial Intelligence

Robotics

Networking

Data Management & Statistics