Information Technology

Singapore has finalised negotiations with South Korea on a digital economy agreement that will see both nations collaborate across several areas, including cross-border online payments, data flows, cryptography, and artificial intelligence (AI). The partnership is touted to establish “forward-looking” digital trade rules and drive interoperability between digital systems.South Korea also will be the first Asian market to sign on for Singapore’s Digital Economy Agreement, the latter’s fourth following similar pacts with the UK, announced last week, as well as Australia and Chile and New Zealand.Under the digital agreement, data localisation would not be permitted unless necessary for specific purposes, such as regulatory access, the two partners said Wednesday in a joint statement. This would facilitate secured data transfers between organisation in both nations and enable them to decide where they want to store and process their data, according to their business requirements. 

The digital economy pact also would deepen bilateral collaboration in emerging segments such as personal data protection, online payments, and source code security. In addition, both countries would explore potential cross-border opportunities in AI innovation and see South Korea supporting Singapore’s efforts in developing multilateral rules in e-commerce. The latter currently is co-convenor of the World Trade Organization Joint Statement Initiative on E-commerce.Specifically, the Singapore-South Korea digital economy agreement would cover 11 modules under three broad areas spanning digital trade, trusted data flows, and trusted digital systems and participation. Bilateral efforts, for instance, would look to develop secured cross-border digital payments with “transparent and facilitative rules”, such as open application programming interfaces (APIs) and the adoption of internationally accepted standards. To facilitate the exchange of key commercial documents, both countries would recognise electronic versions of trade administration documents and collaborate on initiatives to drive the adoption of data exchange systems. Businesses operating in the two markets also would be permitted to transfer information cross-border, including data generated or held by financial institutions, if all parties complied with requisite regulations and deployed adequate personal data protection. In the area of AI, Singapore and South Korea would encourage the adoption of governance and ethics frameworks that supported trusted and responsible use of AI-powered technologies. They also would ensure local organisations that used cryptography could do so with “trust” that private keys and related technologies deployed in both market environments were protected. For one, neither country would require the transfer or access to such tools as a condition of market access.

This rule would be extended to source code protection, in which neither nation would require the transfer or access to software codes as a condition of market access. This included algorithms. The growth of small and midsize businesses (SMBs) in both countries would be cultivated through platforms that help these organisations connect to international suppliers, buyers, and other potential partners. Similar to the UK  agreement, Singapore’s pact with South Korea included collaboration in digital identities. Both Asian markets would drive interoperability between their respective digital identity regimes, with the goal to deliver more reliable identity verification and faster application processing. Such initiatives aimed to cut cross-border trade barriers and enable both enterprises and consumers to more easily and securely navigate their digital economies. Singapore’s Second Minister for Trade and Industry Tan See Leng said: “[The agreement] will strengthen the digital connectivity between Singapore and the Republic of Korea, and add to our already robust economic ties. By aligning standards, enabling trusted data flows and allowing cross-border digital transactions to take place more seamlessly, the Korea-Singapore Digital Partnership Agreement will open up opportunities for our businesses and people in the rapidly growing digital economy.”Seoul was Singapore’s eighth largest trade partner last year, with bilateral trade clocking at SG$44.6 billion ($32.58 billion), while Singapore was South Korea’s ninth largest investor in Asia in 2019, pushing SG$8.37 billion ($6.11 billion) worth of investments. RELATED COVERAGE More

