Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Microsoft has released the final version of its security configuration baseline settings for Windows 11, downloadable today using the Microsoft Security Compliance Toolkit. "Two new settings have been added for this release (which were also added to the Windows Server 2022 release), a new Microsoft Defender Antivirus setting, and a custom setting for printer driver installation restrictions," Microsoft security consultant Rick Munck said. Human operated ransomware protection by default When enabling the Microsoft Security Baseline for Windows 11, Redmond urges admins to ensure that Microsoft Defender for Endpoint's tamper protection feature, which adds additional protection against human-operated ransomware attacks, is enabled. It does that by blocking attempts made by malware or threat actors to disable security solutions and OS security features that would allow them to gain easier access to sensitive data and deploy malware or malicious tools. Tamper protection sets up Microsoft Defender Antivirus using secure default values and hinders attempts to change them via the registry, PowerShell cmdlets, or group policies. Once tamper protection is toggled on, ransomware operators would have a much more challenging task ahead of them when trying to: Disable virus and threat protection Disable real-time protection Turnoff behavior monitoring Disable antivirus (such as IOfficeAntivirus (IOAV)) Disable cloud-delivered protection Remove security intelligence updates PrintNightmare and Edge Legacy recommendations With the new security baseline, Microsoft also added a new setting to the MS Security Guide custom administrative template to restrict printer driver installation to administrators. This new recommendation follows patches released since July 2021 to address the CVE-2021-34527 PrintNightmare remote code execution vulnerability in the Windows Print Spooler service. Microsoft also removed all Microsoft Edge Legacy settings after the EdgeHTML-based web browser reached the end of support in March and was removed from Windows 11. 'Going forward, please use the new Microsoft Edge (Chromium-based) baseline, which is on a separate release cadence and available as part of the Microsoft Security Compliance Toolkit," Munck said. Download and implement the security baseline Windows security baselines provide admins with Microsoft-recommended security configuration baselines designed to reduce Windows systems' attack surface and boost the overall security posture of Windows enterprise endpoints. "A security baseline is a group of Microsoft-recommended configuration settings that explains their security impact," as Microsoft explains. "These settings are based on feedback from Microsoft security engineering teams, product groups, partners, and customers." The Windows 11 security baseline is available for download via the Microsoft Security Compliance Toolkit. It includes Group Policy Object (GPO) backups and reports, scripts to apply settings to the local GPO, and Policy Analyzer rules files. "Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate," Munck added. Microsoft adds tamper protection to Windows 11 security baseline
  2. The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools. Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they’re made for use on top of any email hosting a customer already has, whether it’s provided by Google’s Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary. “I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren’t sure there was anything for us to do in the space,” Prince says. “But what’s become clear over the course of the last two years is that email security is still not a solved issue.” Prince says that Cloudflare employees have been “astonished by how many targeted threats were getting through Google Workspace,” the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use. On Monday, the company is launching two products: Cloudflare Email Routing and Email Security DNS Wizard. The tools let customers place Cloudflare in front of their email hosting provider, essentially allowing Cloudflare to receive and process emails before sending them through to the Microsofts and Googles of the world. This is somewhat similar to Cloudflare's long-standing role as a “content delivery network” for websites, in which the company is a proxy that can serve data or catch malicious activity as web traffic passes through. Cloudflare Email Routing makes it possible for individuals or organizations to manage an entire custom email domain, like @coolbusiness.com, from a single consumer email account, such as a personal Gmail address. The tool even lets you consolidate many addresses—[email protected], [email protected]—so they all forward to a single inbox. This way, small businesses in particular can get the benefits of a dedicated, custom email domain without having to manage a whole separate platform. The second tool, Security DNS Wizard, aims to make two email security features accessible for Cloudflare customers and easy to use. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are two tools that are essentially a combination of caller ID and screening schemes for email: They aim to reduce email address spoofing by setting up public records that must match an email's sender information for the message to go through. This significantly reduces how easy it is for attackers to, say, send an email to employees that really looks like it comes from "Cool Business CEO." SPF and DKIM have been around for more than a decade, but they aren't ubiquitous, because they are difficult to set up without mistakes that can result in problems like legitimate emails getting lost. Cloudflare's goal with Email Security DNS Wizard is to make it easy for users to set up one or the other protection without any flubs. “These are both technologies that have been around for a long time, but the problem is they don’t get a lot of use, because they're extremely complicated and in some cases dangerous to set up,” Prince says. “We're hopeful that implementing this tech, making it easy, and making it free will dramatically expand the usage and decrease the amount of targeted phishing and domain abuse." Ultimately, Cloudflare plans to roll out a more comprehensive suite of services, called Advanced Email Security Suite, that will incorporate these two tools plus others. These initial offerings allow the company to get email flowing through its network, Prince says, so that it can study threats and patterns on a large scale. He adds that all Cloudflare email security products are carefully designed to leave crucial indicators intact for providers like Google and Microsoft. This way the tools aren't disrupting the important anti-spam and anti-abuse features that those services already have in place. And the goal is for existing Cloudflare offerings like browser isolation to work in tandem with the new email security features even when customers do click a bad link. As with many Cloudflare offerings, though, one byproduct of turning on these email security features is that customers will need to trust the company with their messages on top of all the other web data they already have flowing through Cloudflare. When asked whether there are privacy implications of this, Prince repeats what he has often said about Cloudflare's approach. “We think of customer data as a toxic asset. We don’t have a business around advertising, we don’t sell customer data,” he says. “We have privacy certifications and do external audits of our systems. But, yeah, we have to earn our customers' trust everyday." In a way, email is one of the last web security frontiers for Cloudflare. Whether customers are willing to share this final piece of themselves with the company will likely depend on how successful Cloudflare can be at making a dent in the very real, and maddening, risks that come with corporate email. Cloudflare Is Taking a Shot at Email Security (May require free registration to view)
  3. New features build on Total Cookie Protection, simplifying privacy management. Mozilla's Firefox 91, released this morning, includes a new privacy management feature called Enhanced Cookie Clearing. The feature allows users to manage all cookies and locally stored data generated by a website—regardless of whether they're cookies tagged to that site's domain or cookies placed from that site but belonging to a third-party domain, e.g., Facebook or Google. Building on Total Cookie Protection Enlarge / Mozilla isn't being delicate about which tech giant is first in its crosshairs. Mozilla The new feature builds and depends upon Total Cookie Protection, introduced in February with Firefox 86. Total Cookie Protection partitions cookies by the site that placed them rather than the domain that owns them—which means that if a hypothetical third party we'll call "Forkbook" places tracking (or authentication) cookies on both momscookies.com and grandmascookies.com, it can't reliably tie the two together. Without cookie partitioning, a single Forkbook cookie would contain the site data for both momscookies.com and grandmascookies.com. With cookie partitioning, Forkbook must set two separate cookies—one for each site—and can't necessarily relate one to the other. Even if the cookies are used for a third-party Forkbook login, tying the two together would need to be done on the back end—since both are presumably for the same Forkbook account—rather than Forkbook being able to simply, cheaply, and easily read all tracking data from a single cookie. If the sites don't use Forkbook for authentication, the two probably can't be tied together at all—because even if the user is logged in to Forkbook in a different tab, that cookie is split apart from the ones used on mom's and grandma's cookie sites. Clearing data site-wide Enlarge / The updated Cookies and Site Data management dialog displays all locally stored resources set at a particular site, whether owned by that site or by a third party. Mozilla Once you understand that websites routinely place cookies that belong to third-party domains, it becomes obvious why it might be difficult to clear all traces of data stored by that site—returning to our "Forkbook" example above, clearing