Information Technology

Microsoft has released today its monthly batch of security updates, known as Patch Tuesday. This month, the OS maker has fixed 56 security vulnerabilities, including a Windows bug that was being exploited in the wild before today’s patches.
Tracked as CVE-2021-1732, the Windows zero-day is an elevation of privelege bug in Win32k, a core component of the Windows operating system.
The bug was exploited after attackers gained access to a Windows system in order to obtain SYSTEM-level access.
Details about the attacks where this bug was used were not revealed. Microsoft credited three security researchers from Chinese security firm DBAPPSecurity with discovering the attacks where this zero-day was employed.
Many bug details went public
Besides the zero-day, this month’s Patch Tuesday also stands out because of the high number of vulnerabilities whose details were made public even before patches were available.
In total, six Microsoft product bugs had their details posted online before today’s patches. This included:
CVE-2021-1721 – .NET Core and Visual Studio Denial of Service Vulnerability
CVE-2021-1733 – Sysinternals PsExec Elevation of Privilege Vulnerability
CVE-2021-26701 – .NET Core Remote Code Execution Vulnerability
CVE-2021-1727 – Windows Installer Elevation of Privilege Vulnerability
CVE-2021-24098 – Windows Console Driver Denial of Service Vulnerability
CVE-2021-24106 – Windows DirectX Information Disclosure Vulnerability
The good news is that none of these bugs were exploited by attackers, despite their details being posted online.
Warning about TCP/IP bugs

But that’s not all. This month, Microsoft has also released fixes for three vulnerabilities in the Windows TCP/IP stack, which allows the operating system to connect to the internet.
Two of these bugs (CVE-2021-24074, CVE-2021-24094) apply fixes for remote code execution vulnerabilities that could allow attackers to take over Windows systems remotely.
A third bug (CVE-2021-24086) could be used to crash Windows devices.
“The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely [to be exploited] in the short term,” Microsoft said in a blog post specifically published to warn about these three issues.
“We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release,” the company added. “Thus, we recommend customers move quickly to apply Windows security updates this month.”
Of all Windows systems, Windows Server instances are the ones most likely to be susceptible to attacks, as many are used to host web servers or cloud infrastructure and are almost certainly connected to the internet at all times and exposed to attacks.
“It is essential that customers apply Windows updates to address these vulnerabilities as soon as possible,” Microsoft said.
If patches can’t be applied right away, various workarounds can be deployed, details in each vulnerability’s advisory.
Below are additional details about today’s Microsoft Patch Tuesday and security updates released by other tech companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has published this file listing all this month’s security advisories on one single page.
Adobe’s security updates are detailed here.
SAP security updates are available here.
Intel security updates are available here.
VMWare security updates are available here.
Chrome 88 security updates are detailed here.
Android security updates are available here.
Tag
CVE ID
CVE Title
.NET Core
CVE-2021-26701
.NET Core Remote Code Execution Vulnerability
.NET Core
CVE-2021-24112
.NET Core Remote Code Execution Vulnerability
.NET Core & Visual Studio
CVE-2021-1721
.NET Core and Visual Studio Denial of Service Vulnerability
.NET Framework
CVE-2021-24111
.NET Framework Denial of Service Vulnerability
Azure IoT
CVE-2021-24087
Azure IoT CLI extension Elevation of Privilege Vulnerability
Developer Tools
CVE-2021-24105
Package Managers Configurations Remote Code Execution Vulnerability
Microsoft Azure Kubernetes Service
CVE-2021-24109
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Dynamics
CVE-2021-24101
Microsoft Dataverse Information Disclosure Vulnerability
Microsoft Dynamics
CVE-2021-1724
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Edge for Android
CVE-2021-24100
Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Exchange Server
CVE-2021-24085
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server
CVE-2021-1730
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics Component
CVE-2021-24093
Windows Graphics Component Remote Code Execution Vulnerability
Microsoft Office Excel
CVE-2021-24067
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel
CVE-2021-24068
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel
CVE-2021-24069
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel
CVE-2021-24070
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-24071
Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint
CVE-2021-1726
Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint
CVE-2021-24066
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft Office SharePoint
CVE-2021-24072
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Teams
CVE-2021-24114
Microsoft Teams iOS Information Disclosure Vulnerability
Microsoft Windows Codecs Library
CVE-2021-24081
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Microsoft Windows Codecs Library
CVE-2021-24091
Windows Camera Codec Pack Remote Code Execution Vulnerability
Role: DNS Server
CVE-2021-24078
Windows DNS Server Remote Code Execution Vulnerability
Role: Hyper-V
CVE-2021-24076
Microsoft Windows VMSwitch Information Disclosure Vulnerability
Role: Windows Fax Service
CVE-2021-24077
Windows Fax Service Remote Code Execution Vulnerability
Role: Windows Fax Service
CVE-2021-1722
Windows Fax Service Remote Code Execution Vulnerability
Skype for Business
CVE-2021-24073
Skype for Business and Lync Spoofing Vulnerability
Skype for Business
CVE-2021-24099
Skype for Business and Lync Denial of Service Vulnerability
SysInternals
CVE-2021-1733
Sysinternals PsExec Elevation of Privilege Vulnerability
System Center
CVE-2021-1728
System Center Operations Manager Elevation of Privilege Vulnerability
Visual Studio
CVE-2021-1639
Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code
CVE-2021-26700
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
Windows Address Book
CVE-2021-24083
Windows Address Book Remote Code Execution Vulnerability
Windows Backup Engine
CVE-2021-24079
Windows Backup Engine Information Disclosure Vulnerability
Windows Console Driver
CVE-2021-24098
Windows Console Driver Denial of Service Vulnerability
Windows Defender
CVE-2021-24092
Microsoft Defender Elevation of Privilege Vulnerability
Windows DirectX
CVE-2021-24106
Windows DirectX Information Disclosure Vulnerability
Windows Event Tracing
CVE-2021-24102
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing
CVE-2021-24103
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Installer
CVE-2021-1727
Windows Installer Elevation of Privilege Vulnerability
Windows Kernel
CVE-2021-24096
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel
CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability
Windows Kernel
CVE-2021-1698
Windows Win32k Elevation of Privilege Vulnerability
Windows Mobile Device Management
CVE-2021-24084
Windows Mobile Device Management Information Disclosure Vulnerability
Windows Network File System
CVE-2021-24075
Windows Network File System Denial of Service Vulnerability
Windows PFX Encryption
CVE-2021-1731
PFX Encryption Security Feature Bypass Vulnerability
Windows PKU2U
CVE-2021-25195
Windows PKU2U Elevation of Privilege Vulnerability
Windows PowerShell
CVE-2021-24082
Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability
Windows Print Spooler Components
CVE-2021-24088
Windows Local Spooler Remote Code Execution Vulnerability
Windows Remote Procedure Call
CVE-2021-1734
Windows Remote Procedure Call Information Disclosure Vulnerability
Windows TCP/IP
CVE-2021-24086
Windows TCP/IP Denial of Service Vulnerability
Windows TCP/IP
CVE-2021-24074
Windows TCP/IP Remote Code Execution Vulnerability
Windows TCP/IP
CVE-2021-24094
Windows TCP/IP Remote Code Execution Vulnerability
Windows Trust Verification API
CVE-2021-24080
Windows Trust Verification API Denial of Service Vulnerability More

