Advisories

Current Advisory: NitroPDF Breach (January 22, 2021)

Risk: LOW

Severity: LOW               

Vendor: Nitro

Versions Affected:

All Versions of NitroPDF

Description:

Nitro Software announced that they had suffered a data breach on 28 September 2020.  According to BleepingComputer, “The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.”  See the full article at …  https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/

The database has been added to the HaveIBeenPwned service at https://haveibeenpwned.com where you can search to see if your email address is included in the list of breached user accounts.

Steps:

Note that the NitroPDF breach contained hashed passwords, not passwords in plain text.  However, if your email address is indicated as being included in the NitroPDF breach, it is recommended to change your password, as well as to implement additional password security such as Multi-Factor Authentication.

 

Recent Advisories:

Adobe Flash Player EOL (October 22, 2020)

Current Advisory: Adobe Flash Player EOL (October 22, 2020)

Risk: LOW

Severity: LOW               

Vendor: Adobe

Versions Affected:

All Versions of Flash Player

 Description:

Adobe Flash Player is finally coming to the end of the road.  On December 31st 2020, Adobe will be stopping all support for the Flash Player software, meaning any security issues that are found after this date will not be fixed.  As Flash Player has a long history of serious security flaws, continuing to run this software will be an elevated risk.

See the announcement from Adobe here https://www.adobe.com/ca/products/flashplayer/end-of-life.html

Steps:

Following the advice of Adobe, we are recommending that everyone remove the Flash Player software from systems prior to December 31st 2020.

21 HIGH risk vulnerabilities identified in Windows 10 (September 22, 2020)

21 HIGH risk vulnerabilities identified in Windows 10 (September 22)

Risk: HIGH

Severity: HIGH               

Vendor: Microsoft

Versions Affected: Windows 10

Description:

A total of 69 vulnerabilities affecting Windows 10 has been published by the National Cyber Awareness System in their Vulnerability Summary for the Week of September 14, 2020.  The entire list can be viewed at https://us-cert.cisa.gov/ncas/bulletins/sb20-265

Of the 69 vulnerabilities affecting Windows 10, 21 are rated as HIGH risk.  The vulnerabilities include elevation of privilege, remote code execution and security bypass.

Patching:

It is important to install updates provided by Microsoft as they are made available.  Microsoft releases patches on a regular schedule on the second Tuesday of every month.

To mitigate these vulnerabilities before updates are provided, ensure that the operating system is hardened by removing unneeded user accounts and applications, disabling services that are not required, and configuring the firewall to prevent unauthorized access to the system.

Password Reuse (August 28, 2020)

You are not safe online if you use a single password for multiple accounts. Reusing a password, even though it might be a strong one, endangers your accounts same way a weak password does. If one of your passwords is included in a breached database, then your other accounts can be accessed. This is because once a hacker gets hold of the breached password, the hacker tries this password out on different service accounts to see if there is a match. If there is a match, the hacker has access to that account which can result in significant loss. 

For more information, see: 

CoVid-19 Research app contains a payload (July 16th, 2020)

Please be advised of the warning below from Canadian Security Establishment via the Canadian Centre for Cyber Security.  It has also hit international news: https://www.cnn.com/2020/07/16/politics/russia-cyberattack-covid-vaccine-research/index.html

 

Basically, an email is sent to high profile COVID-19 researchers that a new government-sponsored tracing app is available. Once the link is activated, the payload CryCryptor begins to deploy and an attempt to encrypt files on the accessible hard drive may occur.

Critical DNS Vulnerability (July 15th, 2020)

Critical Microsoft DNS Vulnerability

A vulnerability exists in Microsoft Windows DNS server. It is a remote code execution vulnerability that is considered to be wormable, meaning that it can propagate itself automatically to vulnerable systems on the network without user interaction.  It has been assigned the maximum CVSS severity score of 10.

A patch for this vulnerability has been released by Microsoft as part of the July 2020 patch Tuesday release.  It is recommended that the patch be applied as soon as possible, as this vulnerability is considered to be highly exploitable.  At the time of the release of the patches, no exploits have been observed in the wild, although this may change as this vulnerability is now widely publicized.

Additional information on this vulnerability can be found on the Microsoft advisory portal at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350, including a method to mitigate this vulnerability until the patch can be applied.

Phishing message Re: Your Zoom account expiry (July 10th, 2020)

Phishing messages stating that your Zoom account has been suspended

Phishing messages fraudulently indicating that your Zoom account has been suspended have been circulating for a few days now. The messages are targeting Office 365 accounts and state ...

"We've temporarily suspended your zoom because your email failed to sync with our server within the past 24 hours. At this time, you will not be able to invite or join any call/meeting. Please verify your email."

The email then provides a link to "Activate Account". The link takes the user to a page that appears to be an Office 365 login. The page is a phishing site designed to steal your user credentials.

If you receive such a message, please forward it to phishing@uwo.ca and then delete it from your inbox.



Published on  and maintained in Cascade.