By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

When even the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is starting to get nervous about your unpatched Windows 10 system, maybe it’s time to make sure you’ve downloaded everything you need from Windows Update. This time around, the agency is reacting to the emergence of new proof-of-concept attacks related to a vulnerability that was discovered in March—yes, three months ago. The exploit, “SMBGhost,” take advantage of an issue with Windows’ server message block protocol that could give an attacker unrestricted access to run whatever they want on an affected machine. (That includes servers, obviously, but also any unpatched clients connecting to one that has already been hit.) All you have to do to stay safe is to make sure you’ve installed the latest updates for Windows 10. That’s it. It’s incredibly easy to do this on your home machines—and, really, they should be updated already if you’ve been using them regularly and have them connected to the internet. Here’s the quirk, though. If you’re using a version of Windows 10 that’s older than version 1903 (released in May of last year), you’re in the clear. Your operating system doesn’t yet support SMBv3.1.1 compression, which is the source of the bug that’s being exploited by SMBGhost. So, in some weird way, not updating has kept you safer from this attack than installing a major update and getting lazy about the rest. That’s not a practice you should continue, however. It’s time to update to the latest version of Windows—version 2004, as of when we wrote this article—and make sure you stay on top of your Patch Tuesday updates and any other critical out-of-schedule updates. But there’s a caveat to that, too. As you no doubt know, Microsoft tends to have some issues with its various Windows 10 updates. So much so that it’s probably not worth your while to install every single update you can get your hands on the minute it’s released. Were I you—and this is what I do, too—I’d make sure I’m using at least Windows version 1909. I’d then use its ability to pause Windows Updates, found via Settings > Update & Security, to keep your operating system from downloading and installing updates the moment they’re released. As for how long you should wait before you install one, that’s up to you and the severity of the update in question. If an update is patching a zero-day exploit, you might want to err on the side of installing it sooner; if it’s a gigantic feature update, you can probably wait a week (or two weeks) to make sure that system-breaking bugs haven’t revealed themselves as part of the update’s public launch. Is this taxing? Yes. Will you forget about it? Sure. Will you remember it when you can’t understand why your system worked well on Tuesday but is coughing up some terrible glitch on a Wednesday morning? You will now. We have more posted on OUR FORUM.
The United States had not provided Huawei Technologies with specific reports or evidence on cybersecurity flaws or vulnerabilities to back its claims, company vice-president Victor Zhang told Sputnik in a presser with UK media on Monday. Huawei's Cybersecurity Evaluation Centre (HCSEC) in Banbury, which works directly with the UK's National Security Advisor and others, "found no security vulnerabilities or backdoors" in the company's network products. Speaking on the need to collaborate on international security standards, he told Sputnik that global organizations such as 3GPP and others had a "very mature model for working not just with the industry, but also governments, with fairness and transparency to discuss these standards". 3GPP had "already taken serious measures on security management" on such standards. The comments follow an open letter to the UK public stating the Chinese firm had operated in Britain for 20 years and was 100 percent "owned by employees", as well as aimed to boost mobile and broadband connectivity across the UK. "Britain needs the best possible technologies, more choice, innovation, and more suppliers, all of which means more secure and more resilient networks. This is fundamental to achieving the government’s Gigabit broadband target by 2025. This is our commitment to the UK,” VP Zhang said in a statement. “Huawei grew up in the UK. We’ve been here for 20 years and were integral in building the 3G and 4G networks we all use every day," he said. The letter added that while many in cities had "fast, reliable connections", poor connectivity made "working from home, or running a small business, harder than it should be". The Chinese firm aimed to expand Britain's 5G and full-fiber broadband connectivity "to every part of the country" along with creating jobs, training engineers, and investing in the country's economy and university, the letter said. Huawei's pledge comes amid unconfirmed reports in UK media in late May citing anonymous Whitehall sources alleging the government could potentially phase out Huawei's role in building national 5G networks by 2023. But Downing Street announced in late May it had sought "new entrants into the market" to diversify suppliers and had informed allies, "including the United States" in previous talks. The UK National Cybersecurity Centre also announced it would assess the impact of phasing out Huawei's IT equipment from UK networks after UK prime minister Boris Johnson approved the Chinese tech giant's role in building IT networks in late January. But Washington extended its trade ban on Huawei, ZTE, and over 70 Chinese tech companies placed on an Entity List in May 2019 a further year over alleged national security concerns. Want to learn more please visit OUR FORUM.
To track known issues in Windows 10 that Microsoft is aware of and actively resolving, you can use a Windows 10 Health Dashboard tool. Released on April 30th, 2019, Microsoft's Windows 10 Health Dashboard tracks the known issues in various versions of Windows 10, and even older versions such as Windows 7 and Windows 8.1. The Windows Health Dashboard is broken up into different sections based on the version of the operating system. This site allows Windows users to track the issues related to the feature update they currently have installed or are trying to install. For example, when the Windows 10 May 2020 Update was released, the operating system became Windows 10 version 2004. At the top of each section, Microsoft provides a brief message related to that version of Windows, including the status of the feature update's rollout and whether it is nearing the end of support. As you scroll further down the page, you will be shown the known issues being investigated, what cumulative update caused the problem, and when information about the issue was last updated. Finally, under each entry in the known issue list is a 'See details' link. When clicked on, this link will bring you to a more detailed description of the issue that may contain steps to resolving the issue. This detailed information will state if the issue has a 'compatibility hold' that would block a Windows user from upgrading to this new version of Windows.  We will discuss compatibility holds in the next section. As Microsoft releases new feature updates, they also tweak the operating system or add new security features. The changes could cause conflicts with hardware drivers, antivirus software, or other programs that worked fine in the previous version of Windows 10. These conflicts can cause Windows 10 not to start, have degraded performance, cause games not to work, or even cause a blue screen of death (BSOD) crash. When a known conflict occurs, and a Windows user is affected, Microsoft blocks that user from upgrading to the new version of Windows 10. This upgrade block is called a compatibility hold. As it is not always clear if your device is on a compatibility hold, Microsoft has started to notify users if they are blocked from upgrading. If you are are not being offered a new Windows 10 feature update or Windows is having problems after upgrading, the Windows Health Dashboard can be a useful tool. It is useful because the dashboard will display all the known issues that are causing a hold or problems in Windows, and offer guidance on how to resolve them. For example, using the Health Dashboard, we learn that NVIDIA drivers older than version 358.00 is causing a compatibility hold. Using this information, a blocked user can upgrade their NVIDIA graphics drivers to a newer version and see if that removes the hold. Another example was when Microsoft used the Health Dashboard to warn about a bug preventing the 'Reset this PC' feature from working correctly. Until the issue was fixed, Microsoft offered a workaround to get it working again. We have more complete details along with images posted on OUR FORUM.