Australia will create a new panel consisting of Australian youths and young adults that will provide consultation to industry and government about how to approach regulating online platforms.”Young people know better than anyone about the good, the bad and the plain ugly that exists in the online world,” Prime Minister Scott Morrison said. “They are the first generation of Australians to grow up living simultaneously in both the real and digital worlds, and they are always at the forefront of new technologies. “This is something that so many parents, and indeed decision makers, don’t always understand, because we haven’t lived this experience like they have. This is why there is no one better placed to tell us what needs to change and how, than this generation of young Australians.The Online Safety Youth Advisory Council will comprise of up to 20 young Australians, aged between 13 and 24, who will be drawn from a “wide range of backgrounds” to provide feedback to government on the challenges and solutions to online safety issues impacting young people. The council will be coordinated by eSafety Commissioner Julie Inman Grant, who will commence the selection process for council members in January.  The members will participate in a range of forums examining online safety issues such as bullying and harassment, mental health, privacy, the impact of algorithms and unwanted contact from strangers, and will report to government with recommendations for further action that can be taken by industry, government, and regulators like eSafety.Inman Grant said the decision behind creating the council was to allow Australian youth to have a voice in shaping the online world through a deep formalised engagement.

“One thing we found when we engaged young people was that they think about technology in different ways, they use technology in different ways that we do, and they also expect different things from the technology behemoths in terms of the protections that they want to see and what is intuitive to them so we cannot be making policy and creating resources without their authentic voices and without their engagement,” Inman Grant said.Inman Grant explained that the council would accept members aged as young as 13 as that is the minimum user age of major social media platforms. She added that a voice for Australian youth was needed as her agency has seen children as young as eight experience cyberbullying and fall prey to self-produced child sexual abuse material. “Kids are online earlier or earlier than they should so I think 13 is a totally appropriate age for them to start,” the eSafety commissioner said. Inman Grant’s comments follow her agency last week telling a parliamentary joint committee that social media platforms moving towards encrypted communications could create a dynamic where they effectively become “digital hiding places” for child abuse material. The agency also shared its worry that platforms may claim they are absolved of responsibility for safety because they cannot act on what they cannot see.  The testimony was made to the Parliamentary Joint Committee on Law Enforcement, which disclosed last week it was contemplating whether social media platforms should be regulated as carriage service providers to address the problem of online child exploitation.The Online Safety Youth Advisory Council will aim to start conducting meetings around mid-2022, but Inman Grant noted that the outcomes set out for the council will not have a definitive timeline. RELATED COVERAGE More

The Oregon Anesthesiology Group (OAG) said it suffered a ransomware attack in July that led to the breach of sensitive employee and patient information.The breach involves the information of 750,000 patients and 522 current and former OAG employees. In a statement, the company said it was contacted by the FBI on October 21. The FBI explained that it seized an account that contained OAG patient and employee files from HelloKitty, a Ukrainian ransomware group. The FBI said it believes the group exploited a vulnerability in OAG’s third-party firewall, enabling the hackers to gain entry to the network. “Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers,” OAG explained. “The cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms on file.”The July 11 attack locked OAG out of its servers and forced them to restore their systems from off-site backups and rebuild their IT infrastructure from the ground up. Outside cybersecurity experts were hired to help with the investigation into the attack. 

“According to the cyber forensics report obtained by OAG in late November, the cybercriminals, once inside, were able to data-mine the administrator’s credentials and access OAG’s encrypted data,” OAG said.The company has since replaced its third-party firewall and expanded the use of multifactor authentication. Victims of the incident are being provided with 12 months of Experian identity protection services and credit monitoring. OAG added that victims should be on the lookout for scams and urged them to enroll in Experian’s IdentityWorks program, which comes with up to $1 million in identity theft insurance.Those whose social security numbers were leaked are urged to create a a mySocial Security account with the Social Security Administration, which will allow them to claim their SSN, according to OAG. ZDNet previously reported that the HelloKitty ransomware has been active since at least 2020 and mostly targets Windows systems, with some variants being used against Linux systems. There have been a number of HelloKitty spinoffs, including a new unnamed ransomware variant and Vice Society.The FBI sent out a warning about the group in October, noting that the group was becoming known for aggressively pressuring its victims with the double extortion technique. “In some cases, if the victim does not respond quickly or does not pay the ransom, the threat actors will launch a Distributed Denial of Service (DDoS) attack on the victim company’s public facing website,” the FBI said. “Hello Kitty/FiveHands actors demand varying ransom payments in Bitcoin (BTC) that appear tailored to each victim, commensurate with their assessed ability to pay it. If no ransom is paid, the threat actors will post victim data to the Babuk site (payload.bin) or sell it to a third-party data broker.”The FBI added that the group typically uses compromised credentials or known vulnerabilities in SonicWall products and once inside the network, they will use publicly available penetration tool suites such as Cobalt Strike, Mandiant’s Commando, or PowerShell Empire preloaded with publicly available tools like Bloodhound and Mimikatz to map the network and escalate privileges before exfiltration and encryption.  In February, the group was implicated in a headline-grabbing ransomware attack on Polish game developer CD Projekt Red, the maker of popular games like Cyberpunk 2077 and The Witcher series. More

