By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google's elite security and bug-hunting team. LastPass believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. In a blog post, the company said the bug only impacts its Chrome and Opera browser extensions. If users have not enabled an auto-update mechanism for their LastPass browser extensions, they're advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher's bug report walks an attacker through the steps necessary to reproduce the bug. Since the bug relies on executing malicious JavaScript code alone, with no other user interaction, the bug is considered dangerous and potentially exploitable. Attackers could lure users on malicious pages and exploit the vulnerability to extract the credentials users had entered on previously-visited sites. According to Ormandy, this isn't as hard as it sounds, as an attacker could easily disguise a malicious link behind a Google Translate URL, trick users into visiting the link, and then extract credentials from a previously visited site. Like any other applications, password managers are sometimes vulnerable to bugs, which are in all cases eventually fixed. Despite this vulnerability, users are still advised to rely on a password manager whenever they can. Using a password manager is many times better than leaving passwords stored inside a browser, from where they can be easily extracted by forensic tools and malware. For more visit OUR FORUM.

 

China's internet could continue to operate as a national intranet in the case of a cyber-attack or foreign intervention. The structure of the Chinese internet is unlike any other country, being similar to a gigantic intranet, according to research published by Oracle last week. The country has very few connection points to the global internet, has zero foreign telcos operating within its borders, and Chinese-to-Chinese internet traffic never leaves the country. All of these allow China to disconnect itself at will from the global internet and continue to operate, albeit with no connectivity to western services. "Put plainly, in terms of resilience, China could effectively withdraw from the global public internet and maintain domestic connectivity (essentially having an intranet)," Oracle's Dave Allen said. "This means the rest of the world could be restricted from connecting into China, and vice versa for external connections for Chinese businesses/users."

Windows 10 KB4515384 is the latest cumulative update that Microsoft released on September 10 with a fix for high CPU usage bug and multiple vulnerabilities. Microsoft initially stated that the cumulative update comes without any known issues, but the company has now updated the changelog to confirm a bug affecting both Start menu and Windows Search. Microsoft has also confirmed audio issues in this cumulative update. It looks like Windows 10 KB4515384 is plagued by several other issues as well, including a bug that disables Ethernet or WiFi connectivity. A number of users are reporting on Microsoft community forum, Reddit and Windows 10’s Feedback Hub that network adapters have stopped working after applying this update. “Cumulative update (kb4515384) causes the NIC to fail to enable with a code 10 error. Reinstalling network drivers from Intel or Windows Update sources does not resolve the issue. However removing the update through the ‘Programs & Software’ panel or using a recovery point set *before* the update fully resolves the issue,” a user documented the bug on Feedback Hub. “KB4515384 breaks ethernet and wifi adapters on my PC. Appears to create new devices as they’re labeled ‘#2’ and when exposing hidden devices in Device Manager the previously named devices appear. Uninstalling these / new or old drivers do not fix the issues (i.e. “ethernet unplugged” which it is clearly not). The only option was to uninstall this update,” another user confirmed the annoying bug on Feedback Hub. If you are affected by broken network adapters bug, you can disable and re-enable the adapter in Device Manager, and you might be able to use the adapters again after a system reboot. Follow this on OUR FORUM.

In late August, we learned Microsoft was planning its next Surface event for October 2nd – although the fact that it was announcing hardware was more of an assumption than an official confirmation. But today Microsoft sent out a second, formal invite to journalists, and it’s now clear the company is planning big things for its next event.
There are two main details alluding to a major announcement: For one, TNW has learned both Surface head honcho Panos Panay and Microsoft CEO Satya Nadella will be in attendance. For another, Microsoft will be livestreaming the event this time around.
Those two details may not sound like much, but they’re worth noting. While Panay is always at Surface events, Nadella is only there on occasion. Likewise, several Surface events have been low-key, press-only events with no livestream. The company didn’t have a livestream for the Surface Book 2 or Pro 6, for example. But it did have a livestream when it introduced the Surface Studio and Surface Book 2 – major new hardware categories for the company.
We understand that Microsoft will have both hardware and software to show off. We’ll likely see a new the Surface Book, which is nearly 2 years old now, and perhaps a spec bump for the more recent Surface Go, Pro, and Laptop. But we also think it’s likely the company will finally reveal its long-rumored dual-screen, extra-portable Surface, codenamed Centaurus. We’ve also heard rumblings of a Surface speaker.
Centaurus is expected to run Microsoft’s sprightly Windows Lite, which is rumored to be the company’s mobile-first alternative to Windows 10. This will run universal Windows apps and come with an all-new interface (as opposed to the less remarkable and unpopular Windows 10 S).
We’ll be there October 2, so stay tuned for more. The livesteam begins at 10AM that day.
Source - Pic: thenextweb, imgbb

Twitter suspended accounts of multiple Cuban politicians, including the account of the country’s leader, Raul Castro, and his daughter, as well as the account of a Cuban TV talkshow Mesa Redonda. Some of the journalists who collaborated with the programme in the past, including journalists who work for RT en Español, have also had their accounts suspended on Twitter. The mass ban/censorship followed the televised announcement about the upcoming fuel shortages due to US policies.
Twitter commented by saying that the ban was implemented according to the social media giant’s policy that prohibits using multiple accounts to amplify political messages and propaganda…
But Twitter (as well as FB, Google, etc) shouldn’t do anything about the US, UK, and Israel’s psychological operations and mass propaganda on social media because those three are the good guys, right? Even though it is openly and officially stated that they create fake “sock puppet” accounts to brainwash people on the Internet, and that they’ve been doing so for years…
Oh, well, I’m pretty sure Twitter just follows the rules of the Free Market™ while making such decisions.
Source and Links to be found at fort-russ.com - Pic: Stream.org

The U.S. Treasury signed sanctions against three hacking groups actively engaged in cyber operations meant to bring financial assets to the government of North Korea. The groups are Lazarus, Bluenoroff, and Andariel, well-known in the security industry for cyber operations aimed at cyberespionage, data theft, monetary reward, and data destruction. By signing the sanctions, the U.S. Treasury U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) puts a lock on all properties and financial assets owned by the three groups in the U.S. and prohibits all dealings involving these goods. The sanctions extend to "any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the entities," could become the target of sanctions. All three groups operate at the command of the Reconnaissance General Bureau (RGB), which is North Korea’s primary intelligence bureau. Lazarus Group (a.k.a. Hidden Cobra), which is the larger of the three hacking entities and considered an umbrella for the others, was created in early 2007 and it is coordinated by the 110th Research Center, 3rd Bureau of the RGB; this bureau is charged with technical surveillance and it is the architect of North Korea's cyber operations. Infamous incidents attributed to Lazarus Group include the attack on Sony Pictures - known as Operation Blockbuster, back in 2014 and the WannaCry ransomware global epidemic in 2017. One of the most notable heists attempted by this group was against the Bangladesh Central Bank, which stood to lose about $1 billion, were it not for two mistakes from the hackers. One of them was a typo, the other misstep was choosing a recipient that had been flagged for evading U.S. sanctions against Iran. In total, Bluenoroff (APT38) hackers managed to steal $81 million from just four transfers out of a total of 35. The third hacker group associated with the North Korean government is called Andariel. Operating since at least 2015, the outfit is known to focus on foreign businesses, government agencies, entities in the defense industry, financial services infrastructure, and private corporations. Find this interesting and want to know more visit OUR FORUM.

 

GTranslate