Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Hardhead

Pages: 1 [2] 3 4 ... 6
By Lawrence Abrams June 25, 2019 10:42 AM

Microsoft has released the Windows 10 version 1903 KB4501375 cumulative update to Insiders in the Release ring for testing before it goes live for everyone. For this update there is no support bulletin listing what is fixed, but testing the Event Viewer shows that this update fixes the custom views crash bug.

With the release of the June 2019 Patch Tuesday updates, Microsoft introduced a bug that would cause Custom Views to crash Event Viewer. When users opened a Custom View they would be greeted with a message stating "MMC has detected an error in a snap-in and will unload it", which would cause Event viewer to stop working.

To be able to use Event Viewer again, users would need to restart the program.

This new cumulative update is titled "2019-06 Cumulative Update for Windows 10 Version 1903 (KB4501375)" and when installed will increase the Windows 10 build number to 18362.207.

Lawrence Abrams June 25, 2019 01:44 PM
Due to the ever increasing growth of online threats that target your sensitive data, Microsoft has created a new OneDrive feature called 'Personal Vault' that will allow you encrypt and store your files in a secured container.

Personal Vault is a separate storage space in OneDrive that will automatically encrypt stored files and can only be accessed through an authentication method such as 2FA, fingerprint, face, PIN, or codes via email and SMS. This allows the files stored in the Personal Vault to be more secure in the event that someone gains access to your computer, mobile device, or OneDrive account or you become infected.

"Personal Vault adds to the robust privacy and security that OneDrive currently offers, including file encryption at rest and in transit, suspicious activity monitoring, ransomware detection and recovery, mass file deletion notification and recovery, virus scanning on download for known threats, and version history for all file types," stated Microsoft announcement.

By Lawrence Abrams

    June 22, 2019 03:31 AM

The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.

Microsoft briefly made the preview available on the Microsoft Store earlier yesterday, but they were just gearing up for its release and it was not ready. The working version of Windows Terminal is now available from the Microsoft Store, which is based on version 0.2.1715.0.

To get the the Windows Terminal Preview you need to make sure you are running Windows 10 version 1903 and on build 18362.0 or higher. If you meet the requirements, you can go to the Microsoft Store and search for Windows Terminal to install it.

I assume this is allowing to prompt Linux commands too!  8)
Yes reading ahead allows just that.

By Lawrence Abrams

    June 22, 2019 10:45 AM

Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.

When starting Tor Browser, it should alert you if a new version is available. If you would like to perform a manual check, you can do so by going to Tor Browser menu -> Help -> About Tor Browser

Unfortunately, like the previous release, the Android version of Tor Browser 8.5.3 will not be available until the weekend as part of the Tor team who handles the Android signing token is away at an event.

Tor 8.5.3 can be downloaded from the Tor Browser download page and from the distribution directory.

The full changelog for Tor Browser 8.5.3 is:

Tor Browser 8.5.3 -- June 21 2019
 * All platforms
   * Pick up fix for Mozilla's bug 1560192

By Lawrence Abrams

    June 22, 2019 08:14 PM

According to a statement by the U.S. Cybersecurity and Infrastructure Security Agency, an increase in cyberattacks utilizing destructive wiper tools has been detected targeting U.S. industries and government agencies by Iranian actors or proxies.

The statement, titled "CISA Statement on Iranian Cybersecurity Threats", was posted today by CISA Director Chris Krebs to his Twitter account and issues a warning that Iranian affiliated actors are increasingly using destructive wiper attacks on targeted networks and computers.

A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Wiper attacks have been used in the past by state actors or as decoys for other attacks, which are described later in the article.

By Lawrence Abrams

    June 20, 2019

Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update.

This week, Mozilla released Firefox 67.0.3 to fix a critical remote code execution vulnerability that was being used in targeted attacks. Since its release, it was discovered that the vulnerability and another unknown one was chained together as part of a phishing attack to drop and execute malicious payloads on victim's machines.

Today, Mozilla released Firefox 67.0.4 that fixes the second unknown vulnerability that was used during this chained attack.

Vulnerability Report & Security Research / Intel ME Vulnerability
« on: May 22, 2019, 01:56:34 am »
By exile360, Saturday at 04:26 PM in General Chat

For a long time security experts have warned about the dangers of using insecure software and hardware.  They tell us to never use simple passwords, never to write down our passwords, never leave our devices unlocked, and to always change the default administrator password on our routers and other devices.  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running?  You would probably tell me that it's time to get my tinfoil hat resized because it's on a little too tight, right?  Well unfortunately not only is this a reality, but it has already had vulnerabilities discovered that could exploit it.

What I am referring to is a piece of technology called IME or the Intel Management Engine.  It is a piece of code that runs inside a chip inside every Intel CPU and it was designed to allow remote control of every Intel based PC.  Unfortunately even if you're using an AMD processor you still have something like this, except they call it 'TrustZone' (a rather ironic name in my opinion :P).

Well, as has been a theme lately, a new vulnerability has been discovered in Intel's Management Engine and the only way to patch it is through a firmware update.  This can be done manually, but it isn't very straightforward, especially if your OEM/system manufacturer hasn't supplied a patch (most don't for these kinds of vulnerabilities unfortunately, especially for older systems).  For those who wish to attempt patching it on your own, you'll find all the tools and instructions required at the Win-Raid Forum here.  They have links to downloads for all of the required tools to check your ME version and the utilities from Intel to patch it along with the latest firmware versions.  That said, if you do intend to patch as I did, BE CAREFUL and read the instructions and information in that post very carefully as there is no one size fits all firmware and you could easily brick your system if you do the wrong thing; sadly the only alternative is to remain vulnerable to potential ME exploits

Note: Be sure to read all posts...

05:10 PM
Robert Lemos

Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.

