Feds Issue Emergency Order For Agencies To Patch Critical Windows Flaw

The US Department of Homeland Security is giving federal agencies until midnight on Tuesday to patch a critical Windows vulnerability that can make it easy for attackers to become all-powerful administrators with free rein to create accounts, infect an entire network with malware, and carry out similarly disastrous actions. Ars Technica reports: Zerologon, as researchers have dubbed the vulnerability, allows malicious hackers to instantly gain unauthorized control of the Active Directory. An Active Directory stores data relating to users and computers that are authorized to use email, file sharing, and other sensitive services inside large organizations. Zerologon is tracked as CVE-2020-1472. Microsoft published a patch last Tuesday. The flaw, which is present in all supported Windows server versions, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Further raising that stakes was the release by multiple researchers of proof-of-concept exploit code that could provide a roadmap for malicious hackers to create working attacks.

Officials with the Cybersecurity and Infrastructure Security Agency, which belongs to the DHS, issued an emergency directive on Friday that warned of the potentially severe consequences for organizations that don’t patch. [The agency’s statement can be found in the article.] CISA, which has authorization to issue emergency directives intended to mitigate known or suspected security threats, is giving organizations until 11:59pm EDT on Monday to either install a Microsoft patch or disconnect the vulnerable domain controller from the organization network. No later than 11:59pm EDT on Wednesday, agencies are to submit a completion report attesting the update has been applied to all affected servers or provide assurance that newly provisioned or previously disconnected servers will be patched.

Trump Pushes To Reap Biometric Data From Immigrants, Americans

Six million would-be U.S. immigrants face expanded collection of their biometric data, including iris scans, palm-, and voice-prints, facial recognition images, and DNA, under a proposed federal rule. The Department of Homeland Security also for the first time would gather that data from American citizens sponsoring or benefiting from a visa application. Bloomberg Law reports: Years in the making, the biometrics immigration rule has garnered more than 160 comments since its Sept. 11 publication. The 30-day comment period closes on Oct 13. A final version could be in place by Inauguration Day. Immigration and privacy advocates have voiced concerns over who will have to comply with the new requirements, why President Donald Trump is making this push so late in his term, and what it means for a federal agency already claiming a lack of resources.

The 300-plus-page plan updates current biometrics requirements so that “any applicant, petitioner, sponsor, beneficiary, or individual filing or associated with an immigration benefit or request, including U.S. citizens, must appear for biometrics collection without regard to age unless the agency waives or exempts the requirement.” The DHS estimates an additional 2.17 million new biometrics submissions will be collected annually, an increase from the current 3.9 million, under the rule. The DHS already collects fingerprints from some visa applicants. The new rule would expand that biometrics-gathering to iris images, palm- and voice- prints. The agency wants authority to require or request DNA testing to prove familial relationships where kinship is in question. The DNA data could be stored indefinitely, under the proposed rule.

Motorola Solutions Acquires MSSP Delta Risk

Motorola Solutions has acquired Delta Risk, a major MSSP (managed security … and you can rest assured that continuing to provide a high level of service will … Key Delta Risk partners include VMware Carbon Black, CrowdStrike.

Fraudsters Capitalise On Fear, Uncertainty And Doubt During The Pandemic

With COVID-19 increasingly being used as a hook to commit fraud, threatening consumers and businesses of all sizes, criminals are continuing to use social engineering methods to spread malware and harvest the personal information of vulnerable individuals. With many people currently concerned about their financial situation and the state of the economy, fear, uncertainty and doubt has created an ideal environment for fraudsters to operate in.

50% off Crash™ Team Racing Nitro-Fueled – Nitros Oxide Edition for Xbox One $29.99

Greetings, creatures of this planet. Nitros Oxide has come to compete! Purchase the Crash™ Team Racing Nitro-Fueled – Nitros Oxide Edition and play as the infamous Nitros Oxide from day one in all game modes. Includes: – Crash™ Team Racing Nitro-Fueled – Full Game – Nitros Oxide, Crunch, Zem and Zam characters† – Hovercraft kart† – Exclusive Nitros Oxide, Crash, Coco and Cortex Star Skins with unique podium animations – Exclusive Crunch Robot Skin with unique podium animation – Exclusive kart paintjob, kart sticker pack, Hovercraft kart decal – Electron Skins Pack – – consists of the Crash, Coco & Cortex Electron Skins, each with a unique podium animation With Crash™ Team Racing Nitro-Fueled, get ready to go fur-throttle with the authentic CTR experience plus a whole lot more, now fully-remastered and revved up to the max. †Also able to be unlocked in standard version of game through in-game challenges and rewards. Certain elements and functionality require internet connection and Xbox Live Gold subscription, sold separately. Storage requirements subject to change. Mandatory updates may be required to play. In-game purchases optional. Activision makes no guarantee regarding the availability of online play or features and may modify or discontinue those at its discretion without notice. Using the software constitutes acceptance of the Software License & Service Agreement and Privacy Policy available at support.activision.com/license. © 2019 Activision Publishing Inc. ACTIVISION, CRASH TEAM RACING, CTR, CRASH NITRO KART, CRASH BANDICOOT and CRASH are trademarks of Activision Publishing, Inc.