DEFEATING TRUMP, JOE BIDEN DECLARED WINNER OF US PRESIDENTIAL ELECTIONS
2020-11-07 15:52:50       Slashdot
`BIDEN WINS` declares the all-caps headline at CNN.com.

And the headline at NBC News reads `JOE BIDEN DEFEATS DONALD TRUMP TO WIN THE WHITE HOUSE, NBC NEWS PROJECTS.`

NBC News reports: Joe Biden became president-elect Saturday after winning the pivotal state of Pennsylvania, NBC News projected.

The former vice president amassed 273 Electoral College votes after winning Pennsylvania`s 20 electors, according to NBC News, surpassing the 270 needed to win the White House and defeat President Donald Trump.

Biden`s victory capped one of the longest and most tumultuous campaigns in modern history, in which he maintained an aggressive focus on Trump`s widely criticized handling of the Covid-19 pandemic. A majority of voters said rising coronavirus cases were a significant factor in their vote, according to early results from the NBC News Exit Poll of early and Election Day voters.

Biden regularly criticized Trump as unfit for office and positioned his campaign as a `battle for the soul of America.` He promised from the outset of his run to heal and unite the country if he won, and made central to his closing message a pledge to represent both those who voted for him as well as those who didn`t when he got to the White House.

As president, Biden will immediately be confronted with a bitterly divided nation in the throes of a pandemic that has already killed 236,000 Americans.


GOOGLE DISCLOSES WINDOWS ZERO-DAY EXPLOITED IN THE WILD
2020-10-31 10:57:22       Slashdot

This issue will not be addressed for at least 10 days. If you are running Chrome on Windows, consider switching to Firefox for the next couple of weeks at least.

------------8<--------------

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation. From a report:

The zero-day is expected to be patched on November 10, which is the date of Microsoft`s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google`s elite vulnerability research team. On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week. The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome`s secure container and run code on the underlying operating system -- in what security experts call a sandbox escape.


NEW WINDOWS 10 UPDATE PERMANENTLY REMOVES ADOBE FLASH
2020-10-29 14:55:00       Slashdot

Microsoft has released a Windows update that removes Adobe`s Flash Player before it reaches end of support on December 31, 2020. ZDNet reports:

Update KB4577586 is part of Microsoft`s effort to follow through with plans it announced along with Adobe, Apple, Facebook, Google, and Mozilla in 2017 to end support for Flash by December 2020. The Flash-removing update is available for all supported versions of Windows 10 and Windows Server, as well as Windows 8.1.

This new update removes Flash Player from Windows devices and cannot be uninstalled, Microsoft says in a new support note. However, it isn`t rolling out via Windows Server Update Service (WSUS) just yet, and the update needs to be downloaded and installed from the Microsoft Update Catalog. It will become available to WSUS in early 2021, but admins can import it to WSUS manually today. Microsoft is releasing the Flash-removing update ahead of the end of support so that enterprise customers can test the impact on business applications when Flash is removed from a Windows PC or server. But the company says it will continue to deliver Flash security updates until support ends.

Microsoft has also detailed two methods that users and admins can follow to continue using Flash Player after the update is installed. Users can reset a device to an earlier system restore point. However, users need to explicitly enable this feature and a system restore point must have been created on the Windows device before the update is applied. The other option is to reinstall Windows without applying the update.


MICROSOFT WILL FORCIBLY STOP LOADING SOME URLS IN INTERNET EXPLORER TO MOVE USERS TO EDGE
2020-10-26 10:43:00       Slashdot
Big changes are coming to Internet Explorer. Starting next month, users trying to access certain websites will see IE refuse to load the URL and automatically open the site in Edge instead. From a report: This forced IE-to-Edge behavior is part of Microsoft`s Internet Explorer deprecation plans. Microsoft has been gradually rolling out the feature for testing purposes for some Windows users since the release of Edge 84 this summer. However, with the release of Edge 87, scheduled for next month, Microsoft plans to enable the forced IE-to-Edge action for all IE users.\n \n\n \n

GOOGLE PATCHED AN ACTIVELY-EXPLOITED ZERO-DAY BUG IN CHROME
2020-10-25 01:34:00       Slashdot
`Google released an update to its Chrome browser that patches a zero-day vulnerability in the software`s FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities. By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac and amp; Linux - among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. `Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild,` Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday... `The fix is also in today`s stable release of FreeType 2.10.4,` Ben Hawkes, technical lead for the Project Zero team, tweeted. Meanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw... In addition to the FreeType zero day, Google patched four other bugs - three of high risk and one of medium risk - in the Chrome update released this week... So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.\n \n\n \n

CHROME CAUGHT EXEMPTING GOOGLE SITES FROM USER REQUESTS TO DELETE DATA
2020-10-24 23:34:00       Slashdot
This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it`s reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn`t being removed for two sites in particular: Google and YouTube. This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, `local storage` data for Google.com and YouTube.com stuck around even after restarting the browser. We`ve been able to replicate similar behavior... The Register notes that Chrome`s behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they`re being careful by deleting their cookie and site data every time they close the browser. In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube`s local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.\n \n\n \n