Cybersecurity firm SentinelOne said it has signed a deal to acquire Scalyr, makers of a data analytics platform for log management and observability, for $155 million in cash and equity.

According to SentinelOne, the acquisition will help the company add significant capabilities to its extended detection and response (XDR) platform. 
Specifically, the company said Scalyr’s technology will bolster SentinelOne’s ability to ingest, correlate, search, and action data across sources, including both public cloud and internal enterprise data sources.
Scalyr’s big data technology is perfect for the use cases of XDR, ingesting terabytes of data across multiple systems and correlating it at machine speed so security professionals have actionable intelligence to autonomously detect, respond, and mitigate threats,” said Tomer Weingarten, CEO of SentinelOne. “This is a dramatic leap forward for our industry – while other next-gen products are entirely reliant on SIEM integrations or OEMs for point in time data correlation and response, SentinelOne uniquely provides customers with proactive operational insights from a security-first perspective.”
The acquisition is expected to close during SentinelOne’s first quarter. SentinelOne said its data services team will continue offering log management, observability and event data cloud services in conjunction with integrating Scalyr.
RELATED: More

Appgate intends to go public by merging with Newtown Lane Marketing. 

The deal was made public on Tuesday. Under the terms of the agreement, Appgate will become a public company “with significant financial resources to accelerate growth, scale, and go-to-market strategies,” the firm says. 
The definitive merger agreement could value the combined company at up to $1 billion. 
Under the terms of the deal, Appgate received $50 million once the merger agreement was signed and will be given a further $25 million at closing, as well as another $25 million package moving forward. 
Miami-based Appgate, a spin-off of Cyxtera Technologies and provider of zero-trust security solutions, accounts for roughly 650 government and enterprise clients. 
The company says it intends to up-list on the “Nasdaq or NYSE as soon as possible” and as soon as the merger is complete and its application has been accepted — potentially as quickly as Q2 2021.   
Existing investors, including BC Partners and Medina Capital, will retain their share equity in the combined company for at least one year after closing as majority shareholders.

