Windows

now browsing by tag

 
 

#hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch

Source: National Cyber Security – Produced By Gregory Evans


John Leyden

13 March 2020 at 12:45 UTC

Updated: 13 March 2020 at 12:49 UTC

Don’t Panic: Potentially wormable flaw only present in latest systems

Microsoft released an out-of-band security update to patch a remote code execution (RCE) vulnerability impacting Server Message Block (SMB) on Thursday, just two days after its regular Patch Tuesday releases.

The software vendor was obliged to rush out a fix after security partner inadvertently disclosed details of the flaw, which is of a type previously exploited by high-profile threats such as the WannaCry worm.

If left unaddressed, the vulnerability (CVE-2020-0796) in Microsoft SMB 3.1.1 (SMBv3) could be exploited by a remote attacker to plant malicious code on vulnerable systems.

Exploitation would involve sending a specially crafted, compressed data packets to a targeted SMBv3 server.

The flaw stems from bugs in how “Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests”, an advisory from Microsoft explains.

New flaws on the Block

SMB is a networking protocol that’s used for sharing access to file and printers. The same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit harnessed by the infamous the WannaCry ransomware.

The vulnerability exists in a new feature that was added to Windows 10 version 1903, so older versions of Windows do not support SMBv3.1.1 compression are immune from the security flaw.

Both Windows 10 clients and Windows Server, version 1903 and later, need patching

Preliminary scans by security experts suggest only 4% of publicly accessible SMB endpoints are vulnerable.

Server-side workarounds have been released for organizations running affected software but unable to rapidly roll out patches. This includes disabling compression for SMBv3 as well as blocking TCP port 445 at the perimeter firewall.

Accidental disclosure

Satnam Narang, principal security engineer at security tools vendor Tenable, commented: “The vulnerability was initially disclosed accidentally as part of the March Patch Tuesday release in another security vendor’s blog.

“Soon after the accidental disclosure, references to it were removed from the blog post.”

At the time of writing, no proof of concept exploit code for CVE-2020-0796 has been publicly released.

Narang added that how readily exploitable this vulnerability might prove to be currently remains unknown.

“This latest vulnerability evokes memories of EternalBlue, most notably CVE-2017-0144, a remote code execution vulnerability in SMBv1 that was used as part of the WannaCry ransomware attacks,” Narang explained.

“It’s certainly an apt comparison, so much so that researchers are referring to it as EternalDarkness. However, there is currently little information available about this new flaw and the time and effort needed to produce a workable exploit is unknown.”

RELATED Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’

Source link

The post #hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | New Windows Vulnerabilities Highlight Patch Management Challenges –

Source: National Cyber Security – Produced By Gregory Evans

Microsoft’s monthly “Patch Tuesday” is an important part of the cyber hygiene routine for anyone in IT (including home users). This month’s update proved to be a particularly critical one.

Early in January, the National Security Agency (NSA) alerted Microsoft to a major flaw in Windows 10 that could let hackers pose as legitimate software companies, service providers, websites, or others. “It’s the equivalent of a building security desk checking IDs before permitting a contractor to come up and install new equipment,” Ashkan Soltani, a security expert and former chief technologist for the Federal Trade Commission, told CNN.

Fortunately, Microsoft acted quickly and issued a critical update — CVE-2020-0601 — on January 14.

Despite this quick action, businesses and government have a habit of missing, ignoring, or delaying important patches and updates. They do so at their peril. In 2019, the majority of cybersecurity breaches were a result of unapplied patches. However, the reasons for this oversight are complicated and often unintentional.

Patch management — IT’s nightmare

Getting a handle on patch management is an unending challenge for IT and security teams. Last year, 12,174 common vulnerabilities and exposures (CVEs) were reported — making patching an almost impossible task for any organisation. In fact, it takes the average organisation 38 days to patch a vulnerability. Even then, 25% of software vulnerabilities remain unpatched for more than a year.

One of the biggest obstacles to frequent patching is that security teams struggle to identify everything that needs to be fixed. Understaffed and struggling with alert fatigue, it can be hard to identify the systems that are yet to be updated, prioritise remediation, and apply patches quickly.

To add to their workload, IT and cybersecurity teams must also make certain that the appropriate security policies are in place to ensure that users regularly update their PCs and devices, and don’t delay the inevitable “Windows Update”. Risk also extends beyond the four walls of the business.