A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cybercriminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organizations in the education and software industries. Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanized Java Runtime Environment, and is compiled in a Java image file (Jimage) to hide the malicious intentions. "These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks," Eric Milam, VP for research and intelligence at BlackBerry, told ZDNet. "Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code but were nonetheless successful in accomplishing their goals," he added. However, the first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing RDP servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop the removal of their attack. "Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways," said Milam. After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch, and .thanos – and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email. Get better informed by visiting OUR FORUM.
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said. "This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." First observed by CrowdStrike in 2013, Cycldek has a long history of singling out defense, energy, and government sectors in Southeast Asia, particularly Vietnam, using decoy documents that exploit known vulnerabilities (e.g., CVE-2012-0158, CVE-2017-11882, CVE-2018-0802) in Microsoft Office to drop a malware called NewCore RAT. Kaspersky's analysis of NewCore revealed two different variants (named BlueCore and RedCore) centered around two clusters of activity, with similarities in both code and infrastructure, but also contain features that are exclusive to RedCore — namely a keylogger and an RDP logger that captures details about users connected to a system via RDP. "Each cluster of activity had a different geographical focus," the researchers said. "The operators behind the BlueCore cluster invested most of their efforts on Vietnamese targets with several outliers in Laos and Thailand, while the operators of the RedCore cluster started out with a focus on Vietnam and diverted to Laos by the end of 2018." Both BlueCore and RedCore implants, in turn, downloaded a variety of additional tools to facilitate lateral movement (HDoor) and extract information (JsonCookies and ChromePass) from compromised systems. What's more, the malware is programmed to copy itself selectively to certain removable drives so it can move laterally to other air-gapped systems each time an infected USB drive is inserted into another machine. A telemetry analysis by Kaspersky found that the first instance of the binary dates all the way back to 2014, with the latest samples recorded at the end of last year. The initial infection mechanism relies on leveraging malicious binaries that mimic legitimate antivirus components to load USBCulprit in what's called DLL search order hijacking before it proceeds to collect the relevant information, save it in the form of an encrypted RAR archive, and exfiltrate the data to a connected removable device. Visit OUR FORUM to learn more.

If you're an Nvidia GeForce Now Founder's subscriber, it's likely you're nonplussed over the continued losses to the cloud gaming service's roster. Many notable videogames and publishers have dropped from the service since it launched on February 4, 2020—apparently those holding all the cards are "still figuring out their cloud strategies"—and if that isn't a bad omen of things to come, I don't know what is. Why? Because Nvidia's service offers something akin to the PC gaming experience. It is (theoretically) open to all, it allows you to access the games you already own, and it is more or less a back to basics promise of a half-decent gaming PC in the cloud—it even offers RTX graphics for cheap. Without it, or those other services like it, the future of cloud gaming looks a lot more… exclusive. Nvidia was unlucky in its game streaming rollout. Just as the ball started rolling on its initially successful cloud gaming ambitions, and fresh out of beta, a couple of major publishers (Activision Blizzard, Bethesda Softworks, 2K Games) swiftly dropped out from the service, and even made quite a palaver out of it. It appears as though that sentiment only gained momentum from there. Further games have been pulled from the service since, and while many more have embraced it with open arms, there are some huge games notably missing from its cloud-compatible library. Nvidia's since adopted a less pro-active opt-in approach for developers and publishers on GeForce Now as a result. So what is it that makes Nvidia's service so frowned upon by publishers? I'd have to guess that it's merely the sheer size, scale, and monetary worth of the potential 'platform'. No one batted an eyelid for the many cloud streaming services that came before, despite being much like Nvidia GeForce Now—those that allow a user to hook in their existing libraries and play the games they own across a range of digital storefronts on hardware they couldn't otherwise afford or access. So you'd expect that it wouldn't matter whether you play your game on the hardware you own—a trusty gaming PC—or one that's rented to you and served up out of a server rack. You bought the game, right? That's yours and you get to say how you play it. Well, not so fast. Gaming licenses have never been straightforward. Do you own a game or a license to the game? Well, the answer is actually relatively simple: you own a license that allows you to use someone's software, as they intended. What that End User License Agreement (EULA) means for you, and what you're allowed to do and not allowed to do with it (such as modding), varies between platform and developer. Therein lies the thorn in Nvidia's side, and the stipulation that gives ultimate control to the publisher. And it's only a microcosm of a wider issue—if cloud gaming inherently relies on publishers and developers to specifically allow access to the videogames we own a license to, then it's going to run into burgeoning costs, exclusivity, and a lack of interest from gamers with access to an already fairly simple solution that (mostly) bypasses these issues: a physical gaming PC. For more please visit OUR FORUM.