Windows 10 users are being warned about some big issues in the Microsoft OS that attackers can take advantage of.
Windows 10 is one of the most popular operating systems in the world and is closing in on top spot.
Ever since it was released Windows 10 has been playing catch-up to get on par with the user base of Microsoft’s ageing Windows 7 software.
But now Windows 10 is at a crossing point with Windows 7.
Latest stats from NetMarketShare show last month Windows 10 had a 38.14 per cent chunk of the desktop OS share.
This is just a whisker behind Windows 7 on 38.89 per cent.
And now Windows 10’s huge user base has been put on alert about newly discovered vulnerabilities in the software.
Almost 40 vulnerabilities in Windows 10 have been discovered including one zero-day security flaw that was being exploited by hackers.
The latter was discovered by Kaspersky and it allowed hackers to carry out a full remote command execution exploit.
Thankfully, Microsoft has now fixed these 39 issues with their latest patch Tuesday release.
Speaking about the security risk, Kaspersky said: “In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system.
“Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe. We reported it to Microsoft on October 29, 2018.”
Windows 10 is one of the most popular operating systems in the world (Image: MICROSOFT)
The security experts added: “This is the third consecutive exploited Local Privilege Escalation vulnerability in Windows we discovered this autumn using our technologies.
“Unlike the previously reported vulnerabilities in win32k.sys (CVE-2018-8589 and CVE-2018-8453), CVE-2018-8611 is an especially dangerous threat – a vulnerability in the Kernel Transaction Manager driver.
“It can also be used to escape the sandbox in modern web browsers, including Chrome and Edge, since syscall filtering mitigations do not apply to ntoskrnl.exe system calls.
“Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat.”
Windows 10 fans have been put on alert about almost 40 vulnerabilities (Image: MICROSOFT)
Windows 10 fans need to download the latest patches to fix the issues (Image: MICROSOFT)
While Chris Goettl, Director of Product Management, Security at Ivanti, added: “Microsoft has resolved a publicly disclosed vulnerability in .Net Framework (CVE-2018-8517) that could allow a denial-of-service in .Net Framework web applications.
“The vulnerability can be exploited remotely without authentication by issuing a specially crafted request to the vulnerable application.
“The vulnerability is rated as Important likely due to complexity to exploit, but it has been publicly disclosed, meaning enough information has been revealed to the public to give a threat actor a head start on creating an exploit to take advantage of the vulnerability.
“Public disclosures increase the odds a vulnerability will be exploited.”
Full details on the Microsoft December 2018 security updates can be found by clicking here.
Source
↧
Windows 10 WARNING: Microsoft fixes THESE major issues with latest patch
↧
Greetings to all
↧
↧
Newbie here (but not online) joined 12/12/18
↧
Giveaway: Wise Care 365 PRO [for PC]
You can't update from this version (being a give away) which is a pity. But at least you can try it and see if you like the program.
↧
FlashBoot 3.2c
FlashBoot 3.2c
FlashBoot allows you to create bootable USB disks, Flash Memory keys as well as the added ability to install a mini OS on bootable USB devices. What sets this apart from other similar utilities is its ability to create FAT32 filesystems on USB thumb drives larger than 32 Gb. This will be of particular use in the UEFI environment where a USB thumb drive filesystem must be recognized by the motherboard's firmware. FlashBoot can also smoothly work with thumb drives which have no partitions or a drive letter assigned. It can also recover a thumb drive's full capacity in the event that other tools have reduced the available space.
FlashBoot supports ESD format of source Windows installation images (in addition to ISO image files and directly-accessed DVD disks). And it is also fully functional under Windows XP; this is due to it not mounting any registry hives, FAT filesystems, WIM and VHD images via the Windows kernel. These features are implemented within FlashBoot, without the need of calling on platform-specific tools.
FlashBoot Features
- Prepares USB thumb drives for installation of Windows 7, Windows 10, Windows 8/8.1 or Windows Vista to an internal HDD/SSD
- Installs full-featured Windows 10 or Windows 8/8.1 to a USB thumb drive, which will boot independently from the main OS on HDD/SSD
- Saves USB thumb drive to an image file
- Restores USB thumb drive from an image file
- Can copy a USB thumb drive to another USB thumb drive, retaining full bootability
- Install DOS to a USB thumb drive
- Can Install UEFI shell to a USB thumb drive
- Quickly formats USB thumb drives
- Wipes USB thumb drives (securely erase all data)
Changelog
- Dec, 12 of 2018 Minor update 3.2c released.
- Fixed the following error for non-UEFI scenarios:
No valid version info in Windows\Boot\PCAT\bootmbr (it was a typo: bootmbr -> bootmgr).