Atlassian's Bitbucket, GitHub, and GitLab notified hundreds of developers over the weekend that their accounts on those repository services were breached and their code deleted by attackers using credentials harvested from another site or misconfigured files.

The accounts of more than an estimated 1,000 developers were impacted by the attack on the three services. In each case, the attackers deleted the victim's code repository and left behind a ransom note demanding a tenth of a bitcoin — about $570 — to restore the data.

Atlassian, which declined to say how many of the users of its Bitbucket service were affected, notified developers whose accounts were impacted and blamed password reuse for the attackers' ability to compromise the service.

"During this attack, a third party accessed your repository by using the correct username and password for one of the users with permission to access your repository," the company stated in a notification to affected users. "We believe that these credentials may have been leaked through another service, as other git hosting services are experiencing a similar attack."

The attack highlights the dangers of mishandling passwords. Reportedly, 392 GitHub users were impacted by the attack, although only 320 users' repositories are currently showing signs of the ransom note. Bitbucket appears to have blocked search results for affected users, while GitLab does not have facilities for searching through repositories.

Reusing the same password on different services is a problematic habit of online users that can undermine security. In addition, developers often unwittingly leave passwords in files that are published to public repositories. None of the services hosting affected developers' repositories found signs of a compromise. Instead, attackers logged onto them from an unrecognized Internet address using valid credentials and then deleted the victim's code.

"GitHub has been thoroughly investigating these reports, together with the security teams of other affected companies, and has found no evidence or its authentication systems have been compromised," the company said. "At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures. We are working with the affected users to secure and restore their accounts."

GitLab started investigating the issue on Sunday, after one developer reported that its code had been deleted. The organization concluded that the breach may have occurred when developers mistakenly published passwords stored in another repository.

"We have identified affected user accounts, and all of those users have been notified," a GitLab spokesperson said. "As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository."

Atlassian also urged users to not leave passwords in files that may be replicated into public repositories.

 Zeljka Zorz, Managing EditorMay 6, 2019

Flaw in pre-installed software opens Dell computers to remote hijack

Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability.

Dell pre-installed software vulnerability
What is Dell SupportAssist?

SupportAssist is software that comes pre-installed on most Dell laptops and computers running Windows.

It has administrator-level access to the operating system and uses it to identify issues, run diagnostics, driver-update scans, and install drivers.
About the vulnerability (CVE-2019-3719)

CVE-2019-3719 is not deemed to be critical as it can’t be exploited by attackers who are not on the same local network as the victim.

Still, instances where that can happen are far from rare. For example, it’s enough for the attacker to be connected to the same public wireless network or enterprise network the potential victim is.

To successfully pull off the attack, the attacker must trick the target into visiting a website booby-trapped with the exploit – no other user interaction is required.

 Help Net SecurityMay 7, 2019

A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan.

Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second–infinitely faster than a human hacker can work and thousands of times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering and a developer of the system. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.

“With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”

 By Mayank Parmar

    May 6, 2019 01:32 PM
At Build 2019 developer conference, Microsoft announced a bunch of new features for its new Chromium-based Microsoft Edge browser. The company also shared how the brand-new Microsoft Edge will simplify development and improve the productivity of consumers, developers, and enterprises.

Below we have outlined some of the new features coming to Microsoft Edge.

Microsoft announced a new feature called 'Collections' for Edge that would allow users to group content such as photos and text into a central hub that can be accessed from the right pane. After adding items to your collection, you can export the content to apps like Word and Excel.

 By Lawrence Abrams

    May 6, 2019 05:23 PM
Microsoft will begin to ship an in-house custom built Linux kernel starting with the Windows 10 Insider builds this summer. This kernel is to become the backbone for the new Windows Subsystem for Linux 2.0 or WSL2.

Unlike WSL1, which used a Linux-compatible kernel, WSL2 will use a genuine open-source kernel compiled from the stable 4.19 version release of Linux at

While Microsoft will be providing the Linux kernel, they will not provide any Linux binaries to go with it. Instead, users will still need to download their favorite Linux distribution from the Microsoft Store or by creating a custom distribution package.

 By Sergiu Gatlan

    May 6, 2019 07:04 PM 

Amazon to Disable S3 Path-Style Access Used to Bypass Censorship

Amazon announced in a post on the Amazon Simple Storage Service (S3) forum that the company will deprecate path-style API requests (used by many to circumvent censorship) starting with September 30, only keeping support for the virtual-hosted style request format.

While the path-style URI requests (aka V1) include the bucket name in the URIs and are of the "//[bucketname]/key" form, the virtual-hosted style URI requests (aka V2) feature the bucket name within the domain name and have a "//[bucketname]" structure.

"In our effort to continuously improve customer experience, the path-style naming convention is being retired in favor of virtual-hosted style request format," says Amazon.

Amazon recommends customers to start using V2 S3 API requests before V1 will be disabled on September 30:

Thanks Ron for the heads up.
There are hot fixes for the issues but if it was up to me I would wait until Firefox comes out with a new version before doing anything. That’s only my thoughts. Read more about the issues below:

 By Sergiu Gatlan

    April 25, 2019 01:56 AM 0

The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection.

TA505 is a threat group known to have been active since at least Q3 2014 [1, 2] and to have attacked a multiple financial institutions and retail companies using large sized malicious spam campaigns driven with the help of the Necurs botnet and dropping the Dridex and Trick banking Trojans, as well as the Locky and Jaff ransomware strains on their targets computers. [1, 2, 3]

During November 2018, TA505 started distributing new malicious tools as discovered by Proofpoint, the ServHelper backdoor and the FlawedGrace remote access Trojan (RAT) as part of multiple malware campaigns focused on banks, retail businesses, and restaurants.

Pages: 1 [2] 3 4 ... 6