Third- and fourth-party cyber risk is a big threat to businesses. 59% of breaches have their origins in vulnerable and unpatched third-party systems. The trouble is that vendor risk assessment questionnaires only offer a point-in-time view into the security posture, including unpatched software of suppliers, partners, and sub-contractors. This leaves IT in the dark.

Windows 7 — a new risk

Microsoft has been focused on closing gaps in its Windows 10 OS. This left Windows 7 users walking into a new cybersecurity landmine on January 14, 2020. Microsoft ended support for the nine-year-old OS and will no longer issue security patches or updates.

This is particularly problematic, since almost 70% of organisations are still using Windows 7 in some capacity. It leaves them susceptible to a security issue, attack, or breach — unless they purchase extended support from Microsoft or upgrade to Windows 10.

Fixing the patch management challenge

Maintaining a frequent patching cadence is critical to mitigating cyber risk, but it doesn’t have to be a nightmare.

With the BitSight Security Ratings platform, your organisation can shine a spotlight on vulnerable, unpatched systems and out-of-date operating systems. It provides insight for both internal systems and across nth parties (partners, vendors, customers, etc.). Using these insights, IT teams can prioritise which patches are most critical and take steps to measurably reduce risk. In addition, security ratings make it easier to share actionable security information with other business functions.

This information allows teams to collaborate with each other on pressing security issues. It also helps reduce risk across your business ecosystem. Furthermore, because patching cadence is indicative of the likelihood of a breach, it has stepped into the spotlight as something the Board and C-suite is interested in. Security ratings mean this conversation becomes much easier. Information about vulnerabilities is provided in a straightforward and non-technical way that is easy for everyone to understand.

Organisations can also share security ratings with partners. This allows third parties to identify and rectify issues and blind spots in their systems and software — continuously and in real-time, without waiting on lengthy audits or assessments.

Time is of the essence

As the recent Windows 10 critical update shows, organisations must do everything they can to stay on top of their patching cadence and that of their vendors.

But there’s no need for organisations to be paralysed by the sheer volume of ongoing patches. Learn more about how BitSight can help.


https://www.bitsighttech.com/BitSight transforms how companies manage third and fourth party risk, underwrite cyber insurance policies, benchmark security performance, and assess aggregate risk with objective, verifiable and actionable Security Ratings.

Source link

The post #nationalcybersecuritymonth | New Windows Vulnerabilities Highlight Patch Management Challenges – appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means

Source: National Cyber Security – Produced By Gregory Evans

Seven weeks into 2020, and we are deep into the season for cybersecurity reporting. You can expect a wide range of summaries of the threat landscape from 2019 and forecasts as to what to expect this year. As threat actors from China, Russia, Iran and North Korea continue to probe network and system security around the world, we also have the rising threat of ever more sophisticated malware hitting individuals and the companies they work for, all fuelled by the scourge of social engineering to make every malicious campaign more dangerous and more likely to hit its mark.

BlackBerry Cylance has published its “2020 Threat Report” today, February 19, and its theme is the blurring lines between state actors and the criminal networks that develop their own exploits or lease “malware as a service,” pushing threats out via email and messaging campaigns, targeting industries or territories. This year, 2020, will be seminal in the world of threat reporting and defense—IoT’s acceleration is a game changer in cyber, with the emergence of a vast array of endpoints and the adoption of faster networking and pervasive “always connected” services.

The challenge with IoT is the limited control of the security layers within those endpoints—it’s all very well having smart lightbulbs, smart toys and smart fridges. But if every connected technology you allow into your home is given your WiFi code and a connection to the internet, then it is near impossible to assure yourself of the security of those devices. Current best practice—however impractical that sounds—is to air-gap the networks in your home: trusted devices—your phones, computers and tablets, and then everything else. If one family of devices can’t see the other, then you are much better protected from malicious actors exploiting casual vulnerabilities.

I have warned on this before, and the market now needs the makers of networking equipment to develop simple one-click multiple networking options, so we can introduce the concept of a separated IoT network and core network into all our homes—something akin to the guest networks we now have but never use on our routers, but simpler, more of a default, and therefore better used.

