" >Microsoft Patches Serious Crypto Flaw Found by NSA - Infosecurity Magazine | Canada News Media
Connect with us

Tech

Microsoft Patches Serious Crypto Flaw Found by NSA – Infosecurity Magazine

Published

on


Microsoft has kicked off the new decade with fixes for half a century of vulnerabilities, including one discovered by the NSA that could allow hackers to spoof digital certificates to bypass security measures.

This month’s Patch Tuesday focused around the CVE-2020-0601 flaw, which security experts praised the NSA for disclosing responsibly rather than trying to weaponize in attacks.

Affecting Windows 10 and Windows Server 2016 and 2019, the bug exists in the way the CryptoAPI DLL validates Elliptic Curve Cryptography (ECC) certificates.

“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source,” warned Microsoft. “The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.”

If successful, an attacker could then conduct man-in-the-middle attacks and decrypt confidential information, or run malware even in environments using app whitelisting.

“Every Windows device relies on trust established by TLS and code signing certificates, which act as machine identities. If you break these identities, you won’t be able to tell the difference between malware and Microsoft software,” argued Kevin Bocek, VP of security strategy and threat intelligence at Venafi.

Todd Schell, senior product manager at Ivanti, urged admins to prioritize fixing the problem.

“The vulnerability is only rated as important, but there have been many examples of CVEs that were only rated as important being exploited in the wild,” he said. “Due to the nature of this vulnerability we would urge companies to treat this as a top priority this month and remediate quickly.”

A second flaw in Windows’ cryptographic services is rated with a lower CVSS score, but should also be prioritized, Schell claimed.

CVE-2020-0620 could allow attackers to overwrite or modify a protected file and elevate their privileges accordingly, although it first requires them to execute on a targeted system.

“Gaining execute rights on a system is a pretty low bar for most threat actors. Again, our guidance is to treat this as a priority 1 and address it in a timely manner,” said Schell.

This is the last Patch Tuesday that will include fixes for Windows 7 and Server 2008 systems, unless organizations have paid for extended support. If they have not, they will need to upgrade, or invest in virtual patching capabilities to mitigate the increased risk of attack.

“This will increase the risk assumed by those organizations that continue to run Windows 7 or 2008 and we expect attackers will begin actively looking for those operating systems as a ‘soft spot’ for a compromise,” warned Trustwave threat intelligence manager, Karl Sigler.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

The Witcher’s Netflix Success Proves CD Projekt Red Made a Big Mistake – CCN Markets

Published

on


  • The Witcher developer CD Projekt Red may have made a huge mistake by not capitalizing on the Netflix series.
  • Sales of The Witcher 3: Wild Hunt soared after the TV show debuted.
  • CD Projekt Red should have timed The Witcher 4 or new Wild Hunt DLC to coincide with the launch of the series.

Netflix isn’t the only one reaping the rewards from the success of its new fantasy series, The Witcher. Game developer CD Projekt Red has been cashing in too.

The Witcher 4 Was a Pipe-Dream – But What About DLC?

A recent NPD report revealed that The Witcher 3: Wild Hunt sales exploded by 554% in December 2019 – the month the Netflix show debuted –  compared to the previous December.

But the company may have missed out on an even bigger windfall by failing to capitalize on the Netflix-fueled Witcher hype.

The Witcher 4 tweet CD Projekt RED
Source: Twitter

Maybe timing The Witcher 4 for a December 2019 or early 2020 release would have been way too ambitious. But they could have at least unveiled some new Wild Hunt DLC.

And it may already be too late for CD Projekt Red to correct its blunder.

Why CD Projekt Red Has Already Missed Its Chance to Leverage the Netflix Hype

Season two of the Netflix series is expected to air in 2021, so it’s virtually impossible that The Witcher 4 would be ready by then.

Before CD Projekt Red begins developing the sequel to Wild Hunt, it has to complete development on Cyberpunk 2077 – which has just been delayed to September 17. Then it will develop Cyberpunk 2077’s multiplayer gameplay, which it plans to launch after 2021.

cd projekt red, the witcher 4cd projekt red, the witcher 4
It took more than three years to develop Wild Hunt. | Source: CD Projekt Red

It took three and a half years to develop The Witcher 3: Wild Hunt – and that game was delayed several times. That means we may not see The Witcher 4 until at least 2024.

By 2024, the series may have ended. Netflix is notorious for canceling shows after a few seasons. Or maybe the quality drops off dramatically, and viewers lose interest.

The Witcher, which has a lengthy production cycle and pays lead actor Henry Cavill $400,000 an episode, isn’t cheap. Netflix can’t afford it to be a niche product.

No matter what happens, it looks like CD Projekt Red has already missed its best chance to leverage the series into a fat payday.

Disclaimer: The opinions expressed in this article do not necessarily reflect the views of CCN.com.

