For the second time this year, Google has released information urging everyone to update to the latest version of Google Chrome to combat a 0 Day vulnerability found in previous versions.
Most configurations of Chrome should be auto updating but it is suggested to push out the updated version which is 78.0.3904.87
As stated in the ZDNet.com article here…
Per Kaspersky, the zero-day was found being deployed on user devices via a Korean-language news portal. The Russian antivirus company said it couldn’t link the zero-day’s use to a specific hacking group, although there are some code similarities with past North Korean malware. The company is tracking the current attacks using this zero-day under a codename of “Operation WizardOpium.”
Bottom line, the odds of being affected by this are very slim but nevertheless its worth the due diligence and ensuring you are all patched up!
So AskWoody.com is reporting that Microsoft has released over 50 security updates out of the blue aimed that fixing the numerous issues stemming from the previous update cycles. Needless to say that the last couple of months has been disastrous from a patching perspective.
Check out the details here and let us know what you have been experiencing in the environments you’re managing.
The theme for this year as stated on the official website…
NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message – Own IT. Secure IT. Protect IT. – will focus on key areas including citizen privacy, consumer devices, and e-commerce security.
A bonus for this year includes a custom “toolkit” aimed at making things easier for users to properly lockdown their PC. Check it out here and let us know what you think!
Just came across a neat link on Askwoody.com which goes into great detail as to the latest iOS, macOS, WatchOS, etc that are available.
Its definitely a handy thing to keep around! Click here for the details…
Great news everyone! Microsoft has decided that they will ensure whatever voting machines running the soon to be obsolete Windows 7 will receive security updates about a year after it reaches end of life status.
If you can “read” the sarcasm in the previous paragraph , I promise that I really tried to hide it. Please tell me how the fuck the richest country in the world can allow for an operating system on the verge of obsolescence is to be trusted to run on voting machines that are spread throughout the country. Oh yeah, Microsoft and the US government will try to spin this as a positive but the reality is that they should have been replaced, removed, burned, torched, annihilated, etc. a long time ago.
Let’s wake up America…there is absolutely no reason why we cannot take care of this like RIGHT NOW!!!
Read more about this here!
Just came across an alarming post on ZDNet.com detailing how “Quick” and “Full” scans are failing in a few seconds after the scans have been started. It seems that this issue also stems from the botched security updates pushed out by Microsoft starting this past July and has yet to be resolved.
Check out the article here for more details!
NPR is reporting that twenty two cities within the state of Texas have been hit with ransomware that have severely handicapped their technical operations.
The city of Keene, Texas was hit so bad that the mayor has gone on record stating that “just about everything we do at City Hall is impacted”.
This is yet another reminder of just how important it is for local, county, state, and federal governments to invest in and commit to CyberSecurity.
Check out the full story here detailing the current situation as well as recapping past events within the last year.
At DEFCON 27 in Las Vegas, there was a talk of how common design flaws have been identified in over 40 kernel drivers covering about 20 vendors. In my opinion, its another example of just how important it is to be thinking about CyberSecurity at all times and with all devices.
Catalin Cimpanu for Zero Day reports that according to security researchers at Eclypsium:
The common design flaws is that low-privileged applications can use legitimate driver functions to execute malicious actions in the most sensitive areas of the Windows operating system, such as the Windows kernel.
And from Mickey Shkatov, Principal Researcher at Eclypsium:
“There are a number of hardware resources that are normally only accessible by privileged software such as the Windows kernel and need to be protected from malicious read/write from userspace applications.”
“The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft.”
Check out the full article here for more details!
So it appears that there was a recent Spectre / Meltdown patch included in July’s slate of security updates. Although there are still no documented exploits of this “in the wild”, it’s still worth the read.