Windows 10 News and info | Forum
October 26, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: 1 2 [3] 4 5 ... 10
 on: October 17, 2020, 10:59:49 PM 
Started by javajolt - Last post by javajolt

There are certain smartphone functions that you want to be able to do quickly. Turning on the flashlight is one of them. We’ll show you how to turn it on by simply tapping the back of your Android device.

This is possible with an app called “Tap, Tap.” Once enabled, it can perform functions when you tap the back of your device. The app is not available to download from the Google Play Store, but it can be easily sideloaded on any Android 7.0+ device.

Before we proceed, follow our guide to get Tap, Tap installed and ready to go.

Now that you have Tap, Tap set up, we can configure the Flashlight gesture. Open the app and select either “Double Tap Actions” or “Triple Tap Actions.” For this guide, we’ll use Double Tap.

Next, tap the “Add Action” button at the bottom of the screen.

From the “Utilities” category, select “Flashlight.” Alternatively, you can take a screenshot by tapping on the back of your phone.

The flashlight will now turn on when you tap the back of your Android device. Next, we can set up some “Requirements.” These requirements need to be met in order for the Flashlight to turn on. You don’t have to add requirements, but if you want to, tap “Add Requirement.”

If you’re worried about the flashlight turning on in your pocket, you could select the “Display On” requirement. This will ensure the flashlight doesn’t turn on when the display is off (though, you may find that handy, too).

You’re done! Now you always have quick access to your Android phone’s flashlight when you’re in a dark situation.


 on: October 16, 2020, 12:51:20 PM 
Started by javajolt - Last post by javajolt
Emotet diversifies arsenal with new lures to trick users into infecting themselves.

In today's cyber-security landscape, the Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments.

These malspam campaigns are absolutely crucial to Emotet operators.

They are the base that props up the botnet, feeding new victims to the Emotet machine — a Malware-as-a-Service (MaaS) cybercrime operation that's rented to other criminal groups.

To prevent security firms from catching up and marking their emails as "malicious" or "spam," the Emotet group regularly changes how these emails are delivered and how the file attachments look.

Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email.

That's because users who receive Emotet malspam, besides reading the email and opening the file, they still need to allow the file to execute automated scripts called "macros." Office macros only execute after the user has pressed the "Enable Editing" button that's shown inside an Office file.

Tricking users to enable editing is just as important to malware operators as the design of their email templates, their malware, or the botnet's backend infrastructure.

Across the years, Emotet has developed a collection of boobytrapped Office documents that use a wide variety of "lures" to convince users to click the "Enable Editing" button.

This includes:

• Documents claiming they've been compiled on a different platform (i.e., Windows 10 Mobile, Android, or iOS) and the user needs to enable editing for the content to appear.

• Documents claiming they've been compiled in older versions of Office and the user needs to enable editing for the content to appear.

• Documents claiming to be in Protected View and asking the user to enable editing. (Ironically, the Protected View mechanism is the one blocking macros and showing the Enable Editing button/restriction.)

• Documents claiming to contain sensitive or limited-distribution material that's only visible after the user enables editing.

• Documents showing fake activation wizards and claiming that Office activation has been completed and the user only needs to click enable editing to use Office; and many more.

But this week, Emotet arrived from a recent vacation with a new document lure.

File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button (don't press it).

According to an update from the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world.

Per this report, on some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report from earlier this week that the TrickBot botnet survived a recent takedown attempt from Microsoft and its partners.

These boobytrapped documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners.

Furthermore, Emotet often uses a technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the boobytrapped Office documents as attachments.

The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis.

In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes.

Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent.

Below is a list of the most popular Emotet document lures, according to a list shared with ZDNet by security researcher @ps66uk.


 on: October 15, 2020, 06:20:54 PM 
Started by javajolt - Last post by javajolt
What is a DDoS attack? Everything you need to know about Distributed Denial-of-Service attacks and how to protect against them

DDoS attacks are one of the crudest forms of cyberattacks, but they're also one of the most powerful and can be difficult to stop. Learn how to identify and protect against DDoS attacks with this guide.

◄ § ►

What is a DDoS attack?

A distributed denial-of-service attack (DDoS attack) sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all.

While a DDoS attack is one of the least sophisticated categories of cyberattack, it also has the potential to be one of the most disruptive and most powerful by taking websites and digital services offline for significant periods of time that can range from seconds to even weeks at a time.

How does a DDoS attack work?

