A new Windows zero-day bug is found, a cybersecurity support program for Canadian teachers and students and a holiday warning from the FBI
Welcome to Cyber Security Today. It’s Wednesday, November 24th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Windows administrators need to watch for sudden changes in the access privileges of low-level users. This warning comes after a security researcher said he discovered a new zero-day vulnerability in all currently supported versions of Windows. The researcher told the Bleeping Computer news service the vulnerability allows a person with Standard access privileges to easily change that to the higher System access on a computer or server. There isn’t a workaround at the moment, the researcher said. As a result until Microsoft issues a patch one of the best defences for administrators is to watch for unexpected escalations in privileged access to IT resources. The researcher released a proof-of-concept code, which will increase the possibility this vulnerability will be exploited.
The Snort open-source intrusion prevention system has released rules for detecting this attack in firewalls and other devices that use Snort rules. Cisco Systems has also released Snort rules. Microsoft told Bleeping Computer that it is aware of the issue. It also noted an attacker using the proof of concept must already have access and the ability to run code on a target victim’s computer.
Cisco Systems Canada and the STEM Fellowship have launched what they say is Canada’s widest-reaching cybersecurity education program for high school students. The $12 million Cybersecurity Classroom Training Program is aimed at increasing cybersecurity awareness in students as well as providing early exposure to the various tools, technologies, and career paths available in IT and digital industries. The goal is to reach 40,000 students and 2,000 teachers across Canada by 2023. The program features seven modules adapted from Cisco’s Networking Academy that can be included in school subjects like math, business, English and social studies. Teachers will have free access to the program online. They can get resources by emailing firstname.lastname@example.org.
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency issued a reminder to IT departments this week that threat actors often launch attacks during weekends and holiday periods. That includes tomorrow, which kicks off the Thanksgiving long weekend in the U.S. So if you haven’t already done so, designate IT security staff to be available for weekend and holiday duty if a cybersecurity event happens. It’s also a good idea to review your corporate incident response plan.
Phishing emails with malicious links or attachments are one of the most common tactics crooks use to compromise computers. But with the holiday shopping season upon us you should also note some scams don’t have attachments. Instead they try to scare victims into phoning what they think are real businesses. The cybersecurity company called INKY issued a reminder this week. Emails have been seen pretending to be from well-known brands like Amazon, PayPal and Walmart confirming an expensive purchase. The goal is to get upset victims to dispute the charge by phoning a support number. Those who do that speak to a crook who tries to get personal information like names, addresses, birth dates and payment card numbers. Phony messages like this will be addressed to “Dear Customer,” or won’t have a name at all. The sender’s email address will also be suspicious. If you get a message like this forward it to the Canadian Anti Fraud Centre at email@example.com, or send it to the FBI.
Finally, some important security patches have recently been released that IT administrators should pay attention to: They include updates for Microsoft’s Edge browser, Oracle VM VirtualBox; IBM’s Cloud Pak System, IBM InfoSphere Information Server; Dell EMC Streaming Data Platform and the Dell EMC VNXe 1600 storage system.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon