Analysis

now browsing by tag

 
 

#cybersecurity | #hackerspace | VERT Threat Alert: January 2020 Patch Tuesday Analysis

Source: National Cyber Security – Produced By Gregory Evans

Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th. 

In-The-Wild & Disclosed CVEs

CVE-2020-0601

While there are no in-the-wild and disclosed CVEs in the January patch drop, there is a lot of discussion around CVE-2020-0601. The vulnerability allows for Elliptic Curve Cryptography (ECC) spoofing due to the way these certificates are validated. This vulnerability was reported to Microsoft by the NSA and rumors in various publications indicate that certain government agencies and enterprises were given advance notice of this vulnerability.

Microsoft has rated this as a 1 (Exploitation More Likely) on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Update Stack
1
CVE-2020-0638
Windows Hyper-V
1
CVE-2020-0617
Windows Subsystem for Linux
1
CVE-2020-0636
ASP.NET
2
CVE-2020-0602, CVE-2020-0603
Microsoft Windows
8
CVE-2020-0601, CVE-2020-0608, CVE-2020-0616, CVE-2020-0620, CVE-2020-0621, CVE-2020-0624, CVE-2020-0635, CVE-2020-0644
Apps
1
CVE-2020-0654
.NET Framework
3
CVE-2020-0605, CVE-2020-0606, CVE-2020-0646
Microsoft Graphics Component
4
CVE-2020-0607, CVE-2020-0622, CVE-2020-0642, CVE-2020-0643
Microsoft Scripting Engine
1
CVE-2020-0640
Common Log File System Driver
3
CVE-2020-0615, CVE-2020-0639, CVE-2020-0634
Microsoft Dynamics
1
CVE-2020-0656
Windows Media
1
CVE-2020-0641
Microsoft Windows Search Component
12
CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633
Microsoft Office
5
CVE-2020-0647, CVE-2020-0650, CVE-2020-0651, CVE-2020-0652, CVE-2020-0653
Windows RDP
5
CVE-2020-0609, CVE-2020-0610, CVE-2020-0611, CVE-2020-0612, CVE-2020-0637

 

Other Information

There were no new advisories released today. However, it is worth mentioning that today marks the final day of support for Windows 7, Windows Server 2008, and Windows Server 2008 R2. These platforms are now considered end of life and (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> VERT Threat Alert: January 2020 Patch Tuesday Analysis <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Information Technology Specialist (Systems Analysis)

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Department of the Treasury – New Carrollton, MD $119,285 – $161,900 a year – Full-time, Part-time The U.S. Department of the Treasury has a distinguished history dating back to the founding of our nation. As the steward of U.S. economic and financial systems, Treasury is a […] View full post on AmIHackerProof.com | Can You Be Hacked?

Analysis reveals racial disparities in school arrests

The presence of police in schools, advocates say, makes arrests and referrals more likely, with results that can derail students’ lives. Photo by Alan Levine/Flickr

In 43 states and the District of Columbia, black students are arrested at school at disproportionately high levels, an analysis of federal data by the Education Week Research Center finds.

And one reason may be that black students are more likely than students in any other racial or ethnic group to attend schools with police, according to the analysis of 2013-14 civil rights data, the most recent collected by the U.S. Department of Education.

In most of the jurisdictions with disproportionate arrests of black students, the disparities are significant.

Read More

The post Analysis reveals racial disparities in school arrests appeared first on Parent Security Online.

View full post on Parent Security Online

Cyber Attacks On US Companies In 2016 – Analysis

cybersecurity-2

Source: National Cyber Security – Produced By Gregory Evans

Cyber Attacks On US Companies In 2016 – Analysis

This article is a continuation of a series of papers on cyber attacks against U.S. companies since 2014[1] and 2015.[2] While the means of cyber attacks vary, the pattern of targets has been relatively consistent. Large databases, as well as

The post Cyber Attacks On US Companies In 2016 – Analysis appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Media, Malware, and Analysis Analyst Job

new3

Source: National Cyber Security – Produced By Gregory Evans

Media, Malware, and Analysis Analyst Job

Description:
SAIC currently has a contingency position for a Media, Malware and Analysis Analyst to support the United States Cyber Command (USCYBERCOM) at Fort Meade, Maryland.
JOB DESCRIPTION:
Media, Malware and Analysis (MMA) is the forensic analysis of media and

The post Media, Malware, and Analysis Analyst Job appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Correcting the Record on 38 North’s Analysis of North Korea’s Possible Fifth Nuclear Test

Source: National Cyber Security – Produced By Gregory Evans

The recent article, “What’s behind North Korea’s attempts for dialogue?” by Cha Du-Hyeogn, published by NK News calls 38 North to task as “falling for Pyongyang’s trickery” and reporting on “omens” of an imminent fifth nuclear test. Normally, we wouldn’t respond to such comments, but 38 North takes a great deal of pride in its […]

The post Correcting the Record on 38 North’s Analysis of North Korea’s Possible Fifth Nuclear Test appeared first on National Cyber Security.

View full post on National Cyber Security

Department of Homeland Security’s Science & Technology Directorate Announces New Cybersecurity Risk Analysis Tool

Source: National Cyber Security – Produced By Gregory Evans

WASHINGTON, D.C. – The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced that a fifth cybersecurity technology has been licensed for commercialization as a part of the Cyber Security Division’s Transition to Practice (TTP) program. The TTP program builds on the S&T process of funding projects through the full research and development lifecycle through to the commercial marketplace. The Physical and Cyber Risk Analysis Tool (PACRAT) technology, developed by researchers at Pacific Northwest National Laboratory (PNNL), assesses cyber risks simultaneously with physical risks. RhinoCorps, a small business and vulnerability assessment tool developer in Albuquerque, New Mexico, is licensing the tool and plans to integrate PACRAT’s capabilities into their physical vulnerability assessment tool called Simajin. The resulting assessment tool will enable users to examine how their cyber security and physical security postures impact one another. “S&T’s TTP program is leading the way in assisting the transition of government funded technology into the marketplace,” said DHS Under Secretary for Science and Technology Dr. Reginald Brothers. “Some of the most innovative technologies have been developed by our national lab partners and it’s essential we help them provide a positive impact on the nation’s cybersecurity posture.” In 2013, the TTP program […]

The post Department of Homeland Security’s Science & Technology Directorate Announces New Cybersecurity Risk Analysis Tool appeared first on National Cyber Security.

View full post on National Cyber Security