all data belonging directly to momscookies.com wouldn't clear the Forkbook cookie, and clearing a universal Forkbook cookie would necessarily log the user out of all websites using Forkbook authentication. However, when each site has its own individual cookie jar—meaning Forkbook needs to place separate cookies, separate copies of embedded javascript libraries, separate copies of images, and so forth between momscookies.com and grandmascookies.com and forkbook.com itself—it becomes possible to easily manage all data stored locally by that individual site. When using Total Cookie Protection, you can empty the entire bucket for momscookies.com, including its own cookies, Forkbook's cookies, and anything else. This breaks Forkbook's record of your browsing activities on momscookies.com—because although it will set a new cookie the next time you visit, it won't have a reliable way to tie that cookie to the previous cookie you deleted or to other Forkbook cookies set by other sites. Fuhgeddaboudit Enlarge / The new "Forget about this site" option in History allows you to clear all site data, as well as your history of visiting it in the first place. Mozilla In addition to organizing locally stored data by the website that placed it rather than the domain that owns it, Firefox 91 gives users the ability to quickly and easily remove all local traces of visiting a site. When browsing your own History timeline in Firefox 91, you can right-click a site's entry and select Forget About This Site. Doing so removes both the entry in History and all cookies, images, cached scripts, and so forth set during visits to that site. Get strict In order to use the new privacy management features, you'll first have to make sure that Strict Tracking Protection is enabled. Without Strict Tracking Protection, cookies aren't separated by the site that sets them in the first place. To enable Strict Tracking Protection, click the shield to the left of the address bar and select Protection Settings. This opens Privacy and Security in a new tab—from there, just make sure the radio-button option for Enhanced Tracking Protection is set to Strict, not Standard. Although Firefox's Privacy and Security dialog warns you—accurately—that Strict protection may cause some sites or content to break, those breakages have so far been few and minor in our own testing. The majority of the web—including the bits using third-party authentication and tracking—should continue to work just fine. Today’s Firefox 91 release adds new site-wide cookie-clearing action
  4. Mozilla says that starting with Firefox 91, users will be able to fully erase the browser history for all visited websites, thus preventing privacy violations due to "sneaky third-party cookies sticking around." This change builds on the inclusion of default blocks for cross-site tracking in private browsing, first introduced after Total Cookie Protection was released with Firefox 86 in February. The new feature, dubbed Enhanced Cookie Clearing, helps you delete all cookies and supercookies stored on your computer by websites or web trackers. Enhanced Cookie Clearing is triggered automatically whenever you're clearing cookies and other site data after enabling Strict Tracking Protection. "When you decide to tell Firefox to forget about a website, Firefox will automatically throw away all cookies, supercookies and other data stored in that website's cookie jar," Mozilla said. "This 'Enhanced Cookie Clearing' makes it easy to delete all traces of a website in your browser without the possibility of sneaky third-party cookies sticking around." HTTPS enabled by default in private browsing Mozilla also announced today that, starting with Firefox 91, private browsing windows will automatically switch to secure HTTPS connections by default. By upgrading all connections to HTTPS, Mozilla aims to protect users from man-in-the-middle (MITM) attacks trying to snoop on or alter data exchanged with web servers over the unencrypted HTTP protocol. "Whenever you enter an insecure (HTTP) URL in Firefox's address bar, or you click on an insecure link on a web page, Firefox will now first try to establish a secure, encrypted HTTPS connection to the website," Mozilla explained. "In the cases where the website does not support HTTPS, Firefox will automatically fall back and establish a connection using the legacy HTTP protocol instead." Mozilla has added an HTTPS-Only Mode starting with Firefox 83 to secure web browsing by rewriting URLs to use HTTPS (even though this feature is disabled by default, it can be easily enabled from the browser's settings). Microsoft Edge can also be configured to switch secure HTTPS connections when connecting over HTTP by enabling an experimental Automatic HTTPS option available in the Canary and Developer preview channels. In April, Google updated Chrome to default to HTTPS for all URLs typed in the address bar if the user doesn't specify a protocol. HTTPS by default in private browsing (Mozilla) According to Mozilla, while browsing the web in private mode, Firefox defends your privacy using several privacy protection technologies, all enabled by default: Total Cookie Protection isolates cookies to the site where they were created Supercookie protections stop supercookies from following you from site to site Cookies and caches are cleared at the end of every Private Browsing session and aren't shared with standard windows Trackers are blocked, including cookies, scripts, tracking pixels, and other resources from domains on Disconnect's list of known trackers Many fingerprinting scripts are blocked, according to Disconnect's list of invasive fingerprinting domains SmartBlock intelligently fixes up web pages that were previously broken when tracking scripts were blocked To go into private browsing mode, you have to open the Application Menu by clicking the button (☰) on the top right and choosing "New Private Window." You can also use keyboard shortcuts to enable private browsing mode using Ctrl + Shift + P (or Cmd + Shift + P on macOS) Firefox adds enhanced cookie clearing, HTTPS by default in private browsing
  5. I couldn't find much information. I pay for a subscription through Private Internet Access for their VPN service. While visiting my Client Control Panel on their website, I saw the offer on the sidebar. It appears to still be in development. Homepage: https://www.privateinternetaccess.com/ Download: https://app.intego.com/pi/downloader.php https://cdn1-piav.intego.com/pi/install/20210615/PrivateInternetAntivirusSetup.exe https://anonfiles.com/dcVc3051u9/PrivateInternetAntivirusSetup_exe
  6. Microsoft admits to signing rootkit malware in supply-chain fiasco Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. It turns out, the C2 infrastructure belongs to a company classified under "Communist Chinese military" by the US Department of Defense. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process. "Netfilter" driver is rootkit signed by Microsoft Last week, G Data's cybersecurity alert systems flagged what appeared to be a false positive, but was not—a Microsoft signed driver called "Netfilter." The driver in question was seen communicating with China-based C&C IPs providing no legitimate functionality and as such raised suspicions. This is when G Data's malware analyst Karsten Hahn shared this publicly and simultaneously contacted Microsoft: The malicious binary has been signed by Microsoft (VirusTotal) "Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system." "Drivers without a Microsoft certificate cannot be installed by default," states Hahn. At the time, BleepingComputer began observing the behavior of C2 URLs and also contacted Microsoft for a statement. The first C2 URL returns a set of more routes (URLs) separated by the pipe ("|") symbol: Navigating to the C2 URL presents more routes for different purposes Source: BleepingComputer Each of these serves a purpose, according to Hahn: The URL ending in "/p" is associated with proxy settings, "/s" provides encoded redirection IPs, "/h?" is for receiving CPU-ID, "/c" provided a root certificate, and "/v?" is related to the malware's self-update functionality. As seen by BleepingComputer, for example, the "/v?" path provided URL to the malicious Netfilter driver in question itself (living at "/d3"): Path to malicious Netfilter driver Source: BleepingComputer The G Data researcher spent some time sufficiently analyzing the driver and concluded it to be malware. The researcher has analyzed the driver, its self-update functionality, and Indicators of Compromise (IOCs) in a detailed blog post. "The sample has a self-update routine that sends its own MD5 hash to the server via hxxp://," says Hahn. An example request would look like this: hxxp:// "The server then responds with the URL for the latest sample, e.g. hxxp:// or with 'OK' if the sample is up-to-date. The malware replaces its own file accordingly," further explained the researcher. Malware's self-update functionality analyzed by G Data During the course of his analysis, Hahn was joined by other malware researchers including Johann Aydinbas, Takahiro Haruyama, and Florian Roth. Roth was able to gather the list of samples in a spreadsheet and has provided YARA rules for detecting these in your network environments. Notably, the C2 IP that the malicious Netfilter driver connects to belonged to Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, according to WHOIS records. The U.S. Department of Defense (DoD) has previously marked this organization as a "Communist Chinese military company," another researcher @cowonaut observed. Microsoft admits to signing the malicious driver Microsoft is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used. The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers, and managing to acquire the Microsoft-signed binary in a legitimate manner: "Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments." "The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party." "We have suspended the account and reviewed their submissions for additional signs of malware," said Microsoft yesterday. According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers, and there is no indication of enterprise environments having been affected so far. Microsoft has refrained from attributing this incident to nation-state actors just yet. Falsely signed binaries can be abused by sophisticated threat actors to facilitate large-scale software supply-chain attacks. The multifaceted Stuxnet attack that targeted Iran's nuclear program marks a well-known incident in which code-signing certificates were stolen from Realtek and JMicron to facilitate the attack. This particular incident, however, has exposed weaknesses in a legitimate code-signing process, exploited by threat actors to acquire Microsoft-signed code without compromising any certificates. Source