According to Cylance’s Eric Milam, the geopolitical climate will also “influence attacks” this year. There are two points behind this. First, mass market campaigns from state-sponsored threat actors in Iran and North Korea, from organized groups in Russia and China, and from criminal networks leveraging the same techniques, targeting individuals at “targeted scale.” And, second, as nation-states find ever more devious ways to exploit network defenses, those same tools and techniques ultimately find their way into the wider threat market.

The real threats haven’t changed much: Phishing attacks, ranging from the most basic spoofs to more sophisticated and socially engineered targeting; headline-grabbing ransomware and virus epidemics; the blurring between nation-state and criminal lines, accompanied by various flavors of government warnings. And then, of course, we have the online execution of crimes that would otherwise take place in the physical world—non-payment and non-delivery, romance scams, harassment, extortion, identity theft, all manner of financial and investment fraud.

But, we do also have a rising tide of malware. Some of that rising tide is prevalence, and some is sophistication. We also have criminal business models where malware is bought and sold or even rented on the web’s darker markets.

In the Cylance report, there is a useful summary of the “top malware threats” for Windows and Mac users. Cylance says that it complied its most dangerous list by using an “in-house tooling framework to monitor the threat landscape for attacks across different operating systems.” Essentially that means detecting malware in the wild across the endpoints monitored by its software and systems. It’s a volume list.

For cyber-guru Ian Thornton-Trump, the real concerns for individuals and companies around the world remain Business Email Compromise, “the fastest growing and most lucrative cyber-criminal enterprise.” He also points out that doing the basics better goes a long way—“there is little if any mention of account compromises due to poor password hygiene or password reuse and the lack of identifying poorly or misconfigured cloud hosting platforms leading to some of the largest data breaches” in many of the reports now coming out.

So here are Cylance’s fifteen most rampant threats. This is their own volume-based list compiled from what their own endpoints detected. There are missing names—Trickbot, Sodinokibi/REvil, Ryuk, but they’re implied. Trickbot as a secondary Emotet payload, for example, or Cylance’s observation that “the threat actors behind Ryuk are teaming with Emotet and Trickbot groups to exfiltrate sensitive data prior to encryption and blackmail victims, with the threat of proprietary data leakage should they fail to pay the ransom in a timely manner.”

There are a lot of legacy malware variants listed—hardly a surprise, these have evolved and now act as droppers for more recent threats. We also now see multiple malware variants combine, each with a specific purpose. Ten of the malware variants target Windows and five target Macs—the day-to-day risks to Windows users remain more prevalent given the scale and variety of the user base, especially within industry.

Windows Threats

  • Emotet: This is the big one—a banking trojan hat has been plaguing users in various guises since 2014. The malware has morphed from credential theft to acting as a “delivery mechanism” for other malware. The malware is viral—once it gets hold of your system, it will set about infecting your contact with equally compelling, socially engineered subterfuges.
  • Kovter: This fileless malware targets the computer’s registry, as such it makes it more difficult to detect. The malware began life hiding behind spoofed warnings over illegal downloads or file sharing. Now it has joined the mass ad-fraud market, generating fraudulent clicks which quickly turn to revenue for the malware’s operators.
  • Poison Ivy: A malicious “build you own” remote access trojan toolkit, providing a client-server setup that can be tailed to enable different threat actors to compile various campaigns. the malware infects target machines with various types of espionage, data exfiltration and credential theft. Again the malware is usually spread by emailed Microsoft Office attachments.
  • Qakbot: Another legacy malware, dating back a decade, bit which has evolved with time into something more dangerous that its origins. The more recent variants are better adapted to avoiding detection and to spreading across networks from infected machines. The malware can lock user and administrator accounts, making remove more difficult.
  • Ramnit: A “parasitic virus” with “worming capabilities,” designed to infect removable storage media, aiding replication and the persistence of an attack. The malware can also infect HTML files, infecting machines where those files are opened. The malware will steal credentials and can also enable a remote system takeover.
  • Sakurel (aka. Sakula and VIPER): Another remote access trojan, “typically used in targeted attacks.” The delivery mechanism is through malicious URLs, dropping code on the machine when the URL is accessed. The malware can also act as a monitor on user browsing behavior, with other targeted attacks as more malware is pulled onto the machine.
  • Upatre: A more niche, albeit still viable threat, according to Cylance. Infection usually results from emails which attach spoof voicemails or invoices, but Cylance warns that users can also be infected by visiting malicious websites. As is becoming much more prevalent now, this established legacy malware acts as a dropper for other threats.
  • Ursnif: This is another evolved banking trojan, which infects machines that visit malicious websites, planting code in the process. The malware can adapt web content to increase the chances of infection. The malware remains a baking trojan in the main, but also acts as a dropper and can pull screenshots and crypto wallets from infected machines.
  • Vercuse: This malware can be delivered by casual online downloads, but also through infected removable storage drives. The malware has adapted various methods of detection avoidance, including terminating processes if tools are detected. The primary threat from this malware now is as a dropper for other threats.
  • Zegost: This malware is designed to identify useful information on infected machines and exfiltrate this back to its operators. That data can include activity logging, which includes credential theft. The malware can also be used for an offensive denial of service attack, essentially harnessing infected machines at scale to hit targets.