The US Cybersecurity and Infrastructure Security Agency has ordered all civilian federal agencies to patch the Log4j vulnerability and three others by December 24, adding it to the organization’s Known Exploited Vulnerabilities Catalog. CISA created a landing page for all Log4j vulnerability content and is providing insight alongside the Joint Cyber Defense Collaborative that includes multiple cybersecurity companies. CISA added the Log4j vulnerability alongside 12 others, with four having remediation due dates of December 24 and the rest having June 10, 2022 as the date. The ones slated for remediation by Christmas include the Zoho Corp. Desktop Central Authentication Bypass vulnerability, Fortinet FortiOS Arbitrary File Download vulnerability and Realtek Jungle SDK Remote Code Execution vulnerability. CISA Director Jen Easterly said in a statement on Saturday that the log4j vulnerability “is being widely exploited by a growing set of threat actors” and “presents an urgent challenge to network defenders given its broad use.”Bugcrowd CTO Casey Ellis commended the remediation deadlines but said it would be “nearly impossible for most organizations.””They need to find log4j before they can patch it, and many are still stuck on that step. If log4j is found, it’s likely that it is deeply embedded in existing applications and will required regression testing to ensure that a patch doesn’t break anything else,” Ellis said. “In short, the time pressure is a good thing for activating those who aren’t taking this seriously, but this will be a difficult timeframe for many to meet.”CISA created the list last month as a way to provide government organizations with a catalog of vulnerabilities organized by severity. Each is given a remediation due date and other guidelines for management. 

There is increasing worry that industrial networks — many of which are considered critical infrastructure by US officials — are among those which are most vulnerable to the recently disclosed zero-day. Dennis Hackney, head of industrial cybersecurity services development at ABS Group, said the Log4j API primarily affects the debugging and logging capabilities within very common historian and logging applications in the OT environment. What a lot of companies don’t realize, Hackney said, is that supervisory control and data acquisition (SCADA) and HMI applications typically include open-source technologies like Java and Apache as found in the Log4j 2.0 vulnerability, to provide the most cost-effective and operational functionality as possible. Hackney added that the potential OEMs that may be issuing security alerts shortly with approved fixes includes Siemens T3000, GE CIMPLICY Historian, GE LogManager, OSISoft Pi Logger, Inductive, Mango Automation, Mango Automation and others. “The Log4j API is used in very common SCADA systems and historians in the industry. Think GE Cimplicity, OSI Pi, Emerson Progea, and SIMATIC WinCC. We actually witnessed one example where the engineer was unable to start the runtime environment for his IO servers. These are the servers that control the object linking and embedding for process control (OPC) communications between the HMIs (SCADA) and the controllers, or other SCADA and between controllers,” Hackney said.   More

Security researchers have found evidence that state-sponsored groups as well as the group behind the Khonsari ransomware family are all exploiting the Log4j vulnerability. In a report on Monday, Bitdefender’s Martin Zugec wrote that he saw attacks on Sunday against systems running the Windows operating system. These attacks were attempting to deploy Khonsari.Zugec told ZDNet that Khonsari is relatively new ransomware and is considered basic — compared to the sophistication of professional ransomware-as-a-service groups. 

more coverage

“Most likely, it is a threat actor experimenting with this new attack vector. However, that doesn’t mean that more advanced actors are not looking at exploiting the Log4j vulnerability; they most assuredly are,” Zugec explained. “Instead of looking for the shortest route to monetization, they will use this window of opportunity to gain access to the networks and start preparing for a full-scale larger attack.””If you haven’t patched already, you may already have uninvited, dormant guests in your network,” Zugec added.Cado Security released its own report on the ransomware, noting that Khonsari “weighs in at only 12 KB and contains only the most basic functionality required to perform its ransomware objective.” “It’s size and simplicity is also a strength, however; at the time we ran the malware dynamically, it wasn’t detected by the system’s built-in antivirus,” Cado’s Matt Muir explained. 

Cado Security CTO Chris Doman said the distribution of Khonsari was limited and the server that originally delivered the ransomware is now serving a more generic backdoor.”As others have noted the contact information in the ransomware note are likely to be fake, and possibly even a false flag. Microsoft has reported that they have seen CobaltStrike delivered — a backdoor favored by targeted ransomware gangs. And Sekoia have said that they the LockBit ransomware crew are likely looking to exploit the vulnerability too,” Doman said. Ransomware expert Brett Callow called Khonsari “skid-level ransomware” but noted that it’s safe to assume other actors attempting to exploit this vulnerability will be more advanced. “Not all will be ransomware gangs. Threat actors of all stripes are attempting to find ways to use Log4j to their advantage,” Callow said. McAfee Enterprise and FireEye Chief Scientist Raj Samani told ZDNet that most of the payloads attacking Log4j are predominantly nuisances. But the ease with which Khonsari can be deployed — and the prevalence of vulnerable systems — means payloads could become more destructive.”We do expect unpatched systems to continue to be exploited with a high likelihood of ransomware as a malicious payload,” said McAfee Enterprise and FireEye head of advanced threat research Steve Povolny.  Web servers are the most common systems under attack right now because they’re easy to exploit and have a good return on investment, said ESET’s Marc-Étienne Léveillé. He added that in the next few weeks, we’ll probably discover other software using Log4j that’s vulnerable. Security researchers are already seeing more sophisticated groups exploiting the vulnerability. Adam Meyers, SVP of intelligence at CrowdStrike, said his team observed Iran-based, state-sponsored actor Nemesis kitten deploy a class file into a server that could be triggered by Log4J. “CrowdStrike has previously observed Nemesis Kitten attempt both disruptive and destructive attacks,” Meyers added.Sophos senior threat researcher Sean Gallagher explained that so far, Log4Shell attackers have been focused on cryptomining, calling this the “lull before the storm””We expect adversaries are likely grabbing as much access to whatever they can get right now… to monetize and/or capitalize on it later on,” Gallagher said. “The most immediate priority for defenders is to reduce exposure by patching and mitigating all corners of their infrastructure and investigate exposed and potentially compromised systems.”He added, “This vulnerability can be everywhere.” More

