Tag: April | Page 3

India: Authorities maintaining security restrictions across Uttar Pradesh State as of April 17 following high-profile assassination /update 1

April 17, 2023/in Internet Security

Event

Authorities are maintaining heightened security across Uttar Pradesh State as of April 17 following a shooting that killed two former lawmakers under police custody for organized crime charges in Prayagraj, late April 15. Section 144 of the Criminal Procedure Code (CrPC) has been imposed in all districts of Uttar Pradesh until further notice. Security forces have deployed to patrol and conduct vehicle searches in several areas across the state. The tightest security measures and an internet suspension until at least April 19 are underway in Prayagraj District. Extensions are likely.

Under Section 144, unauthorized public gatherings of four or more people, and the carriage of arms in public are prohibited, among other rules. The measure also empowers local authorities to impose further restrictions such as curfews if necessary. Security forces have deployed to prevent communal violence in areas with mixed populations of Hindus and Muslims as a precaution, as unverified videos showing the gunmen chant a religious slogan after the killing are in circulation. Security measures may prompt associated localized transport and business disruptions. Additional limits on social media and internet services are possible if significant clashes occur.

Demonstrations may occur in the coming days despite the gathering ban, mainly in the Allahabad West constituency in Prayagraj District where the deceased have won elections. Violence may quickly break out during gatherings, with protesters engaging in arson and vandalism. Opposition parties in the state may also hold rallies with dozens of supporters in urban centers to denounce alleged security lapses. Police are likely to monitor well-attended rallies, and forcibly disperse any unruly crowds.

Context

Three gunmen shot and killed Atique Ahmed and his brother, Khalid Azim as they were being transported for a court-mandated medical check while in police custody. Both brothers were former lawmakers from the Samajwadi Party facing dozens of criminal cases including kidnapping, extortion, and murder. Police have apprehended the three shooters. Security deployment to prevent retaliatory violence is likely in the coming weeks.

Advice

Exercise a high…

Source…

Microsoft’s Patch Tuesday for April 2023 closes 97 security bugs, 1 zero-day flaw

April 12, 2023/in Computer Security

Recap: Every second Tuesday of the month, Microsoft rolls out its latest collection of security fixes. The unofficial ‘Patch Tuesday’ definition has been used by Microsoft in the last 20 years to describe the company’s release of security fixes for Windows and other products.

For April 2023, the company’s update focuses on closing multiple vulnerabilities as well as a nasty zero-day flaw.

According to Microsoft’s official security bulletin, patches released in April 2023 provide updates for many Windows components including the Kernel, Win32K API, .NET Core, the Azure cloud platform, Microsoft Office applications, Visual Studio, and Windows Active Directory. All things considered, the latest Patch Tuesday fixes 97 security flaws.

Seven vulnerabilities are classified with a “critical” risk level, as they could be abused to remotely execute potentially malicious code. The Patch Tuesday flaws are classified as follows: 20 elevation of privilege vulnerabilities, eight security feature bypass vulnerabilities, 45 remote code execution vulnerabilities, 10 information disclosure vulnerabilities, nine denial of service vulnerabilities, and six spoofing vulnerabilities.

The list doesn’t include 17 security flaws in Microsoft Edge that were fixed a week ago. A complete report on all the flaws and related advisories has been published by Bleeping Computer. Besides security fixes, on Patch Tuesday day Microsoft also rolled out cumulative, non-security updates for Windows 11 (KB5025239) and Windows 10 (KB5025221, KB5025229).

The single zero-day vulnerability is tracked as CVE-2023-28252, or ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability.’ An attacker who successfully exploits this vulnerability could gain system privileges, Microsoft explains, meaning that they could achieve the highest access level available on a Windows OS.

According to security researchers, cyber-criminals are already trying to exploit the CVE-2023-28252 bug to spread the Nokoyawa ransomware to organizations belonging to wholesale, energy, manufacturing, and healthcare industries. The flaw is similar to another privilege escalation bug supposedly fixed by Microsoft in…

Source…

Pixel April 2023 update is late, marking second delay in a row

April 4, 2023/in Mobile Security

Historically, Pixel security patches are released on the first Monday of the month at 10 a.m. PT. Following last month’s situation, Google has yet to release the April 2023 update for the Pixel 4a to 7 Pro.

As Monday winds down, the company has yet to post a “Google Pixel Update – April 2023” changelog, detail the “Pixel Update Bulletin—April 2023,” or release full Factory/OTA Images.

The “Android Security Bulletin—April 2023” was released at the usual time, but carriers (Verizon) have yet to detail.

We’re not expecting the April security patch to be a big upgrade since Android 13 QPR2 rolled out last month. At best, there should be a handful of functional updates and other fixes. (The next Feature Drop/QPR3 is expected in June, with testing already underway.)

It comes as one user last week received an April 5, 2023 security update on their Pixel 5 ahead of schedule. That was a one-off incident with no other reports (possibly internal testing), but it did reveal a build number that suggested nothing significant is likely to change.

There’s no obvious reason for the update to not be released today (i.e., Monday isn’t a public holiday in the US). The last notable delay was in August 2022, when Google did not roll out an update on schedule because it was waiting for Android 13, which received a mid-month launch. Before that, the Pixel 6 series was not updated at the same time as older phones, with Tensor likely at fault.

Google never explained why the updates were delayed last month, and the company didn’t provide any guidance when we asked today about April.

Meanwhile, the Pixel Watch has yet to see its April 2023 update. Google has been updating the wearable on the same day/schedule as its phone. Last month’s sizable Pixel Watch release widely rolled out as part of the second wave alongside the Pixel 6, 6 Pro, and 6a.

Hopefully, the April delay is not as significant as last month’s, and this doesn’t become a habit for Google.

FTC: We use income earning auto affiliate links. More.