Microsoft has kicked off the new decade with fixes for half a century of vulnerabilities, including one discovered by the NSA that could allow hackers to spoof digital certificates to bypass security measures.
Affecting Windows 10 and Windows Server 2016 and 2019, the bug exists in the way the CryptoAPI DLL validates Elliptic Curve Cryptography (ECC) certificates.
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source,” warned Microsoft. “The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.”
If successful, an attacker could then conduct man-in-the-middle attacks and decrypt confidential information, or run malware even in environments using app whitelisting.
“Every Windows device relies on trust established by TLS and code signing certificates, which act as machine identities. If you break these identities, you won’t be able to tell the difference between malware and Microsoft software,” argued Kevin Bocek, VP of security strategy and threat intelligence at Venafi.
Todd Schell, senior product manager at Ivanti, urged admins to prioritize fixing the problem.
“The vulnerability is only rated as important, but there have been many examples of CVEs that were only rated as important being exploited in the wild,” he said. “Due to the nature of this vulnerability we would urge companies to treat this as a top priority this month and remediate quickly.”
A second flaw in Windows’ cryptographic services is rated with a lower CVSS score, but should also be prioritized, Schell claimed.
CVE-2020-0620 could allow attackers to overwrite or modify a protected file and elevate their privileges accordingly, although it first requires them to execute on a targeted system.
“Gaining execute rights on a system is a pretty low bar for most threat actors. Again, our guidance is to treat this as a priority 1 and address it in a timely manner,” said Schell.
This is the last Patch Tuesday that will include fixes for Windows 7 and Server 2008 systems, unless organizations have paid for extended support. If they have not, they will need to upgrade, or invest in virtual patching capabilities to mitigate the increased risk of attack.
“This will increase the risk assumed by those organizations that continue to run Windows 7 or 2008 and we expect attackers will begin actively looking for those operating systems as a ‘soft spot’ for a compromise,” warned Trustwave threat intelligence manager, Karl Sigler.
The Witcher’s Netflix Success Proves CD Projekt Red Made a Big Mistake – CCN Markets
- The Witcher developer CD Projekt Red may have made a huge mistake by not capitalizing on the Netflix series.
- Sales of The Witcher 3: Wild Hunt soared after the TV show debuted.
- CD Projekt Red should have timed The Witcher 4 or new Wild Hunt DLC to coincide with the launch of the series.
Netflix isn’t the only one reaping the rewards from the success of its new fantasy series, The Witcher. Game developer CD Projekt Red has been cashing in too.
The Witcher 4 Was a Pipe-Dream – But What About DLC?
A recent NPD report revealed that The Witcher 3: Wild Hunt sales exploded by 554% in December 2019 – the month the Netflix show debuted – compared to the previous December.
But the company may have missed out on an even bigger windfall by failing to capitalize on the Netflix-fueled Witcher hype.
Maybe timing The Witcher 4 for a December 2019 or early 2020 release would have been way too ambitious. But they could have at least unveiled some new Wild Hunt DLC.
And it may already be too late for CD Projekt Red to correct its blunder.
Why CD Projekt Red Has Already Missed Its Chance to Leverage the Netflix Hype
Season two of the Netflix series is expected to air in 2021, so it’s virtually impossible that The Witcher 4 would be ready by then.
Before CD Projekt Red begins developing the sequel to Wild Hunt, it has to complete development on Cyberpunk 2077 – which has just been delayed to September 17. Then it will develop Cyberpunk 2077’s multiplayer gameplay, which it plans to launch after 2021.
It took three and a half years to develop The Witcher 3: Wild Hunt – and that game was delayed several times. That means we may not see The Witcher 4 until at least 2024.
By 2024, the series may have ended. Netflix is notorious for canceling shows after a few seasons. Or maybe the quality drops off dramatically, and viewers lose interest.
The Witcher, which has a lengthy production cycle and pays lead actor Henry Cavill $400,000 an episode, isn’t cheap. Netflix can’t afford it to be a niche product.
No matter what happens, it looks like CD Projekt Red has already missed its best chance to leverage the series into a fat payday.
Disclaimer: The opinions expressed in this article do not necessarily reflect the views of CCN.com.
This article was edited by Josiah Wilmoth.
Last modified: February 20, 2020 9:00 PM UTC
Animal Crossing: New Horizons Save Recovery Limit Might Get Changed – GameSpot
During its Animal Crossing-focused Direct, Nintendo once again confirmed that the upcoming New Horizons will not make use of Nintendo Switch Online’s cloud save backup function, but NSO subscribers will have a way to recover their save data should something unfortunate happen to their system. However, this feature comes with one notable caveat.
