If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update, Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’ permission.
According to a blog post published Friday on Chromium Blog, Google Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called "Keeper," on his freshly installed Windows 10 system which he downloaded directly from the Microsoft Developer Network.Read more
An aggressive and sophisticated malware campaign is currently underway, targeting Linux and Windows servers with an assortment of exploits with the goal of installing malware that mines the Monero cryptocurrency.
The campaign was detected by security researchers from F5 Networks, who named it Zealot, after zealot.zip, one of the files dropped on targeted servers. According to Maxim Zavodchik and Liron Segal, two security researchers for F5 Networks, the attackers are scanning the Internet for particular servers and using two exploits, one for Apache Struts and one for the DotNetNuke ASP.NET CMS, to get a foothold on unpatched machines.Read more
A strand of malware designed to hit machines running MacOS is being used in a scheme to target customers at Swiss banks in an attempt to gain access to their accounts.
The malware, discovered by security firm TrendMicro and dubbed OSX_DOK, is a variant of another form of malware used during an ongoing assault on patrons of Swiss banks, where a number of security vulnerabilities have been targeted by attackers. OSX_DOK arrives on a victim’s machine as part of a phishing scheme. It is delivered via email alongside a compromised .zip or .docx file that purports to be either a Mac app or a Microsoft Word document.Read more
The major premise justifying Windows 10 S, the new variant of Windows 10 that can only install and run applications from the Windows Store, is that by enforcing such a restriction, Windows 10 S can offer greater robustness and consistency than regular Windows.
For example, apps from the Windows Store can't include unwanted malicious software within their installers, eliminating the bundled spyware that has been a regular part of the Windows software ecosystem. If Windows 10 S can indeed provide much stronger protection against bad actors then its restrictions represent a reasonable trade-off.Read more
In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done.
James Lee, who has presented at conferences like Zer0con, has contacted experts to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the bugs disclosed by Tavis Ormandy and fellow Project Zero researcher Mateusz Jurczyk, the bugs Lee's outlined to us arise because of insufficient sandboxing. While he hasn't provided full details to us, he's posted two remote code execution proof-of-concept videos at YouTube:Read more
The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless. The report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point. But the report’s authors, the British American Security Information Council, expressed scepticism.Read more
Microsoft has accidentally published a new Windows 10 build for PCs and mobile devices, and it turns out that the release is actually bricking smartphones by pushing them into an infinite reboot loop.
Windows 10 build 16212 was never supposed to go public, but due to an error it was published for insiders in the Fast, Slow, and Release Preview rings, with some reports claiming that even a number of users who weren't participating in the Windows Insider program got it. There is no confirmation in this regard, but if you do receive it, just don't install the new build on your PC. This build indeed pushes phones into a boot loop.Read more
Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month.
Although Microsoft released patches for SMB flaws for supported versions in March and unsupported versions immediately after the outbreak of the WannaCry ransomware, the company ignored to patch other three NSA hacking tools, dubbed "EnglishmanDentist," "EsteemAudit," and "ExplodingCan." It has been almost two weeks since WannaCry ransomware began to spread, which infected nearly 300,000 computers in more than 150 countries.Read more
The majority of machines hit by the WannaCry ransomware worm in the cyber-attack earlier this month were running Windows 7, security firms suggest. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software.
WannaCry started spreading in mid-May and, so far, has infected more than 200,000 computers around the world. In the UK, some hospitals had to turn away patients as the worm shut down computer systems. Many suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP - a version of Microsoft's OS that debuted in 2001.Read more
Researchers came across a malicious Word document last week that doesn’t discriminate between OS platforms. The malicious Word document is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.
Like many other strains of malware these days, the sample relies on tricking users into enabling macros. Once opened and macros are enabled, malicious VBA, or Visual Basic for Applications, code is executed, which runs the AutoOpen() macro. The macro goes on to read a base64-encoded string in the file, which depending on the operating system, executes a certain script.Read more