FIREFOX `SITE ISOLATION` FEATURE ENTERS USER TESTING, EXPECTED NEXT YEAR
2020-10-22 14:07:00       Slashdot
An anonymous reader shares a report: Site Isolation is a modern browser security feature that works by separating each web page and web iframes in their own operating system process in order to prevent sites from tampering or stealing with each other`s data. The feature was first deployed with Google Chrome in mid-2018, with the release of Chrome 67. Although initially, Site Isolation was meant to be deployed as a general improvement to Chrome`s security posture, the feature came just in time to serve as a protective measure against the Spectre vulnerability impacting modern CPUs. Seeing the feature`s success, Mozilla also announced plans to support it with the Firefox browser in February 2019, as part of an internal project codenamed Fission. For both Google and Mozilla, implementing Site Isolation was a time-consuming operation, requiring engineers to re-write large chunks of their browsers` internal architecture. The process took about two years for both Google and Mozilla. While Site Isolation is now a stable feature inside Chrome, this work is now nearing its completion inside Firefox. According to an update to the Project Fission wiki page, Site Isolation can now be enabled inside versions of Firefox Nightly, the Firefox version where new features are tested.\n \n\n \n

MICROSOFT FORCES WINDOWS 10 RESTARTS -- TO INSTALL `UNSOLICITED, UNWANTED` OFFICE APPS
2020-10-19 03:34:00       Slashdot
The Verge`s senior news editor complains that without permission, Windows 10 restarted to install `unsolicited, unwanted web app versions of Word, PowerPoint, Excel and Outlook onto my computer.` OK, it`s not as bad as when my entire computer screen got taken over by an unwanted copy of Microsoft Edge. That was truly egregious. No, this time Microsoft is merely sneaking unwanted web apps onto my PC - and using my Windows 10 Start Menu as free advertising space. Did I mention that icons for Microsoft Office apps have magically appeared in my Start Menu, even though I`ve never once installed Office on this computer? These aren`t full free copies of Office, by the way. They`re just shortcuts to the web version you could already access in any web browser of your choice, which double as advertisements to pay for a more fully featured copy... They`re the latest proof that Microsoft doesn`t respect your ownership of your own PC, the latest example of Microsoft installing anything it likes in a Windows update up to and including bloatware, and the latest example of Microsoft caring more about the bottom line than whether a few people might lose their work when Windows suddenly shuts down their PC. Luckily, I didn`t lose any work today, but a friend of mine recently did... Microsoft seems to think our computers are free advertising space, a place where it can selfishly promote its other products - even though they were told roundly in the `90s that even bundling a web browser was not OK. Now, they`re bundling a browser you can`t uninstall, and a set of PWA web apps that launch in that same browser. (Yes, they fire up Edge even if you`ve set a different browser as default.)\n \n\n \n

NORTHERN VIRGINIA SCHOOL SYSTEM HACKED, DATA HELD FOR RANSOM
2020-09-14 15:04:20       Security Week
Virginia`s Fairfax County School System has been hacked and the attackers are seeking a ransom payment to keep them from disclosing stolen personal information.

IS THE US ABOUT TO SPLIT THE INTERNET?
2020-08-27 11:36:56       Slashdot

The BBC reports: U.S. Secretary of State Mike Pompeo says he wants a `clean` internet. What he means by that is he wants to remove Chinese influence, and Chinese companies, from the internet in the U.S. But critics believe this will bolster a worrying movement towards the breaking up of the global internet. The so called `splinternet` is generally used when talking about China, and more recently Russia. The idea is that there`s nothing inherent or pre-ordained about the internet being global.

For governments that want to control what people see on the internet, it makes sense to take ownership of it. The Great Firewall of China is the best example of a nation putting up the internet equivalent of a wall around itself. You won`t find a Google search engine or Facebook in China. What people didn`t expect was that the U.S. might follow China`s lead. They`re reacting to U.S. president Trump`s executive order to block all transactions with TikTok`s parent company (starting September 20) to `address the national emergency with respect to the information and communication technology supply chain.`

An opinion piece in the New York Times calls the move a `foolish and dangerous edict` that`s `deeply misguided and unproductive` which suggests that `the United States, like China, no longer believes in a global internet.`

In the BBC`s article Alan Woodward, a security expert at the University of Surrey, calls the U.S. decision `shocking.` `The U.S. government has for a long time criticised other countries for controlling access to the internet and now we see the Americans doing the same thing.


MILLIONS OF ANDROID PHONES AT RISK DUE TO `ACHILLES` FLAW IN QUALCOMM CHIPS
2020-08-27 11:34:14       Slashdot

`Researchers have found that Qualcomm`s Snapdragon chip, one of the most widely used in Android phones, has hundreds of bits of vulnerable code that leaves millions of Android users at risk,` reports Gizmodo: To back up a bit, Qualcomm is a major chip supplier to several well-known tech companies.

In 2019, its Snapdragon series of processors could be found on nearly 40% of all Android smartphones, including high-profile flagship phones from Google, Samsung, Xiaomi, LG, and OnePlus.

Researchers from Check Point, a cybersecurity firm, found the digital signal processor (DSP) in Qualcomm Snapdragon chips had over 400 pieces of vulnerable code. The vulnerabilities, altogether dubbed `Achilles,` can impact phones in three major ways. Attackers would only have to convince someone to install a seemingly benign app that bypasses usual security measures. Once that`s done, an attacker could turn the affected phone into a spying tool. They`d be able to access a phone`s photos, videos, GPS, and location data. Hackers could potentially also record calls and turn on the phone`s microphones without the owner ever knowing.