“This is a tremendous time of growth in our industry,” commented Barry Field, Appgate CEO. “Appgate is displacing outdated, easily compromised, traditional network security, such as VPNs and firewalls, by using cutting-edge software designed around the principles of zero trust.”
At the same time as the merger announcement, Appgate said that an investment manager, currently unnamed, has agreed to provide up to $100 million in convertible notes once the firm hits a $1 billion valuation. 
Appgate projects revenues of approximately $40 million in the 2021 financial year. 
According to research by Sijoitusrahastot, Special Purpose Acquisition Companies (SPACs) in the United States — used to speed up the typical Initial Public Offering (IPO) process — raised over $83 billion in 2020, a higher number than in the past 10 years combined. 
In total, 248 US-based SPACs raised $83.04 billion last year, with the market share of US-listed SPACs rising from 23% in 2019 to 53% in 2020. In total, 90% of SPAC deals made in 2020 completed. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

If you’re subscribed to us, you probably know by now how important using a VPN is. A reliable VPN is truly the easiest way to protect your online privacy besides shutting off your internet entirely. But for those of us who rely on the internet, whether for work or for play, a VPN is a necessity. 

ZDNet Recommends

The hard part is choosing the right VPN for you. There are dozens of options on the market, and everyone has different needs. Windscribe VPN is an excellent, highly-rated choice if you need an all-encompassing privacy and security solution, and Pro Plans are on sale right now for as low as $47.60 with promo code: VDAY2021. 
Windscribe VPN is a 2-in1 privacy solution that will keep your data and devices safe from harm. On one hand, it offers comprehensive VPN coverage by redirecting your traffic through an encrypted tunnel to one of its international servers. This masks your physical location, gives you a new IP address, and prevents 3rd parties such as hackers, government agencies, and even your ISP from tracking your behavior. On top of that, you can access content that’s blocked in your country since you now appear to be accessing the internet abroad. 
A new IP address alone won’t completely protect you; advertisers can still target you based on information from your browser. This is why the second half of Windscribe is a browser extension that blocks ads, beacons, and trackers from monitoring your browsing habits. Windscribe also uses a firewall to keep you safe in the event that your encrypted connection fails. 
With Windscribe VPN’s comprehensive security and privacy features, it’s no wonder it earned a user rating of 4.4/5 stars. If you’re looking for an all-in-one solution to maintain your anonymity, you can sign up for a Windscribe VPN Pro Plan today at a discounted rate. 
Prices subject to change.

ZDNet Recommends More

A new independent body will oversee training and standards in the UK cybersecurity industry, bringing the sector in line with other professions including law, medicine and engineering.
The UK Cyber Security Council is designed to provide the industry with a single government voice and to help boost job prospects for information security professionals of all experience levels by working with training providers to accredit courses and qualifications, as well as providing employers with information required to recruit effectively to ensure their security capabilities.

More on privacy

It aims to boost job prospects around the country by giving budding and existing workers a clear roadmap for building a career in cybersecurity. The council will also focus on boosting the diversity of people pursuing careers in the industry.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  
Funded by the Department for Digital, Culture, Media & Sport (DCMS), the body will work closely with the National Cyber Security Centre (NCSC) and aims to be a ‘one-stop shop’ for people people looking to enter or further their careers in information security. 
“Cybersecurity is a growing industry in the UK and it’s vital for high standards of practice and technical expertise to be at the heart of the profession as it develops,” said Chris Ensor, the NCSC’s deputy director for cyber growth.
“We look forward to working with the Council to help ensure that future generations of cybersecurity professionals have the skills and support they need to thrive and make the UK the safest place to live and work online.”

