Your weekly top 5 technical and security issues Nerds should pay attention to:
Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws.
For SecurityNow listeners, you already knew about a number of these over a week ago, and hopefully applied mitigation techniques.
Today is Microsoft’s April 2020 Patch Tuesday, and with everything going on, it is going to be particularly stressful for Windows administrators, so be especially nice to them today.
With the release of the April 2020 security updates, Microsoft has released fixes for 113 vulnerabilities in Microsoft products. Of these vulnerabilities, 15 are classified as Critical, 93 as Important, 3 as Moderate, and 2 as Low.
Of particular interest, Microsoft patched three zero-day vulnerabilities, with two of them being seen actively exploited in attacks.
Ring 0 of fire: Does Riot Games’ new anti-cheat measure go too far?
Oh boy, where we even start with this one? Don’t forget how the Sony kernel driver damaged Sony’s reputation for good. In any case, do *not* allow kernel drivers like this on business systems.
In the ever-evolving cat-and-mouse battle between cheaters and game developers, Riot Games is taking expanded measures to protect legitimate players in its new tactical combat game Valorant. But Riot’s new Vanguard anti-cheat system—which involves a kernel-level driver that has very low-level access to your system—is raising some eyebrows among both players and security experts.
NHS coronavirus app: memo discussed giving ministers power to ‘de-anonymise’ users.
In many ways, UK leads the way among treacherous new policy ideas. Could be infectious (pun intended).
A draft government memo explaining how the NHS contact-tracing app could stem the spread of the coronavirus said ministers might be given the ability to order “de-anonymisation” to identify people from their smartphones, the Guardian can reveal.
New Cloudflare tool can tell you if your ISP has deployed BGP fixes.
“Is BGP Safe Yet” names and shames ISPs who don’t tend to their routing.
For more than an hour at the beginning of April, major sites like Google and Facebook sputtered for large swaths of people. The culprit wasn’t a hack or a bug. It was problems with the internet data routing standard known as the Border Gateway Protocol, which had allowed significant amounts of web traffic to take an unexpected detour through a Russian telecom. For Cloudflare CEO Matthew Prince, it was the last straw.
New York Investigating Hack of State’s Computer Network.
Intrusion prompts state to install additional security software and reset thousands of passwords.
Hackers compromised the computer network serving New York’s state government in late January, officials said Monday, prompting the state to hire an outside firm and change thousands of employee passwords.
The state’s Office of Information Technology Services discovered the breach on Jan. 28. Hackers built tunnels into several servers that are used to transmit encrypted information, officials said. In mid-February, the state brought in CrowdStrike, a cybersecurity firm, to assess the scope of the intrusion, the officials said.
Did you know?
You can watch a real-time stream of SSL/TLS certificate registrations globally right on your computer. If you grep/filter by keywords like “corona” it reveals quickly how seriously the domain registrations and certificates are used for malicious intent. If interested, visit Certstream.