Alternatively, an attacker could choose to render the smartphone completely unusable by locking all the data stored on it in what researchers described as a `targeted denial-of-service attack.` Lastly, bad actors could also exploit the vulnerabilities to hide malware in a way that would be unknown to the victim, and unremovable.

Part of why so many vulnerabilities were found is that the DSP is a sort of `black box.` It`s difficult for anyone other than the manufacturer of the DSP to review what makes them work...

The article notes that Qualcomm has no evidence of the vulnerability being exploited in the wild, adding that the company has `reportedly since fixed the issue.` But they also note that it`s still up to individual phone makers to push out the relavant security paches, `which could take some time.


MICROSOFT WILL BID FAREWELL TO INTERNET EXPLORER AND LEGACY EDGE IN 2021
2020-08-18 10:14:24       Slashdot

Microsoft will end support for Internet Explorer 11 across its Microsoft 365 apps and services next year.

The Verge reports: In exactly a year, on August 17th, 2021, Internet Explorer 11 will no longer be supported for Microsoft`s online services like Office 365, OneDrive, Outlook, and more. Microsoft is also ending support for Internet Explorer 11 with the Microsoft Teams web app later this year, with support ending on November 30th. While it`s still going to take some time to pry enterprise users of Internet Explorer 11 away, Microsoft is hoping that the new Internet Explorer legacy mode in the Chromium-based Microsoft Edge browser will help. It will continue to let businesses access old sites that were specifically built for Internet Explorer, until Microsoft fully drops support for Internet Explorer 11 within Windows 10. Microsoft`s move to stop supporting Internet Explorer 11 with its main web properties is a good first step, though.

Alongside the support changes, Microsoft is also planning to drop support for its existing legacy version of Microsoft Edge on March 9th, 2021. After the end of support date, the legacy version of Edge will no longer receive security updates. Microsoft has been moving existing Windows 10 users over to new its Chromium-based Edge browser, and the company says new devices and future Windows feature updates will all include the new Edge browser.


WINDOWS 10: HOSTS FILE BLOCKING TELEMETRY IS NOW FLAGGED AS A RISK
2020-08-04 10:03:00       Slashdot
AmiMoJo writes: Starting at the end of July, Microsoft has begun detecting HOSTS files that block Windows 10 telemetry servers as a `Severe` security risk. Windows 10 users are reporting that Windows Defender had started detectingmodified HOSTS files as a `SettingsModifier:Win32/HostsFileHijack` threat. So it seems that Microsoft had recently updated their Microsoft Defender definitions to detect when their servers were added to the HOSTS file. Users who utilize HOSTS files to block Windows 10 telemetry suddenly caused them to see the HOSTS file hijack detection. Users who intentionally modify their HOSTS file can allow this `threat,` but it may enable all HOSTS modifications, even malicious ones, going forward.\n \n\n \n

RED HAT SECURITY UPDATE RENDERS SYSTEMS UNBOOTABLE
2020-07-31 11:20:00       Slashdot
PAjamian writes: A recently released Red Hat update for the BootHole Vulnerability (firehose link) is causing systems to become unbootable. It is widely reported that updates to the shim, grub2 and kernel packages in RHEL and CentOS 7 and 8 are leaving various systems that use secure boot unbootable. Current recommendations are to avoid updating your system until the issue is resolved, or at least avoid updating the shim, grub2 and kernel packages. Update, shared by PAjamian: Red Hat is now recommending that users do not apply grub2, fwupd, fwupdate or shim updates until new packages are available.\n \n\n \n

MICROSOFT TO REMOVE ALL SHA-1 WINDOWS DOWNLOADS NEXT WEEK
2020-07-30 14:04:00       Slashdot
Microsoft announced this week plans to remove all Windows-related file downloads from the Microsoft Download Center that are cryptographically signed with the Secure Hash Algorithm 1 (SHA-1). From a report: The files will be removed next Monday, on August 3, the company said on Tuesday. The OS maker cited the security of the SHA-1 algorithm for the move. `SHA-1 is a legacy cryptographic hash that many in the security community believe is no longer secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks,` it said. Most software companies have recently begun abandoning the SHA-1 algorithm after a team of academics broke the SHA-1 hashing function at a theoretical level in February 2016.\n \n\n \n

ADOBE FLASH PLAYER END OF LIFE
2020-06-24 13:36:40      
Adobe will stop distributing and updating Flash Player after December 31, 2020 with three years advance notice, we believed that would allow sufficient time for developers, designers, businesses, and other parties to migrate existing Flash content as needed to new, open standards Adobe will be removing Flash Player download pages from its site and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.

ETERNAL DARKNESS FLAW IN WINDOWS 10
2020-06-10 10:58:03      

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning that hackers are actively exploiting a previously patched flaw in Windows 10 that goes by multiple names, among them Eternal Darkness and SMBGhost. Both sound ominous, and for good reason. If left unpatched, an attacker could gain unauthorized remote access to a target system and wreak havoc.

Even though this was patched in March, a user on Twitter recently posted a proof-of-concept exploit to GitHub that allows an attacker to execute malicious code remotely, along with a video showcasing the exploit. This code has been used in the wild to attack Windows 10 PCs that have not been patched recently.


