Chrome 0 Day Halloween Exploit

For the second time this year, Google has released information urging everyone to update to the latest version of Google Chrome to combat a 0 Day vulnerability found in previous versions.

Most configurations of Chrome should be auto updating but it is suggested to push out the updated version which is 78.0.3904.87

As stated in the ZDNet.com article here

Per Kaspersky, the zero-day was found being deployed on user devices via a Korean-language news portal. The Russian antivirus company said it couldn’t link the zero-day’s use to a specific hacking group, although there are some code similarities with past North Korean malware. The company is tracking the current attacks using this zero-day under a codename of “Operation WizardOpium.”

Bottom line, the odds of being affected by this are very slim but nevertheless its worth the due diligence and ensuring you are all patched up!

 

Big update release out of nowhere

So AskWoody.com is reporting that Microsoft has released over 50 security updates out of the blue aimed that fixing the numerous issues stemming from the previous update cycles.  Needless to say that the last couple of months has been disastrous from a patching perspective.

Check out the details here and let us know what you have been experiencing in the environments you’re managing.

National Cybersecurity Awareness Month is here!

The theme for this year as stated on the official website

NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.

A bonus for this year includes a custom “toolkit” aimed at making things easier for users to properly lockdown their PC.  Check it out here and let us know what you think!

Internet Explorer Zero Day & Defender bug Exploit

For those of you that may not be aware of this, Microsoft has released an out-of-band (OOB) update aimed at fixing vulnerabilities in Internet Explorer and Windows Defender.  According to ZDNet.com, the IE update will have to be applied manually whereas Windows Defender will receive it automatically.

My takeaway from this article (found here) is whether this truly warranted Microsoft going out of their way to publish this separately and not as a part of Patch Tuesday.  After all, Internet Explorer has an approximate market share of less than 2% worldwide as cited in the article but then again I wonder what percentage of those utilizing the legacy browser are machines currently being used by governments or other high level entities across the world…food for thought!

Voting Machines running Windows 7?!?!

Great news everyone!  Microsoft has decided that they will ensure whatever voting machines running the soon to be obsolete Windows 7 will receive security updates about a year after it reaches end of life status.

If you can “read” the sarcasm in the previous paragraph , I promise that I really tried to hide it.  Please tell me how the fuck the richest country in the world can allow for an operating system on the verge of obsolescence is to be trusted to run on voting machines that are spread throughout the country.  Oh yeah, Microsoft and the US government will try to spin this as a positive but the reality is that they should have been replaced, removed, burned, torched, annihilated, etc. a long time ago.

Let’s wake up America…there is absolutely no reason why we cannot take care of this like RIGHT NOW!!!

Read more about this here!

 

Ransomware Hits Numerous Texas Cities

NPR is reporting that twenty two cities within the state of Texas have been hit with ransomware that have severely handicapped their technical operations.

The city of Keene, Texas was hit so bad that the mayor has gone on record stating that “just about everything we do at City Hall is impacted”.

This is yet another reminder of just how important it is for local, county, state, and federal governments to invest in and commit to CyberSecurity.

Check out the full story here detailing the current situation as well as recapping past events within the last year.

Security flaws with hardware drivers

At DEFCON 27 in Las Vegas, there was a talk of how common design flaws have been identified in over 40 kernel drivers covering about 20 vendors.  In my opinion, its another example of just how important it is to be thinking about CyberSecurity at all times and with all devices.

 for Zero Day reports that according to security researchers at Eclypsium:

The common design flaws is that low-privileged applications can use legitimate driver functions to execute malicious actions in the most sensitive areas of the Windows operating system, such as the Windows kernel.

And from Mickey Shkatov, Principal Researcher at Eclypsium:

“There are a number of hardware resources that are normally only accessible by privileged software such as the Windows kernel and need to be protected from malicious read/write from userspace applications.”

AND

“The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft.”

Check out the full article here for more details!

More Spectre / Meltdown Issues

So it appears that there was a recent Spectre / Meltdown patch included in July’s slate of security updates.  Although there are still no documented exploits of this “in the wild”, it’s still worth the read.

 

08/06/2019 08:21 PM EDT

 

Original release date: August 6, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems’ memory.Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from “speculative execution”—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, and cloud servers.

CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available: