By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

A newly discovered piece of malware for Android raises the bar in terms of sophistication and flexibility, offering its operator adaptability to various tasks. Cybercriminals are currently running tests on GPlayed but malware analysts warn that it is already shaping up as a serious threat. The modular architecture extends its functionality through plugins that can be added without the need to recompile and update the package on the device. The operator can also inject scripts and send .NET code to the infected Android that GPlayed can compile and execute. it is built using the Xamarin environment for mobile apps and uses a DLL called "eCommon" that "contains support code and structures that are platform independent." This model shows a new step on the evolution ladder, where code can migrate from desktop platforms to mobile ones, resulting in a hybrid threat. It disguises itself on the device as the Play Store app, using an icon very similar to the original and the name "Google Play Marketplace." It asks for many permissions, including "BIND_DEVICE_ADMIN," which gives it almost complete control over the infected device. Researchers at Cisco Talos analyzed GPlayed and discovered a hefty set of native capabilities covering spying, data exfiltration, and self-management functions. Visit OUR FORUM for complete details.

In Windows 10, Microsoft added a new ransomware protection feature called Controlled Folder Access that can be used to prevent modifications to files in protected folders by unknown programs. At the DerbyCon security conference last week, a security researcher showed how DLL injection can be used by ransomware to bypass the Controlled Folder Access ransomware protection feature. Controlled Folder Access is a feature that allows you to protect folders and the files inside them so that they can only be modified by an application that is whitelisted. The whitelisted applications are either ones that you specify or ones that are whitelisted by default by Microsoft. Knowing that the explorer.exe program is whitelisted in Controlled Folder Access, Soya Aoyama, a security researcher at Fujitsu System Integration Laboratories Ltd., figured out a way to inject a malicious DLL into Explorer when it is started. Since Explorer is whitelisted, when the DLL is injected it will launch and be able to bypass the ransomware protection feature. To do this, Aoyama relied on the fact that when explorer.exe starts, it will load DLLs found under the HKEY_CLASSES_ROOT*shellexContextMenuHandlers registry key. The HKEY_CLASSES_ROOT tree is a merge of registry information found in HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. When performing the merge, Windows gives the data in the HKCU tree precedence. Tune into OUR FORUM to learn more.

Google has decided to shut down its social media website Google+ after a massive data breach which potentially exposed data of over 500,000 users. Google has since decided to shut down the network for consumers. The company said it didn’t report the breach partly due to fears of regulatory scrutiny. This comes from the Wall Street Journal who cited unnamed sources and internal documents. Google said the bug hasn’t affected the personal data but is investigating the issue. Google found the issue with their API back in March but chose to ignore it and not report it to the regulatory bodies. This is in direct violation of GDPR which says that any data breach should be reported within 72 hours. Google said a glitch in the social site gave outside developers potential access to private Google+ profile data between a major redesign in 2015 and March 2018, when internal investigators discovered and fixed the issue. Wall Street Journal also reported that Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users as it would result in an immediate regulatory interest. Since the breach has been reported, it would be interesting to see how the regulatory bodies respond to this. Find out what Google had to say about this breach on OUR FORUM.

At Microsoft’s Surface event the company announced a brand-new accessory, the Surface Headphones, and the company has slowly been trickling out details regarding its pricing and availability. The headphones, which are appealing especially to developers and other office workers who want to maintain their productivity in distraction-prone environments, utilize 4 beam-forming microphones, 4 active noise-canceling microphones, and 13 levels of noise reduction for up to 30 dB for active noise cancellation to keep users focused. They also feature 40 mm free drivers delivering up to115 dB, automatic pause and play, support phone calls,  USB-C charging, 3.5mm connectivity, Microsoft’s own Bluetooth fast pair technology and 15 hours of battery life. At the time of their announcement, Microsoft did not reveal the pricing and availability of the Cortana-powered headphones, but we have recently heard they will be retailing for $350, in line with similar offerings by Bose and Sony. Microsoft has been working on the headphones for the last three years and Panos Panay called them “One of my dream products right now.” Visit OUR FORUM for more information and links.

Microsoft unveiled Windows 10 version 1809, the October 2018 Update for Windows 10 on October 2, 2018, officially. The company published updated tools to upgrade to a new version of Windows 10 and enabled the update on Windows Update as well but only for users and administrators who clicked on the "check for updates" button manually in the Windows Update interface. Reports started to emerge soon thereafter that, once again, updates were not processing as smoothly as possible for some users. User reports suggested that personal files were deleted on some machines and that there were a number of issues next to that. Microsoft itself blocked updates for devices with certain hardware or software configurations outright as these configurations were known to have issues with the new version of Windows 10. The company posted an update on the official Windows 10 version 1809 support page on the Microsoft website on October 5, 2018. There it revealed that it decided to pause the rollout of the update because of data loss reports by users who performed the upgrade on PCs. Microsoft urges customers to wait with the installation of the Windows 10 feature update; users who downloaded the ISO files manually or created installation media are urged not to install it until new media is available. Further explanation is posted on Our Forum.

Google in a convicted abuser of its monopoly positions, having been fined on two occasions by the European Commission for anti-competitive behavior. Now the company may be facing the heat closer to home, according to the New York Post, who reports that the Department of Justice is looking into starting an investigation into Google’s abuse of its Android monopoly in the USA. According to the Post’s two sources, Makan Delrahim told senators at a hearing the feds could investigate Google’s use of the Android mobile operating system. Google has already been investigated by the FTC for abusive practices in its search monopoly in 2013, but after a 20-month investigation, this came to nothing. Since then, however, President Trump has come to power, and while generally favorable to big business, he is not a fan of Google and other internet companies, who he feels is biased against him. In August President Trump’s top economic adviser, Larry Kudlow said the administration was “taking a look” at whether Google should be regulated and would do “some investigation and some analysis”. Google we convicted in July by the EU of abusing its dominant position in Android and has until the 22nd of October to present solutions to the European Commission. Some have suggested this may include unbundling the Google Play Store from Google’s other apps and services, which would allow companies such as Amazon, Facebook and also Microsoft to compete with Google on a much more level playing field. Feeling the heat in the USA also may make Google more likely to offer an effective settlement. Learn more on this by visiting OUR FORUM.