Tax-related identity theft is a persistent problem in the US. In fact, the IRS’s Criminal Investigation Division reported that it identified $2.3 billion in tax fraud in fiscal year 2020, with the fraud ranging from cyber crimes to tax-related identity theft.Have you fallen victim to tax identity theft and need help dealing with the financial ramifications? Or do you just want to learn ways to prevent it from happening to you? Either way, this guide can help.What is tax identity theft?Tax identity theft occurs when someone files a tax return using your Social Security Number (SSN). In some cases, thieves do this in order to claim a fraudulent tax refund. In others, they may have used your SSN to obtain employment. When this occurs, their employer will report all income to the IRS using that SSN. When you don’t report that same income on your own return, the IRS will flag it as suspicious and require you to pay taxes on that additional income. It may even lead to a tax audit.Victims of tax identity theft face serious financial ramifications. Not only are they unable to file their own returns (or claim their tax refund), but other financial vulnerabilities might be at work. Unauthorized loans, credit cards, and other accounts may have been opened using the victim’s identity. Victims are typically encouraged to freeze their credit when tax-related identity theft occurs. They may also need to work with creditors and credit reporting agencies to clear their name of any fraudulent activity.How does tax identity theft happen?Generally, tax identity theft — and all identity theft, for that matter — occurs after a person’s sensitive information has become public or fallen into the wrong hands. This often happens due to security breaches or digital data hacks.Tax identity theft often occurs in February and early March, as thieves must file the fraudulent returns before the real taxpayers file their legitimate ones. Fortunately, the IRS has taken steps to reduce identity theft from many angles. The agency has hired more employees dedicated to stopping fraud, implemented additional safeguards, and changed many of the standards used to file and authorize returns. 