The establishment of the UK Cyber Security Council comes following a consultation on developing the UK cybersecurity profession, which found there was support for establishing a new industry body. It will be chaired by Claudia Natanson, who has served as CSO at DWP and MD at BT Secure Business Service.
“Having spent many years in cybersecurity, I’m very aware of the excellent work done by many varied organisations – but I’m also conscious that the time for an umbrella organisation has come in order to drive the profession forward in a unified way,” said Natanson.
SEE: Cybersecurity: This ‘costly and destructive’ malware is the biggest threat to your network
“It’s a privilege and a challenge to be part of the leadership of the Council, knowing that the future security and prosperity of the UK depends in part on the Council succeeding in its mission to develop the profession,” she added.
The Council will formally launch on March 31 and has appointed an inaugural Board of Trustees to help guide the organisation over the coming years.
MORE ON CYBERSECURITY More

The portable, secure and rugged diskAshur M2 comes in capacities ranging from 120GB to 2TB.
Image: iStorage
Supplied in a sturdy carrying case, the diskAshur M2 from iStorage is thinner and sleeker than previous models and has its own sliding sleeve to protect the keypad from getting knocked while it’s in a bag or pocket, as well as to keep dust out of the USB 3.2 Micro-B SuperSpeed data and power port on one end. 
There’s even a rubber gasket that makes the whole thing waterproof when the sleeve is fitted (IP68, up to 30 minutes in 1.5m of water); iStorage also claims it’s shock and crushproof (up to 2.7 ton) and we saw no errors after dropping it off a few desks and tables in the office. 
Flash storage isn’t going to suffer the kind of head crashes a hard drive might, but more importantly you don’t want it to be easy to crack open if an attacker wants to try the kind of hardware assault that involves disassembling the device (although there are built-in protections against the usual physical and monitoring attacks, and the components are encased in resin). 

The diskAshur M2 is supplied with short USB-A and USB-C cables for device connection.
Image: iStorage
The size of a small bar of chocolate or a feature phone, the M2 feels heavy for its size but is nicely balanced; you can stand it on one end if it’s not plugged in. But the USB-A and USB-C cables supplied are rather short, so it’s probably going to end up flat on the table next to your device where you can type in the PIN when you need it. That device can be pretty much anything with a USB port, including Android, Chrome, thin clients and embedded systems, as well as Windows, macOS and Linux, because the hardware encryption means you don’t need to install any software. You can even use the M2 as a boot drive. 
Previous versions of the diskAshur had a built-in cable, and the datAshur USB stick needed an adapter for mobile or USB-C devices. Switching that for separate cables makes the M2 more flexible, but since USB Micro-B SuperSpeed connectors aren’t particularly common you’ll need to have the right cable with you — making the carrying case more of a necessity than a nicety. 
When it’s unplugged, all the data is automatically encrypted using AES-XTS 256-bit hardware encryption (make sure any data transfers are finished first). The user PIN to unlock the drive to use it like a normal SSD can be seven to 15 digits long; the system blocks simple repeats and sequential PINs and having letters on the number keypad means you can use a passphrase that’s easier to remember than a string of numbers (we’d suggest avoiding the easily guessed suggestions in the manual though). Even so, there’s a polymer coating so the keys don’t wear down and give attackers a hint. 
There’s a wide range of admin features, from enforcing the length of user PINs (and whether to require special characters that use the Shift key) to setting how long the drive stays unlocked when it’s not in active use (the default timeout is short enough to annoy most users). 

Both admins and users can flip the drive into read-only mode — and if that’s set by an admin, users can’t change it, so you can use this for distributing content without worrying that it will be accidentally deleted, infected by malware or otherwise tampered with. 
If the user PIN is typed in wrong ten times in a row, it’s automatically deleted, so you can set one-time user recovery PINs to let people regain access to their data. All the previous diskAshur features are still there, like the choice of a device reset or a self-destruct PIN that deletes the data, encryption key and PINs so you can re-issue a previously used drive to another employee and ensure data deletion. 
But configuring those, or even creating user PINs, still requires a fiddly sequence of pressing various combinations of shift and lock keys on the device with various digits and watching the three-colour LEDs blink or turn solid in patterns that few people are going to bother memorising. Even unlocking the drive as a user means pressing two keys, typing in the PIN, pressing another key and then watching the green and blue LEDs flash for a few seconds. 
Even with the limitations of a numeric keyboard, we continue to find this unnecessarily complex and it’s the most annoying aspect of iStorage’s otherwise useful products. 

Top: moderate performance when copying a 12GB selection of files. Above: better results when handling large sequential files.
Images: Mary Branscombe / ZDNet
With a USB 3.2 Gen 1 connection, the M2 can theoretically deliver 370MB/s read and write speeds, although the encryption can slow that down. Copying a 12GB selection of files showed rather variable performance that didn’t get close to the theoretical maximum, but delivered similar write speeds to a USB 3.0 flash drive (for comparison we used a Kingston DataTraveler Ultimate 3.0 Generation 2). CrystalDiskMark showed closer to the theoretical speed with large sequential files. 
But in use, disk performance isn’t going to slow you down — although the drive settings might. The short timeout limit meant that both the benchmarks and the large file copy initially failed and required a Windows drive repair, with the drive light activity staying on even after the drive had disappeared from Windows Explorer. We found our test unit would lock after a few minutes even after we extended the timeout to the maximum 99 minutes, which was equally annoying. 
You’re also paying for the security, with prices starting at £155 for the 120GB version; we looked at the £515 2TB model. 