  7. Meet Thistle, the startup that wants to secure billions of IoT devices Startup gets $2.5 million funding to jump-start security for connected devices. Enlarge Getty Images For more than two decades, Window Snyder has built security into products at some of the biggest companies in the world. Now, she’s unveiling her own company that aims to bake security into billions of connected devices made by other companies. San Francisco-based Thistle Technologies said on Thursday that it received $2.5 million in seed funding from True Ventures. The startup is creating tools that will help manufacturers build security into connected devices from the ground up. IoT, hackers’ low-hanging fruit Printers, ATMs, consumer electronics, automobiles, and similar types of Internet-of-things devices have emerged as some of the biggest targets of malware. Manufacturers typically don’t have the security expertise that companies like Apple, Microsoft, and Google have developed over the past 20 years. The result is billions of devices that ship with vulnerabilities that are preyed upon by profit-driven criminals and nation-state hackers. “What it takes to build security into products… requires a lot of really specialized skills,” said Snyder, Thistle’s CEO and founder. “You get folks, especially at the devices level, building the same security mechanisms over and over again, reinventing the wheel, and doing it to different levels of resilience.” Security veteran Snyder previously served as chief security officer at Square, Mozilla, and Fastly and was chief software security officer at Intel. As a teenager, she was part of a Boston hacker collective before going on to be a consultant at @stake, a security company that employed many of the members of L0pht, another Boston hacker collective. She also spent time at Microsoft working on Windows XP SP2, the update that added a host of security improvements to the OS. Later, she worked on security at Apple. Thistle will develop frameworks that allow device manufacturers to quickly build reliable and resilient security into their products more quickly than they could do on their own. The company’s initial work will focus on building a platform that delivers security updates to connected devices. Patching devices typically requires reflashing firmware, a process that can be fraught with risk. “It’s one of the reasons that nobody delivers updates for devices, because the cost of failing an update is so high,” Snyder said. “If you’ve got 100 million devices out there and you’ve got a 1-percent failure rate—which is very, very low for updates—that’s still a million devices that are bricked potentially.” True Ventures is investing $2.5 million in seed funding to Thistle. The Silicon Valley venture capital firm has provided funding to hundreds of early-stage startups, including Duo Security, the company that provides two-factor authentication and other security services and is now owned by Cisco. Meet Thistle, the startup that wants to secure billions of IoT devices
  8. New Dodge Challenger and Charger Software Limits Cars to 3 HP Because People Keep Stealing Them Dodge says the update will be good for “foiling fast getaways and joyrides.” It's no secret that car thieves have a thing for high-performance Dodge muscle cars. Because of that, the company is responding with a software patch that should make life a little harder for those who'd like to live the Hellcat life but refuse to do so under legal means. Soon to be available to Chargers and Challengers equipped with either the 6.2- or 6.4-liter Hemi V8 engines, a new Security Mode locks the cars' full performance behind a four-digit code as an extra layer of security against thieves who have spoofed the main key code, sort of like how two-factor authentication adds extra protection against people trying to gain access to your Facebook profile. (If you do not have 2FA set up for your major online accounts or are not even aware of what 2FA is, you should probably do some research and get on that.) Without the four-digit code, presumed Dodge thieves will only be able to drive the cars with the engines at idle speed (675 rpm), limiting them to just 22 pound-feet of torque and less than three horsepower. Yes, three hp. Not 300 hp. Not 30. Three. Well, 2.8 hp to be completely precise. So, if you ever see a Hellcat being driven around suspiciously slowly and quietly, it may very well be stolen. All the more reason for legit owners to give their cars a random rev every once in a while, I guess. High-horsepower Chargers and Challengers from the 2015 model year onwards are eligible to have this retroactively installed free of charge by any Dodge dealership. "When flashed into the computer of affected 2015 or newer Dodge muscle cars, the protective software will limit the engine output to less than three horsepower, foiling fast getaways and joyrides," said Dodge CEO Tim Kuniskis. "More than 150 cars are stolen every day in the United States. For any car owner, it's terrible, it's a hassle and it's a personal violation. Though statistically rare, car thieves have targeted the high-horsepower Dodge muscle cars, and we want the Dodge 'Brotherhood' to know we're taking quick action and covering their backs." Reportedly, more than 1,000 Chargers were stolen in and around the Detroit area in 2020 alone (around three every single day) while the Charger Hemi and Challenger SRT Hellcat ranked first and second, respectively, on the list of vehicles most likely to be stolen in America a couple of years ago. However, these two aren't the only FCA, er, Stellantis hot rods to have become dubiously appetizing to thieves. Late last year, a pre-production 2021 Durango SRT Hellcat SUV was swiped straight off of a company employee's driveway in Detroit and a Jeep Grand Cherokee Trackhawk press car was once taken from the folks at Jalopnik during the 2019 Detroit Auto Show. We've contacted Stellantis to ask whether the new security software will make its way to other models and will update this story when we hear back. The Security Mode software will be available for Dodge's muscle cars late in the second quarter of 2021. Source: New Dodge Challenger and Charger Software Limits Cars to 3 HP Because People Keep Stealing Them
  9. Email is an insecure, outdated communication method, but can it be saved? Despite growth in the use of instant messaging, email remains the most common form of business communication online. In 2019, there were over 3.9 billion email users globally, a number that’s set to rise to 4.48 billion by 2024. Any company operating online must use email services—there’s no avoiding it. But email was never designed to be a secure method of communication used daily by billions of people around the globe. While there have been many attempts to upgrade the security of email protocols, email is one of the least private ways to communicate online. Certain email service providers attempt to shore up some of email’s inherent security weaknesses by offering robust encryption. In this article, we look at why a business might want to consider a secure email provider. Despite growth in the use of instant messaging, email remains the most common form of business communication online. In 2019, there were over 3.9 billion email users globally, a number that’s set to rise to 4.48 billion by 2024. Any company operating online must use email services—there’s no avoiding it. But email was never designed to be a secure method of communication used daily by billions of people around the globe. While there have been many attempts to upgrade the security of email protocols, email is one of the least private ways to communicate online. Certain email service providers attempt to shore up some of email’s inherent security weaknesses by offering robust encryption. In this article, we look at why a business might want to consider a secure email provider. What’s wrong with email? Email was developed as a basic means to send messages back and forth over the internet, so little thought was put into security, privacy, or encryption in the early days. Everything was transferred in plain text, and emails could be read by anyone watching the network traffic. Though emails nowadays have a little more security, much of the data is still sent unencrypted. There are multiple places where email conversations in a company can be compromised. For starters, messages are stored on your devices, so anyone with physical access to your computer or smartphone can read them. Or, a malicious app can read emails and get to file attachments easily. Even if you personally ensure that your devices are stored securely and free from malware, not everyone in the company may be so diligent. Also, every email must be transferred through your connection to the email provider. The reality is that even if all your company’s emails are stored on the same server, any remote email access requires the data to be sent through a chain of routers and switches operated by many different companies. If the sender and the recipient of an email use different email servers, there are even more intermediary ISPs involved. At every link of the chain, it’s quite easy to eavesdrop on email conversations. Why most email servers are insecure Consider the overall security of your email server, where emails are stored. Some companies run their own email servers entirely disconnected from the internet, but most use an email service provider like Gmail or Outlook.com because it’s simple and keeps costs low. One way that attackers can gain access to emails is by guessing, stealing, or cracking your employees’ email passwords. Weeks, months, or years