Security Newsletter

30 March 2020

Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.

Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers. At this moment, though it's not clear if the flaws can also be triggered remotely over a web browser by convincing a user to visit a web-page containing specially-crafted malicious OTF fonts, there are multiple other ways an attacker could exploit the vulnerability, such as through the Web Distributed Authoring and Versioning (WebDAV) client service.

Microsoft said it's aware of the issue and working on a patch, which the company would release to all Windows users as part of its next Patch Tuesday updates, on 14th April. Meanwhile, all Windows users are highly recommended to disable the Preview Pane and Details Pane feature in Windows Explorer as a workaround to reduce the risk of getting hacked by opportunistic attacks. Besides this, it is also advised to disable Windows WebClient service to prevent cyberattacks through the WebDAV client service. Microsoft is also urging users to rename Adobe Type Manager Font Driver (ATMFD.dll) file to temporarily disable the embedded font technology, which could cause certain 3rd-party apps to stop working.

 

Google says no APP users have been phished to date

Google touted today the impressive features of its Advanced Protection Program (APP), revealing that no user who signed up for the program has been phished to date, even if repeatedly targeted. The Advanced Protection Program (APP) is a special (free) program offered by Google that includes extra security protections that are not available to regular Gmail users.

The program was launched in the fall of 2017, and it was initially made available to high-risk users, such as politicians, journalists, activists, or known business people. Since its launch, the program has been made broadly available, and any Google user can sign up for APP today. The only condition is that users own a hardware security key or a modern smartphone, which Google will enroll in its APP program and use to cryptographically verify and authenticate all login operations.

 

More #News

 

#Patch Time!

 

#Tech and #Tools

This content was created by Kindred Group Security. Please share if you enjoyed!

Kindred Group in brief

Kindred is one of the largest online gambling companies in the world with a diverse team of 1,600 people serving over 26 million customers across Europe, Australia and the US. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and is an innovation driven company that builds on trust.