Homepage Download Portable
↧
↧
Internet Download Manager 6.32 Build 2
IDM_6.2x_Crack_v16.2 (NEW)
Site: https://www.upload.eeSharecode: /files/9298301/IDM_6.2x_Crack_v16.2.zip.html
VirusTotal 8/69
https://www.virustotal.com/#/file/28d44074ef503f0c91bb0c93e677e3dc7d6b8c498a8c745cb46052d04ef329f3/detection
↧
NVIDIA GeForce Game Ready Driver v417.35 WHQL
As usual, you only need the Desktop installer (the notebook installer is the same).
↧
Giveaway: Wise Care 365 PRO [for PC]
giveaway that is almost every year present, as I recall since 2012 ordinarily they have provided Pro version that cannot be updated to the latest version.
↧
Microsoft is testing a new header for the Windows 10 Settings app
Seems interesting...... let’s see how it turns out.
↧
↧
Saipem Identified a Digital Attack against Some of Its Servers
Italian oil and gas industry contractor Saipem has announced that it identified a digital attack against some of its servers.
On 10 December, Saipem published a statement on its website in which it revealed the attack and said it was in the process of collecting information to determine the impact on its systems and the actions it should take to restore normal operations.
This notice didn’t provide specific details about the digital attack. But Mauro Piasere, Saipem’s head of digital and innovation, did provide a bit of this information. He said that the company’s ongoing investigation had determined that the attack had originated in Chennai, India. Piasere went on to say that the attack had mainly affected the company’s servers in Saudi Arabia, the United Arab Emirates and Kuwait and had partially targeted its infrastructure in Aberdeen in Scotland.
“The servers involved have been shut down for the time being to assess the scale of the attack,” Mauro told Reuters. “There has been no loss of data because all our systems have back-ups,” he continued, adding that the back-up systems would activate once the threat had been eliminated.
At the conclusion of its statement, the Italian oil and gas industry contractor said that it’s in the process of notifying authorities about the incident.
The digital attack against Saipem highlights the ongoing threats targeting the energy industry. In the Middle East, for example, three-quarters of oil and gas companies suffered at least one security compromise between 2017 and 2018 that resulted in the loss of confidential information or disrupted the OT environment. Reflecting these experiences, 70 percent of IT and operational technology (OT) security professionals at energy and oil and gas companies told Tripwire they’re concerned that a successful digital attack could cause an explosion or other catastrophic failure.
In response, energy organizations should work to strengthen the security and resilience of critical infrastructure, thereby enhancing systems’ reliability and availability, as well as automate compliance with NERC and other industry standards. Learn how Tripwire can help.
Source
↧
Watchdog PC Cleaner Premium 2018 free one-year license key
All the License Keys given, have failed.
↧
Bulk surveillance is always bad, say human rights orgs appealing against top Euro court
Liberty and pals seek to prove intrusive spy powers can never be justified
A band of human rights organisations have appealed against a top European court's ruling on bulk surveillance, arguing that any form of mass spying breaches rights to privacy and free expression.
The group, which includes Liberty, Privacy International and the American Civil Liberties Union, has taken issue with parts of a September judgment from the European Court of Human Rights.
That ruling said oversight of the UK government's historic regime for bulk interception of communication was insufficient and violated privacy rights under the European convention.
However, it did not say that bulk interception was unlawful in and of itself; neither did it rule that sharing information with foreign governments breached the rules.
It is these elements of the ruling that the groups disagree with, arguing that bulk surveillance can never be lawful, and that the sharing intelligence with other governments is just another form of bulk surveillance and also unlawful.
They argue that any use of such intrusive powers should be lawful, targeted and proportionate – and that bulk powers can never meet these bars.
The original case was launched after former NSA sysadmin Edward Snowden's 2013 revelations that GCHQ was secretly intercepting communications traffic via fibre-optic undersea cables.
It was the first time the European Court of Human Rights had considered UK regimes – although it did only look at procedures governing bulk cable-tapping that have since been replaced – and the first time it looked at intelligence-sharing programmes.
The court considered three aspects of the UK's spying laws, and the first two were found to have breached the European Convention on Human Rights: the regime for bulk interception of communications (under section 8(4) of the Regulation of Investigatory Powers Act 2000); the system for collection communications data (under Chapter II of RIPA); and the intelligence-sharing programme.
It ruled that the system governing the bulk interception of communications was "incapable" of keeping interference to what is "necessary in a democratic society".
Broadly, this was due to a lack of oversight of the selection process at various stages of the surveillance, and a lack of safeguards applied to the selection process for which related communications data to probe.
