Do not update your Windows 10 PC if you are working from home - this could break the internet

Microsoft appears to have a history of unreliable and unreliable updates for Windows 10, at least for the past year and a little longer. Broken programs, performance problems, battery problems, whatever. However, this time, given that the world is following the work from home routine due to Coronavirus crashes in many countries, the March 2020 update for Windows 10 makes one really want to tear off their hair. It's not a slight bug, it might just cut off internet access on your Windows 10 laptop or PC.

Can you disable Windows updates on your Windows 10 PC right now? No, after all, it is a live platform and constant update. So what exactly is the problem? Remove it, Microsoft: "Devices that use a manual or self-configured proxy, especially with a virtual private network (VPN), may display little or no internet connection status in the NCSI on the notification area. This can happen when You are online or not connected to the VPN or after changing the status between the two. Devices experiencing this problem may also have trouble accessing the Internet using applications using WinHTTP or WinInet. Below are examples of applications that can be affected on devices in this case, but Not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11 and Web Some editions of Microsoft Edge. "This is consistent with the information provided in the version released by Microsoft, to obtain the latest update package for Windows 10.

In simpler terms, this means that you have a really critical error that can slow down apps ’access to the internet or completely prevent these apps from accessing the internet. Yes, when you are in the decisive work of home stage in our lives. If you are running Windows 10 version 1909; Windows 10 version 1903; Windows 10 version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 version 1803 or Windows 10 version 1709 may encounter this problem.

Microsoft says: "We're working on the issue and aim to release the Microsoft Catalog Out of Range Update to resolve this issue in early April." Meanwhile, your suggestion is to restart your Windows 10 PC and wait for the issue to be resolved. You can read more here.

It might have made more sense to track Google’s progress and delay Windows 10 platform updates right now. Google previously announced that it will not release updates to the Chrome web browser or ChromeOS platform at this time, because it does not want any functionality to unintentionally interrupt or interrupt usage when millions depend on their software while working from home. Just because we've received updates on Windows every month for millions of years, it doesn't mean that this time around there wasn't some flexibility given the global scenario.

This isn't the only bug with the latest Windows 10 updates, by the way. The "Reset This Computer" feature is known to be disabled, some versions of Avast and AVG antivirus will stop working, and TLS connections may fail or expire upon connection or try to resume.

If you are one of those unlucky spirits whose Windows 10 computer asks to restart to install some updates they might have downloaded recently, our advice is: Don't do it. Leave your computer idle or on, just don't turn it off or restart it, at least until Microsoft releases the patch to fix this problem.

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #update #window10

Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails

The nation-sponsored cybercriminals and spies were ready to face the coronavirus panic. Research released Thursday shows that scammers and spies quickly registered a large number of potentially harmful websites and sent masses of fraudulent emails while trying to earn money from the pandemic.

A report by cybersecurity company Recorded Future found a significant increase in registrations of websites linked to the COVID-19 virus, some of which claims to be used to steal information from recipients or infect it with malware.

Lindsay Kaye, Recorded Future's chief operating officer, specifically identified the following areas as potentially dangerous:The nation-sponsored cybercriminals and spies were ready to face the coronavirus panic. Research released Thursday shows that scammers and spies quickly registered a large number of potentially harmful websites and sent masses of fraudulent emails while trying to earn money from the pandemic.

A report by cybersecurity company Recorded Future found a significant increase in registrations of websites linked to the COVID-19 virus, some of which claims to be used to steal information from recipients or infect it with malware.

Lindsay Kaye, Recorded Future's chief operating officer, specifically identified the following areas as potentially dangerous:

coronavirusstatus[.]space

coronavirus-map[.]com

blogcoronacl.canalcero[.]digital

coronavirus[.]zone

coronavirus-realtime[.]com

coronavirus[.]app

bgvfr.coronavirusaware[.]xyz

coronavirusaware[.]xyz

Forbes also had Bernardo Quintero, founder of the Google-owned malware repository and anti-virus testing service VirusTotal, take a look at the domains reported by Recorded Future.  He said the following websites also showed signs of malicious behavior, as they’re being detected by anti-virus software:

Tracking The Trackers: Coronavirus Surveillance Around The World

Apple Issues New Blow To Google With This Striking Browser Privacy Move

‘Elite Hackers’ Thought Behind Cyber Attack On World Health Organization

corona-virus[.]healthcare

survivecoronavirus[.]org

vaccine-coronavirus[.]com

coronavirus[.]cc

bestcoronavirusprotect[.]tk

coronavirusupdate[.]tk

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #coronavirus

Researchers find security flaws in some of the major password managers

University of York researchers released their findings regarding key password manager vulnerabilities. In detail about their results in their research paper, the researchers noted that they had tested five different commercial password managers in their study. They rated these password managers against previously reported bugs. Where they also found new vulnerabilities. In short, the two researchers Michael Carr (Piksel, York Science Park) and Siamak F. Shahandasht (University of York) analyzed the top 5 password managers (out of 19) based on their popularity and functionality. These include Dashlane, LastPass, 1Password, Keeper and RoboForm. They then double-checked by testing these 5 against six known significant vulnerabilities first, then ran functionality tests to reveal more flaws. Known vulnerabilities include the two-factor authentication seed vulnerability, the item inspection vulnerability, the registry detection flaw, the URL mismatch, the subdomain ignorance, and the HTTPS Autofill vulnerability. Here's what they found (the black dot represents the presence of a vulnerability).

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #password #secrurity

Putin's secret intelligence agency has been compromised: new dangerous "cyber weapons" are now exposed

Red faces on Red Square once again. Last July, I reported the hacking of SyTech, an entrepreneur from the Federal Security Service (FSB) who works on Internet surveillance technology. Now Russia has announced a shocking new security breach in the FSB ecosystem. He unveiled "a new weapon ordered by the security service", a weapon capable of carrying out cyberattacks on the Internet of Things (IoT) - the millions of connected devices that are now found in our homes and offices.

The goal of the so-called “Fronton program” is to exploit the IoT security vulnerabilities en masse - remember, these technologies are inherently less secure than other devices connected in homes and offices. One of the pirated technical documents reported by the BBC Russia even explains that "the Internet of Things is less secure than mobile devices and servers". Security contractors point out that the default "factory" passwords they keep are the obvious weakness that is easy to exploit.

-Sumit Tiwari

#hacked #cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #iot

Pwn2Own Hacking Contest Ends, Hackers Exploit Vulnerabilities in Windows, macOS, Ubuntu, Adobe, Safari, More

The spring 2020 edition of the Pwn2Own hacking competition is over, with the Fluoroacetate team crowned winner of this year with a score of nine points Master of Pwn. Pwn2Own is a hacking competition held annually at the CanSecWest security conference. The event started in 2007 and the contest takes place twice a year, the last one taking place in November 2019. Contestants for the Pwn2Own contest are challenged to take advantage of widely used software and mobile devices with unknown vulnerabilities before. This year, Pwn2Own was the first time that the hacking competition was organized online. The participants sent their exploits in advance to the organizers of Pwn2Own, who broadcast the code during a live broadcast with all the participants present.

The award-winning Fluoroacetate team is made up of two safety researchers named Amat Cama and Richard Zhu, who won the competition by scoring nine points in the two-day competition, a two point advantage over the finalists, the Georgia Tech Systems team and Security Lab This is the Fluoroacetate team's fourth victory over Pwn2Own below, according to a report from ZDNet.

The report said that during this iteration of the Pwn2Own competition, six teams successfully hacked applications and operating systems such as Windows, macOS, Ubuntu, Safari, Adobe Reader and Oracle VirtualBox. All bugs exploited during the contest were immediately reported to their respective companies.