[Update] The caveat that previously stated that players would only be able to recover data once in the event a Switch console was damaged or lost resulted in some criticism from the community and became a key subject of discussion around the game. In the time since, Nintendo has re-uploaded the Animal Crossing: New Horizons Direct video–sacrificing a considerable number of views in the process–and changed the language used in the data recovery section to indicate it may be reconsidering the limitation.
Where it previously stated, “Nintendo Switch Online members can only have save data recovered one time due to loss or damage of system” it now says, “More details on save data recovery functionality will be shared at a future date.” Of course, there is no guarantee that the limitation will be removed; Nintendo may simply want to justify the restriction better at a later date.
[Original story continues] In fine print during the presentation, Nintendo specifies that you will only be able to recover your Animal Crossing: New Horizons save data one time should your Switch get lost or damaged. As previously mentioned, this service will only be offered to Nintendo Switch Online subscribers, and it won’t be available until sometime after the game launches.
This isn’t the only unusual save data restriction New Horizons imposes on players. Nintendo recently confirmed that only one island can exist per Nintendo Switch console–so if another player who shares your system would like to start their own island, they’ll need their own Switch and game. Additionally, you will not be able to transfer your New Horizons save data from one Switch system to another, at least from launch. Nintendo UK’s website says that a function to move your save to another console is “planned for later this year.”
We learned a lot of other details about New Horizons during the Animal Crossing Direct. Nintendo showcased a variety of quality-of-life improvements, as well as some new and returning characters you’ll meet in the game. New Horizons also lets you change your island’s terrain for the first time in the series, and it’ll make use of both the Nintendo Switch Online smartphone app and the Animal Crossing Amiibo figures and cards.
Animal Crossing: New Horizons releases worldwide on March 20. You can see what pre-order bonuses are available for the title in our Animal Crossing: New Horizons pre-order guide. For more on the game, be sure to check out our roundup of everything we know about New Horizons.
GameSpot may get a commission from retail offers.
Samsung temporarily shuts down a factory in South Korea due to Coronavirus – The Next Web
Coronavirus has caused plenty of manufacturing units in China to stop production. Now, the deadly virus is affecting manufacturing in other countries too. Samsung has temporarily shut down its factory in Gumi, South Korea.
According to a report by Reuters, the company found a confirmed case of Coronavirus in the factory last week. Due to the fast-spreading nature of the virus, the Korean giant decided to close the factory till February 24; the floor where the affected person worked, will be closed till February 25.
Samsung said it’s testing people who came in contact with the infected employee for possible infection:
The company has placed colleagues who came in contact with the infected employee in self-quarantine and taken steps to have them tested for possible infection.
The company produces high-end phones, such as the Galaxy Z Flip, in this factory for the domestic market. With the current shut down being temporary, it’s unlikely that production will take a major hit.
However, with the rising number of Covid-19 cases in South Korea, the firm might need to prepare for more possible shutdowns.
Over the past couple of years, Samsung has shifted the bulk of its device production to India and Vietnam. Last year, it inaugurated the world’s largest smartphone factory in Noida, India. There are no reports of these units being affected till now.
Published February 24, 2020 — 03:45 UTC
India's media is failing in its democratic duty – Al Jazeera English
Kerri Einarson wins Canadian women's curling championship – CBC.ca
The Witcher’s Netflix Success Proves CD Projekt Red Made a Big Mistake – CCN Markets
Iran anticipates renewed protests amid social media shutdown
Popular Richmond BBQ spot speaks out about coronavirus rumours after man collapses outside restaurant – Vancouver Is Awesome
Real Estate Board of Greater Vancouver reports January housing sales up 42.4 percent
- Economy21 hours ago
UAE economy grew at 2.9% in 2019, central bank says – TheChronicleHerald.ca
- Health16 hours ago
Coronavirus, Covid-19, Could Become The Deadliest Virus Ever
- Media4 hours ago
This video has circulated in media reports since at least October 2019 — months before the novel coronavirus outbreak – AFP Factcheck
- Health15 hours ago
Coronavirus symptoms: How the COVID-19 disease progresses day by day – Business Insider – Business Insider
- Health24 hours ago
Science behind the virus: Where is the epidemic going? – CGTN
- Health17 hours ago
What we know about the Coronavirus and what we don’t
- Health21 hours ago
Coronavirus: The Symptoms, The Risks And How To Avoid Being Infected – Knnit – Knnit
- Sports24 hours ago
‘Time of my life’: Zamboni driver David Ayres describes playing as backup goalie for Hurricanes – Global News