Mac Threats

  • CallMe: This is a legacy malware for the Mac world, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, usually Word, the vulnerability has been patched for contemporary versions of MacOS and Office software. Users on those setups are protected.
  • KeRanger: One of the first ransomware within the Mac world, the malware started life with a valid Mac Developer ID, since revoked. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updates systems, but also offline backups as per all ransomware defenses.
  • LaoShu: A remote access trojan that uses infected PDF files too spread its payload. The malware will look for specific file types, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good user training and email bevavior, including avoidance of unknown attachments.
  • NetWiredRC: A favourite of the Iranian state-sponsored APT33, this malware is a remote access trojan that will operate across both Windows and Mac platforms. The malware focuses on exfiltrating “sensitive information” and credentials—the latter providing routes in for state attackers. Cylances advises administrators to block 212[.]7[.]208[.]65 in firewalls and monitor for “%home%/WIFIADAPT.app” on systems.
  • XcodeGhost: Targeting both Mac and iOS, this compiler malware is considered “the first large-scale attack on Apple’s App Store.” Again with espionage and wider attacks in minds, the malware targets, captures and pulls strategic information from an infected machine. its infection of “secure apps” servers as a wider warning as to taking care when pulling apps from relatively unknown sources.

In reality, the list itself is largely informational as mitigation is much the same: Some combination of AV tools, user training, email filtering, attachment/macro controls, perhaps some network monitoring—especially for known IP addresses. The use of accredited VPNs, avoiding public WiFi, backups. Cylance also advises Windows administrators to watch for unusual registry mods and system boot executions.

Thornton-Trump warns that we need constant reminding that cyber security is about “people, process and technology.” Looking just at the technology side inevitably gives a skewed view. For him, any vendor reports inevitably “overstate the case for anti-malware defences in contrast to upgrade and improvement of other defensive mechanisms, including awareness training and vulnerability management.”

And so, ultimately, user training and keeping everything updated resolves a material proportion of these threats. Along with some basic precautions around backups and use of cloud or detached storage which provides some redundancy. Common sense, inevitably, also features highly—whatever platform you may be using.

Source link

The post #cyberfraud | #cybercriminals | These Are The Most Rampant Windows And Mac Malware Threats For 2020: Here’s What That Means appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Securing Windows 10 with Local Group Policy

Source: National Cyber Security – Produced By Gregory Evans Introduction When it comes to quickly making wide-ranging modifications to Windows systems, Group Policy is usually at the top of the list for ease-of use and raw power. The problem is that most people think of Group Policy as this all-encompassing voodoo that is only for […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability

Source: National Cyber Security – Produced By Gregory Evans

NSA discloses a Windows security flaw that leaves more than 900 million devices vulnerable to spoofed digital certificates

The National Security Agency (NSA) isn’t exactly known for wanting to share information about vulnerabilities they discover. In fact, they kept the Microsoft bug known as Eternal Blue a secret for at least five years to exploit it as part of their digital espionage. (At least, you know, until it was eventually discovered and released by hackers).

But maybe they’ve had a change of heart. (If you truly
believe that, I have a bridge to sell you.)

The NSA, in an uncharacteristic show of transparency, recently announced a major public key infrastructure (PKI) security issue that exists in Microsoft Windows operating systems that’s left more than 900 million PCs and servers worldwide vulnerable to spoofing cyberattacks. This vulnerability is one of many vulnerabilities Microsoft released as part of their January 2020 security updates. Maybe they didn’t want a repeat of the last incident. Whatever the reason, we’re just glad they decided to disclose the potential exploit.

This risk of this vulnerability boils down to a weakness in
the application programming interface of Microsoft’s widely used operating
systems. But what exactly is this Windows 10 vulnerability? How does it affect
your organization? And what can you do to fix it?

Let’s hash it out.

What’s the Situation with This Windows 10 Vulnerability?

Windows 10 has been having a rough go of things these past several months in terms of vulnerabilities. In the latest Window 10 vulnerability news, the NSA discovered a vulnerability (CVE-2020-0601) that affects the cryptographic functionality of Microsoft Windows 32- and 64-bit Windows 10 operating systems and specific versions of Windows Server. Basically, the vulnerability exists within the Windows 10 cryptographic application programming interface — what’s also known as CryptoAPI (or what you may know as the good ol’ Crypt32.dll module) — and affects how it validates elliptic curve cryptography (ECC) certificates.

What it does, in a nutshell, is allow users to create websites and software that masquerade as the “real deals” through the use of spoofed digital certificates. A great example of how it works was created by a security researcher, Saleem Rashid, who tweeted images of NSA.com and Github.com getting “Rickrolled.” Essentially, what he did was cause both the Edge and Chrome browsers to spoof the HTTPS verified websites.

Although humorous, Rashid’s simulated attacks are a great
demonstration of how serious the security flaw is. By spoofing a digital
certificate to exploit the security flaw in CryptoAPI, it means that anyone can
pretend to be anyone — even official authorities.

CryptoAPI is a critical component of Microsoft Windows operating systems. It’s what allows developers to secure their software applications through cryptographic solutions. It’s also what validates the legitimacy of software and secure website connections through the use of X.509 digital certificates (SSL/TLS certificates, code signing certificates, email signing certificates, etc.). So, basically, the vulnerability’s a bug in the OS’s appliance for determining whether software applications and emails are secure, and whether secure website connections are legitimate.

So, what the vulnerability does is allow actors to bypass
the trust store by using malicious software that are signed by forged/spoofed ECC
certificates (doing so makes them look like they’re signed by a trusted
organization). This means that users would unknowingly download malicious or
compromised software because the digital signature would appear to be from a
legitimate source.

This vulnerability can cause other issues as well, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA):

This could deceive users or thwart malware detection methods such as antivirus. Additionally, a maliciously crafted certificate could be issued for a hostname that did not authorize it, and a browser that relies on Windows CryptoAPI would not issue a warning, allowing an attacker to decrypt, modify, or inject data on user connections without detection.”

Does This Mean ECC Is Not Secure?

No. This flaw in no way, shape, or form affects the
integrity of ECC certificates. It does, however, cast a negative light on
Windows’ cryptographic application programming interface by shining a spotlight
on the shortcomings of its validation process.

Let me reiterate: This is a flaw concerning Windows
CryptoAPI and does not affect the integrity of the ECC certificates themselves.

If you’re one of the few using ECC certificates (you know, since RSA is still
the more commonly used than ECC), this doesn’t impact the security of your certificates.

The patch from Microsoft addresses the vulnerability to
ensure that Windows CryptoAPI fully validates ECC certificates.

What This Windows 10 Vulnerability Means for Your Organization

Basically, this cryptographic validation security flaw
impacts both the SSL/TLS communication stream encryption and Windows
Authenticode file validation. Malicious actors who decide to exploit the CryptoAPI
vulnerability could use it to:

  • defeat trusted network connections to carry out man-in-the-middle (MitM) attacks and compromise confidential information;
  • deliver malicious executable code;
  • prevent browsers that rely on CryptoAPI from validating malicious certificates that are crafted to appear from an unauthorized hostname; and
  • appear as legitimate and trusted entities (through spoofing) to get users to engage with and download malicious content via email and phishing websites.

The NSA press release states:

NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available. Rapid adoption of the patch is the only known mitigation at this time and should be the primary focus for all network owners.”

Steps to Take to Mitigate This Bug

Wondering what you should do to mitigate the threat on your
network and devices? The NSA has a few recommendations:

Get to Patchin’ ASAP

The NSA recommends installing a newly-released patch from Microsoft for Windows 10 operating systems and Windows Server (versions 2016 and 2019) as soon as possible on all endpoints and systems. Like, right now. Get to it! As a best practice, you also can turn on automatic updates to ensure that you don’t miss key updates in the future.

