Being your own bank comes with certain risks and responsibilities, including keeping up to date with recent threats. There were three critical security alerts released in the past week, two of which affect a large portion of crypto users. Keep those private keys safe!(The third was Citrix)Please note the information below is subject to changeFirefoxA critical bug was found in the JIT compiler for Firefox. Exploit code is available and exploitation in the wild has been detected:https://ift.tt/2RlhOqd fact, the last Firefox critical bug was found targeting Coinbase: https://ift.tt/2TzyVY7 versions to have the patch are:Firefox 72.0.1Firefox ESR 68.4.1esrTor Browser 9.0.4How to update Firefox: https://ift.tt/35Q49wl critical zero day of the Windows CryptoAPI was announced today alongside the release of the patch. Tenable threat intel suggests exploits are available and describes the exploit as follows:A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)USGOV Alert: https://ift.tt/36V8ksa Cumulative Update KB4534306. This should be available through normal Windows UpdateLink to the replaced trivia sticky:https://ift.tt/2sr3uUD
Submitted January 15, 2020 at 07:09AM
No comments:
Post a Comment