free web page hit counter
Security Alert - 2 Critical Security Alerts in the past week: Firefox and Windows

Security Alert - 2 Critical Security Alerts in the past week: Firefox and Windows

All Cryptocurrencies

by COINS NEWS 13 Views

Being your own bank comes with certain risks and responsibilities, including keeping up to date with recent threats. There were three critical security alerts released in the past week, two of which affect a large portion of crypto users. Keep those private keys safe!

(The third was Citrix)

Please note the information below is subject to change


Firefox

A critical bug was found in the JIT compiler for Firefox. Exploit code is available and exploitation in the wild has been detected:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

https://www.reddit.com/r/sysadmin/comments/ema8cu/critical_firefox_zero_day_in_v72/

Fun fact, the last Firefox critical bug was found targeting Coinbase: https://threatpost.com/mozilla-patches-firefox-critical-flaw-under-active-attack/145814/

Minimum versions to have the patch are:

How to update Firefox: https://support.mozilla.org/en-US/kb/update-firefox-latest-release


Windows

A critical zero day of the Windows CryptoAPI was announced today alongside the release of the patch. Tenable threat intel suggests exploits are available and describes the exploit as follows:

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)

USGOV Alert: https://www.us-cert.gov/ncas/current-activity/2020/01/14/cisa-releases-emergency-directive-and-activity-alert-critical

https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/

https://www.reddit.com/r/sysadmin/comments/eop1qp/here_it_is_boys_microsoft_windows_cryptoapi_fails/

https://www.reddit.com/r/sysadmin/comments/eoll74/all_hands_on_deck_major_ms_update_coming_today/

https://old.reddit.com/r/netsec/comments/eooyil/cve20200601/

Fix:

Apply Cumulative Update KB4534306. This should be available through normal Windows Update


Link to the replaced trivia sticky:

https://old.reddit.com/r/CryptoCurrency/comments/eom6b7/submit_questions_for_the_weekly_trivia_on/

submitted by /u/CryptoMaximalist
[link] [comments]

Comments