Microsoft has kicked off the new decade with fixes for half a century of vulnerabilities, including one discovered by the NSA that could allow hackers to spoof digital certificates to bypass security measures.
Affecting Windows 10 and Windows Server 2016 and 2019, the bug exists in the way the CryptoAPI DLL validates Elliptic Curve Cryptography (ECC) certificates.
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source,” warned Microsoft. “The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.”
If successful, an attacker could then conduct man-in-the-middle attacks and decrypt confidential information, or run malware even in environments using app whitelisting.
“Every Windows device relies on trust established by TLS and code signing certificates, which act as machine identities. If you break these identities, you won’t be able to tell the difference between malware and Microsoft software,” argued Kevin Bocek, VP of security strategy and threat intelligence at Venafi.
Todd Schell, senior product manager at Ivanti, urged admins to prioritize fixing the problem.
“The vulnerability is only rated as important, but there have been many examples of CVEs that were only rated as important being exploited in the wild,” he said. “Due to the nature of this vulnerability we would urge companies to treat this as a top priority this month and remediate quickly.”
A second flaw in Windows’ cryptographic services is rated with a lower CVSS score, but should also be prioritized, Schell claimed.
CVE-2020-0620 could allow attackers to overwrite or modify a protected file and elevate their privileges accordingly, although it first requires them to execute on a targeted system.
“Gaining execute rights on a system is a pretty low bar for most threat actors. Again, our guidance is to treat this as a priority 1 and address it in a timely manner,” said Schell.
This is the last Patch Tuesday that will include fixes for Windows 7 and Server 2008 systems, unless organizations have paid for extended support. If they have not, they will need to upgrade, or invest in virtual patching capabilities to mitigate the increased risk of attack.
“This will increase the risk assumed by those organizations that continue to run Windows 7 or 2008 and we expect attackers will begin actively looking for those operating systems as a ‘soft spot’ for a compromise,” warned Trustwave threat intelligence manager, Karl Sigler.
Minecraft's Next Big Update, The Wild, Is Coming In 2022 – TheGamer
The next Minecraft update, The Wild, aims to expand and improve upon the game’s biomes, whilst also introducing a brand new one – the Deep and Dark biome.
The Wild was shown off as part of Minecraft Live 2021 and is the next big update for the game after Caves and Cliffs Part 2, which still doesn’t have a proper release date beyond “later this year”.
The main purpose of The Wild update is to expand and improve upon biomes that already exist in the game, such as making the Birch Forest biome more unique by giving it taller trees and more open spaces. Mojang seems to be trying to give each biome a lot more to make them feel distinct from one another, alongside adding new content like boats that have chests installed in them. It’s not quite as huge as the Caves and Cliffs update but looks set to help keep Minecraft fresh.
Another big addition is the mud blocks, which come from the new Mangrove Swamp area. As the name implies, this swamp area will have mangrove trees that give you mangrove wood. The area also introduces mud blocks, which you can create yourself by using water and dirt, and a frog mob. The frog mob was a particularly popular addition, with fans cheering at its inclusion. There’ll also be tiny Minecraft tadpoles, just in case you needed something else to look forward to.
That’s not all though, as a brand new biome will also be introduced through the update. The Deep Dark biome, which was originally supposed to be introduced as part of the Caves and Cliffs update, will introduce the incredibly creepy Warden mob and acts as a sort of subterranean lair underneath the bedrock layer. Mojang shared off a fair bit more of the new biome, as well as showing the Warden off properly. The Wardens are eyeless enemies that react to sound and vibrations, essentially making them the Clickers of the Minecraft world.
Koko raises a lot of interesting questions about the nature of Pokemon in Secrets of the Jungle.
About The Author
Suicide Squad: Kill The Justice League Trailer Shows Wonder Woman is Not an Enemy – GameRant
DC FanDome was as big as many expected the event to be, revealing awesome trailers for movies like The Batman and upcoming games like Suicide Squad: Kill The Justice League and Gotham Knights. Some are upset that Injustice 3 wasn’t revealed at DC FanDome yesterday, but it was also somewhat clear that it was never going to be.
Still, these trailers are more than enough, and there’s a lot to unpack. Suicide Squad: Kill The Justice League, for example, finally let players see what heroes they would be facing in-game aside from Superman, namely The Flash, Green Lantern, and even potential hints at Batman. One other Justice League member appeared, though not in the same capacity as her comrades: Wonder Woman.
While it’s not necessarily obvious at first, it’s clear that The Flash and Green Lantern are under the control of Brainiac. Their “corruption” of sorts isn’t to the same extent as Superman, but it’s clearly there. It stands to reason that, if Suicide Squad: Kill The Justice League’s Batman is alive and, following the secret ending of Arkham Knight, he is under Brainiac’s control too. Wonder Woman, however, is not.
Throughout the trailer, her face is clear of any and all markings from Brainiac, suggesting her mind is her own. This could be so that she operates as some story device, this could be a way to encourage the Suicide Squad not to actually “kill” the Justice League, or she could be an ally at a certain point. Anything goes, but as the trailer is so action-packed, it’s easy to miss at first: Wonder Woman is not the Suicide Squad’s enemy.
Now, the reason why is up for debate and probably won’t be officially revealed until closer to launch, if not at the launch itself. Some fans speculate, however, it has something to do with her blood. Depending on which storyline Suicide Squad: Kill The Justice League uses—if not its own—Wonder Woman is either a half-god or full god. It could be that Brainiac can’t influence her because of this.