BEWARE OF EMAILS IMPERSONATING `MICROSOFT TEAMS` NOTIFICATIONS
2020-05-04 11:37:44       Slashdot

Researchers at the email security company Abnormal Security have discovered `a multi-prong Microsoft Teams impersonation attack` involving `convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams,` reports Forbes:

The aim, simply to steal employee Microsoft Office 365 login credentials. To date, the researchers report that as many as 50,000 users have been subject to this attack as of May 1.

This is far from your average phishing scam, however, and comes at precisely the right time to fool already stressed and somewhat disoriented workers. Instead of the far more commonly used `sort of look-alike` alerts and notifications employed by less careful cybercriminals, this new campaign is very professional in approach. `The landing pages that host both attacks look identical to the real webpages, and the imagery used is copied from actual notifications and emails from this provider,` the researchers said. The attackers are also using newly-registered domains that are designed to fool recipients into thinking the notifications are from an official source...

As far as the credential-stealing payload is concerned, this is delivered in an equally meticulous way. With multiple URL redirects employed by the attackers, concealing the real hosting URLs, and so aiming to bypass email protection systems, the cybercriminals will eventually drive the user to the cloned Microsoft Office 365 login page.


HACKERS UPDATE AGE-OLD EXCEL 4.0 MACRO ATTACK
2020-04-20 13:28:56       Threatpost

XLS files sent via emails appear password protected but arent, opening automatically to install malware from compromised macros, according to researchers.

Beware of XLS files sent from unknown sources or unexpectantly from know ones.

When in doubt, confirm with the sender via phone, email or other means.


SERIOUS VULNERABILITIES PATCHED IN CHROME, FIREFOX
2020-04-09 17:01:43       Security Week
Both Google and Mozilla released new versions of their browsers this week, addressing a variety of high-severity vulnerabilities, some of which could lead to remote code execution.

U.S. GOVERNMENT: UPDATE CHROME 80 NOW, MULTIPLE SECURITY CONCERNS CONFIRMED
2020-04-05 17:08:34       SlashDot

Part of America`s Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) `has advised users to update Google Chrome as new high-rated security vulnerabilities have been found,` reports Forbes:

In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 `addresses vulnerabilities that an attacker could exploit to take control of an affected system,` be that Windows, Mac or Linux. It went on to state that it `encourages` users and administrators to apply the update. It`s not just CISA that is warning about the need to update Google Chrome. The Center for Internet Security (CIS) is a non-profit entity that works to safeguard both private and public organizations against cyber threats. In a multi-state information sharing and analysis center (MS-ISAC) advisory, it has also warned of multiple vulnerabilities in Google Chrome.

The most severe of these could allow an attacker to achieve arbitrary code execution within the context of the browser... All it would take for an attacker to exploit the vulnerabilities is to get the user to visit, by way of a phishing attack or even redirection from a compromised site, a maliciously crafted web page.

Beside three high-rated vulnerabilities, Forbes reports that `a further five security vulnerabilities were discovered by the Google internal security team using a combination of internal audits and fuzzing.`


MOZILLA PATCHES CRITICAL VULNERABILITIES IN FIREFOX, FIREFOX ESR
2020-04-04 15:33:20       CERT/CC

Original release date: April 3, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Mozilla`s security advisory for Firefox 74.0.1 and Firefox ESR 68.6.1 and apply the necessary updates.n


ZOOM VIDEO CONFERENCING
2020-04-02 11:43:19      

Security and privacy issues revolving around the Zoom video conferencing software continue to grow.

Please consider Zoom as non-approved for MABB computers.

If you MUST video conference, consider using Skype instead.

https://www.skype.com/en/get-skype/

WATCH OUT: THIS VERIZON SMISHING SCAM IS CRAZY REALISTIC
2020-02-16 10:10:56      

The scam text message says, `Your Verizon account security needs validation` and invites you to tap a link to `validate your account.` Once you do, you end up at a phishing website that looks almost exactly like Verizon`s real website. The fake website asks for your My Verizon mobile number or user ID and password. After you provide those, it`ll ask for your account PIN. Finally, it requests all your personal details to `identify yourself.`

For smishing scams, this is convincing work. The website looks real and authentic - if you don`t look too hard at the address, which isn`t actually Verizon`s actual website... At the end of the process, the phishing website thanks you for providing your information and `redirects you to the home page.` For maximum deception, the phishing website actually redirects you to Verizon`s real website at the end of the process. If you don`t look too close, you might be deceived into thinking you were on Verizon`s website the whole time.

What`s the game? We didn`t provide real Verizon account details, so we can`t say for sure. The scammer will probably try to take over your Verizon account, order smartphones on credit, and stick you with the bill.


HUGE JAVA AND OTHER ORACLE PRODUCT PATCH
2020-01-16 17:12:53       The Register
House of Larry delivers massive update for 93 products. Oracle has released a sweeping set of security patches across the breadth of its software line.

CRITICAL WINDOWS UPDATES RELEASED
2020-01-14 15:18:16      

Monthly updates for Windows and other Microsoft products have been released. Included are critical updates to the cryptographic library for Windows 10 and Server 2016. It is essentail that these are installed in a timely manner.

Leave your laptop/desktop on, online and logged out over night for the next several days AND check manually to ensure that you have all updates installed.

Do NOT depend solely on alerts from IT.

This month also marks the end of life of support for Windows 7. This month`s will be the last offical updates for that operating system.

You are advised to stop using Windows 7 online in any capacity.


