Late Friday the US Cybersecurity and Infrastructure Security Agency (CISA) directed all Federal agencies to apply August’s patch to Microsoft Windows Server. Emergency Directive 20-04 requires that mitigations of the Zerologon privilege-elevation vulnerability (CVE-2020-1472) Microsoft addressed in August be applied by midnight tonight, and that all agencies report completion by midnight Wednesday. The directive applies only to Federal agencies under CISA’s oversight (which is most of them, but with certain national security exclusions). As Forbes notes, if the matter is serious enough for CISA to take this action, then the private sector would be wise to do the same.
The release of Cerberus source code has, as predicted, been followed by an increase in attacks using the banking Trojan, Kaspersky reports.
Check Point describes what it’s seen of Rampant Kitten, an Iranian threat group that’s been keeping tabs on that country’s dissidents for six years. Rampant Kitten has used four Windows infostealers, an Android backdoor that pulls two-factor authentication codes from SMS messages and records the infected device’s audio surroundings, and Telegram phishing pages.
US bans on transactions involving TikTok and WeChat scheduled to take effect yesterday didn’t happen, due to, first, eleventh-hour agreements and, second, to a temporary injunction. An agreement that would establish TikTok’s American operations as a standalone company with partial US ownership remains under evaluation, and the Commerce Department says the ban has therefore been postponed a week. The Wall Street Journal reports that a US court has granted a temporary injunction stopping action against WeChat.