One of this year’s most severe Windows bugs is now under active exploit

Image of ones and zeros with the word

(credit: Pixabay)

One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now.

CVE-2020-1472, as the vulnerability is tracked, allows hackers to instantly take control of the Active Directory, a Windows server resource that acts as an all-powerful gatekeeper for all machines connected to a network. Researchers have dubbed the vulnerability Zerologon, because it allows attackers with only minimal access to a vulnerable network to login to the Active Directory by sending a string of zeros in messages that use the Netlogon protocol.

Zerologon carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Despite the high rating, the escalation-of-privileges vulnerability received scant, if any, attention when Microsoft patched it in August, and Microsoft deemed the chances of actual exploitation “less likely.”

Read 9 remaining paragraphs | Comments

Source: Tech – Ars Technica

Foreign Hackers Cripple Texas County’s Email System, Raising Election Security Concerns

Last week, voters and election administrators who emailed Leanne Jackson, the clerk of rural Hamilton County in central Texas, received bureaucratic-looking replies. “Re: official precinct results,” one subject line read. The text supplied passwords for an attached file. But Jackson didn’t send the messages. From a report: Instead, they came from Sri Lankan and Congolese email addresses, and they cleverly hid malicious software inside a Microsoft Word attachment. By the time Jackson learned about the forgery, it was too late. Hackers continued to fire off look-alike replies. Jackson’s three-person office, already grappling with the coronavirus pandemic, ground to a near standstill. “I’ve only sent three emails today, and they were emails I absolutely had to send,” Jackson said Friday. “I’m scared to” send more, she said, for fear of spreading the malware. The previously unreported attack on Hamilton illustrates an overlooked security weakness that could hamper the November election: the vulnerability of email systems in county offices that handle the voting process from registration to casting and counting ballots. Although experts have repeatedly warned state and local officials to follow best practices for computer security, numerous smaller locales like Hamilton appear to have taken few precautionary measures.

U.S. Department of Homeland Security officials have helped local governments in recent years to bolster their infrastructure, following Russian hacking attempts during the last presidential election. But desktop computers used each day in small rural counties to send routine emails, compose official documents or analyze spreadsheets can be easier targets, in part because those jurisdictions may not have the resources or know-how to update systems or afford security professionals familiar with the latest practices. A ProPublica review of municipal government email systems in swing states found that dozens of them relied on homebrew setups or didn’t follow industry standards. Those protocols include encryption to ensure email passwords are secure and measures that confirm that people sending emails are who they purport to be. At least a dozen counties in battleground states didn’t use cloud-hosted email from firms like Google or Microsoft. While not a cure-all, such services improve protections against email hacks.

Read more of this story at Slashdot.

Source: Slashdot

Google Will Try ‘Hybrid’ Work-from-Home Models, as Most Employees Don’t Want To Come in Every Day

Google is rethinking its long-term work options for employees, as most of them say they don’t want to come back to the office full-time. From a report: Sixty-two percent of Google employees want to return to their offices at some point, but not every day, according to a recent survey of employee office preferences the company released this week. So Google is working on “hybrid” models, including rearranging its offices and figuring out more long-term remote work options, Alphabet CEO Sundar Pichai said in an interview with Time magazine on Wednesday. “I see the future as being more flexible,” Pichai said in the interview. “We firmly believe that in-person, being together, having a sense of community is super important when you have to solve hard problems and create something new so we don’t see that changing. But we do think we need to create more flexibility and more hybrid models.”

Read more of this story at Slashdot.

Source: Slashdot

Apple’s first iOS update after iOS 14 just hit, and it fixes resetting app defaults

iOS and iPadOS 14 went out to the public on short notice just last week, and it did something previously unthinkable for the platform: it made it possible to change default email and browser apps. Unfortunately, users quickly discovered that their default app choices were reset each time the device power cycled. But today, Apple released iOS and iPadOS 14.0.1—and the main thing it does is fix that issue.

The update is rolling out to all users today on supported iPhones, iPads, and iPods. In addition to making users’ default app choices stick, it “addresses an issue that could prevent camera previews from displaying on iPhone 7 and iPhone 7 Plus,” fixes a bug that impacted Wi-Fi connectivity, makes images display properly in the News home screen widget, and addresses problems with sending emails via certain email providers.

Here are Apple’s iOS 14.0.1 release notes:

Read 1 remaining paragraphs | Comments

Source: Tech – Ars Technica

Apple May Face EU Rules To Open Up Payment Technology

The European Union is weighing legislation that could force Apple to open iPhone payment technology to competitors. From a report: The potential rules would grant other payment services a right of access to infrastructure such as near-field communication technology embedded in smartphones, the European Commission said Thursday. While the EU didn’t explicitly name Apple, it said the “most commonly reported issue” related to mobile device manufacturers restricting third-party access to NFC chips. The components handle wireless signals that allow users to pay via their smartphones or watches at store terminals. At present, iPhone and Apple Watch users can only make NFC payments using Apple Pay. Banks and other competitors have said they want the same functionality for their own iPhone apps but that Apple refuses access to the chip. By contrast, Google’s Android phone allows rival apps to use NFC technology. Only one application is allowed access to it at a time for a given transaction to keep data secure.

Read more of this story at Slashdot.