CRYPTIC RUMBLINGS AHEAD OF FIRST 2020 PATCH TUESDAY
2020-01-14 12:03:09       Slashdot
Brian Krebs:

Sources tell KrebsOnSecurity that Microsoft is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles `certificate and cryptographic messaging functions in the CryptoAPI.` The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates.

NSA said on Tuesday that it spotted the vulnerability and reported it to Microsoft. NSA said Microsoft will report later today that it has seen no active exploitation of this vulnerability. NSA`s Director of Cybersecurity, Anne Neuberger, says the critical cryptographic vulnerability resides in Windows 10 and Windows Server 2016, and that the concern about this particular flaw is that it `makes trust vulnerable.`


MOZILLA PATCHES CRITICAL VULNERABILITY
2020-01-08 14:58:42       CERT/CC
Original release date: January 8, 2020 \nMozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.\n \nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.\n This product is provided subject to this Notification and this Privacy and amp; Use policy.\n

`IRANIAN HACKERS` CLAIM BREACH OF US GOVT WEBSITE
2020-01-06 10:42:36       Security Week
A group claiming to be hackers from Iran breached the website of a little-known US government agency on Saturday and posted messages vowing revenge for Washington`s killing of top military commander Qasem Soleimani.

FAKE WINDOWS UPDATE DELIVERS CYBORG RANSOMWARE
2019-11-19 13:19:33       Security Week

A malicious spam campaign that informs victims it contains a critical Windows update instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants.

The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, researchers unveiled in a blog post on Tuesday. For instance, the attached file purports to be in .jpg format, even though it opens an .exe file.

Another unique aspect is that the emails contain a two-sentence subject, Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update! but it has just one sentence in its email body, researchers said. Typically, malicious emails include a longer, socially engineered message intended to lure victims into clicking malicious files.

https://threatpost.com/windows-update-cyborg-ransomware/150407/

PHISHING ATTACKS AT HIGHEST LEVEL IN THREE YEARS
2019-11-07 15:26:36       Net-Security

The number of phishing attacks continued to rise into the autumn of 2019, according to APWG. The total number of phishing sites detected in July through September 2019 was 266,387.

This was up 46 percent from the 182,465 seen in the second quarter of 2019, and almost double the 138,328 seen in Q4 2018. This is the worst period for phishing that the APWG has seen in three years, since the fourth quarter of 2016.

more


ANDROID BUG LETS HACKERS PLANT MALWARE VIA NFC BEAMING
2019-11-05 10:58:28       Slashdot

Google patched last month an Android bug that can let hackers spread malware to a nearby phone via a little-known Android OS feature called NFC beaming. NFC beaming works via an internal Android OS service known as Android Beam. This service allows an Android device to send data such as images, files, videos, or even apps, to another nearby device using NFC (Near-Field Communication) radio waves, as an alternative to WiFi or Bluetooth. Typically, apps (APK files) sent via NFC beaming are stored on disk and a notification is shown on screen. The notification asks the device owner if he wants to allow the NFC service to install an app from an unknown source. But, in January this year, a security researcher named Y. Shafranovich discovered that apps sent via NFC beaming on Android 8 (Oreo) or later versions would not show this prompt. Instead, the notification would allow the user to install the app with one tap, without any security warning.

The CVE-2019-2114 bug resided in the fact that the Android Beam app was also whitelisted, receiving the same level of trust as the official Play Store app. Google said this wasn`t meant to happen, as the Android Beam service was never meant as a way to install applications, but merely as a way to transfer data from device to device. The October 2019 Android patches removed the Android Beam service from the OS whitelist of trusted sources. However, many millions of users remain at risk. If users have the NFC service and the Android Beam service enabled, a nearby attacker could plant malware (malicious apps) on their phones.

Since most newly-sold devices have the NFC feature enabled by default, you`ll have to disable Android Beam and NFC or update your phone to receive the October 2019 security updates if you want to protect yourself from this bug.


KEEPING PERSONAL AND BUSINESS DATA SECURE
2019-10-23 16:21:50      

People are curious. They simply cannot resist peeking at others` screens, reading unattended documents in printers, and otherwise sticking their noses anywhere and everywhere.

A recent study indicates that a large percentage of people make efforts to protect their own information, but routinely `invade` the information of others. Old-timers will recognize `Mrs. Kravitz` as the nosy neighbor lady on the `60s TV show `Bewitched` as a great example of this curiosity getting the better of people.

The take-away from the study is that you might want to alter some of your habits:

  • Don`t leave documents in the printer for longer than necessary.
  • Pay attention to who`s around you when you use your phone or computer.
  • Lock or log out of your computer or phone when you are away from it.
  • You might also be a little more conscious of other people`s privacy, and reign in your own innate curiosity. Do you really need to know private details of your co-workers` personal lives that they haven`t elected to share with you? Ask yourself how you would feel if the roles were reversed?

    Obviously, all this applies to company data as well, along with the added aspect that mishandling of information could have ramifications on the future of the company and your own personal trajectory.


    ATTACKERS EXPLOIT NEW 0-DAY VULNERABILITY GIVING FULL CONTROL OF ANDROID PHONES
    2019-10-06 13:59:58       Slashdot

    Attackers are exploiting a zero-day vulnerability in Google`s Android mobile operating system that can give them full control of at least 18 different phone models, reports Ars Technica, including four different Pixel models, a member of Google`s Project Zero research group said on Thursday night. The post also says there`s evidence the vulnerability is being actively exploited.