DDoS attacks are carried out using a network of internet-connected machines – PCs, laptops, servers, Internet of Things devices – all controlled by the attacker. These could be anywhere (hence the term 'distributed') and it's unlikely the owners of the devices realise what they are being used for as they are likely to have been hijacked by hackers.

Common ways in which cyber criminals take control of machines include malware attacks and gaining access by using the default user name and password the product is issued with – if the device has a password at all.

Once the attackers have breached the device, it becomes part of a botnet – a group of machines under their control. Botnets can be used for all manner of malicious activities, including distributing phishing emails, malware or ransomware, or in the case of a DDoS attack, as the source of a flood of internet traffic.

The size of a botnet can range from a relatively small number of zombie devices, to millions of them. Either way the botnet's controllers can turn the web traffic generated towards a target and conduct a DDoS attack.

Servers, networks and online services are designed to cope with a certain amount of internet traffic but, if they're flooded with additional traffic in a DDoS attack, they become overwhelmed. The high amounts of traffic being sent by the DDoS attack clogs up or takes down the systems' capabilities, while also preventing legitimate users from accessing services (which is the 'denial of service' element).

A DDoS attack is launched with the intention of taking services offline in this way, although it's also possible for online services to be overwhelmed by regular traffic by non-malicious users – for example, if hundreds of thousands of people are trying to access a website to buy concert tickets as soon as they go on sale. However, this is usually only short, temporary and accidental, while DDoS attacks can be sustained for long periods of time.

DDoS attacks can be extremely powerful online weapons.
What is an IP stresser and how does it relate to DDoS attacks?

An IP stresser is a service that can be used by organisations to test the robustness of their networks and servers. The goal of this test is to find out if the existing bandwidth and network capacity are enough to handle additional traffic. An IT department using a stresser to test their own network is a perfectly legitimate application of an IP stresser.

However, using an IP stresser against a network that you don't operate is illegal in many parts of the world – because the end result could be a DDoS attack. However, there are cyber-criminal groups and individuals that will actively use IP stressers as part of a DDoS attack.

What was the first DDoS attack?

What's widely regarded as the first malicious DDoS attack occurred in July 1999 when the computer network at the University of Minnesota was taken down for two days.

A network of 114 computers infected with Trin00 malware all directed their traffic at a computer at the university, overwhelming the network with traffic and blocking legitimate use. No effort was made to hide the IP address of the computers launching the traffic – and the owners of the attacking systems had no idea their computers were infected with malware and were causing an outage elsewhere.

Trin00 might not have been a large botnet, but it's the first recorded incident of cyber attackers taking over machines that didn't belong to them and using the web traffic to disrupt the network of an particular target. And in the two decades since, DDoS attacks have only become bigger and more disruptive.

Famous DDoS attacks: MafiaBoy – February 2000

The world didn't have to wait long after the University of Minnesota incident to see how disruptive DDoS attacks could be. By February 2000, 15-year-old Canadian Michael Calce – online alias MafiaBoy – had managed to take over a number of university networks, roping a large number of computers into a botnet.

He used this for a DDoS attack that took down some of the biggest websites at the start of the new millennium, including Yahoo! – which at the time was the biggest search engine in the world – eBay, Amazon, CNN, and more.

Calce was arrested and served eight months in a youth detection centre after pleading guilty to charges against him. He was also fined C$1,000 ($660) for conducting the attacks – which it's estimated caused over $1.7 billion in damages – and went on to become a computer security analyst.

Famous DDoS attacks: Estonia – April 2007

By the mid 2000s, it was apparent that DDoS attacks could be a potent tool in the cyber-criminal arsenal, but the world was about to see a new example of how disruptive DDoS attacks could be; by taking down the internet services of an entire country.

In April 2007, Estonia was – and still is – one of the most digitally advanced countries in the world, with almost every government service accessible online to the country's 1.3 million citizens through an online ID system.

But from 27 April, Estonia was hit with a series of DDoS attacks disrupting all online services in the country, as well as parliament, banks, ministries, newspapers and broadcasters. People weren't able to access the services they needed on a daily basis.

Attacks were launched on multiple occasions, including during a particularly intense period of 24 hours on 9 May – the day Russia celebrates Victory in Europe day for World War II, before eventually falling away later in the month.

The DDoS campaigns came at a time when Estonia was involved in a political dispute with Russia over the relocation of a Soviet statue in Tallinn.