of emails can be exposed, including emails that you thought were already deleted. Most email providers store emails on their servers in plain text. This means if there’s a security breach, hackers can easily access all your company’s emails and attachments. Unfortunately, security breaches are all too common. Your email is being used for advertising One reason that most email providers don’t store emails in an encrypted format is to reduce performance overheads and make searching through emails faster. More importantly, it allows them to scan your emails automatically so they can target advertising at you. Even companies that don’t use your emails to build personalized ads will scan them for other purposes. In a high-profile move, Google removed ad personalization based on email from its Gmail product in 2017, in a bid to woo more business customers, but it still scans emails. After all, the Google app knows when your next flight is leaving, and the Google Calendar app automatically adds restaurant reservations for you! For privacy-concerned citizens, the fact that these email service providers will hand over your email data to governments without hesitation is incredibly problematic. Secure email providers are better Email providers that focus on security and privacy eliminate some, but not all, of email’s inherent problems. Services like ProtonMail and Tutanota encrypt all emails on their servers, so no one else can read them. Your data is never used for advertising purposes, and there’s no tracking or logging. Some of the best secure email providers support end-to-end encryption. This means that messages are encrypted on the sender’s device and can only be decrypted on the recipient’s device. No third party can read the contents of the emails when they are in transit. Secure email providers also have more robust two-factor authentication and strong password rules to help reduce the chances of passwords being cracked or stolen. Even with end-to-end encryption, emails are insecure Even with end-to-end encryption, email metadata is not encrypted, so any servers relaying your emails can read certain information about the emails. Email metadata includes the sender, recipient, date, and subject line. With just this information alone, snoopers can learn much about the conversation. Companies that need absolute privacy need to double down with added layers of security, like using a business VPN or Tor. That said, you can’t expect everyone who interacts with your company via email to jump through so many hoops. Instead, it’s better to consider any email sent and received to have a low level of security, and you should seek out better options than email for internal communication. Conclusion Email is an old, insecure protocol. When you use a basic email service provider, your company’s emails are vulnerable to attack. Secure email providers improve the privacy and security of your emails, but they can’t completely overcome email’s inherent flaws. Companies should take pains to secure emails as much as possible but still treat it as an insecure method of communication. For internal communication that needs to be secure, avoiding email altogether and using a more modern solution, such as Signal or Wire, is preferable. We've featured the best email clients. SOURCE
  10. Microsoft 365 adds 'External' email tags for increased security Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. Once the feature is available, Exchange Online admins can increase their organizations' spam and phishing protection by having all emails from external senders tagged automatically. "This will be achieved by presenting a new tag on emails called 'External' in the message list," Microsoft explains in the Microsoft 365 roadmap. "In some Outlook clients, a 'mail tip' will be included at the top of the reading pane with sender's email address." The new external email tags will only show up in Outlook on the web, the new Outlook for Mac, and Outlook mobile (iOS and Android). External tags in Outlook on the web (Microsoft) External tags in Outlook for iOS (Microsoft) How to enable external email tagging After its rollout to all Office 365 environments to standard multi-tenants worldwide later this month, the Exchange Online external tag feature will be off by default. Admins who want to enable it in their tenants will have to use the Get-ExternalInOutlook and Set-ExternalInOutlook PowerShell cmdlets to view and modify external sender identification configuration in supported Outlook versions. "If you enable the cmdlet, within 24-48 hours, your users will start seeing a warning tag in email messages received from external sources (outside of your organization)," Microsoft says. "In Outlook mobile, by tapping on the External tag at the top of the message, the user will see the email address of the sender." Microsoft is also working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to thwart downgrade and man-in-the-middle (MITM) attacks. Last year, Exchange Online added support for plus addressing (also known as subaddressing or detailed addressing), allowing Office 365 customers to use unlimited disposable recipient email addresses to filter and track email sources. Source: Microsoft 365 adds 'External' email tags for increased security
  11. Microsoft: We're cracking down on malware that uses Excel macros A new antivirus and Office 365 integration from Microsoft allows for scanning malicious macro scripts written in XLM at runtime. Macro malware has been a popular choice for hackers since the 1990s and even in recent years the technique has continued to be a simple way of delivering malware to the unwary. Just last month, Ukraine accused Russian government spies of uploading documents with malicious macros to a Ukrainian government document-sharing site. And amid the first wave of the COVID-19 pandemic, Microsoft warned of emails containing Excel files with malicious macros. Microsoft has been using an integration between its Antimalware Scan Interface (AMSI) and Office 365 to knock out macro malware for years, but its successful efforts to take out macro scripts written in Visual Basic for Applications (VBA) ended up pushing attackers to an older macro language called XLM, which came with Excel 4.0 in 1992. Now Microsoft is expanding the integration of its AMSI with Office 365 to include the scanning of Excel 4.0 XLM macros at runtime, bringing AMSI in line with VBA. AMSI allows applications to integrate with any antivirus on a Windows machine to enable the antivirus to detect and block a range of malicious scripts in Office documents. Microsoft notes its Defender anti-malware is using this integration to detect and block XLM-based malware and is encouraging other anti-malware providers to adopt it, too. Although XLM was superseded by VBA in 1993, XLM is still used by some customers and so it remains supported in Excel. "While more rudimentary than VBA, XLM is powerful enough to provide interoperability with the operating system, and many organizations and users continue to use its functionality for legitimate purposes. Cybercriminals know this, and they have been abusing XLM macros, increasingly more frequently, to call Win32 APIs and run shell commands," explain Microsoft's security teams. The arrival of AMSI's VBA runtime scan in 2018 "effectively removed the armor that macro-obfuscation equipped malware with, exposing malicious code to improved levels of scrutiny," says Microsoft. "Naturally, threat actors like those behind Trickbot, Zloader, and Ursnif have looked elsewhere for features to abuse and operate under the radar of security solutions, and they found a suitable alternative in XLM," it continues. If the antivirus detects a malicious XLM macro, the macro won't execute and Excel is terminated, thus blocking the attack. Runtime inspection of XLM macros is now available in Microsoft Excel and is enabled by default on the February Current Channel and Monthly Enterprise Channel for Microsoft 365 subscription users. Microsoft Source: Microsoft: We're cracking down on malware that uses Excel macros
  12. Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform. Windows Server 2022 is now in preview and "provides secured connectivity enabled by industry-standard AES 256 encryption," as Microsoft announced today. The next Windows Server release will also improve hybrid server management by enhancing performance monitoring and event alerts in Windows Admin Center. "Furthermore, this release includes significant improvements to Windows container runtime, such as virtualized time zones and IPV6 support for globally scalable apps, as well as containerization tools for .NET, ASP.NET, and IIS applications," Microsoft added at Microsoft Ignite 2021. Windows Server 2022 also brings Secured-core to Windows Server for added protection against a wide range of threats. Secured-core servers with built-in threat protection Secured-core PCs come as a solution for the number of increasing firmware vulnerabilities that attackers can exploit to bypass a Windows machine's Secure Boot and the lack of visibility at the firmware level present in today's endpoint security solutions. Built-in protection capabilities designed to protect users from threats (both state-sponsored hacking attacks and commodity malware) abusing firmware and driver security flaws are included with all Secured-core PCs since October 2019. They can defend users against malware designed to take advantage of driver security flaws to disable security solutions. Secured-core PCs built by Microsoft in collaboration with OEM partners and silicon vendors protect users against such attacks by following these requirements: Loading Windows securely: Enabled with Hypervisor Enforced Integrity, a Secured-core PC only starts executables signed by known and approved authorities. Also, the hypervisor sets and enforces permissions to prevent malware from attempting to modify the memory and made executable Firmware protection: System Guard Secure Launch uses the CPU to validate the device to boot securely, preventing advanced firmware attacks Identity protection: Windows Hello allows you to sign-in without a password, Credential Guard leverages VBS to prevent identity attacks Secure, hardware-isolated operating