    An anonymous reader quotes Ars Technica:

    Exploits require little or no customization to fully root vulnerable phones. The vulnerability can be exploited two ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content. `The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device,` Stone wrote. `If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox....`

    Google representatives wrote in an email: `Pixel 3 and 3a devices are not vulnerable to this issue, and Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming days. Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue.`

    The use-after-free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren`t explained in the post, the patches never made their way into Android security updates.

    https://arstechnica.com/information-technology/2019/10/attackers-exploit-0day-vulnerability-that-gives-full-control-of-android-phones/

    HACKERS TURN TO OPENDOCUMENT FORMAT TO AVOID AV DETECTION
    2019-10-02 09:47:14       ThreatPost
    Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users. Please assign the same cautions to ODT files and other OpenOffice documents that you would to Microsoft Office documents and PDFs. More: https://threatpost.com/hackers-turn-to-opendocument/148817/

    HACK BREAKS PDF ENCRYPTION, OPENS CONTENT TO ATTACKERS
    2019-10-02 09:30:16       ThreatPost

    PDFex can bypass encryption and password protection in most PDF readers and online validation services, allowing unauthorized parties to read content and forge documents.

    Expect updates for Adobe Acrobat, Firefox, and other applications with PDF soon.

    In the meantime, be wary of apparently signed and verified PDF files and do not depend exclusively on PDF encryption to protect company information.

    More information here: https://threatpost.com/hack-breaks-pdf-encryption/148834/.


    APPLE HITS BACK AT GOOGLE OVER IPHONE HACK REPORT
    2019-09-09 06:01:51       Silicon Security
    Fight, fight. Google security researchers overstated the level of threat to iPhone users, Apple alleges

    GOOGLE SAYS HACKERS HAVE PUT `MONITORING IMPLANTS` IN IPHONES FOR YEARS
    2019-08-31 13:04:53       Slashdot

    An unprecedented iPhone hacking operation, which attacked `thousands of users a week` until it was disrupted in January, has been revealed by researchers at Google`s external security team. From a report:

    The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones.

    Once hacked, the user`s deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device`s keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: `Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device.`

    more

    INTERNET EXPLORER 11 END OF LIFE
    2019-08-22 14:19:50      

    Internet Explorer 11 is being less and less updated by Microsoft. They obviously would like to see it go away.

    We are trusting it less each day to remain safe and secure. It also is woefully short on support for modern web technologies like HTML5 and CSS3.

    Please start using Firefox as your default and primary browser. The Bookmark manager in Firefox should help you import your Favorites from Internet Explorer without much heartache.

    Most laptops should already have Firefox installed. Just allow it to be your default browser, and hold IE11 in reserve for any sites that you access that still require Java or other old technologies not supported by Firefox.


    HACKERS CAN BREAK INTO AN IPHONE JUST BY SENDING A TEXT
    2019-08-08 23:10:03      

    https://media.wired.com

    Casey Chin

    When you think about how hackers could break into your smartphone, you probably imagine it would start with clicking a malicious link in a text, downloading a fraudulent app, or some other way you accidentally let them in. It turns out that`s not necessarily sonot even on the iPhone, where simply receiving an iMessage could be enough to get yourself hacked.

    At the Black Hat security conference in Las Vegas on Wednesday, Google Project Zero researcher Natalie Silvanovich is presenting multiple so-called `interaction-less` bugs in Apple`s iOS iMessage client that could be exploited to gain control of a user`s device. And while Apple has already patched six of them, a few have yet to be patched.


    ONLY YOU CAN PREVENT RANSOMWARE!
    2019-07-30 22:59:08      

    Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. Sometimes all it takes is one unsuspecting user to infect an entire organization.

    The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victims computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since were dealing with criminals here, paying the ransom doesnt ensure access will be restored.

    Ransomware is the online form of the bullys game of keep-away. The bully could hold your personal files hostage, keeping you from your documents, photos, and financial information. Those files are still on your computer, right in front of you, but theyre encrypted now, making them unreadable. In 2017, the average ransom demand was US$522 a high price to pay for getting your own property back.

    Types of ransomware

    Ransomware can come in many shapes and sizes. Some variants may be more harmful than others, but they all have one thing in common: a ransom. The five types of ransomware are:

    • Crypto malware. This is a well-known form of ransomware and can cause a great deal of damage. One of the most familiar examples is the 2017 WannaCry ransomware attack, which targeted thousands of computers around the world and spread itself within corporate networks globally.
    • Lockers. This kind of ransomware is known for infecting your operating system to completely lock you out of your computer, making it impossible to access any of your files or applications.
    • Scareware. This is fake software that acts like an antivirus or a cleaning tool. Scareware often claims to have found issues on your computer, demanding money to resolve the issue. Some types of scareware lock your computer, while others flood your screen with annoying alerts and pop-up messages.
    • Doxware. Commonly referred to as leakware, doxware threatens to publish your stolen information online if you dont pay the ransom. As more people store sensitive files and personal photos on their computers, its understandable that many individuals panic and pay the ransom when their files have been hijacked.
    • RaaS. Otherwise known as Ransomware as a Service, RaaS is a type of malware hosted anonymously by a hacker. These criminals handle everything from distributing the ransomware and collecting payments to managing decryptors software that restores data access in exchange for their cut of the ransom.

