FLASH: Microsoft's Most Dangerous Flaw in Years; Immediate Patching Required. Plus: Exploit Now Available for Citrix Flaw; Ransomware Operators Publish Data Stolen from Victims

As part of today's "Patch Tuesday", Microsoft addressed a critical flaw in the Windows 10 and Windows Server 2016 version of crypt32.dll. Crypt32.dll implements the Windows CryptoAPI, which provides various cryptographic features used by software to verify digital signatures. This flaw was originally discovered by the NSA but has not been used in attacks yet. After you install the patches, sign up for this webcast featuring two of the most respected experts on sophisticated vulnerabilities and exploits. In this webcast, you will learn more about the nature of the vulnerability, how it could be exploited, and current recommendations to implement the patches as efficiently as possible.

Webcast URL: https://sans.org/cryptoapi-nb

Speaker: Jake Williams, CEO Rendition InfoSec

Hosted by: Johannes Ullrich, Director of SANS Internet t Center and Dean of Research at SANS Technology Institute

Code is now available for exploiting an as-yet unpatched patch traversal flaw in Citrix Application Delivery Controller (ADC) and Gateway. The vulnerability can be exploited to remotely execute code. Citrix has published mitigations to help protect users from attacks. The company says that fixes for various versions will be rolled out between January 20 and the end of the month.

Read more in

In December, operators of Maze ransomware posted data they claimed was taken from Southwire, a US wire and cable manufacturer, during a cyberattack. That website was taken down after Southwire filed a lawsuit. The Maze ransomware operators have now posted an additional 14 GB of data they allegedly took from Southwire, and said they would keep posting data until the company paid the ransom. The new website also lists the names of organizations the attackers claim to have infected with ransomware and that have not paid. Following the lead of the Maze attackers, operators of the Sodinokibi ransomware have begun publishing data belonging to organizations that have not paid the demanded ransom.

Read more in

Foreign currency exchange company Travelex was hit with a ransomware attack on December 31, 2019. The company's website and mobile app were both affected. Travelex now says that some of its internal systems have been restored, although it has not said when it expects to restore customer services. The attackers behind the ransomware have threatened to post data they said they've taken from Travelex systems if the company does not pay the #4.6m (US $6m) ransom.

Read more in

CEOs of three major US voting machine manufacturers told lawmakers that they would be amenable to federal regulations requiring them to disclose company ownership, sources of voting machine components, and how they manage cyberattacks. Executives from Election Systems and Software, Dominion Voting Systems, and Hart InterCivic answered questions at a January 9 House Administration Committee hearing.

Read more in

US legislators have written to Federal Communications Commission (FCC), urging them to take steps to protect consumers from SIM-swapping. The letter notes that while some carriers have adopted policies that make SIM-swapping more difficult, "implementation of these additional security measures by wireless carriers in the US is still spotty and consumers are unlikely to find out about the availability of these obscure, optional security features until it is too late."

Read more in

A critical buffer overflow flaw in a Broadcom chip used in millions of cable modems could be exploited to take control of vulnerable devices. The vulnerability, which has been named Cable Haunt, lies in the chip's spectrum analyzer component.

Read more in

The Supreme Court of India has found that the government's five-month blackout of Internet services in Kashmir violates India's telecommunications laws. The Indian government also shut down mobile phone and landline services in the area. The court has given the government a week to review its policies.

Read more in

The Manor Independent School District, near Austin, TX, lost $2.3 million in an email scam. The funds were sent in three separate transactions in November and December 2019.

Read more in

An educational technology specialist said that coding education should be integrated across the K-8 school curriculum rather than taught as a standalone subject. Students are likely to develop better problem-solving and design skills if they have an application for coding outside of the computer science lab.

Read more in

According to a report in the Financial Times, the US Department of the Interior plans to permanently ground more than 800 drones. The decision is due to concerns that some of the drones' components were developed in China and that the Chinese government could possibly access the data the drones gather. The Interior Department uses drones to monitor fires, track natural resources, and map terrain. The drones were taken out of service in October 2019 pending the results of a program review.

Read more in

The UK Information Commissioner's Office (ICO) has fined Dixons Carphone #500,000 (US $650,000) for failing to adequately protect customer data. The company's point-of-sale system was compromised between July 2017 and April 2018, exposing personal information of as many as 14 million customers.

Read more in

Administrative servers at Albany (New York) International Airport became infected with ransomware in December 2019. The malware made its way onto the system through the airport's managed service provider (MSP). The ransomware also infected the airport's backup servers, and the airport has "severed its relationship with" the MSP. The airport said that it paid an undisclosed amount of ransom to regain access to its data.

Read more in

Some SIM-swappers are bypassing the social engineering techniques they have used in the past and are now breaking into telecommunications companies' systems to facilitate the swapping. The attackers manipulate telecommunications company employees into installing Remote Desktop Protocol (RDP) software, and then using the access to port phone numbers.

Read more in