By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Windows 10 May 2019 Update is now rolling out to the seekers (advanced users) and the company will make the May 2019 Update more broadly available in the coming weeks. In the announcement post, Microsoft revealed that Windows 10 version 1903 is only available for customers who would like to install it. Starting today, any Windows 10 users with a compatible device can proactively grab the final bits by checking for updates. But the update won’t begin installing when you check for updates. Once the update appears on the page, you’ll see an option to download and install the Windows 10 May 2019 Update. Microsoft says that it is rolling out the feature to Windows 10 devices gradually and it should show up in a few days. If you click on the option and the download is complete, Microsoft will ask you when to finish the installation. You can also use the Update Assistant, Media Creation Tool to install the update. In our testing, Windows 10 May 2019 Update emerged as the smoothest version of Windows 10. The performance has improved and Microsoft has also fixed multiple UI glitches. Microsoft’s Windows 10 May 2019 Update offers some much-needed improvements to the operating system. It introduces an improved Windows Update experience, light theme, and several refinements. The best feature, however, is the new Windows Sandbox. Windows Sandbox is a simple virtualized Windows within Windows, it’s a place where you can open any web browser, download untrusted app and run if you’re worried it might be malware. Another important change is decoupling of Windows Search and Cortana. Previously, the search served as a feature inside Cortana. With Windows 10 May 2019 Update, Microsoft is finally giving Windows Search its own place and Cortana also has its own home on the taskbar. Learn more by visiting OUR FORUM.

In a report on Friday, Google highlights the importance of linking a phone to an account when it comes to fighting hijacking attempts from automated attempts from bots, phishing, and targeted attacks. An email address is at the center of our online life, essential for creating accounts to web services and for receiving communication more or less sensitive in nature. Moreover, providers of a large host of services, like Google and Microsoft, have moved to the single sign-in system where the same username and password to access all services from the same provider. On top of this, these accounts can be used to sign up or log into third-party services. It's no wonder email accounts are coveted by hackers of any sort. Account hijacking attempts occur every day, by the hundreds of thousands, and companies like Google have developed defenses against these threats. Adding a recovery phone number to the Google account seems to be an effective way to win against take-over attacks, especially if they are not targeted. A study from academic researchers shows that where a Google account was linked to a phone, the takeover prevention rates went up as much as 100% in the case of automated bots, as high as 99% with run-of-the-mill phishing, and up to 90% with targeted attacks. According to a study from researchers from New York University and Google real-world efforts to hijack a Google account were mostly ineffective against device-based challenges. More detailed information is posted on OUR FORUM.

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account. This week, a user posted on Reddit about how they discovered that their Google Account's Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay. When I saw this, I checked my Google Account Purchases page, located at myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more. The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information. When Google was contacted about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads. While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so. Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page. Full details are posted on OUR FORUM.

Cisco upgraded three remote code execution (RCE) vulnerabilities impacting the web management interfaces to critical severity with a CVSS base score of 9.8 after initially rating them as high with a base score of 8.8 when the advisories were first published on May 15. Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager are network management tools used by administrators "for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices." According to Cisco's security advisory published on May 15 and updated on May 16, the critical vulnerabilities exist "because the software improperly validates user-supplied input" and they can be remotely exploited by potential attackers to gain the ability to execute arbitrary code with "root-level privileges on the underlying operating system." The most dangerous is the issue tracked as CVE-2019-1821 which could be "exploited by an unauthenticated attacker that has network access to the affected administrative interface." The other two flaws tracked as CVE-2019-1822 and CVE-2019-1823 are less concerning given that they would "require that an attacker have valid credentials to authenticate to the impacted administrative interface." The three vulnerabilities affect the following software versions: Cisco PI Software Releases prior to 3.4.1, 3.5, and 3.6, and EPN Manager Releases prior to 3.0.1. While there are no workarounds that address these vulnerabilities, Cisco has published free software updates which can be used to patch the software flaws. The web-based management interface software is also affected by two other Improper Input Validation flaws rated as high severity and tracked as CVE-2019-1824 and CVE-2019-1825 which "could allow an authenticated, remote attacker to execute arbitrary SQL queries." More complete details are posted on OUR FORUM.

Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability class is a security flaw named Zombieload, which is another side-channel attack in the same category as Meltdown, Spectre, and Foreshadow just like the first three, Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance. For more than a year, academics have been poking holes in various components of the speculative execution process, revealing ways to leak data from various CPU buffer zones and data processing operations. Meltdown, Spectre, and Foreshadow have shown how various CPU components leak data during the speculative execution process. Today, an international team of academics -- including some of the people involved in the original Meltdown and Spectre research -- along with security researchers from Bitdefender have disclosed a new attack impacting the speculative execution process. This one is what researchers have named a Microarchitectural Data Sampling (MDS) attack, and targets a CPU's microarchitectural data structures, such as the load, store, and line fill buffers, which the CPU uses for fast reads/writes of data being processed inside the CPU. These are smaller-sized caches that are used alongside the main CPU cache. By exploiting normal speculative execution operations that work within these microarchitectural structures, an MDS attack can infer data that is being processed in the CPU by other apps, to which an attacker shouldn't normally have access to. Complete details are posted on OUR FORUM.

Microsoft is expected to begin rolling out Windows 10 May 2019 Update to compatible devices in a week or two. To prepare their devices for Microsoft’s new update, GPU and CPU manufacturers are rolling out new compatible drivers. After Intel and Nvidia, AMD has now also released new graphics drivers that add support for Windows 10 May 2019 Update. AMD Radeon 19.5.1 driver is what you should install if you’re planning to upgrade your AMD PC to Windows 10 version 1903. In the release notes, AMD says Radeon Software Adrenalin 2019 Edition also adds support for RAGE 2 and instruction tracing for Radeon GPU Profiler 1.5.X. The update also includes tons of bug fixes and improvements. A bug where the performance metrics overlay may experience intermittent flicker has been addressed. This problem was experienced when the user played protected content with this feature enabled. AMD is also addressing a bug that causes DOOM to hang during launch on AMD XConnect Technology system configurations. Another bug has been addressed where the Radeon software installation doesn’t work or get stuck at 33% if you install it on AMD Radeon HD 7970 system configurations. Radeon RX Vega series graphics products may experience higher than expected memory clocks at idle or desktop with multi-display system configurations. Stuttering or frame drop issues where playing DivX interlaced content in the Movies & TV app has been also fixed. The update also addresses the intermittent authentication issues and an update of the AMD Link application is also required. Read more by visiting OUR FORUM.

 

GTranslate