    Ransomware remains a popular means of attack, and new ransomware families are discovered every year. Reported attacks in the U.S. dropped from 2,673 in 2016 to 1,783 in 2017. However, the threat of ransomware is still incredibly active on the internet, so you should take precautions to help avoid becoming a victim.

    Dos and donts of ransomware:

    Ransomware is a profitable market for cybercriminals and can be difficult to stop. Prevention is the single most important aspect of protecting your personal data. To deter cybercriminals and help protect yourself from a ransomware attack, keep in mind these dos and donts:

    • Do use security software. To help protect your data, install and use a trusted security suite that offers more than just antivirus features.
    • Do keep your security software up to date. New ransomware variants appear on a regular basis, so having up-to-date internet security software will help protect you against cyberattacks.
    • Do update your operating system and other software. Software updates frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
    • Dont automatically open email attachments. Email is one of the main methods for delivering ransomware. Avoid opening emails and attachments from unfamiliar or untrusted sources.
    • Do be wary of any email attachment that advises you to enable macros to view its content. Once enabled, macro malware can infect multiple files. Unless you are absolutely sure the email is genuine, from a trusted source, delete the email.
    • Do back up important data to an external hard drive. Attackers can gain leverage over their victims by encrypting valuable files and making them inaccessible. If the victim has backup copies, the hacker no longer holds the upper hand. Backup files allow victims to restore their files once the infection has been cleaned up. Ensure that backups are appropriately protected or stored offline so that attackers cant access them.
    • Do use cloud services. This can help mitigate a ransomware infection, since many cloud services retain previous versions of files, allowing you to roll back to the unencrypted form.
    • Dont pay the ransom. You could be wondering, But wont I get my files back if I pay the ransom? You might, but you might not. Sensing desperation, a cybercriminal could ask you to pay again and again, extorting money from you but never releasing your data.

    Ransomware bullies make a living by preying on the innocent. With new ransomware variants popping up frequently, you want to do what you can to minimize your exposure. By following these simple dos and donts, you can help protect your computer data and personal information from ransomware.


    YOUTUBE POLICY ON REMOVING INSTRUCTIONAL HACKING CONTENT CAUSES INFOSEC COMMUNITY OUTRAGE
    2019-07-04 05:25:25       incidents.org

    MICROSOFT PATCHES `WORMABLE` FLAW IN WINDOWS XP, 7 AND WINDOWS 2003
    2019-05-14 17:30:00       Slashdot
    Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a `wormable` flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017. From a report: The vulnerability (CVE-2019-0708) resides in the `remote desktop services` component built into supported versions of Windows, including Windows 7, Windows Server 2008 R2, and Windows Server 2008. It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updates. Microsoft said the company has not yet observed any evidence of attacks against the dangerous security flaw, but that it is trying to head off a serious and imminent threat.\n \n\n \n

    INTEL CPUS RELEASED IN LAST 8 YEARS IMPACTED BY NEW ZOMBIELOAD SIDE-CHANNEL ATTACK
    2019-05-14 13:22:00       Slashdot
    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. From a report: The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow. Just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process. Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU`s microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. [...] In a research paper published today, academics say that all Intel CPUs released since 2011 are most likely vulnerable. Processors for desktops, laptops, and (cloud) servers are all impacted, researchers said on a special website they`ve set up with information about the Zombieload flaws.\n \n\n \n

    A GLITCH IS BREAKING ALL FIREFOX EXTENSIONS
    2019-05-04 18:56:13       Slashdot
    UPDATE: This appears to be resolved.
    Did you just open Firefox only to find all of your extensions disabled and/or otherwise not working? You`re not alone, and it`s nothing you did. From a report: Reports are pouring in of a glitch that has spontaneously disabled effectively all Firefox extensions. Each extension is now being listed as a `legacy` extension, alongside a warning that it `could not be verified for use in Firefox and has been disabled.` A ticket submitted to Mozilla`s Bugzilla bug tracker first hit at around 5:40 PM Pacific, and suggests the sudden failure is due to a code signing certificate built into the browser that expired just after 5 PM (or midnight on May 4th in UTC time). Because the glitch stems from an underlying certificate, re-installing extensions won`t work -- if you try, you`ll likely just be met with a different error message. Getting extensions back for everyone is going to require Mozilla to issue a patch.

    MICROSOFT BLOCKS WINDOWS 2019 UPDATE ON PCS THAT USE USB STORAGE OR SD CARDS
    2019-05-04 09:55:37       Slashdot
    Microsoft has published a support document today warning Windows 10 users that the impending May 2019 Update may not install on their systems if they use external USB storage devices or SD cards. From a report: The OS maker cited problems with `inappropriate drive reassignment` as the main reason for blocking the May 2019 Update. `Inappropriate drive reassignment can occur on eligible computers that have an external USB device or SD memory card attached during the installation of the May 2019 update,` the company said. `For this reason, these computers are currently blocked from receiving the May 2019 Update.`