Despite these efforts, tax identity fraud does still occur. It’s important everyday Americans are prepared should it happen.How to know if you’ve been victimizedIf you’ve fallen victim to tax identity theft, there are several ways you might learn of it. First, your legitimate tax return may be rejected. When you go to e-file your tax return, the IRS will reject it if a return has already been filed for your SSN. If you filed a paper return, you will get a rejection notice in the mail, alerting you that your return has already been filed.In the event the thief used your SSN to obtain a job, you likely won’t learn of the issue until your returns have been filed and processed. Once the IRS sees that your reported income does not match the income reported by employers to your SSN, they will send you a letter saying you failed to report income or that you owe additional taxes.It’s important to note that all communications from the IRS will come via mail. The IRS will not call, text, or email you regarding your returns or any suspicious activity. Do not provide sensitive information to anyone pretending to be an IRS agent via these methods, and report the issue to the U.S. Treasury Inspector General for Tax Administration.What to do next If you discover that you are the victim of tax identity theft, you’ll need to report it to both the IRS and the Federal Trade Commission.Specifically, you’ll need to:Fill out Letter 5071C, if you’ve received it. The IRS may send you Letter 5071C if it flags your return as suspicious or suspects fraud has been committed. This form requires you to verify your identity and breaks down the steps for doing so. Follow these directions exactly, and take any additional recommended steps once your identity has been confirmed.Use Form 14039 to alert the IRS of the issue. Fill out the form and mail it, along with a copy of your Social Security card and driver’s license, to Internal Revenue Service, P.O. Box 9039, Andover, MA, 01810-0939. Make sure to send the letter by certified mail to ensure it arrives safely. If you received a notice in the mail, include this with your letter as well.Apply for an Identity Protection PIN. These are six-digit numbers that the IRS will use to confirm your identity on all future returns and filings. (Please note that this service will be unavailable until January 2022 for planned maintenance.)Notify the Federal Trade Commission. File an identity theft report at IdentityTheft.gov in order to alert the FTC. This website can also help you create a plan of action for responding to identity theft.Contact your state tax agency. There may be additional steps your state requires when identity theft occurs.If you tried to e-file and got rejected, you should go ahead and file your paper return and pay any taxes you owe via mail. If at any point you need help in the process, call the IRS Identity Protection Specialized Unit at 1-800-908-4490 for assistance. An agent can walk you through the appropriate steps to both report and respond to the theft.The road ahead: Rebuilding your credit and financesThe IRS says it typically takes 120 days or less to address cases of identity theft, but due to “extenuating circumstances” caused by the COVID-19 pandemic, the IRS’s identity theft inventories have increased dramatically. It’s taking them 260 days on average to resolve identity theft cases.This doesn’t even include the time and resources needed to address other consequences of identity theft, such as unauthorized loans, credit cards, and purchases. Depending on how deep the theft goes and how available your personal information was, the financial ramifications can often last months or even years.The important thing to do is to remain vigilant. This means:Pulling your credit report and monitoring for suspicious financial activity. Look at your credit report and make sure there are no unauthorized accounts or loans in your name. Contact the creditors and close these if necessary. You should also check with your banks and lenders to ensure there is no suspicious activity. If there is, dispute the charges and follow the steps to have those waived from your accounts.Placing a fraud alert on your credit profile. Contact one of the three major credit reporting bureaus (Experian, TransUnion, or Equifax) and ask that a fraud alert be placed on your record. This can prevent thieves from opening up new credit cards or loans in your name. You can also request a total credit freeze if you want to be extra safe.Considering credit monitoring. Though these services come at a fee, they can help you keep tabs on your credit profile — as well as any changes that occur.Working with the Social Security Administration. Report the identity theft and take any additional steps recommended. In severe cases, you may need to apply for a new Social Security Number.Continuing to work with the IRS and FTC as necessary. Respond quickly to any FTC or IRS request. Any delays will slow the resolution of your case and the delivery of your refund.In some cases, you may want to involve a lawyer — especially if your investments, retirement accounts, mortgage, or other major financial products have been affected. They can help you traverse the legal issues that crop up with creditors, lenders, and financial institutions along the way.Your options for financial recovery Many victims of tax identity theft experience cash flow issues or must deal with additional debt as a result of the experience. They also may be unable to take out traditional loans or credit accounts due to the impact the theft has had on their credit score and profile.When this occurs, victims have five options:Tax Refund Advance Loan: A Tax Refund Advance Loan gives you an advance on your projected refund. While sometimes helpful, these aren’t the best idea if your refund is small. They can also impact your credit score and often require a significant chunk of your refund to secure.A personal loan: Personal loans can offer access to more cash, as well as more lenient (and longer) repayment terms. These can be especially helpful for victims hit hard by their identity theft.Credit-builder loans: These loans are beneficial if your credit score was severely impacted by the theft. Typically offered through community banks and credit unions, they help you improve your score by reporting your consistent payments to credit bureaus.Secured credit cards: If the identity theft required you to close your credit accounts, a secured credit card can be a good option. These require you to deposit money up front as collateral. They then function like traditional credit cards, while also helping you establish good credit standing (as long as you pay on time, every time).Help from loved ones: In many cases, family members, friends, and other loved ones are willing to provide financial help. They might offer no-interest loans or even gifts to help you get through your rough patch.There’s always the option to wait it out, too. If the damage was minimal or you weren’t relying on your refund for financial stability, you may be able to await the IRS’ resolution of your case.Reducing your riskIf you aren’t already the victim of tax-related identity theft, you should take action to ensure you never become one. This means protecting your personal information, shredding sensitive documents, and using strong passwords on all online accounts.You can also:Lock your mailbox.Use a secure computer on a secure network when e-filing.Check your credit report annually for suspicious activity.Install a firewall and antivirus software on your computer.Learn how to recognize phishing emails and fraudulent requests for information.Keep sensitive documents (like your Social Security card) in a safety deposit box.Only provide your Social Security Number when absolutely necessary.You should also file your returns as early as possible. A fraud cannot file a return using your Social Security Number if one has already been filed. Make it a point to file your taxes as soon as you have the information necessary to do so.[This article was originally published on the Simple Dollar in February, 2019. It was updated in December, 2021.] More

more coverage

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228. The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.” “This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description says. Apache has already released a patch, Log4j 2.16.0, for this issue. The CVE says Log4j 2.16.0 fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. It notes that the issue can be mitigated in prior releases by removing the JndiLookup class from the classpath. John Bambenek, principal threat hunter at Netenrich, told ZDNet the solution is to disable JNDI functionality entirely (which is the default behavior in the latest version). “At least a dozen groups are using these vulnerabilities so immediate action should be taken to either patch, remove JNDI, or take it out of the classpath (preferably all of the above),” Bambenek said. The original flaw in Log4j, a Java library for logging error messages in applications, has dominated headlines since last week. Exploits started on December 1, according to Cloudflare, and an initial alert by CERT New Zealand sparked others by CISA and the UK’s National Cyber Security Centre. 