Some members of Estonian leadership have accused Russia of orchestrating the attacks, something that the Kremlin has always denied.

Estonia was the victim of a massive DDoS attack. Image: Getty Images/iStockphoto
Famous DDoS attacks: Spamhaus – March 2013

The Spamhaus Project's goal is to track the activity of spammers on the web in order to help internet providers and email services with a real-time list of common spam emails, posts and messages in order to prevent users from seeing them and potentially being scammed.

But in March 2013, Spamhaus itself fell victim to cyber criminals when 300 billion bits of data a second was launched at it in what was at the time the biggest DDoS attack ever, and one that lasted for almost two weeks.

Cloudflare dubbed it 'The DDoS' attack that almost broke the internet' after the web infrastructure and web-security company stepped in to mitigate the attack against Spamhaus – and then found cyber attackers attempting to take Cloudflare itself offline. But the impact of the attack was much greater because the sheer scale of the attack caused congestion across the internet.

Famous DDoS attacks: Mirai – October 2016

In probably the most famous DDoS attack to date, the Mirai botnet took down vast swathes of online services across much of Europe and North America. News websites, Spotify, Reddit, Twitter, the PlayStation Network and many other digital services were either slowed down to a crawl or completely inaccessible to millions of people. Fortunately, the outages lasted for less than one day.

Described as the biggest online blackout in history, the downtime was caused by a DDoS attack against Dyn, the domain name system provider for hundreds of major websites. The attacks was explicitly designed to overload its capability.

What helped make the attack so powerful was the Mirai botnet had taken control of millions of IoT devices, including cameras, routers, smart TVs and printers, often just by brute-forcing default credentials, if the devices had a password at all. And while the traffic generated by individual IoT devices is small, the sheer number of devices in the botnet was overwhelming to Dyn. And Mirai still lives on.

The Mirai botnet attack took down a large number of online services. Image: Level 3
How do I know if I'm under DDoS attack?

Any business or organisation that has a web-facing element needs to think about the regular web traffic it receives and provision for it accordingly; large amounts of legitimate traffic can overwhelm servers, leading to slow or no service, something that could potentially drive customers and consumers away.

But organisations also need to be able to differentiate between legitimate web traffic and DDoS attack traffic.

Capacity planning is, therefore, a key element of running a website, with thought put into determining what's an expected, regular amount of traffic and what unusually high or unanticipated volumes of legitimate traffic could look like, so as to avoid causing disruption to users – either by taking out the site due to high demands, or mistakenly blocking access due to a DDoS false alarm.

So how can organisations differentiate between a legitimate increase in demand and a DDoS attack?

In general, an outage caused my legitimate traffic will only last for a very short period of time and often there might be an obvious reason for the outage, such as an online retailer experiencing high demand for a new item, or a new video game's online servers getting very high traffic from gamers eager to play.

But in the case of a DDoS attack, there are some tell-tale signs that it's a malicious and targeted campaign. Often DDoS attacks are designed to cause disruption over a sustained period of time, which could mean sudden spikes in malicious traffic at intervals causing regular outages.

The other key sign that your organisation has likely been hit with a DDoS attack is that services suddenly slow down or go offline for days at a time, which would indicate the services are being targeted by attackers who just want to cause as much disruption as possible. Some of these attackers might be doing it just to cause chaos; some may be paid to attack a particular site or service. Others might be trying to run some kind of extortion racket, promising to drop the attack in exchange for a pay-off.

What do I do if I'm under DDoS attack?

Once it's become clear that you're being targeted by DDoS attack, you should piece together a timeline of when the problems started and how long they've been going on for, as well as identifying which assets like applications, services and servers are impacted – and how that's negatively impacting users, customers and the business as a whole.

It's also important that organisations notify their web-hosting provider – it's likely that they will have also seen the DDoS attack, but contacting them directly may help curtail the impacts of a DDoS campaign – especially if it's possible for the provider to switch your IP address. Switching the IP to a new address will mean that the DDoS attack won't have the impact it did because the attack will be pointing in the wrong direction.

If your security provider provides a DDoS mitigation service, it should help reduce the impact of the attack, but as seen with attacks like Mirai, especially large attacks that can still cause disruption despite the presence of preventative measures. The unfortunate thing about DDoS attacks is that while they're very simple to conduct, they're also very effective, so it's still possible that even with measures in place that services could be taken offline for some time.