Either way, it’s good for Suicide Squad: Kill The Justice League to keep a little mystery as the game is still quite some time away. It’s at least one reason why 2022 is looking to be such a good year for video games, especially for DC games when paired with Gotham Knights.
Suicide Squad: Kill The Justice League releases in 2022 for PC, PS5, and Xbox Series X.
The next project for the developers of We Happy Few, Compulsion Games, is supposedly a Dark Fantasy game exclusive to Xbox consoles.
About The Author
Apple Macbook event: New Macbook Pro laptops – CTV News
Apple is set to kick off its second product event of the season, a month after introducing its new iPhone 13 lineup.
At a virtual event on Monday at 1 pm ET, the company is expected to unveil two high-end MacBook Pro laptops powered by its next-generation silicon chip. It may also introduce an update to its entry-level AirPods that’s more in line with the features of the AirPods Pro line.
Apple’s event kicks off what promises to be a busy week in tech product launches, with several companies pushing out new gadgets ahead of the all-important holiday season. Later this week, Google will unveil its Pixel 6 smartphone and Samsung is hosting a mysterious press event that the rumor mill didn’t even see coming.
But these products are launching amid ongoing concerns about global component shortages and logistics issues. Apple, in particular, confronted supply constraints earlier this year mainly impacting the iPad and Mac. It’s now reportedly considering cutting its iPhone production goals for the year because of the chip shortage. Apple declined to comment on the report.
There continues to be growing demand for PCs despite the shortages, however. PC shipments, including desktops and notebooks, reached 83.6 million units in the second quarter, up 13.2 per cent from the same period last year, according to market research firm IDC.
Dan Ives, an analyst with Wedbush, said Apple’s decision to push forward with new product launches speaks to “the company’s confidence” in getting its devices “into customer hands by holiday season despite the doomsday supply chain skeptics.”
The centerpiece of Monday’s event is widely expected to be the MacBook. According to a Bloomberg report, the MacBook Pro is set to get its first major update in five years.
If the event’s “Unleashed” tagline and the invitation’s artwork — which features a hyperspace version of Apple’s logo — are any indication, Apple will spend a good bit of time touting the MacBook Pro’s speed and performance upgrades. In 2020, the company switched to a powerful in-house M1 silicon chip for its computer lineup. Now, its MacBook Pro line is expected to get the so-called M1X processor that’ll likely be even faster and more efficient than its M1 chip.
The new laptops, which are rumored to come in two sizes (14 inches and 16 inches), are said to have thinner bezels, improved displays, longer-lasting batteries and more memory options. According to TF International Securities analyst Ming-chi Kuo, who has a strong track record for predicting Apple specs, the company is also expected to ditch one of the MacBook’s most divisive features: the touch bar. That small rectangular OLED touchscreen, which was introduced in 2016, replaced the row of function keys at the top of the keyboard with text prediction and shortcuts.
Other MacBook Pro rumors include bringing back the HDMI port, SD card slot, and a MagSafe charger, the last of which was removed when Apple introduced USB-C ports to the line.
Apple may also show off its first update to AirPods in two years. Since their 2016 debut, the wireless earbuds have emerged as a surprise status symbol and a runaway hit for the company.
The third-generation AirPods will likely borrow some features from the more premium AirPods Pro line, including shorter stems and a case with longer-lasting battery life. (The entry-level version currently costs US$159 and the Pro is US$259.)
Apple has long leaned on offering multiple tiers for products like its iPhones and Apple Watches, often referred to as the good, better, best model. For that reason, it’s possible the latest AirPods will come without active noise cancellation or spatial audio support so the Pro line can still differentiate itself. (Apple’s over-the-ear headset, the AirPods Max, is its priciest option at US$550).
A few October surprises
Apple could also unveil a Mac mini Pro desktop computer with the M1X chip. But some rumors indicate a slimmer, redesigned model could be delayed until next year.
While the company teased new macOS Monterrey features for its Mac computers at its annual Worldwide Developer Conference in June, it has yet to announce a launch date. Apple will likely reveal Monday when users will be able to download the next-generation software, which includes updates to FaceTime, support for AirPlay, a low-power mode and a tab-grouping feature in Safari.
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.
Russian crew returns from shooting the first feature film on the ISS – Yahoo Movies Canada
Stock Markets Today: EU economy, China GDP, Bitcoin, Squid Game – Bloomberg
How many lives have coronavirus vaccines saved? We used state data on deaths and vaccination rates to find out – Devdiscourse
Silver investment demand jumped 12% in 2019
Europe kicks off vaccination programs | All media content | DW | 27.12.2020 – Deutsche Welle
Iran anticipates renewed protests amid social media shutdown
Media21 hours ago
'Don't squish them': Photos on social media show slimy, sticky salamanders in Labrador – CBC.ca
Business20 hours ago
Bank of England will have to act to contain inflation – Bailey
Investment22 hours ago
Turkey's Erdogan says U.S. proposed F-16 sales in return for its F-35 investment – Reuters
Health18 hours ago
Former U.S. President Clinton leaves hospital, will return to New York
News19 hours ago
Son of ex-Somali political aide held over UK lawmaker stabbing
Business21 hours ago
UPDATE: U.S. expected to reopen border November 8, mixed doses eligible – BlackburnNews.com
News19 hours ago
No end in sight to volcanic eruption on Spain’s La Palma – Canaries president
Business19 hours ago
Netflix’s ‘Squid Game’ estimated to be worth about $900 million – Bloomberg News