By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Google Alerts is s useful service that allows you to receive emails or an updated RSS feed when new pages appear in the Google search index that is related to specified keywords you are following. Unfortunately, whenever there is a good thing, people try to take advantage of them to push users towards scams and malware. For those not familiar with this service, Google Alerts allows you to submit keywords that you wish to monitor. When new pages are found that match these keywords, depending on how you create the alert, Google will either send you an email or update an RSS feed. I have been using Google Alerts for many years in order to track various malware and security topics. Over the past year, if not longer, I have noticed a trend where bad actors are injecting malicious sites into the Google search index in order to have them also appear in Google Alerts being sent to users. When a user clicks on one of these alerts, they will then be sent to a page that then redirects them through a series of other pages until they finally land at a fake giveaway page, tech support scam, unwanted extension, or malware installers. To get malicious links into Google Alerts, bad actors will create spam pages with popular keywords and get them into the Google search index. For example, as we publish a lot of ransomware news, I have a Google Alert set up for Ransomware. Knowing that users are desperate for decryptors, the bad actors create fake spam pages containing blobs of text containing keywords related to a particular decryptor that may be affecting a lot of users at the time. When the bad actors create these pages and get them into the Google index, an alert will be generated for anyone who wants to be notified about ransomware, decryptors, or the STOP ransomware. When a user clicks on a link through a Google Alert or via the Google search engine, instead of showing the web page shown earlier in the article, they will be redirected to a malicious site like the tech support scam shown below. Follow this by visiting OUR FORUM.

Windows 7 is certainly rather long in the tooth now, but it is still very widely used. As such, despite the general end of support coming in January, Microsoft has committed to keeping Windows 7-based voted machine secure. The company says that it will "provide free security updates for federally certified voting systems running Windows 7 through the 2020 elections, even after Microsoft ends Windows 7 support". Given the problematic nature of recent Windows 10 updates, this may come as little comfort as the Trump 2020 campaign continues. Microsoft points out that it has supported Windows 7 for a decade: "When we released Windows 7, we committed to supporting it for 10 years, and we've honored that commitment. We've also reminded customers about this along the way including, most recently, in January and again in March. This process is similar to how we've ended support for other operating systems in the past, and the majority of our customers have already made the move to Windows 10". "As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process --tr a process we are working with government officials to update and make more agile. Since we announced our Defending Democracy Program, we've focused on bringing the best of Microsoft's security products and expertise to political campaigns, parties, the election community, and democracy-focused nongovernmental organizations". For more refer to OUR FORUM.

Have you ever heard of the STOP Ransomware? Probably not, as few write about it, most researchers don't cover it, and for the most part, it targets consumers through cracked software, adware bundles, and shady sites. Ryuk, GandCrab, and Sodinkibi get huge and deserved media attention because they generate giant ransom payments, can halt business and local governments, and affect enterprise customers, which are the bread and butter for AV companies. Yet, based on Michael Gillespie's ID Ransomware submissions and support requests at BleepingComputer, for the past year, it has been the most actively distributed ransomware in the wild. To give you some perspective, the ransomware identification service ID Ransomware gets approximately 2,500 ransomware submissions a day. Of those, between 60-70 % are STOP ransomware submissions. This amount of submissions beats out any other ransomware that users are submitting to the service when trying to get help. STOP is getting so big that the image above looks like Pacman eating all of the other ransomware! In order to distribute STOP, the ransomware developers have teamed up with shady sites and adware bundles. These sites promote fake software cracks or free programs, which are really adware bundles that install a variety of unwanted software and malware onto a user's computer. One of the programs installed via these bundles is the STOP Ransomware. Some of the reported cracks that are have been seen installing STOP include KMSPico, Cubase, Photoshop, and antivirus software. It is not only cracked, though, as many of these shady sites offer downloads of free software, but are simply just adware bundles that install the ransomware. Even worse, some of these variants also bundle the Azorult password-stealing Trojan with the ransomware for a double-attack on the victim. Otherwise, there is nothing particularly special about the STOP Ransomware.  It encrypts just like any other ransomware, appends an extension, and drops a ransom note. What makes it so much of a pain is the sheer amount of variants that keep being released. In fact, right now, there are more than 159 variants that we know about. Visit OUR FORUM to learn more most active and destructive ransomware.

Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google's elite security and bug-hunting team. LastPass believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. In a blog post, the company said the bug only impacts its Chrome and Opera browser extensions. If users have not enabled an auto-update mechanism for their LastPass browser extensions, they're advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher's bug report walks an attacker through the steps necessary to reproduce the bug. Since the bug relies on executing malicious JavaScript code alone, with no other user interaction, the bug is considered dangerous and potentially exploitable. Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn't as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site. Like any other applications, password managers are sometimes vulnerable to bugs, which are in all cases eventually fixed. Despite this vulnerability, users are still advised to rely on a password manager whenever they can. Using a password manager is many times better than leaving passwords stored inside a browser, from where they can be easily extracted by forensic tools and malware. For more visit OUR FORUM.

 

China's internet could continue to operate as a national intranet in the case of a cyber-attack or foreign intervention. The structure of the Chinese internet is unlike any other country, being similar to a gigantic intranet, according to research published by Oracle last week. The country has very few connection points to the global internet, has zero foreign telcos operating within its borders, and Chinese-to-Chinese internet traffic never leaves the country. All of these allow China to disconnect itself at will from the global internet and continue to operate, albeit with no connectivity to western services. "Put plainly, in terms of resilience, China could effectively withdraw from the global public internet and maintain domestic connectivity (essentially having an intranet)," Oracle's Dave Allen said. "This means the rest of the world could be restricted from connecting into China, and vice versa for external connections for Chinese businesses/users."

Windows 10 KB4515384 is the latest cumulative update that Microsoft released on September 10 with a fix for high CPU usage bug and multiple vulnerabilities. Microsoft initially stated that the cumulative update comes without any known issues, but the company has now updated the changelog to confirm a bug affecting both Start menu and Windows Search. Microsoft has also confirmed audio issues in this cumulative update. It looks like Windows 10 KB4515384 is plagued by several other issues as well, including a bug that disables Ethernet or WiFi connectivity. A number of users are reporting on Microsoft community forum, Reddit and Windows 10’s Feedback Hub that network adapters have stopped working after applying this update. “Cumulative update (kb4515384) causes the NIC to fail to enable with a code 10 error. Reinstalling network drivers from Intel or Windows Update sources does not resolve the issue. However removing the update through the ‘Programs & Software’ panel or using a recovery point set *before* the update fully resolves the issue,” a user documented the bug on Feedback Hub. “KB4515384 breaks ethernet and wifi adapters on my PC. Appears to create new devices as they’re labeled ‘#2’ and when exposing hidden devices in Device Manager the previously named devices appear. Uninstalling these / new or old drivers do not fix the issues (i.e. “ethernet unplugged” which it is clearly not). The only option was to uninstall this update,” another user confirmed the annoying bug on Feedback Hub. If you are affected by broken network adapters bug, you can disable and re-enable the adapter in Device Manager, and you might be able to use the adapters again after a system reboot. Follow this on OUR FORUM.

 

GTranslate