Current Advisory: NitroPDF Breach (January 22, 2021)
All Versions of NitroPDF
Nitro Software announced that they had suffered a data breach on 28 September 2020. According to BleepingComputer, “The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.” See the full article at … https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/
The database has been added to the HaveIBeenPwned service at https://haveibeenpwned.com where you can search to see if your email address is included in the list of breached user accounts.
Note that the NitroPDF breach contained hashed passwords, not passwords in plain text. However, if your email address is indicated as being included in the NitroPDF breach, it is recommended to change your password, as well as to implement additional password security such as Multi-Factor Authentication.
Current Advisory: Adobe Flash Player EOL (October 22, 2020)
All Versions of Flash Player
Adobe Flash Player is finally coming to the end of the road. On December 31st 2020, Adobe will be stopping all support for the Flash Player software, meaning any security issues that are found after this date will not be fixed. As Flash Player has a long history of serious security flaws, continuing to run this software will be an elevated risk.
See the announcement from Adobe here https://www.adobe.com/ca/products/flashplayer/end-of-life.html
Following the advice of Adobe, we are recommending that everyone remove the Flash Player software from systems prior to December 31st 2020.
21 HIGH risk vulnerabilities identified in Windows 10 (September 22)
Versions Affected: Windows 10
A total of 69 vulnerabilities affecting Windows 10 has been published by the National Cyber Awareness System in their Vulnerability Summary for the Week of September 14, 2020. The entire list can be viewed at https://us-cert.cisa.gov/ncas/bulletins/sb20-265.
Of the 69 vulnerabilities affecting Windows 10, 21 are rated as HIGH risk. The vulnerabilities include elevation of privilege, remote code execution and security bypass.
It is important to install updates provided by Microsoft as they are made available. Microsoft releases patches on a regular schedule on the second Tuesday of every month.
To mitigate these vulnerabilities before updates are provided, ensure that the operating system is hardened by removing unneeded user accounts and applications, disabling services that are not required, and configuring the firewall to prevent unauthorized access to the system.
You are not safe online if you use a single password for multiple accounts. Reusing a password, even though it might be a strong one, endangers your accounts same way a weak password does. If one of your passwords is included in a breached database, then your other accounts can be accessed. This is because once a hacker gets hold of the breached password, the hacker tries this password out on different service accounts to see if there is a match. If there is a match, the hacker has access to that account which can result in significant loss.
For more information, see:
Please be advised of the warning below from Canadian Security Establishment via the Canadian Centre for Cyber Security. It has also hit international news: https://www.cnn.com/2020/07/16/politics/russia-cyberattack-covid-vaccine-research/index.html
Basically, an email is sent to high profile COVID-19 researchers that a new government-sponsored tracing app is available. Once the link is activated, the payload CryCryptor begins to deploy and an attempt to encrypt files on the accessible hard drive may occur.
Critical Microsoft DNS Vulnerability
A vulnerability exists in Microsoft Windows DNS server. It is a remote code execution vulnerability that is considered to be wormable, meaning that it can propagate itself automatically to vulnerable systems on the network without user interaction. It has been assigned the maximum CVSS severity score of 10.
A patch for this vulnerability has been released by Microsoft as part of the July 2020 patch Tuesday release. It is recommended that the patch be applied as soon as possible, as this vulnerability is considered to be highly exploitable. At the time of the release of the patches, no exploits have been observed in the wild, although this may change as this vulnerability is now widely publicized.
Additional information on this vulnerability can be found on the Microsoft advisory portal at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350, including a method to mitigate this vulnerability until the patch can be applied.
Phishing messages stating that your Zoom account has been suspended
Phishing messages fraudulently indicating that your Zoom account has been suspended have been circulating for a few days now. The messages are targeting Office 365 accounts and state ...
"We've temporarily suspended your zoom because your email failed to sync with our server within the past 24 hours. At this time, you will not be able to invite or join any call/meeting. Please verify your email."
The email then provides a link to "Activate Account". The link takes the user to a page that appears to be an Office 365 login. The page is a phishing site designed to steal your user credentials.
If you receive such a message, please forward it to firstname.lastname@example.org and then delete it from your inbox.
Published on and maintained in Cascade.