First of all – what does zero-day mean? It is the day a vulnerability was found. If a bug was around for 10 days it would be a 10-day vulnerability. Usually a fix will be developed in the form of a patch or workaround.
A zero-day exploit means an attack takes place the day a vulnerability is discovered.
On March 30, 2019, two zero-day vulnerabilities were discovered in Microsoft EDGE and Internet Explorer. Without getting too technical, the behind the scenes code of the browser can occur when you visit a malicious site and some of the same origin policy code allows other sites to intervene. When working correctly, it would prevent other sites from accessing your information.
Another vulnerability is related to MHT files. Internet Explorer can still read MHT files. If you are using Outlook, you may see this above an email: “If there are problems with how this message is displayed, click here to view it in a web browser.” It will then open in IE even if you are using Windows 10 with Edge. If the MHT file is infected you will have problems.
To prevent programs from opening IE, you can go into “Programs and Features” in Control Panel and then to “Turn Windows features on or off” and uncheck Internet Explorer 11. Restart your computer.
Trend Micro Blog
It has recently been found that WPA2 protocol is vulnerable to hacking. They are known as Krack Attacks (Key Reinstallation AttaCKS) and there is a website where you can learn more about it. It is found that Android and Linux are most vulnerable to this exploit. They can be tricked into reinstalling an encryption key with all 0s that will allow them to enter your network and then get to sites you visit and capture your login credentials.
If you watch the video below you will see it is a rather involved process to actually crack into the network but that doesn’t stop someone who is intent on getting into your network.
There isn’t a whole lot you can do because this vulnerability bypasses any security measures. Some of the more simple things you can do is not use unsecure Wi-Fi. Ever. Keep your firmware to your router updated. Do not downgrade to even more insecure protocols like WPA or WEP.
Last week, there were reports that Lenovo laptops have a security flaw. It is called Superfish adware and the laptops are shipped with this installed. Lenovo has since issued an apology and a removal tool. So what was the big deal?
Superfish came preloaded on their notebook products from September 2014 to February 2015. Many laptops come preloaded with applications but Superfish has ability to intercept SSL and TLS website connections. It can inspect the content and use a third-party library from Komodia which gives the adware the ability to impersonate any SSL website. This puts you at higher risk. It can look at emails, banking, and social media sites you visit. This is especially a problem if you use public wi-fi.
We tried to find out more about Komodia, however the site is currently down either due to ddos attacks over this or just too many connections. We will see if we can find out more about this over the next week.
If you have one of the laptops in question, you can use one of these tools to remove it.
By now you have heard about the Heartbleed Bug affecting many sites. It has to do with vulnerabilities in the encryption in OpenSSL used by many sites for security.
How does that pertain to you, the end user? Well, you may need to change a bunch of passwords. Many sites were left vulnerable and it is suggested you change your passwords. How do you know if you have to do this? There are a few Heartbleed checkers out there that allow you to put in the url of the site you are concerned about. This will let you know if they were/are vulnerable to the bug.
Here are a few to try:
There are new bugs found in the Android operating system that can leave your device, phone or tablet, vulnerable to malware. This is part of a new class of vulnerabilities called Pileup flaws (privilege escalation through updating.) The malicious apps have increased permissions once Android is updated without informing the user.
You can read more about it here on zdnet.com.
~ Jody Victor