It's also important to notify users of the service about what is happening, because otherwise they could be left confused and frustrated by a lack of information. Businesses should consider putting up a temporary site explaining that there are problems and provide users with information they should follow if they need the service. Social-media platforms like Twitter and Facebook can also be used to promote this message.

How do I protect against DDoS attacks?

What makes DDoS attacks effective is the ability to direct a large amount of traffic at a particular target. If all of an organisations' online resources are in one location, the attackers only need to go after one particular target to cause disruption with large amounts of traffic. If possible, it's therefore useful to spread systems out, so it's more difficult – although not impossible – for attackers to direct resources towards everything at once.

Monitoring web traffic and having an accurate idea about what regular traffic looks like, and what is abnormal traffic, can also play a vital role in helping to protect against or spotting DDoS attacks. Some security personnel recommend setting up alerts that notify you if the number of requests is above a certain threshold. While this might not necessarily indicate malicious activity, it does at least provide a potential early warning that something might be on the way.

It's also useful to plan for scale and spikes in web traffic, which is something that using a cloud-based hosting provider can aid with.

Firewalls and routers can play an important role in mitigating the potential damage of a DDoS attack. If configured correctly, they can deflect bogus traffic by analysing it as potentially dangerous and blocking it before it arrives. However, it's also import to note that in order for this to be effective, firewall and security software needs to be patched with the latest updates to remain as effective as possible.

Using an IP stresser service can be an effective way of testing your own bandwidth capability. There are also specialist DDoS mitigation service providers that can help organisations deal with a sudden large upsurge in web traffic, helping to prevent damage by attacks.

DDoS attack mitigation services protect the network from DDoS attacks by re-routing malicious traffic away from the network of the victim. High profile DDoS mitigation service providers include Cloudflare, Akamai, Radware and many others.

The first job of a mitigation service is to be able to detect a DDoS attack and distinguish what's actually a malicious event from what's just a regular – if unusually high – volume of traffic.

Common means of DDoS mitigation services doing this include judging the reputation of the IP the majority of traffic is coming from. If it's from somewhere unusual or known to be malicious, it could indicate an attack – while another way is looking out for common patterns associated with malicious traffic, often based on what's been learned from previous incidents.

Once an attack has been identified as legitimate, a DDoS protection service will move to respond by absorbing and deflecting the malicious traffic as much as possible. This is helped along by routing the traffic into manageable chunks that will ease the mitigation process and help prevent denial-of-service.

How do I choose a DDoS mitigation service?

Like any IT procurement, choosing a DDoS mitigation service isn't as simple as just selecting the first solution that appears. Organisations will need to choose a service based on their needs and circumstances. For example, a small business probably isn't going to have any reason to fork out for the DDoS mitigation capabilities required by a global conglomerate.

However, if the organisation looking for a DDoS mitigation service is a large business, then they're probably correct to look at large overflow capacities to help mitigate attacks. Looking at a network that has two or three times more capacity than the largest attacks known to date should be more than enough to keep operations online, even during a large DDoS attack.

While DDoS attacks can cause disruption from anywhere in the world, the geography and location of a DDoS mitigation service provider can be a factor. A European-based company could have an effective US DDoS protection provider, but if that provider doesn't have servers or scrubbing centres based in Europe, the latency of the response time could prove to be a problem, especially if it causes a problem for re-routing traffic.

When deciding on a service provider, organisations should, therefore, consider if the DDoS protection network will be effective in their region of the world. For example, a European company should probably consider a DDoS mitigation provider with a European scrubbing centre to help remove or redirect malicious traffic as quickly as possible. 

However, despite all the ways to potentially prevent a DDoS attack, sometimes attackers will still be successful anyway – because if attackers really want to take down a service and have enough resources, they'll do their best to be successful at it. But if an organisation is aware of the warning signs of a DDoS attack, it's possible to be prepared for when it happens.


 on: October 15, 2020, 12:35:30 PM 
Started by javajolt - Last post by javajolt
Many more malicious Android apps flooded the Google Play Store. These apps targeted Android users with out-of-context and privacy intrusive ads.

Android Apps Showing Out-of-Context Ads

The WhiteOps Satori Threat Intelligence and Research Team has unveiled another wave of malicious Android apps. What they called RAINBOWMIX in their post, the apps collectively boasted over 14 million downloads. These malicious Android apps showed out-of-context ads to Android users. Together, they had over 15 million ad impressions each day. Briefly, they found more than 240 applications on Google Play Store with suspicious behavior. Although, they didn’t look malicious at first. Rather they somehow functioned as advertised. But they delivered a poor performance that made them receive a C-shaped review pattern (very high number of 1-star reviews after 5-star reviews).

