By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The feud between Huawei and the US government is not new but the company recently lost access to all the important hardware and software, thanks to the sanctions by the Trump administration. This is a big deal for Huawei since the company might not be able to manufacture smartphones altogether. However, Huawei is much more than just a smartphone brand. It’s one of the biggest companies in China and is currently leading the 5G race. With all that in mind, the lawmakers have expressed their concerns in the past and no one is actually happy to see one company dominating the 5G development. It’s not like the concerns are solely based on the fact that Huawei is leading the 5G race but the fact that there’s evidence suggesting wrongdoings on the company’s part. While researching on the topic, we came across an interesting article from PhoneRadar that summed up all the allegations made by lawmakers in the past. The article supported those allegations with proper evidence suggesting Huawei might not be innocent after all. The article goes back to the early 2000s when the Chinese hackers got the passwords of Nortel’s top executives and they accessed the proprietary IP which was then used by Huawei to sell the same services at lower costs forcing Nortel out of the business. Huawei was also accused by Cisco for I.P. infringement and even said that Huawei stole the software code of its routers. The lawsuit was later settled with no details revealed to the public. Fast forward to 2007, FBI found $30,000 cash and a bag full of classified Motorola documents on an employee who was connected to Huawei. The plan was to copy Motorola’s wireless technology for Huawei phones and the case was later settled confidentially. Learn more by visiting OUR FORUM.

Germany's Interior Minister Horst Seehofer purportedly wants to force messaging providers such as WhatsApp, Telegram, and Threema to provide plain text chats to law enforcement agencies on a court order as reported by Der Spiegel and from a number of other German news outlets. This means that the leader of the Christian Social Union (CDU) basically wants to ban messaging end-to-end encryption since for keeping cleartext logs of encrypted chats the apps would either have to be injected with some sort of backdoor or the encryption removed altogether. Seehofer is also known for his "zero tolerance" policy toward criminals and for calling for "video surveillance at every hot spot in the country" according to Deutsche Welle. "Messenger services such as WhatsApp or Telegram should be obliged to record the communications of their customers and to send them to authorities - in a readable form, ie unencrypted," as Der Spiegel reports [automated translation]. Also, "providers who do not fulfill this obligation should be banned by order of the Federal Network Agency for Germany" with the new rules to be enacted by the end of the year. The proposal also says that the freedom to use messaging encryption has to be "reconciled with the unavoidable needs of security agencies" to have access to communications when mandated by a court. According to the German Ministry of the Interior, Building and Community proposal, messaging apps can use encrypted communication by default but they would also have to ensure "state-of-the-art access to the contents of communication as a legally regulated exemption for their users". Further details are posted on OUR FORUM.

A security researcher has published today demo exploit code on GitHub for a Windows 10 zero-day vulnerability. The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts. According to a description of the zero-day posted on GitHub, this vulnerability resides in the Windows Task Scheduler process. Attackers can run a malformed .job file that exploits a flaw in the way the Task Scheduler process changes DACL] (discretionary access control list) permissions for an individual file. When exploited, the vulnerability can elevate a hacker's low-privileged account to admin access, which, in turn, grants the intruder access over the entire system. The zero-day has only been tested and confirmed to work on Windows 10 32-bit systems. The researcher who released this zero-day is named SandboxEscaper and has a reputation for releasing Windows zero-days online, without notifying Microsoft of these security flaws. While there has been no reported exploitation for the last three, the first was incorporated in active malware campaigns a few weeks after its release. For more please navigate to OUR FORUM.

Windows 10 May 2019 Update is now rolling out to the seekers (advanced users) and the company will make the May 2019 Update more broadly available in the coming weeks. In the announcement post, Microsoft revealed that Windows 10 version 1903 is only available for customers who would like to install it. Starting today, any Windows 10 users with a compatible device can proactively grab the final bits by checking for updates. But the update won’t begin installing when you check for updates. Once the update appears on the page, you’ll see an option to download and install the Windows 10 May 2019 Update. Microsoft says that it is rolling out the feature to Windows 10 devices gradually and it should show up in a few days. If you click on the option and the download is complete, Microsoft will ask you when to finish the installation. You can also use the Update Assistant, Media Creation Tool to install the update. In our testing, Windows 10 May 2019 Update emerged as the smoothest version of Windows 10. The performance has improved and Microsoft has also fixed multiple UI glitches. Microsoft’s Windows 10 May 2019 Update offers some much-needed improvements to the operating system. It introduces an improved Windows Update experience, light theme, and several refinements. The best feature, however, is the new Windows Sandbox. Windows Sandbox is a simple virtualized Windows within Windows, it’s a place where you can open any web browser, download untrusted app and run if you’re worried it might be malware. Another important change is decoupling of Windows Search and Cortana. Previously, the search served as a feature inside Cortana. With Windows 10 May 2019 Update, Microsoft is finally giving Windows Search its own place and Cortana also has its own home on the taskbar. Learn more by visiting OUR FORUM.

In a report on Friday, Google highlights the importance of linking a phone to an account when it comes to fighting hijacking attempts from automated attempts from bots, phishing, and targeted attacks. An email address is at the center of our online life, essential for creating accounts to web services and for receiving communication more or less sensitive in nature. Moreover, providers of a large host of services, like Google and Microsoft, have moved to the single sign-in system where the same username and password to access all services from the same provider. On top of this, these accounts can be used to sign up or log into third-party services. It's no wonder email accounts are coveted by hackers of any sort. Account hijacking attempts occur every day, by the hundreds of thousands, and companies like Google have developed defenses against these threats. Adding a recovery phone number to the Google account seems to be an effective way to win against take-over attacks, especially if they are not targeted. A study from academic researchers shows that where a Google account was linked to a phone, the takeover prevention rates went up as much as 100% in the case of automated bots, as high as 99% with run-of-the-mill phishing, and up to 90% with targeted attacks. According to a study from researchers from New York University and Google real-world efforts to hijack a Google account were mostly ineffective against device-based challenges. More detailed information is posted on OUR FORUM.

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account. This week, a user posted on Reddit about how they discovered that their Google Account's Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay. When I saw this, I checked my Google Account Purchases page, located at myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more. The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information. When Google was contacted about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads. While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so. Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page. Full details are posted on OUR FORUM.

 

GTranslate