Source: Slashdot

EU To Launch Blockchain Regulatory Sandbox by 2022

The European Commission will team up with the European Blockchain Partnership (EBP) to launch a new regulatory sandbox focused on cryptocurrencies and blockchain by 2022, according to an announcement published today. From a report: The commission is the executive branch of the European Union and the initiative is part of its newly adopted Digital Finance Package that aims to provide greater clarity for cryptocurrency companies. “By making rules safer and more digital friendly for consumers, the Commission aims to boost responsible innovation in the EU’s financial sector, especially for highly innovative digital start-ups, while mitigating any potential risks related to investor protection, money laundering and cyber-crime,” the commission stated. According to the commission, some digital assets already fall under EU legislation, however, these rules “most often predate the emergence of crypto-assets and DLT.” This could result in various roadblocks on the way of innovations and make it difficult to apply existing frameworks to blockchain and cryptocurrencies in the financial sector.

Read more of this story at Slashdot.

Source: Slashdot

Spotify CEO Daniel Ek Will Invest Over $1 Billion in European Moonshots

At an event hosted by Slush, the Spotify CEO said: “I will devote 1 billion euro of my personal resources to enable the ecosystem of builders to achieve [the] European dream over the next decade.” From a report: “I will do so by funding so-called moonshots focusing on the deep technology necessary to make a significant positive dent, and work with scientists, investors, and governments to do so,” he added. The pledge came after Ek explained his desire to see more big European companies, saying “Europe needs to raise its ambition.” When questioned on which areas he’ll be investing in, Ek highlighted health care, education, machine learning, biotechnology, material sciences and energy. “The types of moonshots that I’m talking about, at least when I talk to the scientists and the entrepreneurs, they often face no [funding] options, because these ideas may be too early to bring in venture capital,” he said, “so I definitely think we can do a lot more for those types of opportunities here.”

Read more of this story at Slashdot.

Source: Slashdot

Google Maps gets a COVID-19 layer

Google Maps is getting a COVID-19 overlay, meaning soon you’ll be able to see pandemic data as easily as you can view satellite or traffic data.

Once the rollout hits your device, you’ll be able to press the “layer” button and switch to a “COVID-19” view that will re-color the map. Google says the overlay is a “seven-day average of new COVID cases per 100,000 people for the area of the map you’re looking at.” Users will also get an arrow indicating if the numbers are trending up or down. Here’s the color code:

  • Gray: Less than 1 case
  • Yellow: 1-10 cases
  • Orange: 10-20 cases
  • Dark orange: 20-30 cases
  • Red: 30-40 cases
  • Dark red: 40+ cases

Google says the information comes from “multiple authoritative sources, including Johns Hopkins, the New York Times, and Wikipedia.” I wouldn’t quite call Wikipedia an “authoritative source,” but Google notes that “these sources get data from public health organizations like the World Health Organization, government health ministries, along with state and local health agencies and hospitals.”

Read 1 remaining paragraphs | Comments

Source: Tech – Ars Technica

In India, Engineers and MBAs Are Turning To Manual Labor To Survive the Economic Crash

As India’s economy reels in the aftermath of one of the world’s strictest lockdowns, a rural employment program has emerged as a lifeline for some of the tens of millions left jobless. From a report: The government program — which aims to guarantee 100 days of unskilled work in rural areas — was intended to combat poverty and reduce the volatility of agricultural wages. Now it is a potent symbol of how the middle-class dreams of millions of Indians are unraveling. The program is serving as a last resort for university graduates as well as former white-collar workers who find themselves with no other safety net. More than 17 million new entrants applied to access the program from April through mid-September. Nearly 60 million households participated during that time — higher than the total for all of last year and the most in the program’s 14-year history. The need is dire. India’s economic output shrank by 24 percent in the three months to June compared to the same period last year, worse than any other major economy. During the nationwide lockdown, more than 120 million jobs were lost, most of them in the country’s vast informal sector. Many of those workers have returned to work out of sheer necessity, often scraping by on far lower wages.

Read more of this story at Slashdot.

Source: Slashdot

Epic, Spotify, Tinder-Parent Firm Match, Tile and More Form Coalition To Take on Apple’s App Store Rules

More than a dozen app makers and other companies have joined together to form the Coalition for App Fairness, a nonprofit group that’s taking aim at Apple and its App Store rules. Among the founding members are Spotify, Epic Games, ProtonMail, and Match Group, all of which have been vocal critics of the fees Apple charges developers. From a report: “As enforcers, regulators, and legislators around the world investigate Apple for its anti-competitive behavior, The Coalition for App Fairness will be the voice of app and game developers in the effort to protect consumer choice and create a level playing field for all,” said Horacio Gutierrez, head of global affairs at Spotify, in a release on Thursday. The coalition comes as Apple is locked in a public battle with Fortnite developer Epic Games. Fortnite was kicked off both the Apple App Store and the Google Play Store in August after Epic attempted to bypass the 30% fee Apple and Google charge developers. Epic countered by filing lawsuits against both companies. Apple earlier this month raised the stakes further by requesting monetary damages if it convinces a judge that it was within its rights to kick Fortnite off its more than 1.5 billion active iPhones and iPads.

Read more of this story at Slashdot.

Source: Slashdot