Besides, they barraged users with irrelevant and unrelated ads that posed to have originated from otherwise legit sources, such as YouTube or Chrome.

The apps had various dedicated services that rendered the malicious functionalities. Also, these apps didn’t show ads at random instances. Rather they tracked users’ activities related to turning the screen on and off to show ads only when the screen is on. That’s how they constituted a dedicated ad fraud campaign ensuring every impression counts.

The apps also used packers to ditch various detection tools and bypass security protocols.

The complete list of all apps making up this campaign is available in the researchers’ post.

Google Removed The Apps

The researchers noticed the RAINBOWMIX have first appeared in April 2020. Whereas, the campaign reached its peak in August this year.

The majority of apps garnered downloads from Brazil (20.8%), followed by Indonesia (19.7%) and Vietnam (11.0%). Whereas the other countries to have users of these apps include Mexico, the US, and the Philippines.

While the campaign targeted millions of users, it’s now over as Google removed all the apps from the Play Store.


 on: October 15, 2020, 12:29:31 PM 
Started by javajolt - Last post by javajolt

Windows 10 has always allowed apps to start up automatically when you turn on your computer.

Microsoft gives you complete control over your startup apps, but popular Windows programs such as Microsoft Teams, Spotify, OneDrive, Cortana, etc set themselves to start running in the background when you log into the operating system.

Startup programs are important when you want to quickly run scripts or apps as soon as you log into Windows 10. The most frustrating aspect of Windows 10 Startup apps feature is that the apps are added to the list automatically.

This Windows 10 feature will begin potentially hampering your PC’s performance when you intentionally or unintentionally add several apps to the list, but you can now fight back.

Microsoft is finally working a new feature that will alert you when apps are added to the Startup apps list.

With the recent Windows 10 21H1 preview builds, Microsoft has made an undocumented effort to keep users more informed about background activities.

After the update, a new notification would pop up letting you know that an app was added to the startup programs list and it can run in the background.

Windows has always offered a way for you to disable your startup programs, but up until now, it couldn’t notify users when apps added themselves to the startup list.

You can click on the notification to open Startup settings where you could see and remove any programs you wanted to stop loading automatically.

If you miss the notification, you can still go through the Settings screen and access the list of startup apps with their current status, and the effect. Likewise, you can also open Task Manager and go through the Startup tab and disable any apps you don’t want to launch at startup.


 on: October 14, 2020, 08:08:29 PM 
Started by javajolt - Last post by javajolt

Your phone is the most personal device you own. It’s almost always with you and is capable of hearing, seeing, and sensing everything you do. But what if you want to turn off these sensors before, for instance, heading into a sensitive meeting?

While Android offers quick toggles to disable location tracking and cellular connectivity, there’s no direct option to switch off the rest of your phone’s sensors like the camera or microphone. Luckily, Android has a hidden setting that lets you shut off all your phone’s sensors in a single tap. Here’s how to use it.

Do note that this option is only available for phones running Android 10 or above.

For this, first, you must enable Developer Options, a set of extra tools Google bundles primarily for Android app makers. There’s nothing for you to worry about because this is completely allowed and won’t void your phone’s warranty. Google, in its documentation, also mentions that this feature, in addition to helping developers, “also gives users a way to control the sensors in their device.”

To enable developer options, launch the “Settings” app on your Android phone, scroll down to the bottom of the menu, and open the “About Phone” section.

Locate an option called “Build Number.” Samsung Galaxy owners will find the option within the “Software Information” section. Repeatedly tap it until your smartphone asks you for your lock screen PIN, pattern, or password.

Enter your PIN, pattern, or password, and you will get a toast message that says: “You are now a developer!”

Return to the main Settings page and navigate to System > Developer Options. Samsung owners will find “Developer Options” at the bottom of the Settings menu.

Scroll down until you find “Quick Settings Developer Tiles,” and tap on the button.

Activate the “Sensors Off” toggle.

Now, when you pull down your phone’s notification shade from the top of the screen, you will have a new tile in the Quick Settings tray called “Sensors Off.”

By default, Android adds “Sensors Off” as the first tile in the “Quick Settings” grid. In case you don’t want that, you can move it by rearranging the panel.

