Tag Archive for: window

Window opens for new internet security section


Stacy Shi

A new department may be created under the Digital Policy Office to oversee internet security and manage major digital projects, Secretary for Innovation, Technology and Industry Sun Dong told the Legislative Council yesterday.

Sun was replying to lawmaker Yung Hoi-yan’s concerns over system failures in recent months, including the suspension of voting for last year’s district council election at polling stations.

”To support the important mission of building a digital government in the future, the government is formulating new policies, with a view to strengthening the future Digital Policy Office, at different work junctures such as project initiation, tendering, formulation of technical options, system development, testing and risk assessment,” Sun said.

The policies are aimed at providing greater support to bureaus and departments and enhancing the stability and security of government e-services, he added.

On the electronic poll register system failure in December, Sun said the Registration and Electoral Office conducted three levels of monitoring and testing for the system and the Electoral Affairs Commission is investigating the causes to ensure it will not recur.

”The findings will be reported in detail in the report to be submitted to [Chief Executive John Lee Ka-chiu] within three months after the election as required by law.”

Election Committee sector lawmaker Priscilla Leung Mei-fun said she was upset to see some voters being unable to cast their ballot, asking whether there will be backup plans or mainland experts imported to avoid similar incidents in the future.

”We have immediately switched to printed copies of the voter register to issue ballot papers, which was among our backup plans,” Secretary for Constitutional and Mainland Affairs Erick Tsang Kwok-wai said. “We will further enhance the training of our colleagues in this respect, and arrange for relevant rehearsals.”

In addition, Sun said the Office of the Government Chief Information Officer has already rolled out an enforcement guideline on supervising contractors in a bid to solve recent mishaps in the government’s IT system.

He said…

Source…

FCC Eyes Shrinking Mobile Phone Carriers’ Breach Report Window


Companies such as AT&T Inc., Verizon Communications Inc., and T-Mobile US Inc. would have to notify regulators and law enforcement as soon as practicable after discovering a breach of customers’ data under a proposal from the Federal Communications Commission.

Telecommunications providers also would be required to notify customers without unreasonable delay, as part of proposed updates to the FCC’s existing data breach rules released Friday. The agency is asking for public comment on whether to set a specific timeframe— like within 24 or 72 hours of discovery of a breach—or if the deadline for disclosures should vary based …

Source…

How to add Files to AVG Internet Security 2014 Exceptions list



Kaspersky finds zero-day exploit in Desktop Window Manager


Early 2021, Kaspersky’s researchers, upon further analysis into the already reported CVE-2021-1732 exploit used by the BITTER APT group, have managed to discover another zero-day exploit. The experts are currently unable to link this exploit to any known threat actor.

A zero-day vulnerability is basically an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.

While analyzing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.

According to the researchers, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.

It is likely that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access.

Kaspersky’s initial investigation has not revealed the full infection chain, so it is yet not known whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.

“The exploit was initially identified by our advanced exploit prevention technology and related detection records. In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and time again. We will continue to improve defenses for our users by enhancing our technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone,” comments Boris Larin, security expert at Kaspersky.

More information about BITTER APT and IOCs are available to customers of the Kaspersky Intelligence Reporting service. Contact: [email protected]

A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on April 13th, 2021.

Kaspersky products detect this exploit with the following verdicts:

Source…