A portion of Microsoft’s Windows 10 source code has leaked online. Files related to Microsoft’s USB, storage, and Wi-Fi drivers in Windows 10 were posted to Beta Archive.
Beta Archive is a site that tracks Windows releases, and asks members to donate money or contribute something Windows-related if they access a free private FTP full of archived Windows builds. The leaked code was published to Beta Archive’s FTP, and is part of Microsoft's Shared Source Kit. “Our review confirms that these files are actually a portion of the source code from the Shared Source Initiative and is used by OEMs and partners,” reveals a Microsoft spokesperson.Read more
In spite of a flurry of patches designed to fix Windows Defender, at least one security researcher reckons there's still work to be done.
James Lee, who has presented at conferences like Zer0con, has contacted experts to say the key vulnerable component, MsMpEng, is still subject to remote code execution. As with the bugs disclosed by Tavis Ormandy and fellow Project Zero researcher Mateusz Jurczyk, the bugs Lee's outlined to us arise because of insufficient sandboxing. While he hasn't provided full details to us, he's posted two remote code execution proof-of-concept videos at YouTube:Read more
When you're a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you're there, the next challenge is usually to make sure that your activity is as hard to detect as possible.
Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring. The group, which Microsoft has named PLATINUM, has developed a system for sending files — such as new payloads to run and new versions of their malware — to compromised machines.Read more
The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless. The report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”.
The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point. But the report’s authors, the British American Security Information Council, expressed scepticism.Read more
Microsoft has accidentally published a new Windows 10 build for PCs and mobile devices, and it turns out that the release is actually bricking smartphones by pushing them into an infinite reboot loop.
Windows 10 build 16212 was never supposed to go public, but due to an error it was published for insiders in the Fast, Slow, and Release Preview rings, with some reports claiming that even a number of users who weren't participating in the Windows Insider program got it. There is no confirmation in this regard, but if you do receive it, just don't install the new build on your PC. This build indeed pushes phones into a boot loop.Read more
Microsoft has responded to claims that its Windows 10 Enterprise operating system ignores user preferences in Group Policy with the advice that, basically, it does and you shouldn't meddle with it.
On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third-party servers including advertising hubs. The security researcher, Mark Burnett, went on to show that with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects.Read more
Brace yourselves for a possible 'second wave' of massive global cyber attack, as SMB was not the only network protocol whose zero-day exploits created by NSA were exposed in the Shadow Brokers dump last month.
Although Microsoft released patches for SMB flaws for supported versions in March and unsupported versions immediately after the outbreak of the WannaCry ransomware, the company ignored to patch other three NSA hacking tools, dubbed "EnglishmanDentist," "EsteemAudit," and "ExplodingCan." It has been almost two weeks since WannaCry ransomware began to spread, which infected nearly 300,000 computers in more than 150 countries.Read more
The majority of machines hit by the WannaCry ransomware worm in the cyber-attack earlier this month were running Windows 7, security firms suggest. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software.
WannaCry started spreading in mid-May and, so far, has infected more than 200,000 computers around the world. In the UK, some hospitals had to turn away patients as the worm shut down computer systems. Many suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP - a version of Microsoft's OS that debuted in 2001.Read more
WikiLeaks has released the user guide, demo and more of a new spy malware strain allegedly created and used by the CIA. The spyware targets all Windows versions and allows attackers to completely hijack computers, steal data and send it to CIA severs, delete data and upload malicious software.
According to WikiLeaks' documents, the spyware was created by the CIA, with help from a private New Hampshire-based cybersecurity firm called Siege Technologies. The spyware has two modules. While Athena, the primary module, targets Windows XP to 10, the secondary module dubbed Hera targets Windows 8 through Windows 10.Read more
Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit allows a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine — websites, file shares — could be used as an attack vector.Read more