environment: Uses the Trusted Platform Module 2.0 and a modern CPU with dynamic root of trust measurement (DRTM) to boot up your PC securely and minimizes firmware vulnerabilities Secured-core servers now follow these provisions to boot securely, protect themselves from firmware security bugs, shield the OS from attacks, prevent unauthorized access, and secure users' identity and domain credentials. Together, Windows Server 2022 and Secured-core add the following preventative defense capabilities to servers: Enhanced exploit protection: Hardware innovations allow for robust and performant implementations of exploit mitigations. Hardware-enforced Stack Protection will take advantage of the latest chipset security extension, Control-flow Enforcement Technology. Windows Server 2022 and protected applications will be secured from a common exploit technique, return-oriented programming (ROP), often used to hijack intended control flow of a program. Connection security: Secure connections are at the heart of today’s interconnected systems. Transport Layer Security (TLS) 1.3 is the latest version of the internet’s most deployed security protocol, which encrypts data to provide a secure communication channel between two endpoints. TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible. Windows Server 2022 includes TLS 1.3 enabled by default, protecting the data of clients connecting to the server. Improved account support for containers: Containers are being embraced by many customers as a preferred building block for their applications and services. Customers use group Managed Service Accounts (gMSA) as the recommended Active Directory identity solution for running a service across a server farm. Today, anyone trying to containerize their Windows services and applications that use gMSA is required to domain join their container host to enable gMSA functionality. This can cause scalability and management issues. Windows Server 2022 supports improvements to gMSA for Windows Containers that allow you to enable support for gMSA without domain joining the host. Secured-core for Azure IoT Edge devices Microsoft also introduced the Edge Secured-core device label at Microsoft Ignite 2021 to identify Azure IoT Edge devices that meet the Secured-core spec. The new device label is no in public preview within the Azure Certified Device program after previously being announced for Windows enterprise devices. "Now, enterprise customers seeking Internet of Things (IoT) devices that meet the Azure defined security bar can easily identify device models that have the Edge Secured-core label in the Azure Device Catalog," Microsoft said. "As part of this requirement, devices will have Azure Defender for IoT built-in." SOURCE
  13. Apple's closed software ecosystem can be the perfect hiding spot for elite hackers Tight security can be a double-edged sword In brief: Apple is notorious for its walled garden approach and renowned for promoting security and privacy as the top feature of its products. However, security researchers believe this also means hackers who do manage to breach the wall tend to remain undetected a lot more often than you'd think. For years, Apple has touted the privacy and the security of its devices and explained through its marketing that it values those two features more than other tech companies. Lately, that has attracted legal fights with companies like Epic, which are interested in breaking the walled garden that Apple has built around its ecosystem and aligning it to what the rest of the industry is doing. However, the Cupertino giant may have inadvertently created a bigger problem than the one it set out to solve. Creating a digital fortress around its products and services has given some of the world's top hackers one of the best places to hide. It may be harder to break into an iPhone, but once in, it's also easier for that bad actor to conceal their activity for a long time. A report from the MIT Technology Review takes a deep dive into Apple's intense drive to bolster product security while touching on the unintended consequences of that approach. The analysis cites Citizen Lab's senior cybersecurity researcher Bill Marczak, who explains that top-tier hackers have the resources and motivation to develop zero-click exploits that allow them to run their malicious code while users are none the wiser. It's not just malicious actors that do this. Companies like Israel-based NSO Group have been at it for years, and while they promise to only provide their tools to legitimate organizations such as law enforcement, there's always a risk they could be misused. Additionally, companies like Facebook have tried to purchase NSO's spyware tools specifically to gain the ability to monitor iPhone and iPad users. Marczak was one of the first to raise awareness about the existence of NSO and notes that when investigating an Al Jazeera journalist's iPhone last year, he initially found no evidence of hacking on it. As the investigation dragged on, the Citizen Lab team discovered the phone was pinging servers that belong to NSO. When Apple released iOS 14, it broke the researchers' "jailbreaking" tool and cut off access to specific folders that hackers tend to use to hide their malicious code. Modern computers have been moving in a similar direction to Apple's lockdown philosophy, albeit with a limited degree of success. In the case of Macs, we've already seen the introduction of T-series security chips (which are now integrated into the M1 SoC for Apple Silicon Macs) that can govern encrypted storage, secure boot, perform image signal processing and biometric authentication, and even physically disable microphones to prevent snooping. Even that implementation is not perfect and theoretically allows a skilled hacker to bake in a keylogger and steal credentials while being virtually impossible to detect. On the software side, Apple's approach is a similar double-edged sword. On the one hand, any software that runs on a Mac has to pass a Notarization check. On the other hand, that can fail spectacularly when too many people update to the latest version of macOS at the same time. Security researchers are somewhat limited because Apple doesn't allow Mac analysis tools the kind of deep access needed to look for evidence of hacks—they aren't allowed to peek at the memory allocations of other processes. That means apps cannot check another app's personal space, which is suitable for protecting end users but a significant limitation for security research. Other companies like Google are going down a similar path. For instance, Chromebooks are locked down so that you can't run anything outside of the web browser. Apple believes this approach to security is right—that the tradeoffs are a small price to pay for making the life of malicious actors very difficult when they're looking to get access to sensitive data on your devices. Security researchers tend to agree, but they're also worried that as more people gravitate toward mobile devices designed around the walled garden paradigm, it will be more challenging to assess whether a device has been compromised. They fear malicious actors will get away with it more often than not without leaving a trace. Source: Apple's closed software ecosystem can be the perfect hiding spot for elite hackers
  14. Google funds Linux maintainers to boost Linux kernel security Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security. "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today. Gustavo Silva and Nathan Chancellor, the two kernel developers funded through this initiative will exclusively focus on Linux kernel security development. Chancellor will triage and fix bugs in Clang/LLVM compilers. Silva will turn the elimination of several classes of buffer overflows into his full-time Linux development work. "Additionally, [Silva] is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities," the Linux Foundation added. "He is consistently one of the top five most active kernel developers since 2017" and he "has impacted 27 different stable trees, going all the way down to Linux v3.16." This initiative comes after the release of the 2020 FOSS Contributor Survey, authored by the Laboratory for Innovation Science at Harvard (LISH) and Open Source Security Foundation (OpenSSF). The survey found that open-source software security requires more work due to its role as "a critical part of the modern economy." Over 20,000 Linux contributors have made more than one million commits since August 2020, with Linux kernel devs always considering code security. Despite this, Google's underwriting of two full-time Linux security maintainers further highlights the importance of security in open-source software. "Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure," Linux Foundation's Director of Open Source Supply Chain Security David A. Wheeler said. "We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success." Google funds Linux maintainers to boost Linux kernel security
  15. Android 12 is bringing some important security features Protecting your privacy will be one of the main reasons to upgrade (Image credit: Google) Google is doubling down on security and privacy enhancements in Android 12 and when the next version of its mobile operating system launches this fall, users will be able to manually block access to some of the hardware sensors on their devices. As reported by 9To5Google, the latest version of Android includes a pair of new toggles that will allow users to prevent apps from accessing their smartphone's microphone and camera. The inclusion of these new toggles comes at a time when users have grown more concerned about their privacy and the fact that hackers could use the cameras, microphones and other sensors found on their devices to spy on them. This is why aftermarket webcam covers have become so popular for laptops and Lenovo has started adding its ThinkShutter automatic webcam cover to more of its devices. Privacy toggles With the launch of Android 12, users will be able to quickly turn off access to their microphone and camera right from the operating system's Quick Settings menu which can be accessed by swiping down from the notifications menu. Once enabled, these toggles will appear in the quick settings menu as icons that read “Block Camera” and “Mute Microphone”. When tapped, these toggles will entirely shut off access to either your device's camera or microphone. During its tests, 9To5Google found that Android 12's privacy toggles are not currently working with either system apps or third-party apps. For instance, with the “Block Camera” toggle active, the news outlet was still able to use their device's native camera app and this was also the case when it tired to use the viewfinders in Instagram and Twitter. However, at least with those two third-party apps, a system prompt did appear saying they had to turn on the camera though it was still active in the background on the developer preview of Android 12 in testing. We'll likely hear more about the security and privacy enhancements that will be included in Android 12 once Google begins preparing for its official rollout which will likely happen in September of this year. Via 9to5Google Android 12 is bringing some important security features