When you enable “Sensors Off,” your phone shuts off most of its sensors including the cameras, microphone, accelerometer, gyroscope, and more. If an app like your handset’s built-in camera client tries to access any of these components, it will either return an error or refuse to work.

The rest of your smartphone, including the Wi-Fi and mobile network, will continue to function normally. Therefore, the “Sensors Off” option can come in handy for specific scenarios, or if you are simply looking for a more private mobile experience. With the quick setting, you can flip it back on with one tap.


 on: October 14, 2020, 03:22:37 PM 
Started by javajolt - Last post by javajolt
Court records in an arson case show that Google gave away data on people who searched for a specific address.

Google is providing information to police based on what people are searching for, including
data like IP addresses.
There are few things as revealing as a person's search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect.

In August, police arrested Michael Williams, an associate of singer and accused sex offender R. Kelly, for allegedly setting fire to a witness' car in Florida. Investigators linked Williams to the arson, as well as witness tampering, after sending a search warrant to Google that requested information on "users who had searched the address of the residence close in time to the arson." 

The July court filing was unsealed on Tuesday. Detroit News reporter Robert Snell tweeted about the filing after it was unsealed.

Court documents showed that Google provided the IP addresses of people who searched for the arson victim's address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams' device near the arson, according to court documents.

The original warrant sent to Google is still sealed, but the report provides another example of a growing trend of data requests to the search engine giant in which investigators demand data on a large group of users rather than a specific request on a single suspect.

"This 'keyword warrant' evades the Fourth Amendment checks on police surveillance," said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. "When a court authorizes a data dump of every person who searched for a specific term or address, it's likely unconstitutional."

The keyword warrants are similar to geofence warrants, in which police make requests to Google for data on all devices logged in at a specific area and time. Google received 15 times more geofence warrant requests in 2018 compared with 2017, and five times more in 2019 than 2018. The rise in reverse requests from police have troubled Google staffers, according to internal emails.

Google said Thursday that it works to protect the privacy of its users while also supporting law enforcement.

"We require a warrant and push to narrow the scope of these particular demands when overly broad, including by objecting in court when appropriate," Google's director of law enforcement and information security, Richard Salgado, said in a statement. "These data demands represent less than 1% of total warrants and a small fraction of the overall legal demands for user data that we currently receive."

The company declined to disclose how many keyword warrants it's received in the last three years.

Worries about search warrants

Reverse search warrants like geofence warrants are being challenged across the US for violating civil rights. Lawmakers in New York have proposed legislation to make these searches illegal, while in Illinois, a federal judge found that the practice violated the Fourth Amendment

Keyword warrants aren't new. In 2017, Minnesota police sent a keyword warrant to Google for information including name, address, telephone number, Social Security numbers and IP addresses related to people who searched for a "Douglas [REDACTED]" in a fraud investigation.

Todd Spodek, the attorney representing Williams, said he plans to challenge the legality of the keyword warrant issued in June. He hasn't seen the document yet but said he intends to argue that it violated Williams' rights.

Spodek said he's seen more of these types of warrants being issued in criminal investigations and worries it could lead to wrongful accusations in the future.

"Think of the ramifications in the future if everyone who searched something in the privacy of their own home was subject to interviews by federal agents," Spodek said. "Someone could be interested in how people die a certain way or how drug deals are done, and it could be misconstrued or used improperly."

Typically, probable cause is needed for search warrants, which are associated with a suspect or address. The demands for information are narrowly tailored to a specific individual. Keyword warrants go against that concept by giving up data on a large group of people associated with searching for certain phrases.

After investigators linked Williams to the arson through the keyword warrant, they sent Google another warrant specifically for his account, finding that he looked up phrases like "where can i buy a .50 custom machine gun," "witness intimidation" and "countries that don't have extradition with the United States." 

This detail was discovered after executing a warrant on Williams, rather than the other way around, in which investigators looked for everyone who searched those phrases.

Google is also facing criticism for complying with broad data requests such as geofence and keyword searches.

"If Google stored data in a way that was truly de-identified, then they also couldn't give it to the government," the Electronic Frontier Foundation's surveillance litigation director Jennifer Lynch said. "Google's not setting up their system or changing their practices in a way that could prevent these kinds of searches."

Because of how keyword warrants work, there's concern that innocent people's online activities will be swept up in the requests. People have been arrested for being in the wrong place at the wrong time because of geofence warrants, and attorneys are now worried it could happen for searching on Google.

