Select Page
Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Microsoft Releases Patches For Critical Windows TCP/IP and Other Bugs

Microsoft on Tuesday issued fixes for 87 newly discovered security vulnerabilities as part of its October 2020 Patch Tuesday, including two critical remote code execution (RCE) flaws in Windows TCP/IP stack and Microsoft Outlook.

The flaws, 11 of which are categorized as Critical, 75 are ranked Important, and one is classified Moderate in severity, affect Windows, Office and Office Services and Web Apps, Visual Studio, Azure Functions, .NET Framework, Microsoft Dynamics, Open Source Software, Exchange Server, and the Windows Codecs Library.

Although none of these flaws are listed as being under active attack, six vulnerabilities are listed as publicly known at the time of release.

Chief among the most critical bugs patched this month include CVE-2020-16898 (CVSS score 9.8). According to Microsoft, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer to exploit the RCE flaw in the TCP/IP stack to execute arbitrary code on the target client or server.

According to McAfee security experts, ‘this type of bug could be made wormable,’ allowing hackers to launch an attack that can spread from one vulnerable computer to another without any human interaction.

 

 

 

images from Hacker News

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware’s back-end infrastructure.

The joint collaboration, which involved Microsoft’s Digital Crimes Unit, Lumen’s Black Lotus LabsESET, Financial Services Information Sharing and Analysis Center (FS-ISAC), NTT, and Broadcom’s Symantec, was undertaken after their request to halt TrickBot’s operations was granted by the US District Court for the Eastern District of Virginia.

The development comes after the US Cyber Command mounted a campaign to thwart TrickBot’s spread over concerns of ransomware attacks targeting voting systems ahead of the presidential elections next month. Attempts aimed at impeding the botnet were first reported by KrebsOnSecurity early this month.

Microsoft and its partners analysed over 186,000 TrickBot samples, using it to track down the malware’s command-and-control (C2) infrastructure employed to communicate with the victim machines and identify the IP addresses of the C2 servers and other TTPs applied to evade detection.

images from Hacker News

A Self-Service Password Reset Project Can Be A Quick Win For IT

A Self-Service Password Reset Project Can Be A Quick Win For IT

Since the beginning of this year, organizations’ IT staff have faced numerous challenges and an increased workload as a result of the global pandemic and shift to a mainly remote workforce.

Supporting end-users that are now working from home has introduced new challenges in troubleshooting since it isn’t as simple as visiting an end user’s desk to resolve issues as they arise.

One support issue common to both on-premises and remote end-users is password resets and other account-related activities. These include accounts that are locked out, passwords that have expired, and password changes.

Implementing a self-service password reset (SSPR) solution can be a quick win for IT staff who are now supporting both on-premises and remote workers and taking care of other normal daily tasks.

Let’s look at why SSPR solutions can lead to quick results in lowering the overall support burden on IT staff.

Increased Strain On IT Staff

The global pandemic this year has been challenging for just about everyone. Most have seen adjustments, cutbacks, increased duties, and other changes resulting from the impact of Covid-19. Earlier this year, as the global pandemic unfolded, IT staff were tasked with effectively providing remote access to resources almost overnight. This led to many tense days as IT staff may have struggled to make this possible for all remote employees technically.

images from Hacker News

Watch Out — Microsoft Warns Android Users About A New Ransomware

Watch Out — Microsoft Warns Android Users About A New Ransomware

Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android’s Home button to lock the device behind a ransom note.

The findings concern a variant of a known Android ransomware family dubbed “MalLocker.B” which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions.

The development comes amid a huge surge in ransomware attacks against critical infrastructure across sectors, with a 50% increase in the daily average of ransomware attacks in the last three months compared to the first half of the year, and cybercriminals increasingly incorporating double extortion in their playbook.

MalLocker has been known for being hosted on malicious websites and circulated on online forums using various social engineering lures by masquerading as popular apps, cracked games, or video players.

Previous instances of Android ransomware have exploited Android accessibility features or permission called “SYSTEM_ALERT_WINDOW” to display a persistent window atop all other screens to display the ransom note, which typically masquerade as fake police notices or alerts about purportedly finding explicit images on the device.

images from Hacker News

55 New Security Flaws Reported in Apple Software and Services

55 New Security Flaws Reported in Apple Software and Services

A team of five security researchers analysed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to “fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September.

After they were responsibly disclosed to Apple, the iPhone maker took steps to patch the flaws within 1-2 business days, with a few others fixed within a short span of 4-6 hours.

So far, Apple has processed about 28 of the vulnerabilities with a total payout of $288,500 as part of its bug bounty program.

images from Hacker News