    MOZILLA SAYS IT WILL BAN FIREFOX ADD-ONS WITH OBFUSCATED CODE
    2019-05-02 13:01:00       Slashdot
    DarkRookie2 writes: As Mozilla continues to try to make it safer than ever to use Firefox, the organization has updated its Add-on Policy so that any updates that include obfuscated code are explicitly banned. Mozilla has also set out in plain terms its blocking process for add-ons and extensions. While there is nothing surprising here, the clarification should mean that there are fewer causes for disputes when an add-on is blocklisted. The updated Add-on policy comes into force on June 10, so add-on developers have a little more than a month to take note of the changes and comply. Mozilla says that the move is designed to help it better deal with malicious extensions. Mozilla also plans to be more aggressive towards taking down extensions that break its policies, with a heavy focus on security issues. ZDNet adds: [...] Starting with June 10, Mozilla`s team will also be more aggressive in blocking and disabling Firefox add-ons in users` browsers that are found to be violating one of the company`s policies.`We will continue to block extensions for intentionally violating our policies, critical security vulnerabilities, and will also act on extensions compromising user privacy or circumventing user consent or control,` Nieman said.\n \n\n \n

    PUTIN SIGNS LAW TO CREATE AN INDEPENDENT RUSSIAN INTERNET
    2019-05-02 12:05:00       Slashdot
    Russia is one step closer to creating its own, independent internet -- at least legally speaking. Russian President Vladimir Putin has signed into law new measures that would enable the creation of a national network, able to operate separately from the rest of the world, according to documents posted on a government portal this week. From a report: For now, the network remains largely theoretical though, with few practical details disclosed. In concept, the new law aims to protect Russia from foreign online restrictions by creating what the Kremlin calls a `sustainable, secure and fully functioning` local internet. The legislation takes effect in November, state news agency RIA-Novosti reported. According to a summary from RIA-Novosti, the law calls for the creation of a monitoring and a management center supervised by Roskomnadzor, Russia`s telecoms agency. The state agency will be charged with ensuring the availability of communication services in Russia in extraordinary situations. During such situations, it would also be empowered to cut off external traffic exchange, creating a purely Russian web.\n \n\n \n

    INTERNET EXPLORER ZERO-DAY LETS HACKERS STEAL FILES FROM WINDOWS PCS
    2019-04-12 06:26:20       incidents.org

    WINDOWS 10 COULD AUTOMATICALLY UNINSTALL BUGGY WINDOWS UPDATES
    2019-03-12 18:50:00       Slashdot
    Microsoft is reportedly working on a new functionality that will automatically remove botched updates from Windows 10 to fix startup issues and other bugs preventing the PC from booting. `The support document was quietly published a couple of hours ago and for some reasons, Microsoft has also blocked the search engines from crawling or indexing the page,` reports Windows Latest. `In the document, Microsoft explains that Windows may automatically install updates in order to keep your device secure and smooth.` From the report: Due to various reasons, including software and driver compatibility issues, Windows Updates are vulnerable to mistakes and hardware errors. In some cases, Windows Update may fail to install. After installing a recent update, if your PC experience startup failures and automatic recovery attempts are unsuccessful, Windows may try to resolve the failure by uninstalling recently installed updates. In this case, users may receive a notification with the following message: `We removed some recently installed updates to recover your device from a startup failure.` Microsoft says that Windows will also automatically block the problematic updates from installing automatically for the next 30 days. During these 30 days, Microsoft and its partners will investigate the failure and attempt to fix the issues. When the issues are fixed, Windows will again try to install the updates. Users still have the freedom to reinstall the updates. If you believe that the update should not be removed, you can manually reinstall the driver or quality updates which were uninstalled earlier.\n \n\n \n

    MICROSOFT WILL NOW PESTER WINDOWS 7 USERS TO UPGRADE TO WINDOWS 10 WITH POP-UPS
    2019-03-12 13:27:00       Slashdot
    Mark Wilson writes: Anyone who is still using Windows 7 doesn`t have much longer until the operating system is no longer supported by Microsoft. Come January 14, 2020 only those enterprise customers who are willing to pay for Extended Security Updates will receive any kind of support. Microsoft has already done a lot to encourage Windows 7 diehards to make the move to Windows 10, and now it is stepping things up a gear. Throughout 2019, the company will show pop-up notifications in Windows 7 about making the switch to the latest version of Windows.\n \n\n \n

    CHECK IF YOUR ACCOUNT WAS PART OF A DATA BREACH
    2019-02-25 15:26:47       dragon
    Check if you have an account that has been compromised in a data breach at Have I Been PWNed.

    SCAN SUSPICIOUS FILES WITH MULTIPLE ANTIVIRUS SCANNERS
    2019-02-25 15:26:34       dragon
    Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.

    NEW BROWSER ATTACK LETS HACKERS RUN BAD CODE EVEN AFTER USERS LEAVE A WEB PAGE
    2019-02-25 14:03:02       incidents.org
    Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users` browsers even after users have closed or navigated away from the web page on which they got infected.

    ICANN WARNS OF `ONGOING AND SIGNIFICANT` ATTACKS AGAINST INTERNET`S DNS INFRASTRUCTURE
    2019-02-25 09:00:00       Slashdot

    The internet`s address book keeper has warned of an `ongoing and significant risk` to key parts of the domain name system infrastructure, following months of increased attacks.

    From a report: The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of `multifaceted attacks utilizing different methodologies.` It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.

    ICANN`s chief technology officer David Conrad told the AFP news agency that the hackers are `going after the Internet infrastructure itself.` The internet organization`s solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that`s more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult -- though not impossible -- to spoof.