Both Lynch and Spodek said reverse search warrants are being used more and more frequently by police departments, and call the practice unconstitutional.

"A lot of people could be searching for various terms," Spodek said. "That alone should not be enough."


 on: October 13, 2020, 01:07:33 PM 
Started by javajolt - Last post by javajolt
Google may be forced to sell off some of the most famous parts of its business, including its Chrome browser, under plans drawn up by the US government.

Officials at the US Justice Department (DOJ) are currently pulling together an antiturst case alongside multiple state prosecutors concerning Google's alleged dominance of several online markets, believing that the company has took much power.

Sources have now claimed that under some of the most dramatic plans being considered, Google could be forced to spin off or sell parts of its advertising business, or even its Chrome browser.

   • We've rounded up the best browsers available today

   • Also take a look at the best antivirus

   • Keep your online browsing safe with one of the best VPN choices

Google Chrome sale

Google has been facing accusations about market dominance in the US for some time, with both government and state regulators long eyeing up the company alongside fellow online giants Amazon and Facebook.

Such antitrust claims allege that particular companies have an unfair dominance in one particular area, with their roots in breaking up industrial giants in the 19th Century.

Google has come under particular fire for allegedly cornering the online search market, which rivals have said is being unfairly supported through its advertising business and software offering such as Chrome and the Android mobile operating system.

The Department of Justice is thought to have been preparing a suit against Google for some time, with the new suggestions of selling off or splitting up the company showing just how serious the case could become.

There's been no comment from either Google or the DOJ yet, but reports suggest the latter could file its case within days.

Chrome is far and away the most popular browser in the world, but it has had to respond to changing user attitudes towards privacy and security. Google announced in January that it would stop using third-party cookies in Chrome, which could be used to track user behaviour online, within the next two years.


 on: October 13, 2020, 01:03:19 PM 
Started by javajolt - Last post by javajolt
With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as everybody turns into a patching beta tester.

Some people believe that you need to get new Windows and Office patches installed the minute they roll out the Windows Update chute. Those who snooze get bit by malware, or so the theory goes.

In fact, we’ve seen very few instances in the past years where a newly patched security hole has turned into a widespread security threat in less than a few weeks. If you’re protecting uranium enrichment centrifuges from deep-pocket adversaries, all bets are off, of course. But for normal, everyday Windows users, the chance of getting bit by a bad patch far outweighs the immediate threat to your trusty ol’ PC.

Yes, you need to get patched eventually.

Those of you running Windows Server 2008 R2 through 2019, for example, had to install the August patches within five weeks of release to avoid the ZeroLogon threat. It's an unusually gnarly security hole, and it took the bad guys five weeks to crack. But for the vast majority of Windows users, waiting a couple of weeks to get the latest patches applied doesn’t hurt a bit -- and it gives Microsoft a chance to fix the bugs they invariably introduce.

If you don’t do anything, you get to beta test the patches as soon as they come out. I salute your allegiance to the politically correct cause -- and urge you to report any problems on But if you temporarily pause updating, you can sit back and watch as we crowdsource patch quality control. Install the patches on your own schedule, not Microsoft’s.

How to block automatic update on Win7 and 8.1

Those who paid for Win7 Extended Security Updates should be cautious about installing patches immediately. Those who didn’t will either ignore the patches (large majority there), or wait to see whether any free alternatives appear. 0patch has filled in several cracks, including a ZeroLogon Server 2008 R2 micropatch that works even if you haven’t paid for Extended Security Updates.

If you’re using Windows 7 or 8.1, click Start > Control Panel > System and Security. Under Windows Update, click the "Turn automatic updating on or off" link. Click the "Change Settings" link on the left. Verify that you have Important Updates set to "Never check for updates (not recommended)" and click OK.

How to block auto update on Windows 10

By now, almost all of you are on Windows 10 version 1903 or later. Not sure which version of Win10 you’re running? In the Search box near the Start button, type winver, then click Run command. The version number appears on the second line.

If you’re using Win10 1803 or 1809, I strongly urge you to move on to Win10 version 1909. If you insist on sticking with Win10 1809, you can block updates by following the steps in December’s Patch Tuesday warning. Be acutely aware of the fact that Microsoft won’t be handing out any more security patches for 1809 Home or Pro after Nov. 10. The Fat Lady sings next month.