This article was edited by Josiah Wilmoth.

Last modified: February 20, 2020 9:00 PM UTC

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Animal Crossing: New Horizons Save Recovery Limit Might Get Changed – GameSpot

Published

on


During its Animal Crossing-focused Direct, Nintendo once again confirmed that the upcoming New Horizons will not make use of Nintendo Switch Online’s cloud save backup function, but NSO subscribers will have a way to recover their save data should something unfortunate happen to their system. However, this feature comes with one notable caveat.

[Update] The caveat that previously stated that players would only be able to recover data once in the event a Switch console was damaged or lost resulted in some criticism from the community and became a key subject of discussion around the game. In the time since, Nintendo has re-uploaded the Animal Crossing: New Horizons Direct video–sacrificing a considerable number of views in the process–and changed the language used in the data recovery section to indicate it may be reconsidering the limitation.

Where it previously stated, “Nintendo Switch Online members can only have save data recovered one time due to loss or damage of system” it now says, “More details on save data recovery functionality will be shared at a future date.” Of course, there is no guarantee that the limitation will be removed; Nintendo may simply want to justify the restriction better at a later date.

[Original story continues] In fine print during the presentation, Nintendo specifies that you will only be able to recover your Animal Crossing: New Horizons save data one time should your Switch get lost or damaged. As previously mentioned, this service will only be offered to Nintendo Switch Online subscribers, and it won’t be available until sometime after the game launches.

This isn’t the only unusual save data restriction New Horizons imposes on players. Nintendo recently confirmed that only one island can exist per Nintendo Switch console–so if another player who shares your system would like to start their own island, they’ll need their own Switch and game. Additionally, you will not be able to transfer your New Horizons save data from one Switch system to another, at least from launch. Nintendo UK’s website says that a function to move your save to another console is “planned for later this year.”

We learned a lot of other details about New Horizons during the Animal Crossing Direct. Nintendo showcased a variety of quality-of-life improvements, as well as some new and returning characters you’ll meet in the game. New Horizons also lets you change your island’s terrain for the first time in the series, and it’ll make use of both the Nintendo Switch Online smartphone app and the Animal Crossing Amiibo figures and cards.

Animal Crossing: New Horizons releases worldwide on March 20. You can see what pre-order bonuses are available for the title in our Animal Crossing: New Horizons pre-order guide. For more on the game, be sure to check out our roundup of everything we know about New Horizons.