Following are the results of every team's efforts:

1. The Georgia Tech Systems Software and Security Lab, the runners up of the competition targeted Apple's Safari browser with a macOS kernel escalation of privilege. The team used a six-bug exploit chain to pop the calculator app on MacOS and escalate its access rights to root. The team earned a $70,000 reward and 7 Master of Pwn points.
2. The winning team, Fluoroacetate's member targeted Microsoft Windows with a local privilege escalation. Their exploit was also reported successful and earned them a $40,000 reward, along with 4 Master of Pwn points.
3. A member from the RedRocket CTF Team targeted Ubuntu Desktop with a local privilege escalation. The hacker used an improper input validation bug to escalate privileges. He earned a reward of $30,000 and 3 Master of Pwn points.
4. The winning team Fluoroacetate targeted Microsoft Windows with a local privilege escalation as well. This won them $40,000 separately along with 4 more Master of Pwn Points.
5. The Fluoroacetate team also targeted Adobe Reader with a Windows local privilege, which was also successful, earning them 5 more Master of Pwn points and $50,000 more.

-Sumit Tiwari

#microsoft #linux #safari #cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ubantu

Cyber attacks target internet users with "special discounts on coronaviruses".

Cyber criminals around the world are taking advantage of the corona virus pandemic by targeting Internet users, including online hackers with dangerous malware in the form of "special COVID-19" offers. A cyber security company in a blog post also noted that the number of domains related to questionable corona viruses increased rapidly from January to the end of February, a time when the virus was spreading rapidly. The company also claimed that the special offers of several hackers promoting "goods" were sold on dark net with special discount codes "COVID19" or "corona virus". Some websites have also seen selling high-end products like the Mac-book Air at disposable prices as part of special discounts on corona viruses.

To resolve it, as the pandemic continues to spread around the world, netizens are looking for more for the latest information and updates on the online corona virus. As searches for corona viruses continue to increase, hackers are also attempting to speed up their phishing attempts through malicious corona virus domains. According to the information security firm, Check Point Research, registered in January over 16,000 new domains related to corona virus were registered. The company says these issues are 50 percent more likely to be harmful than other doubts.

The cyber security firm also claimed that the hacker was sent via junk mail. For example, a corona virus-themed phishing campaign severely affected about 10 percent of recommendations in Italy, where over three thousand disease deaths were reported.

Additionally, Check Point noted that hackers attack amateur cyber-attackers with special corona virus discounts on online hacking tools.

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #coronavirus #ethicalhacking #hacking

Two Trend Micro zero-days exploited in the wild by hackers

Two zero-days have been discovered in Trend Micro antivirus products, according to the company, who issued a security alert earlier this week. After hackers were able to exploit the zero-days, Trend Micro released patches on Monday that address the two vulnerabilities as well as three similarly critical issues. However, the other three issues are not exploited in the wild according to the Japanese antivirus maker.

The zero-days impact the company’s Apex One and Office Scan XG enterprise security products. It is unclear whether the two recently discovered zero-days are related to a previous zero-day exploited by Chinese state-sponsored hackers (CVE-2019-18187) in an attack on the Japanese electronics firm Mitsubishi Electric. The recent zero-days, CVE-2020-8467, and CVE-2020-8468 are classified as critical and high risk respectively.

-Sumit Tiwari

#cybersecurity #euinac #zerodays #hacking #ciso #ethicalhacking

Hacker's Targeting New Android Cookie-Stealing Malware which can Hijacking Facebook Accounts

     

Hacker's Targeting New Android Cookie-Stealing Malware which can Hijacking Facebook Accounts

A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.



This technique can be done using XSS Attacks as well but Hacker's is now routing this through an Android. 



"This abuse technique is possible not because of a vulnerability in the Facebook app or browser itself," Kaspersky researchers said. "Malware could steal cookie files of any website from other apps in the same way and achieve similar results."

- Jamal Khan

VMware Patched Critical Vulnerability Affecting Workstation Pro

VMware Patched Critical Vulnerability Affecting Workstation Pro

VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp… Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

Coronavirus: Unsecure Networks is the Hacker's Latest Target

 
Coronavirus:  Unsecure Networks is the Hacker's Latest Target

Over millions of the employees are likely to work from home -- and how many of the people are really having a secure connection. Mainly in the Indian IT sector -- but how many of them have installed best practices at home. 

Hacker's can go with multiple. Threat actors are lurking into this phenomenon as an opportunity. Multiple instances of malicious, automated emails have been reported in several continents, including India, that are getting spooled with 'Coronavirus' as a theme," Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, told IANS.