Liberty has also tackled the current surveillance regime introduced in the Investigatory Powers Act. It won the first challenge in April and was last month given the go-ahead by the High Court to launch a full legal challenge of the regime. This will be heard next year.
Source
↧
Revo Uninstaller Pro 4.0.5
Yerrrr, we read that... over a year and half ago when it was posted
↧
↧
It is with a heavy heart that we must inform you hackers are targeting 'nuclear, defense, energy, financial' biz
Sharpshooter takes aim at critical infrastructure
Hackers are targetting critical infrastructure providers, including nuclear power and defense agencies, in what may be a state-sponsored attack that's hiding behind North Korean code.
Discovered by McAfee and dubbed "Sharpshooter", the operation has been running since November, largely focusing on US-based or English-speaking companies and agencies around the world with an emphasis on nuclear, defense, energy, and financial businesses.
It appears that, for now, the hacking operation is focused mostly on reconnaissance and harvesting sensitive information from the infected machines. McAfee did not note any behavior related to damaging or sabotaging infrastructure.
As with most well-organized cyber-raids, the Sharpshooter operation goes after key members of the targeted companies with phishing emails that are tightly targeted, in this case pretending to be from a job recruiting agency seeking English-speaking applicants, we were told today.
The emails contain poisoned Word documents (researchers note the version used to craft them was Korean-localized) that then look to install the first piece of malware: an in-memory module that dials up a control server.
Once connected to the control server, the infected PC then downloads and executes a secondary malware payload known as Rising Sun. The Rising Sun malware does most of the heavy lifting in the campaign, monitoring network activity as well as collecting information from the infected machine that is then encrypted and sent back to the control servers.
McAfee noted that the attack, particularly the malware payload used, borrows heavily from source code used by Lazarus Group, a North Korean hacking operation blamed for attacks on both infrastructure and financial agencies.
That doesn't however, mean that the group is behind the operation. In fact, McAfee says it strongly suspects the connections to be a red herring.
"Operation Sharpshooter’s numerous technical links to the Lazarus Group seem too obvious to immediately draw the conclusion that they are responsible for the attacks, and instead indicate a potential for false flags," McAfee explained.
It would not be unheard of for another group or government to be borrowing source code from Lazarus. Earlier this year researchers showed how the US government's own attack tools had been torn down, repackaged, and sent back into the wild against new targets.
Because of this, McAfee says that, for now, it will hold off on any speculation as to who might be behind the attack.
Source
↧
Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage
Uh, hello? Didn't you put third-party Javascript on a payment page?
Ticketmaster is telling its customers that it wasn't to blame for the infection of its site by a strain of the Magecart cred-stealing malware – despite embedding third-party Javascript into its payments page.
In a letter to Reg reader Mark, lawyers for the controversy-struck event ticket sales website said that Ticketmaster "is of the belief that it is not responsible for the Potential Security Incident".
They were referring to the June 2018 infection of its UK website with the Magecart payment credential-stealing malware. At the time, Ticketmaster publicly blamed "a customer support product hosted by Inbenta Technologies" for the infection. Inbenta chief exec Jordi Torras immediately hit back, telling us in June: "Had we known that script would have been used in that way, we would have advised against it, as it poses a security threat."
Our reader, who was travelling in the US when the Ticketmaster breach happened, found out that one of his bank cards was being used for unauthorised transactions in Belgium. After asking his bank to block it, Mark found that a second card had been blocked by Visa because of an "identity breach".
He told El Reg: "It's only the cards linked to my Ticketmaster account and used for purchases with them that were breached. I use the others for online and in-person purchases in various countries with no issues," adding that cards he had used with Amazon and Paypal were not compromised.
When he demanded compensation from Ticketmaster, lawyers from the Paul Hastings law firm wrote back to Mark (who showed us their letter) claiming that the ticket site was "currently undertaking an extensive investigation into the Potential Security Incident, and, in particular, its cause and the impact, if any, on customers and the privacy and security of their payment and other personal information".
They added that the breach "arose as a result of certain third party software infected with malicious code being served directly on our client's customers from third party servers; there was no security breach of our client's own servers and systems".
Ticketmaster failed to respond to multiple attempts by The Register to seek comment.
If all is as described by both Ticketmaster and Inbenta – noting that the former has not made public any details about precisely where the offending JS component was embedded – it is difficult to see how Ticketmaster could say it is not responsible for the breach while keeping a straight face.
In a statement on its website, Inbenta said: "Upon further investigation by both parties, it has been confirmed that the source of the data breach was a single piece of JavaScript code... Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it."
The breach was plugged back in June, according to Inbenta, though details of transactions made between February and June were potentially exposed.