According to Microsoft’s Security Update Guide:

After the applicable Windows update is applied, the system will generate Event ID 1 in the Event Viewer after each reboot under Windows Logs/Application when an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation) is detected.”

Here at The SSL Store, we’ve already rolled out the patch to ensure that all of our servers and endpoint devices are protected. (Thanks, Ross!) Rolling out these kinds of updates is something you don’t want to wait around to do because it leaves your operating systems — and everything else as a result — vulnerable to spoofing and phishing attacks using spoofed digital certificates.

Prioritize Your Patching Initiatives

But what if you’re a major enterprise that can’t just get it
done with a snap of the fingers? (Yeah, we know how you big businesses
sometimes like to do things.) In that case, they recommend prioritizing
patching your most critical endpoints and those that are most exposed to the
internet. Basically,
patch your
mission-critical systems and infrastructure, internet-facing systems, and
networked servers first.

Implement Network Prevention and Detection Measures

For those of you who route your traffic through proxy
devices, we have some good news. While your endpoints are getting patched, your
proxy devices can help you detect and isolate vulnerable endpoints. That’s
because you can use TLS inspection proxies to validate SSL/TLS certificates
from third parties and determine whether to trust or reject them.

You also can review logs and packet analysis to extract
additional data for analysis and check for malicious or suspicious properties.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Casey Crane. Read the original post at: https://www.thesslstore.com/blog/nsa-microsoft-releases-patch-to-fix-latest-windows-10-vulnerability/

Source link

The post #cybersecurity | #hackerspace |<p> NSA: Microsoft Releases Patch to Fix Latest Windows 10 Vulnerability <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Windows 7 computers will no longer be patched after today – Naked Security

Source: National Cyber Security – Produced By Gregory Evans Do you know what you were doing 3736 days ago? We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.) Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the […] View full post on AmIHackerProof.com

#cybersecurity | #hackerspace | Adding MFA to Windows Systems

Source: National Cyber Security – Produced By Gregory Evans By Zach DeMeyer Posted January 6, 2020 Although the password is a ubiquitous security measure, recent security breaches show us that the password by itself isn’t nearly strong enough to protect the entirety of an organization. In fact, compromised credentials represent the number one attack vector […] View full post on AmIHackerProof.com

#comptia | #ransomware | High-Impact Windows 10 Security Threat Revealed As App-Killing Malware Evolves

Source: National Cyber Security – Produced By Gregory Evans New research reveals alarming Windows 10 ‘Clop’ app-killing threat Getty The Federal Bureau of Investigation (FBI) issued a high-impact threat warning to U.S. businesses and organizations on October 2, 2019. That threat was ransomware, and the FBI warned that cybercriminals “upgrade and change their techniques to […] View full post on AmIHackerProof.com

Windows 10 Mobile receives its last security patches – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

If you’re one of the tiny contingent still using Windows 10 Mobile, 10 December 2019 is probably a day you’ve been dreading for nearly a year.

As announced by Microsoft in January 2019, it’s the end of life date for version 1709 of the OS, which means that November’s Build 15254.597 (KB4522811) was its last ever software update and therefore its last set of security patches.

After this date, users are on their own, warming themselves in the fading heat of a dying star which began life with some fanfare what seems like a long time ago but was in fact only 2015.

It’s a death that’s been well-rehearsed by Microsoft – Windows 10 Mobile version 1703 users reached this end-of-life moment earlier this year, on 11 June.

From what we can tell, no new Windows 10 Mobile devices were released after early 2016, which means affected devices running version 1709 will be among the following models:

  • Microsoft Lumia 550
  • Microsoft Lumia 650
  • Microsoft Lumia 950/950 XL
  • HP Elite x3 (Verizon, Telstra),
  • Wileyfox Pro
  • Alcatel IDOL 4S
  • Alcatel IDOL 4S Pro
  • Alcatel OneTouch Fierce XL
  • Softbank 503LV
  • VAIO Phone Biz
  • MouseComputer MADOSMA Q601
  • Trinity NuAns Neo

Bad news too for anyone still running the unsupported (as of 11 July 2017) Windows Phone 8.1 which sees the end of its app store support on 16 December 2019. No feature updates, no security fixes and now no software of any kind.