The Dutch National Cyber Security Center released a lengthy list of software that is affected by the vulnerability.International security company ESET released a map showing where Log4j exploitation attempts have been made, with the highest volume occurring in the US, UK, Turkey, Germany, and the Netherlands.
ESET
“The volume of our detections confirms it’s a large-scale problem that won’t go away anytime soon,” Roman Kováč, Chief Research Officer at ESET, said.Many companies are already experiencing attacks leveraging the vulnerability; security platform Armis told ZDNet that it detected log4shell attack attempts in over a third of its clients (35%). Attackers are targeting physical servers, virtual servers, IP cameras, manufacturing devices, and attendance systems. More

Microsoft has released 67 security fixes for software including seven critical issues and a zero-day flaw being actively exploited by cybercriminals. In the Redmond giant’s latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems in software including Remote Code Execution (RCE) vulnerabilities, privilege escalation security flaws, spoofing bugs, and denial-of-service issues.Products impacted by Microsoft’s December security update include Microsoft Office, Microsoft PowerShell, the Chromium-based Edge browser, the Windows Kernel, Print Spooler, and Remote Desktop Client.  Read on: Some of the most severe vulnerabilities resolved in this update are a total of six zero-days, although only one is known to be actively exploited in the wild: CVE-2021-43890: This Windows AppX Installer Spoofing zero-day vulnerability, issued a CVSS severity score of 7.1 and rated important, is publicly known and under exploitation. Microsoft says that it is “aware of attacks that attempt to exploit this vulnerability by using specially crafted packages” and that the bug is being weaponized to spread the Emotet/Trickbot/Bazaloader malware families. CVE-2021-41333: Issued a CVSS score of 7.8, this Windows Print Spooler Elevation of Privilege vulnerability has been made public and has low attack complexity. CVE-2021-43880: This security flaw is described as a Windows Mobile Device Management Elevation of Privilege (EoP) vulnerability that allows local attackers to delete targeted files on a system.CVE-2021-43893: James Forshaw of Google Project Zero reported this issue (CVSS 7.5), which is described by Microsoft as an EoP in the Windows Encrypting File System (EFS). CVE-2021-43240: Issued a CVSS score of 7.8, Microsoft says this flaw, an NTFS Set Short Name elevation of privilege bug, has proof-of-concept exploit code available and is known publicly.CVE-2021-43883: The final zero-day flaw impacts Windows Installer. This issue, assigned a CVSS score of 7.8, can permit unauthorized privilege escalation. An additional 16 CVEs in the Chromium-based Edge browser were patched earlier this month.  According to the Zero Day Initiative (ZDI), 887 CVE-assigned vulnerabilities have been patched by Microsoft this year. While this figure may seem high, the team notes this is a 29% decrease from 2020 (not including Chromium-based Edge). 

Last month, Microsoft resolved 55 bugs in the November batch of security fixes. In total, six were assigned critical ratings and 15 were remote code execution issues. Zero-day vulnerabilities, too, were resolved by the tech giant.A month prior, the tech giant tackled 71 vulnerabilities during the October Patch Tuesday. This included four zero-day flaws, one of which was being actively exploited in the wild. In other Microsoft security news, the company recently warned that a patched Exchange Server post-authentication flaw, tracked as CVE-2021-42321, is being weaponized in new attacks — adding to the last year’s woes surrounding four zero-days in the server platform. The company also recently published research on Iranian threat actors and their ranking in the cybercriminal space. Microsoft says that there has been a massive surge in Iran state-sponsored attacks this year against IT services, despite being close to non-existent in 2020. Alongside Microsoft’s Patch Tuesday round, other vendors, too, have published security updates which can be accessed below. More