The summer Magecart outbreak was part of what seemed to infosec researchers to be a sustained and widespread campaign. Magecart's operators had switched from trying to directly infect individual websites to targeting and compromising widely used third-party webpage elements. BA and Sotheby's Home were also infected.
The malware's typical approach involves compromising webpage elements – typically Javascript – and injecting those elements into websites with the aim of reading customers' payment card details and beaming them back to a server controlled by criminals, ready for later misuse.
Source
↧
It's December of 2018 and, to hell with it, just patch your stuff
Windows, Office, Acrobat, SAP... you know the deal
Microsoft, Adobe, and SAP are finishing up the year with a flurry of activity, combining to patch more than 140 CVE-listed security flaws between them.
In-the-wild worries from Microsoft
The December patch bundle from Microsoft addresses a total of 39 vulnerabilities, including one that is publicly known and another that is being targeted in the wild.
The bug currently being exploited is CVE-2018-8611, an elevation of privilege flaw in the Windows kernel. Researchers with Kaspersky Lab said the flaw, which allows for code to run in kernel mode, is being used in tandem with other vulnerabilities to install malware.
Meanwhile, a denial of service flaw in the .NET Framework, CVE-2018-8517, has been publicly disclosed but has not been targeted in the wild yet. In addition, .Net Framework is also the culprit in CVE-2018-8540, a remote code execution bug.
Dustin Childs of the Trend Micro Zero Day Initiative notes that enterprises should pay special attention to CVE-2018-8626, a heap overflow flaw in Windows DNS Server that would allow an attacker to run code as the LocalSystem Account.
"Exploiting this vulnerability is as easy as sending a specially crafted request to an affected DNS server. Since DNS servers are designed to handle requests, there’s no other real defense beyond applying the patch," Childs explained.
"If you’re running DNS servers in your enterprise, definitely prioritize this one."
As usual, the Edge and Internet Explorer browsers were popular targets for bug-hunters. Chakra, the scripting engine for Edge, received fixes for five different remote code execution bugs, while Internet Explorer was subject to two remote code flaw fixes, one (CVE-2018-8631) for a memory corruption bug, and another (CVE-2018-8619) in VBScript.
Office users and admins will want to be sure they install the patches for information disclosure (CVE-2018-8627) and remote code execution (CVE-2018-8636) in Excel as well as a remote code execution bug in PowerPoint (CVE-2018-8628) and a cross-site-scripting flaw in Office SharePoint (CVE-2018-8650).
Generous Adobe gives out 87 Reader and Acrobat fixes
Adobe is closing out the year with a massive load of fixes for its two PDF apps.
The Windows and Mac versions of both Reader and Acrobat will be getting fizes for 87 different CVE-listed vulnerabilities.
Of those 87 flaws, 36 would potentially be exploited for code execution, 48 would allow information disclosure, and three could be exploited for elevation of privilege.
SAP joins the fun with 17 of its own patches
Enterprise giant SAP, meanwhile, has also delivered a fresh crop of bug fixes.
According to security firm Onapsis, admins should pay particular attention to CVE-2018-2505, a cross-site scripting bug in Hybris Commerce storefronts and CVE-2018-2494, a missing authorization check in Customizing Tools (a component of S4/HANA and Netweaver ABAP) that could potentially be used in a man-in-the-middle attack.
SAP also issued a fix for 23 vulnerabilities in the Chromium components of Business Client and patches for CVE-2018-2503 and CVE-2018-2492, a missing default authorization and a bad XML validation check in NetWeaver AS Java.
Source
↧
Silicon Valley Voice Pioneer, Aiqudo, Unveils Its Latest Software Platform:
Aiqudo today unveiled a set of breakthrough advances to Q Actions, its industry-leading voice enablement platform, that for the first time makes it possible for anyone to navigate their lives through their mobile apps seamlessly using a natural voice. Now, mobile applications can talk back to users to confirm instructions, conduct multi-step processes and even proactively alert users to new messages and read them back.
Unlike other voice platforms, Aiqudo serves users by working directly with apps users have downloaded on their mobile phones, eliminating the self-serving walled gardens erected by other voice platforms. Consumers may never be able to check Facebook instant messages from Alexa or access an Amazon wish list from Google Assistant and go shopping. Aiqudo removes this obstacle and makes voice the simplest, fastest, most intuitive interface for consumer technologies.
“By focusing on extending dominance in their legacy businesses such as ecommerce or search, the major voice platforms have failed to deliver on their own hype around voice,” said John Foster CEO of Aiqudo. “We’ve taken a better route focused on making voice truly useful today. We’re app-centric, platform-agnostic and let consumers use voice on their own terms, not just when they’re standing next to a device in their living rooms. Our voice assistant needs to be available to us whether we’re in a car, on a train with our hands full or wandering around an amusement park.”