  16. Apple Offers Its Closest Look Yet at iOS and MacOS Security In its latest Platform Security Guide, Cupertino raised the curtain on the critical features that protect against hackers. Security researchers still want more info from Apple—but this is a good start.Photograph: Aaron P./Bauer-Griffin/Getty Images Apple is a notoriously tight-lipped and insular organization, a tendency that has often put it at odds with the security research community. The company is typically secretive on the technical details of how its products and security features work. So the resource that security researchers say they have come to rely on most for bread crumbs is Apple's annual “Platform Security Guide," the new edition of which launched today. It provides the most comprehensive and technical look at Apple's safeguards yet—including the first documentation of Apple's new M1 chips. Apple first offered the guide a decade ago as a very short writeup at the dawn of the iPhone era. It would later evolve into an “iOS Security Guide" focused exclusively on mobile, before expanding to encompass macOS in 2019. It details security features like Touch ID and Face ID, Apple's secure enclave, and secure boot, so that software developers and security researchers can understand more about how those features work and interact with each other. Over the years, the company says it has tried to balance readability for a wide audience with usefulness to those with deeper technical knowledge. This year, it packs in more information than ever about features both new and old. “I am constantly referring to that guide, and have been for years,” says Sarah Edwards, a longtime Apple security researcher. “I use it for all aspects of my research, my day job, my teaching gig, everything. About once a year or so I sit down with it on my iPad and read it page by page to see what I might have missed before or what happens to 'click' when I review it again after learning something through my research.” This year's edition contains significantly expanded information about hardware like M1, new details about the secure enclave, and an accounting of a host of software features. Researchers and hackers alike glean a lot through reverse engineering, the process of determining how something is built by examining the finished product. That "security through obscurity" helps keep attackers at bay to a degree, but by releasing the Platform Security Guide, Apple can help its customers take advantage of its defensive features while also providing guideposts for security researchers, in hopes that they can find vulnerabilities before the bad guys do. “Everything can be reverse-engineered, that’s a lot of fun at least for me,” says Will Strafach, a longtime iOS researcher and creator of the Guardian Firewall app for iOS. “But having a verbose and well-detailed authoritative document from Apple is helpful as it allows folks to know the intentions and limitations associated with certain security capabilities. Apple always does a great job with it, even if it doesn’t dive too deeply in the weeds." Researchers say they always have some “wish list” items that they want Apple to include in future guides. Strafach wants to know more about how M1 chips securely handle booting other operating systems, always a question for jailbreakers when Apple releases new processors. And he is curious about Apple's iOS 14 enhancements that were meant to negate a ubiquitous jailbreak exploit, but can be circumvented at least in some cases. Researchers each have specific, even esoteric hopes and dreams for new guides based on their specialities. Patrick Wardle, an independent Apple security researcher, said he was hoping to see more details on Apple's own antivirus and malware detection tools, something the company added in today's report. He still hopes to get more insight, though, into how to control some macOS features more granularly. “The guide is largely aimed at helping organizations that deploy Apple devices do so in a secure manner,” Wardle says. “And while the information provided by Apple is often quite helpful, I wish they would be more focused on practical advice for using their security components to lock systems down.” The new Platform Security Guide weighs in at almost 200 pages, and has grown steadily over more than 10 years. This slow progression reflects Apple's general hesitance to open up to security researchers. Until 2016, the company didn't even offer a bug bounty program to incentivize researchers to disclose vulnerabilities they discovered in Apple products. In 2019, the company announced that it would distribute special, less restricted iPhones to a handful of security researchers—and they finally started shipping at the very end of 2020. For cryptographers at Johns Hopkins University who recently conducted an extensive analysis of iOS and Android's various encryption states, the Platform Security Guide and historic iOS guides have been vital to understanding how everything fit together. “The guides were a really useful resource,” says Maximilian Zinkus, a PhD student at Johns Hopkins who led the analysis of iOS. Apple doesn't keep a central archive of the documents, but Zinkus and his colleagues compiled them back to 2012 from third parties. Zinkus says that while the change log at the end of each report is helpful for figuring out what information has been updated from edition to edition, it would be more useful if Apple documented changes with footnotes throughout. And including technical explanations for changes would help researchers understand certain decisions. For example, in the February 2014 iOS Security Guide, Apple listed location data as being in a special, extra-sensitive data category requiring very strong encryption. But in another version from October 2014 the paragraph mentioning that requirement was gone. “Those subtle changes can be worrying—that was definitely a surprise to see,” Zinkus says. As researchers begin to dig into the new report, they emphasize that more information is always better. But when it comes to proprietary platforms and systems, they're always going to have their wish list of what else they would want to know to help find more vulnerabilities before bad actors do—and propose ever stronger defenses in return. Apple Offers Its Closest Look Yet at iOS and MacOS Security
  17. Google Meet is getting an important new security feature It will enable Meet users to better optimize network access (Image credit: Google) Video communication tool Google Meet has announced a change to how it manages network traffic, making it easier for administrators to configure their firewalls to allow authorized traffic but block untrusted networks. In addition, the update now ensures that non-Google Workspace users receive the same protections as Workspace users. Back in January 2019, Google launched a range of fixed IP addresses for Google Meet in Workspace domains that allowed users to identify video conference traffic more easily. Now, Google has confirmed that it is introducing a range of official, fixed IP addresses for non-Google Workspace users: individuals joining calls with personal Google accounts or anonymously. “This will allow Google Workspace customers and their partners to better configure and optimize network and firewall access,” a Google Workspace update reads. “It will help non-Google Workspace domains and organizations with users who aren’t signed into Google Accounts to identify video conference traffic.” Network configuration Google also confirmed that the launch of the new IP ranges means that Meet will cease to use its old IP addresses on March 1, 2021. This may impact previously employed network optimization protocols, so Google Workspace customers are advised to add the new IP addresses to their current firewall and network configuration. Google Workspace admins should update their firewalls if they want to apply specific network rules to non-Google Workspace Meet traffic. In addition, non-Google Workspace admins should update their firewalls to allow the new Google Meet IP addresses. The new IP addresses are just the latest addition to Google Meet, which has seen a sizeable uptick in use since the COVID-19 pandemic forced many employees to work remotely. Other collaboration tools, including Microsoft Teams and Zoom, have experienced a similar popularity boost. Google Meet is getting an important new security feature
