It's the end of an era: Windows 7 will reach end of support today, on January 14, a decade after its initial release, with Microsoft to no longer provide users with software updates and security updates or fixes. "The specific end of support day for Windows 7 will be January 14, 2020," Microsoft says. "After that, technical assistance and software updates from Windows Update that help protect your PC will no longer be available for the product."
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.
A Texas school district, based outside of Austin, Tex., has lost $2.3 million after falling victim to an email scam. The Manor Independent School District encompasses 8,000 students from elementary to high school. Police told local news outlets that the incident started in early November and continued through December, before it was discovered by the district.
Boing Boing, a popular blog and news aggregator with deep roots on the internet, said Monday that an unknown attacker had used a hacked account of one of its team members to spread malicious code. The hacker was able to get around two-factor authentication — an extra security measure — to log into the Boing Boing content management system (CMS) software. From there, the attacker installed a widget that redirected Boing Boing visitors to a malicious web page, the publication said in a statement under the tagline, “We Wuz Hacked.”
Hundreds of millions of cable modems are vulnerable to critical takeover attacks by hackers halfway around the world, researchers said. The attacks work by luring vulnerable users to websites that serve malicious JavaScript code that's surreptitiously hosted on the site or hidden inside of malicious ads, researchers from Denmark-based security firm Lyrebirds said in a report and accompanying website.