If you’re tempted to move to version 2004, I say wait. There’s a huge bunch of bug fixes poised to be released this week — and the benefits of 2004 are tiny at best. If this month’s cumulative update for 2004 doesn’t introduce any spectacular problems, I’ll likely move on to 2004 next month. At that point, having a clean copy of Win10 version 2004 in your hip pocket will make life much simpler, especially if Microsoft has started pushing version 20H2 by then.

My general recommendation relies on the Pause updates feature introduced in version 1903. But if you’re willing to dig a little deeper, and you’re running Win10 Pro, Education, or Enterprise, you might want to rummage around in the Group Policy Editor, and set this policy:

Configure Automatic Updates = Enabled, value = 2 Notify before downloading and installing any updates.

PKCano has an extensive, step-by-step discussion of the setting and its uses in AKB 2000016, Guide for Windows Update Settings for Windows 10.

If you’d rather take the easier Pause updates approach, using an administrator account, click Start > Settings > Update & Security. If your Updates paused timer is set before early November (see screenshot below), click Resume Updates and let the automatic updater kick in — and do it before noon in Redmond on Oct. 13, when the Patch Tuesday patches get released.

If Pause is set to expire before the end of October, or if you don’t have a Pause in effect, you should set up a patching defense perimeter that keeps patches off your machine for the rest of this month. Using that administrators account, click the Pause updates for 7 days button, then click it again and again, if necessary, until you’re paused out into early November. (Note that the next Patch Tuesday falls on November 10.)

If you see an invitation to “Download and install” version 2004 (as shown in the screenshot), my advice at this point is to turn down the offer. Don’t click anything.

Don’t be spooked. Don’t be stampeded. Don’t click “Check for updates.” And don’t install any patches that require you to click “Download and install.”

If there are any immediate widespread problems protected by this month’s Patch Tuesday — a rare occurrence, but it does happen — we’ll let you know here, and at, in very short order. Otherwise, sit back and watch while our usual monthly crowdsourced patch watch proceeds. Let’s see what problems arise.


 on: October 12, 2020, 09:46:14 PM 
Started by javajolt - Last post by javajolt
Microsoft has warned about a new strain of mobile ransomware that takes advantage of incoming call notifications and Android's Home button to lock the device behind a ransom note.

The findings concern a variant of a known Android ransomware family dubbed "MalLocker.B" which has now resurfaced with new techniques, including a novel means to deliver the ransom demand on infected devices as well as an obfuscation mechanism to evade security solutions.

The development comes amid a huge surge in ransomware attacks against critical infrastructure across sectors, with a 50% increase in the daily average of ransomware attacks in the last three months compared to the first half of the year, and cybercriminals increasingly incorporating double extortion in their playbook.

MalLocker has been known for being hosted on malicious websites and circulated on online forums using various social engineering lures by masquerading as popular apps, cracked games, or video players.

Previous instances of Android ransomware have exploited Android accessibility features or permission called "SYSTEM_ALERT_WINDOW" to display a persistent window atop all other screens to display the ransom note, which typically masquerade as fake police notices or alerts about purportedly finding explicit images on the device.

But just as anti-malware software began detecting this behavior, the new Android ransomware variant has evolved its strategy to overcome this barrier. What's changed with MalLocker.B is the method by which it achieves the same goal via an entirely new tactic.

click to enlarge
To do so, it leverages the "call" notification that's used to alert the user about incoming calls in order to display a window that covers the entire area of the screen, and subsequently combines it with a Home or Recents keypress to trigger the ransom note to the foreground and prevent the victim from switching to any other screen.

"This creates a chain of events that triggers the automatic pop-up of the ransomware screen without doing infinite redraw or posing as a system window," Microsoft said.

Aside from incrementally building on an array of aforementioned techniques to show the ransomware screen, the company also noted the presence of a yet-to-be-integrated machine learning model that could be used to fit the ransom note image within the screen without distortion, hinting at the next stage evolution of the malware.

Furthermore, in an attempt to mask its true purpose, the ransomware code is heavily obfuscated and made unreadable through name mangling and deliberate use of meaningless variable names and junk code to thwart analysis, the company said.

"This new mobile ransomware variant is an important discovery because the malware exhibits behaviors that have not been seen before and could open doors for other malware to follow," Microsoft 365 Defender Research Team said.

"It reinforces the need for comprehensive defense powered by broad visibility into attack surfaces as well as domain experts who track the threat landscape and uncover notable threats that might be hiding amidst massive threat data and signals."


Pages: 1 2 [3] 4 5 ... 10
Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page Today at 06:07:52 AM