  18. Windows 10 features that boost your PC's security and privacy Like almost all operating systems, Windows 10 is vulnerable to security and privacy issues, and researchers have proved that Microsoft can track a lot of your activities to improve their products and enable personalized ads and promotions. Thankfully, Windows 10 allows us to improve the operating system's security and privacy using the built-in settings app. If you've concerns about your data security and privacy, you should consider making the below changes. Security features you should know about Below we outline some important features that can enhance the security of Windows 10 devices. Potentially Unwanted App (PUA) In Windows 10 version 2004 or newer, there's a new feature called Potentially unwanted applications (PUA) protection. As the name suggests, PUA protection allows Windows 10 to detect potentially unwanted apps using Microsoft Defender (formerly known as Windows Defender). For those uninitiated, potentially unwanted applications (PUA) generally cause issues with Windows and other installed apps, and they can also make your device slower or buggy. These unwanted apps are not considered virus or malware, but it's widely believed that they can modify your web browsers, change the default behavior and perform other actions without your permission. To enable PUA/PUP protection in Windows 10 2004, follow these steps: Open Settings. Navigate to Update & Security > Windows Security > App & browser control. Look for a new section titled 'Reputation-based protection'. You can click on the 'Turn on' button to enable the feature. If you want to configure PUA/PUP, you can also click on the 'Reputation-based protection settings'. This will allow you to access the following settings: Check apps and files. SmartScreen for Microsoft Edge. SmartScreen for Microsoft Store apps. For more detailed information, see our article on how Windows 10 2004 improves potentially unwanted app protection. Memory Integrity Windows 10 comes with another brilliant feature called "Core isolation", which aims to protect your device against malware and other attacks. Core isolation feature isolates computer processes from the software and hardware, and it enables an extra layer of security against sophisticated attacks. Memory integrity, which is a part of Core isolation, uses hardware virtualization and Hyper-V to prevent attempts to inject and run malware in Windows kernel-mode processes. In order to use core isolation's memory integrity feature, follow these steps: Open Settings. Navigate to Update & Security > Windows Security. Click on Device security. Under "Core isolation" and "Memory integrity", turn on the Memory integrity toggle switch. Restart Windows to apply changes. Controlled Folder Access Another exciting security feature in Windows 10 is "Controlled Folder Access", which basically allows you to prevent unauthorized access to certain folders. This feature gives you greater control over sensitive folders and it can also prevent ransomware or any attempt to access and encrypt your documents, pictures, and other files stored in those folders. Open Windows Security. Click on 'Virus & threat protection' Click on 'Ransomware protection' Locate the "Controlled folder access" section and click the On/Off toggle. Select the "Protected folders" option. Add all the folders that you want to restrict access to. For more detailed information, see our article on how Controlled Folder access works. Network scanning Network scanning is included with Windows Defender and it allows you to scan your network files. However, the feature is disabled by default and interested users need to enable it manually with PowerShell. To use enable network scanning, follow these steps: Open Windows Search. Search for PowerShell and click the Run as administrator option. Type the following command: Set-MpPreference -DisableScanningNetworkFiles 0 Press Enter to enable scan network files By following the above steps, you can use Defender to scan network files. If you want to turn off the feature, enter the following command in PowerShell: Set-MpPreference -DisableScanningNetworkFiles 1 Windows 10 settings to increase your privacy If you're concerned about privacy and how your data is being used by Microsoft, you should make the below changes to increase privacy in Windows 10. Turn off ads and tracking All consumer-oriented versions of Windows 10 show ads or recommendations by default and Microsoft also create an advertising ID for your user account. The advertising ID is linked to your Microsoft account and it is used to trailer recommendations/ads for Microsoft services. Fortunately, Windows 10 allows you to turn off the advertising ID and it even lets you disable the ads that you see in the Start menu and other places. To turn off the settings, follow these steps: Launch Settings. Go to Privacy > General. Under the "Change privacy options" section, toggle Off the following options: "Let apps use advertising ID to make ads more interesting ..." "Let Windows track app launches to improve Start and search results" "Show me suggested content in the Settings app". When done, your General settings should look like the following image. Disable Start Menu suggestions and promotions As mentioned above, Microsoft uses Start Menu to show suggestions/ads/recommendations for Microsoft Store apps and services. For example, Microsoft recently started displaying ads for the new Microsoft Edge browser in the Start Menu. To disable these suggestions, go to Settings > Start and disable 'Show suggestions occasionally in Start' as shown above. Restrict Diagnostic data Windows 10 collects the hardware and software diagnostic data on a regular basis to improve Windows experience on your device, according to Microsoft. The data collection cannot be turned off completely, but you can control what kind of diagnostic data is gathered about you, your applications, and your device. To manage your diagnostic data, head to Settings > Privacy > Diagnostics & Feedback. You'll see two options—Basic and Full. To reduce the data collection, select the first option (Basic). When the Basic option is selected, Microsoft will only record and collect your device's basic information including settings, features, and performance. Manage permissions for location, microphone, camera Like diagnostic data, Windows 10 Settings app also allows you to manage permissions for hardware features, such as location, microphone and camera. To disable location access for apps and Windows, you need to launch the Settings app and go to Privacy > Location, and turn off the location access option. Similarly, you can open Microphone and camera privacy pages, and turn off the access. When the permission is set to 'off', Windows will block all apps from using location, microphone or camera. Disable the Windows Timeline (Activity history) Windows 10 comes with a built-in activity history feature called 'Timeline'. This feature allows you to go back in time to see and resume your work activities, and it also organizes the activities that you do on your PC, Microsoft Edge and Android phone. Timeline works surprisingly well and it gathers your data actively, which for many is too much of a privacy risk. Fortunately, there's a way to disable activity history completely. To disable Timeline, follow these steps: Open Settings. Click Privacy. Open Activity History. Uncheck the “Let Windows collect my activities from this PC” checkbox and Timeline will not collect your information. Disable Timeline Toggle Microsoft account under “Show activities from accounts” to Off. Finally, you need to click on the Clear option to clear your activity history. App permissions Like Android and iOS, Windows 10 comes with a dedicated settings page for managing the app permissions. To manage app permissions, you need to open from Settings > Apps > Installed apps and click on the app (eg voice recorder) whose permissions you want to limit. Windows 10 features that boost your PC's security and privacy
  19. Google researcher discovers new iOS security system iOS 14 shipped with BlastDoor, a new sandbox system for processing iMessages data. Image via Thom With the release of iOS 14 last fall, Apple has added a new security system to iPhones and iPads to protect users against attacks carried out via the iMessage instant messaging client. Named BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher with Project Zero, a Google security team tasked with finding vulnerabilities in commonly-used software. Groß said the new BlastDoor service is a basic sandbox, a type of security service that executes code separately from the rest of the operating system. While iOS ships with multiple sandbox mechanisms, BlastDoor is a new addition that operates only at the level of the iMessage app. Its role is to take incoming messages and unpack and process their content inside a secure and isolated environment, where any malicious code hidden inside a message can't interact or harm the underlying operating system or retrieve with user data. Image: Google Project Zero The need for a service like BlastDoor had become obvious after several security researchers had pointed out in the past that the iMessage service was doing a poor job of sanitizing incoming user data. Over the past three years, there had been multiple instances where security researchers or real-world attackers found iMessage remote code execution (RCE) bugs and abused these issues to develop exploits that allowed them to take control over an iPhone just by sending a simple text, photo, or video to someone's device. The latest of these attacks took place last year, over the summer, and were detailed in a report from Citizen Lab named "The Great iPwn," which described a hacking campaign that targeted Al Jazeera staffers and journalists. Groß said he was drawn to investigating iOS 14's internals after reading in the Citizen Lab report that the attackers' zero-days stopped working after the launch of iOS 14, which apparently included improved security defenses. After probing around in the iOS 14 inner workings for a week, Groß said he believes that Apple finally listened to the security research community and improved iMessage's handling of incoming content by adding the BlastDoor sandbox to iMessage's source code. "Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole," Groß said in a blog post today. "It's great to see Apple putting aside the resources for these kinds of large refactorings to improve end users' security." Source: Google researcher discovers new iOS security system
