May 23, 2019

Mozilla fixes bugs, improves privacy in latest Firefox release

By Danny Bradbury

Mozilla rolled out version 67 of its Firefox browser this week, fixing some security bugs and introducing a host of privacy features.

The latest release fixes two critical security flaws, both affecting memory safety.

Mozilla also fixed 11 high-impact flaws, six moderate ones, and two low-impact ones in the release.

High-impact bugs include CVE 2019-9815 which enables a side channel attack in which one program can steal information from another on a Mac. To fix this, Mozilla uses an Apple option to switch off hyperthreading.

Mozilla also fixed several high-impact bugs that could cause the browser to crash, potentially enabling an attacker to exploit system instability. These included a flaw in the program’s image processor that could allow a malformed PNG image to destabilize it, and other bugs in the browsers event listener manager, and its implementation of XMLHttpRequest (a commonly used feature on Ajax web sites that constantly send data between the server and the browser).

There were also a couple of bugs specific to different operating systems. A bug in WebGL could cause buffer overflows in some Linux graphics drivers. Another bug in the Windows version allows attackers to exploit the browser’s built-in crash reporter and escape the sandbox that it uses to protect the host computer from browser processes.

The latest release also features the fingerprint blocking technology that Naked Security covered in March. This technique, borrowed from the Tor implementation of the Firefox browser, prevents trackers from using information such as your browser’s resolution and color depth to uniquely identify you across different websites.

Read more at https://nakedsecurity.sophos.com/2019/05/23/mozilla-fixes-bugs-improves-privacy-in-latest-firefox-release/

The city of Baltimore is being held hostage by ransomware

By Lisa Vaas

The US city of Baltimore has been partially paralyzed since 7 May, when a ransomware attack seized parts of the government’s computer systems.

As soon as the city discovered that it had been attacked, it informed the FBI and took its systems offline in an effort to keep the infection from spreading.

But not before the attack took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. Real estate transactions were also shut down.

It was lousy timing, given that this is one of the real estate industry’s busiest times of the year. The Baltimore Sun reported that hundreds of property sales could have been affected: A real estate agent with access to industry data told the newspaper that at least 1,500 sales were pending in Baltimore.

But a sliver of good news came on Monday, when Mayor Bernard Young’s office announced that the city had developed a manual workaround that would allow real estate transactions to resume during the outage.

On Friday, the mayor’s office had said that the city is “well into the restorative process.” The work includes rebuilding some systems in a way that will ensure that when business functions are restored, they’ll be functioning securely.

According to Fox News, a recent analysis of the city’s cybersecurity defenses found that the network was “out of date in terms of security, staffing, and infrastructure to prevent attacks.”

Unlike both Greenville and Atlanta – which was hit by a SamSam attack last year – Baltimore doesn’t have an insurance policy to cover cybersecurity incidents. Baltimore’s head of computer security reportedly told City Council members last year at a budget hearing that the city needed one, but it didn’t happen.

Expect that to change: a spokesman for Young told the Baltimore Sun that the mayor has now directed the city’s finance and law departments to get coverage.

Read more at https://nakedsecurity.sophos.com/2019/05/23/the-city-of-baltimore-is-being-held-hostage-by-ransomware/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation