A security vulnerability in Windows 10 Mobile allows anyone to bypass the security code and access the photo gallery on a device running either production or preview builds shipped as part of the Windows Insider program.
While at the moment it looks like the latest Windows 10 Mobile Redstone 2 preview builds are not affected by the flaw, WindowsTeam reports that pretty much anyone can bypass the passcode using just a few simple steps that eventually provide access to photos. To exploit the bug, all you have to do is open the camera while the device is still locked using the camera shortcut on the lock screen, take a photo and then open it using the little thumbnail in the left lower corner.Read more
The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang!
The hacking group is now selling another package of hacking tools, “Equation Group Windows Warez,” which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group. The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and "powerful espionage tools" created by The Equation Group. On Saturday, the Shadow Brokers announced the sale of the entire "Windows Warez" collection.Read more
An update to Windows software has caused problems for personal computer users trying to connect to the internet. Several European internet service providers (ISPs) have highlighted the problem, which can strike regardless of the type of router box or the particular ISP in use.
Microsoft has offered guidance to those experiencing difficulties. Computers running Microsoft's latest updates are losing network connectivity essentially because the PCs cannot automatically pick up the addressing systems from their broadband routers, which then cannot connect them to the internet. This is not the first time a Windows 10 update has created trouble.Read more
If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds. All an attacker need to do is hold SHIFT+F10 during Windows 10 update procedure.
Security researcher Sami Laiho discovered this simple method of bypassing BitLocker, wherein an attacker can open a command-line interface with System privileges just by holding SHIFT+F10 while a Windows 10 PC is installing a new OS build. The command-line interface then grants the attacker full access to the computer's hard drive, even when the victim has enabled BitLocker disk encryption feature.Read more
There's a zero-day exploit in the wild that's being used to execute malicious code on the computers of people using Tor and possibly other users of the Firefox browser. According to security researchers who analyzed the code, it exploits a memory corruption vulnerability that allows malicious code to be executed on computers running Windows.
The malicious payload it deliversis almost identical to one that was used in 2013 to deanonymize people visiting a Tor-shielded child pornography site. The FBI ultimately acknowledged responsibility for the exploit, which was embedded in webpages served by a service known as Freedom Hosting.Read more
A cybercriminal gang is putting a new, and somewhat confusing, spin on the classic tech support scam using a new strain of ransomware to lock up a victim's computer and then asking the person to call a Microsoft customer support number for help.
The software has been dubbed VindowsLocker ransomware by researchers. Unlike traditional tech support scams that just try to suck money from its victims by pretending to be helpful, VindowsLocker creates a real problem by locking up the victim's files and then offers to help. Experts took a deep look at VindowsLocker uncovering both the comical and serious sides of the malware.Read more
Microsoft has reportedly signed a deal with FireEye that will see it share telemetry data from Windows 10 with the third-party security outfit. Microsoft and FireEye's partnership will also see FireEye "gain access to telemetry from every device running Windows 10."
Microsoft uses telemetry data from Windows 10 to help identify security issues, to fix problems and to help improve the quality of its operating system, which sounds like a good thing. However, with the company previously admitting that it's latest OS is harvesting more data than any version before it, Microsoft's mega data-slurp also raised some privacy concerns.Read more
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready. Yes, the critical zero-day is unpatched and is being used by attackers in the wild.
Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix. The reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy, companies should patch or publicly report such bugs after seven days.Read more
Hackers can potentially target and attack all Windows versions thanks to a new attack mechanism uncovered by security researchers in the Windows OS. Threat actors could leverage the new technique to inject malicious code onto users' PCs.
According to security researchers, a new code injection technique called "Atom Bombing", which exploits an underlying Windows mechanism called atom tables, can be leveraged to bypass security protocols. Researchers also uncovered that since the issue does not rely on "broken or flawed code", instead manipulates the operating system mechanisms' designs, the issue cannot be patched.Read more
One of the most recent support call scams involves Microsoft’s Security Essentials, the free antivirus solution that the company is offering to users of Windows 7 or older Windows versions.
The company published a warning to explain that this fake Microsoft Security Essentials antivirus is actually a scam and whose only goal is to convince you that there’s something wrong with your PC, only to pay for fake repairs. After installing, the fake package generates a Blue Screen of Death, which once again contains elements proving it’s all just a malicious attempt to steal your money. The BSOD displays contact information.Read more