<div class="js-video-player-new av-video-player av-desktop-player av-video-on-demand is-vid-loading is-vid-noseek is-vid-show-controls " tabindex="0" data-id="320391572" data-promo-id="29621" data-video=""adCall":"host":"http://pubads.g.doubleclick.net/gampad/ads?","params":"iu":"/8264/vuk-gamespot/desktop/gamespot.com","impl":"s","gdfp_req":1,"env":"vp","output":"xml_vmap1","unviewed_position_start":1,"url":"[referrer_url]","correlator":"[timestamp]","cmsid":11409,"vid":6452248,"pp":"vpaid_js","custParams":"ptype":"news_article","cid":"gs-1100-6473917","game":"animal-crossing-new-horizons","genre":"simulation","con":"nintendo-switch","publisher":"nintendo","embed":"autoplay","franchise":"animal-crossing","category":"games","partner":"desktop/gamespot.com","vid":6452248,"soundBasedSize":"normal":"640×480","muted":"640×483","none":"640×480","daiSsbUrl":"https://dai.google.com/ondemand/hls/content/2459129/vid/6452248/master.m3u8","daiMidRollHost":2500176,"adPartner":"desktop/gamespot.com","ageGateCookieName":"videoAgeGateBirthday","autoplay":true,"cms":"pi","countdownTime":0,"cuePoints":null,"datePublished":1582233780,"desktopAdPartner":"desktop%2Fgamespot.com","device":"other","guid":"gs-2300-6452248","id":6452248,"isDevice":false,"isLiveStream":false,"lengthSeconds":243,"mapp":"gamespot","mobileAdPartner":"mobile_web%2Fgamespot.com_mobile","partner":"gamespot","postPlayMax":100,"premium":false,"screenMediumThumb":"https://gamespot1.cbsistatic.com/uploads/screen_medium/1574/15746725/3638122-animalcrossingnewhorizons_whatwelearnedfromdirect_021920_site.jpg","seekablePlaybacks":["html5","uvpjs"],"share":"linkUrl":"https://www.gamespot.com/videos/19-things-we-learned-from-the-animal-crossing-new-/2300-6452248/","embedUrl":"https://www.gamespot.com/videos/embed/6452248/","embedHtml":"640":"","480":"","siteType":"responsive web","startMuted":false,"startTime":0,"title":"19%20Things%20We%20Learned%20From%20The%20Animal%20Crossing%3A%20New%20Horizons%20Direct","tracking":["name":"SiteCatalyst","category":"qos","enabled":true,"params":["name":"charSet","value":"UTF-8","name":"currencyCode","value":"USD","name":"siteType","value":"responsive web","name":"trackingServer","value":"om.cbsi.com","name":"visitorNamespace","value":"cbsinteractive","name":"heartbeatTrackingServer","value":"cbsinteractive.hb.omtrdc.net","name":"heartbeatVisitorMarketingCloudOrgId","value":"10D31225525FF5790A490D4D@AdobeOrg","name":"partnerID","value":"gamespot","name":"siteCode","value":"gamespot","name":"brand","value":"gamespot","name":"account","value":"cbsigamespotsite","name":"edition","value":"uk"],"name":"CNetTracking","category":"tracking","enabled":true,"params":["name":"host","value":"https://dw.cbsi.com/levt/video/e.gif?","name":"siteid","value":"93","name":"adastid","value":"","name":"medastid","value":"599"],"name":"ComScore_ss","category":"qos","enabled":true,"params":["name":"c2","value":"3005086","name":"publishersSecret","value":"2cb08ca4d095dd734a374dff8422c2e5","name":"c3","value":"","name":"partnerID","value":"gamespot","name":"c4","value":"gamespot"],"name":"NielsenTracking","category":"tracking","enabled":true,"params":["name":"host","value":"https://secure-us.imrworldwide.com/cgi-bin/m?","name":"scCI","value":"us-200330","name":"scC6","value":"vc,c01"],"name":"MuxQOSPluginJS","category":"qos","enabled":true,"params":["name":"propertyKey","value":"b7d6e48b7461a61cb6e863a62"]],"trackingAccount":"cbsigamespotsite","trackingCookie":"XCLGFbrowser","trackingPrimaryId":"cbsigamespotsite","trackingSiteCode":"gs","userId":0,"uvpHi5Ima":"https://s0.2mdn.net/instream/html5/ima3.js","uvpc":"","videoAdMobilePartner":"mobile_web%2Fgamespot.com_mobile","videoAdPartner":"desktop%2Fgamespot.com","videoAssetSource":"GameSpot","videoStreams":"adaptive_stream":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_700,1000,1800,2500,3200,4000,8000,master.m3u8","adaptive_dash":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_700,1000,1800,2500,3200,4000,8000,master.mpd","adaptive_hd":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_8000,master.m3u8","adaptive_high":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_2500,master.m3u8","adaptive_low":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_700,master.m3u8","adaptive_restricted":"https://gamespotvideo.cbsistatic.com/vr/2020/02/20/AC_19Things_02202020_700,1000,1800,2500,master.m3u8","videoType":"video-on-demand","watchedCookieDays":1,"watchedCookieName":"watchedVideoIds"” data-non-iframe-embed=”1″ readability=”7.5244755244755″>

You need a javascript enabled browser to watch videos.

Please use a html5 video capable browser to watch videos.

This video has an invalid file format.

Sorry, but you can’t access this content!

Please enter your date of birth to view this video

By clicking ‘enter’, you agree to GameSpot’s

Terms of Use and
Privacy Policy

Now Playing: 19 Things We Learned From The Animal Crossing: New Horizons Direct

GameSpot may get a commission from retail offers.

Let’s block ads! (Why?)



Source link

Continue Reading

Tech

Samsung temporarily shuts down a factory in South Korea due to Coronavirus – The Next Web

Published

on


Coronavirus has caused plenty of manufacturing units in China to stop production. Now, the deadly virus is affecting manufacturing in other countries too. Samsung has temporarily shut down its factory in Gumi, South Korea.

According to a report by Reuters, the company found a confirmed case of Coronavirus in the factory last week. Due to the fast-spreading nature of the virus, the Korean giant decided to close the factory till February 24; the floor where the affected person worked, will be closed till February 25.

[Read: I hate Apple for making me shake my MacBook like a chump]

Samsung said it’s testing people who came in contact with the infected employee for possible infection:

The company has placed colleagues who came in contact with the infected employee in self-quarantine and taken steps to have them tested for possible infection.

The company produces high-end phones, such as the Galaxy Z Flip, in this factory for the domestic market. With the current shut down being temporary, it’s unlikely that production will take a major hit.

However, with the rising number of Covid-19 cases in South Korea, the firm might need to prepare for more possible shutdowns.

Over the past couple of years, Samsung has shifted the bulk of its device production to India and Vietnam. Last year, it inaugurated the world’s largest smartphone factory in Noida, India. There are no reports of these units being affected till now.

For more gear, gadget, and hardware news and reviews, follow Plugged on
Twitter and
Flipboard.

Published February 24, 2020 — 03:45 UTC

Let’s block ads! (Why?)



Source link

Continue Reading

Trending