  20. Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs also began targeting Docker and Kubernetes systems. Most of these attacks followed a very simple pattern where threat actors scanned for misconfigured systems that had admin interfaces exposed online in order to take over servers and deploy cryptocurrency-mining malware. Over the past three years, these attacks have intensified, and new malware strains and threat actors targeting Docker (and Kubernetes) are now being discovered on a regular basis. But despite the fact that malware attacks on Docker servers are now commonplace, many web developers and infrastructure engineers have not yet learned their lesson and are still misconfiguring Docker servers, leaving them exposed to attacks. The most common of these mistakes is leaving Docker remote administration API endpoints exposed online without authentication. Over the past years, malware like Doki, Ngrok, Kinsing (H2miner), XORDDOS, AESDDOS, Team TNT, and others, have scanned for Docker servers that left the Docker management API exposed online and then abused it to deploy malicious OS images to plant backdoors or install cryptocurrency miners. The latest of these malware strains was discovered last week by Chinese security firm Qihoo 360. Named Blackrota, this is a simple backdoor trojan that is basically a simplified version of the CarbonStrike beacon implemented in the Go programming language. Only a Linux version was discovered until now, and it is unclear how this malware is being used. Researchers don't know if a Windows version also exists, if Blackrota is being used for cryptocurrency mining, or if it's used for running a DDoS botnet on top of powerful cloud servers. What it is known is that Blackrota relies on developers who have made a mistake and accidentally misconfigured their Docker servers. The lesson from Blackrota and past attacks, is that Docker is not a fringe technology anymore. Threat actors are now targeting it on purpose with at-scale attacks on a near daily basis. Companies, web developers, and engineers running Docker systems part of production systems are advised to review the official Docker documentation to make sure they have secured Docker's remote management capabilities with proper authentication mechanisms, such as certificate-based authentication systems. Currently, there are plenty of tutorials around to guide even the most inexperienced developers with step-by-step guides. With Docker gaining a more prominent place in modern-day infrastructure setup, with attacks on the rise, and with the number of malware strains that target Docker systems growing by the month, it's time that developers took Docker security seriously. Source
  21. The company won't have to pay a fine for the time being. Since it exploded in popularity at the start of the coronavirus pandemic, Zoom has promised to address the more glaring security and privacy issues that are a part of its video meeting software. And now the company has a regulatory incentive to do exactly that. As part of a new proposed settlement with the Federal Trade Commission (FTC) over its privacy practices, the company must establish an information security program that will see it share security audits with the agency. Zoom has also agreed to notify the FTC if it goes through a data breach, as well as implement additional security features. The main issue the FTC had with Zoom’s practices was that it misled people about its use of end-to-end (E2E) encryption. Since as far back as 2016, the company’s website has said users could secure their Zoom meetings “with end-to-end encryption. In reality, Zoom only recently started rolling out E2E encryption to video meetings. The FTC says the company’s claims gave people a false sense of security. The agency also found problems with ZoomOpener, software the company included in a July 2018 update it pushed to Mac users. ZoomOpener installed a persistent web server on your Mac that could, in certain circumstances, reinstall Zoom on your computer without your permission. “Zoom’s security practices didn’t line up with its promises, and this action will help to make sure that Zoom meetings and data about Zoom users are protected,” said Andrew Smith, the director of the FTC’s Bureau of Consumer Protection. “We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs,” a spokesperson for Zoom told Engadget. “We are proud of the advancements we have made to our platform, and we have already addressed the issues identified by the FTC. Today's resolution with the FTC is in keeping with our commitment to innovating and enhancing our product as we deliver a secure video communications experience." One thing Zoom won’t have to do as part of the settlement is to pay a fine to the federal government, provided it stays out of trouble. If the FTC finds that the company hasn’t been adhering to the agreement, it faces fines of up to $43,280 for each future offense. Source
  22. NEW YORK (Reuters) - Twitter Inc suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of several of the world’s most famous people in July, according to a report released on Wednesday. The report by New York’s Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference. “That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Linda Lacewell, the financial services superintendent. Twitter did not immediately respond to a request for comment. It has acknowledged that some employees were duped into sharing account credentials prior to the hack. New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin. Those whose accounts were hacked included U.S. presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star. Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter’s information technology department, and claiming to be responding to problems with the company’s Virtual Private Network, which had become common because employees were working from home. “The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report said. Twitter’s lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said. Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as an adult with 30 felonies. Clark has pleaded not guilty. Federal prosecutors charged two others with aiding the hack. Source
  23. LibreAV v1.0.2 (10002) (Open Source Real Time Scanning Antivirus) LibreAV is an attempt to detect malware on Android devices using a machine learning approach that is powered by TensorFlow. We use a two-layer neural network trained with a carefully selected set of features. The neural network is tuned in such a way that it performs efficiently on mobile devices where computational resources are limited. Tests show that LibreAV performs efficiently and effectively even on low-end mobile devices. With LibreAV, you can scan all the installed apps in your device in a matter of seconds. It also has a realtime scan feature which alerts you whenever an app is installed or updated. Features • Real time scanning • On device inference • Lightweight • 100% free and no ads How it works? LibreAV uses permissions and intent-filters to detect malicious apps. While scanning, it loads the machine learning model and extracts permissions and intents from the installed applications on the user's device. These extracted features are then fed to the machine learning model in the form of a vector. The machine learning model returns a prediction score between 0 and 1 that denote the degree of maliciousness of the scanned application. We use this score to classify the scanned app into one of the following categories: 1. Goodware: The prediction score is less than 0.5 2. Risky: Prediction score between 0.5 and 0.75 3. Malware: Prediction score is greater than 0.75 4. Unknown: If LibreAV is unable to extract permissions and intents from an app, then that app is labelled as 'Unknown' You can check the code for building machine learning model here Homepage F-Droid Changelog Changelog: This is the first release of LibreAV on F-Droid. • Rebuilt the open-source library info screen with About Libraries • Updated the targetSdkVersion to 29 • Updated gradle version to 6.1.1 Download
  24. U-VPN (Free Unlimited & Very Fast & Secure VPN) v3.6.0 (Ad-Free) (derrin Mod) U-VPN is super fast VPN service using a new technology. U-VPN is the ultimate Android VPN. It is 100% free unlimited VPN. Easy to use, One click to connecting to U-VPN server. U-VPN is completely anonymous. All of your traffic is encrypted and not logged at all. U-VPN give you unlimited bandwidth and unlimited free trial time. U-VPN protect your privacy and keep you safe from 3rd party tracking. Unblock geographically restricted websites through U-VPN servers. U-VPN support UI with multi languages and many vpn servers located in different area. U-VPN Benefits: * U-VPN Service is almost never blocked in any country. * The connection speed of U-VPN is very fast compared to others. * The traffic speed of U-VPN is more fast compared to others. * Encrypts your internet traffic. * Unblock geographically restricted websites. * No registration needed. * No login or password required. * Easy to connect to U-VPN. * No root access needed. We hope you enjoy with U-VPN. Thank you! Homepage Download Changelog: Fixed some bugs. Improved performance. Site: https://www.upload.ee Sharecode: /files/12270227/U-VPNFreeUnlimitedandVeryFastandSecureVPNAd-Freev360.apk.html
  25. AdGuard for Android version 4.0 nightly 1 AdGuard is a unique no root ad blocker for Android that removes ads in apps and browsers, protects your privacy, and helps you manage your apps. Blocks ads everywhere Block throughout the whole system. This includes video ads and ads in your favorite apps, browsers, games, and on any website you can imagine. Dozens of ad filters are available to you and are updated on a regular basis, guaranteeing the best filtering quality. Cares about your privacy We value the privacy of your personal data above anything else. With AdGuard, you will be safe from online trackers and analytics systems that lurk on the web trying to steal your sensitive information. Surely, this happens without logging the users' actions. AdGuard does not store DNS query logs. Saves your traffic More ads blocked means fewer ads loaded. Fewer ads loaded means more traffic saved. Simple math by AdGuard! Download the apk file, install the app and spend your traffic on things you like instead of wasting it on voracious ads. You stay in control It is your device, after all, and you decide what gets filtered and what doesn’t. A wide range of settings — from basic to 'pro' — as well as an Apps Management tool will help you customize the filtering to your liking. Homepage Download Changelog: [Fixed] Fix a bug related with strange and small "m^" rules #3548
  • Create New...