Census Bureau Security Concerns; Microsoft's Fix for Zero-day Flaw in Internet Explorer; Adobe's 42 New Flaws

A Government Accountability Office (GAO) report on the Census Bureau's preparedness found that the bureau is lagging on some of its goals, including IT system implementation and cybersecurity issues. The report says that the bureau has not met its goal of ensuring that its self-response site can support up to 600,000 users at a time. GAO also notes that the bureau needs to fix cybersecurity issues "in a timely manner," implement DHS recommendations, and ensure that the privacy of those responding is protected.

Read more in

Microsoft's monthly security updates include fixes for 99 vulnerabilities in multiple products. Twelve of the flaws are rated critical; of those, one, a remote code execution vulnerability in Internet Explorer, is being actively exploited. Microsoft disclosed the IE vulnerability in January but a patch had not been available until earlier this week.

Read more in

Adobe's security updates for February include fixes for 42 vulnerabilities in multiple products. The updates address 21 critical issues in Framemaker and 12 critical flaws in Reader and Acrobat. The updates also fix critical flaws in Flash Player and Experience Manager.

Read more in

According to reports in the US, German, and Swiss press, between 1970 and 1993, the US and West German intelligence agencies were secret majority owners of Crypto AG, a Swiss company that made encryption devices. The reports say that the agencies were able to control aspects of Crypto AG's business, including manipulating algorithms used in the company's devices so that the agencies could easily decrypt foreign adversaries' communications. Crypto AG customers included more than 130 national governments. Germany withdrew from the arrangement in 1993; US intelligence bought its stake and remained in control until it sold off Crypto AG's assets in 2018. The controlling partnership was shielded behind a trust company in Liechtenstein. Bruce Schneier points out that while the story itself is not news, "what is new is the formerly classified documents describing the details" of how the agencies were able to exploit their access to supposedly encrypted information.

Read more in

The US Department of Justice (DoJ) has returned a superseding indictment, charging China's Huawei Technologies with racketeering and conspiracy to steal trade secrets. The defendants named in the indictment include Huawei and four subsidiaries. The indictment includes examples of Huawei's alleged theft of intellectual property from US companies.

Read more in

Mozilla has released updated versions of Firefox, Firefox ESR, and Thunderbird. Firefox 73 includes fixes for six vulnerabilities; Firefox ESR 68.5 includes fixes for five vulnerabilities; and Thunderbird 68.5 includes fixes for four vulnerabilities.

Read more in

The developers of the GDPR Cookie Consent plugin for WordPress have released an updated version to address a critical flaw. The vulnerability could be exploited to alter website content or to inject malicious JavaScript code. As its name suggests, the plugin is designed to help websites comply with the EU's General Data Protection Regulation (GDPR); the plugin is estimated to be in use on more than 700,000 websites.

Read more in

Google has pulled more than 500 malicious extensions from its Web Store. The extensions redirected users to potentially malicious sites and harvested users' personal information.

Read more in

In a paper released earlier this week, researchers from the Massachusetts Institute of Technology (MIT) say that the Voatz mobile voting app, which has been used in several US states to allow voters overseas to cast their ballots, contains worrisome security shortcomings. The flaws could be exploited to see data being transmitted from the app, alter users' votes, and to impersonate a user's mobile phone. In addition, Voatz does not use blockchain to secure votes in the way its makers say it does. Voatz responded to the papers findings, noting in a blog post that the researchers based their conclusions on an outdated version of the app and that the researchers did not connect to the Voatz servers.

Read more in

Android malware known as xHelper reinfects devices even after factory resets. The malware dropper Trojan was first noticed last spring. Theories that the reinfections came from pre-installed malware or from the Google Play store were disproven. Researchers at Malwarebytes, along with a savvy Android user, discovered that the reinfection came from folders that were not removed even after a factory reset. Malwarebytes has instructions for removing the folders.

Read more in

A man who leased a car from Ford between 2013 and 2016 discovered that he still had access to the vehicle's controls through the mobile app more than three years later. Another man has twice rented cars and found that he could still access the controls for the vehicles months after he had retuned them.

Read more in

The Mobile World Conference tech show, which was scheduled to be held February 24-27 in Barcelona, Spain, has been cancelled due to concerns about the coronavirus. The decision to cancel the conference was made after a number of high-profile vendors announced they would not attend.

Read more in

A city and school district in Texas have been hit with ransomware. Computers belonging to the city of Garrison became infected on February 10; Garrison's mayor says the city has recovered from the attack and is operating as usual as of February 13. Computers at the Nacogdoches Independent School District became infected on February 11; the district is still working to recover access to its data. The city and the school district are about 20 miles apart and do not share a computer system. Officials are investigating whether the two attacks are related.

Read more in

Palm Beach County (Florida) election supervisor Wendy Sartory Link said that computers at the the county's election office became infected with ransomware shortly before the 2016 US general election. Link, who became election supervisor in January 2019, learned of the incident during a conversation with the office's acting IT director.

Read more in

Hackers have targeted computers belonging to the North Miami Beach (Florida) Police Department with ransomware. The police department's IT staff shut down affected machines to curtail the malware's spread and have alerted the FBI and the Secret Service.

Read more in