At the center of the latest version of Aiqudo are features such as:
Directed Dialogue: Aiqudo quickly and easily guides users to successful actions, prompting them to provide all required pieces of information, whether it’s a calendar event requiring start and end times, location and event name, or providing party size and time for booking a table at a restaurant. Compound Commands: Your favorite apps and mobile phone features can now work collaboratively to get everyday requests completed. Executing multiple actions with a single command is easier than ever - navigate with Waze or other traffic app and notify your friends of a late arrival with your favorite messaging app– and it’s done with one single request. Voice Talkback: Don’t want to be distracted looking at your phone? Aiqudo can read back results from your favorite apps such as news headlines, stock quotes and message responses.
“Our Directed Dialog feature helps users to easily complete complex tasks,” said Rajat Mukherjee CTO of Aiqudo. “A user is only prompted to provide any missing information required by an action that she has not already provided in a command. Because we understand the semantics of all actions in the system, directed dialog works out-of-the-box for every one of our actions and does not require configuration, customized training or huge volumes of training data.”
Deploying a semiotics-based language modeling platform enables multi-lingual natural language commands, while Aiqudo’s app analysis engine allows rapid onboarding of apps to provide high utility and broad coverage across apps. Today Aiqudo supports thousands of applications ranging from ecommerce apps like Amazon, Walmart, or eBay, entertainment apps like Netflix, Spotify, or Pandora, to favorite messaging and social apps including WhatsApp, WeChat, Messenger and more.
Aiqudo Q Actions 2.0 will be available on Google Play by year end, and the company has already struck OEM relationships with the likes of Motorola for the technology to be embedded directly into phones.
About Aiqudo
Aiqudo (pronounced: “eye-cue-doe”) is a Voice AI pioneer that connects the nascent world of voice interfaces to the useful, mature world of mobile apps through its Voice-to-Action™ platform. It lets people use natural voice commands to execute actions in mobile apps across devices. Aiqudo’s SaaS platform uses machine learning (AI) to understand natural-language voice commands and then triggers instant actions via mobile apps, enabling consumers to get things done quickly and easily.
Aiqudo’s proprietary technology is covered by more than 30 granted patents and patent applications. Aiqudo’s technology is delivered in a scalable approach to creating voice-enabled actions without APIs or developer dependencies.
Source
↧
↧
RadioMaximus 2.23.6 (x86/x64)
I was not following this topic, so I did not answer before. Thanks for the solution. A new fixed patch was updated in the initial post.
↧
WInSCP 5.1.3.6
WinSCP is an open source free SFTP client, FTP client, WebDAV client and SCP client for Windows. Its main function is file transfer between a local and a remote computer. Beyond this, WinSCP offers scripting and basic file manager functionality.
WinSCP features:
Graphical user interface
Translated into several languages
Integration with Windows (drag&drop, URL, shortcut icons)
U3 support
All common operations with files
Support for SFTP and SCP protocols over SSH-1 and SSH-2 and plain old FTP protocol
Batch file scripting and command-line interface
Directory synchronization in several semi or fully automatic ways
Integrated text editor
Support for SSH password, keyboard-interactive, public key and Kerberos (GSS) authentication
Integrates with Pageant (PuTTY authentication agent) for full support of public key authentication with SSH
Explorer and Commander interfaces
Optionally stores session information
Optionally supports portable operation using a configuration file in place of registry entries, suitable for operation from removable media
WinSCP 5.13.6 changelog:
Back-propagated some improvements and fixes from 5.14.2 beta release
Bug fix: Failure when canceling session reconnect. 1684
Bug fix: Remembered private key passphrase is not passed to PuTTY. 1708
Bug fix: Crash on start while loading local file icons. 1709
Homepage
Download-open source
Download- Standalone Executable
↧
Notepad++ 7.6.1
Final Links available now!
https://notepad-plus-plus.org/repository/7.x/7.6.1/
https://notepad-plus-plus.org/download/v7.6.1.html
Notepad++ v7.6.1 new enhancement and bug-fixes
Several bug-fixes & enhancement on Plugins Admin.
Notepad++ will load plugins from %PROGRAMDATA% instead of %LOCALAPPDATA%.
Fix installer's plugins copy issue under Linux (by using WINE).
Fix Installer HI-DPI GUI glitch.
Fix "Import plugins" not working issue.
Fix printer header/footer font issue.
Make installer more coherent for the option doLocalConf.xml.
Make text display right in summary panel.
↧