Image: iStorage
The diskAshur M2 offers a welcome combination of features from iStorage’s previous SSD and USB stick models: the one-time PIN from earlier diskAshur models and the protective cover from dataAshur. It’s also smaller, neater and more rugged than earlier offerings. But the interface continues to be opaque and occasionally frustrating, so build in time for training and user support.
RECENT AND RELATED CONTENT
Encrypted USB flash drive you can unlock with your smartphone (or Apple Watch)
cloudAshur, hands on: Encrypt, share and manage your files locally and in the cloud
diskAshur2 and datAshur Pro, First Take: Secure but pricey mobile drives
Seagate IronWolf 510 SSD, hands on: An enterprise-class cache to speed up your NAS
OWC Envoy Pro FX external SSD
Read more reviews More

Image: CD Projekt Red
Polish game developer CD Projekt Red, the maker of triple-A games like Cyberpunk 2077 and The Witcher series, has disclosed today a ransomware attack.
In messages posted on its official social media channels, the gaming studio said the attack took place yesterday when a threat actor gained access to the company’s corporate network.
“Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data,” the company wrote on Facebook and Twitter.
The game maker also published a copy of the attacker’s ransom note, in which the hackers claimed they obtained copies of the source code for games like Cyberpunk 2077, Gwent, and The Witcher 3, along with an unreleased version of The Witcher 3 game.

Image: CD Projekt Red
But despite the threat of a sensitive leak, the game maker said it wouldn’t be paying any ransom demand.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” the company said.
“We are still investigating the incident, however at this time we can confirm that —to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services.”

The game maker said it already notified local authorities.
CD Projekt Red now becomes the fourth major gaming studio to fall victim to a ransomware attack over the past 12 months after attacks on Ubisoft and Crytek by the Egregor gang, and the attack on Capcom by the Ragnar Locker gang.
The attacker behind the CD Projekt Red attack has not been yet identified. More

Image: Ukraine Ministry of Internal Affairs
Ukrainian police arrested a 39-year-old man last week on accusations of developing and advertising one of the most advanced and widely used phishing toolkits of the underground hacking scene.
The suspect, whose name was not released to the public, was arrested last week, on Thursday, February 4, in the Ternopil region of Ukraine, following an international investigation between law enforcement agencies in Australia, the US, and Ukraine.
Suspect identified as uPanel author
Sources familiar with the investigation told ZDNet the suspect was the author of a phishing tool named uPanel, sometimes also referred to as U-Admin.
Fred HK, an independent malware security researcher who studied the toolkit in a report last year, described uPanel as the following:
“U-Admin is a control panel for receiving logs from phishing kits, and controlling victim interaction. U-Admin is also used with injections, which are snippets of code that are injected into a victims’ browser, enabling the attacker to gather more information from their victims. […] U-Admin is not sold on its own, it is included when you purchase one of their phishing pages/injects.”

Image of the uPanel store hosted on the dark web.
Image: Fred HK
According to information shared with ZDNet by threat intelligence firm Intel 471, uPanel was sold via a dedicated website hosted on the dark web and advertised on one a popular underground cybercrime forum, where the author went by the nickname of kaktys1010.
According to early versions of the author’s ads, the uPanel kit has been available for sale since 2015, with its price ranging from $80 to $800, depending on the features buyers wanted to have included in their panels.
uPanel had more than 200 customers

In a press release from the Ukrainian Ministry of Internal Affairs last week, officials said that uPanel had more than 200 active customers based on data they obtained after seizing computers, laptops, and smartphones from the suspect’s residence.
Officials believe the uPanel phishing toolkit was used in phishing operations that caused tens of millions of US dollars in losses to financial institutions in 11 countries, such as Australia, Spain, Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, the US, and the UK.
Australian law enforcement said that more than 50% of all phishing attacks that targeted Australian users in 2019 were carried out using uPanel.
Investigators said the suspect didn’t just create the phishing kit and advertised but also spent a great deal of time and effort in providing tech support to its customers.
A video released by Ukrainian officials with footage from the suspect’s arrest is available below:
[embedded content] More