Category Archives: Windows

Windows licenses for under 13 USD!(promote code)

We offer 10% coupon code: SKtechlazy10%

 

 

Office 2016 Professional Plus CD Key Global – origin price: 199€ – use the code: 31.50usd

Microsoft Windows 10 Pro OEM CD-KEY GLOBAL?– origin price:46.49€ – use the code: 12.60usd

Windows10 PRO OEM + Office2016 Professional Plus CD Keys Pack – origin price: 245.49€ – use the code: 39.15usd

Windows 10 Home OEM + Office 2016 Professional Plus CD Keys Pack – origin price: 346.74usd – use the code: 31.42usd

Windows licenses are usually expensive. For example, for an original license of Microsoft’s “Windows 10 Pro” in the official Microsoft store 305 USD payable. A cheaper alternative is the key marketplace SCDKey. Here you can save on licenses for software or games properly!

What makes it all interesting is that the site works really and we had the opportunity to test it with our pocket money . So, in this specific case, we use the Office2016 Professional Plus CD Key Global link.

Then we click on ” Buy Now ” or ” Buy Now” if changing the website language at the top of the screen if you need, and we are presented with the registration window – in this case the values that are initially presented US Dollars Euros to spend. We can register on the site or, alternatively, we can use one of our Facebook, G + or WindowsLive accounts.

Windows licenses for under 13 USD!(promote code)

After you have logged in, you can proceed to the product confirmation page and click on Send Order and go to the payment method page:

Windows licenses for under 13 USD!(promote code)

Once the payment has been made, in a matter of seconds or minutes, we are directed to the page with our newly purchased keys.

Windows licenses for under 13 USD!(promote code)

Simple and very useful. We bought an Office 2016 key for 30 euros on SCDKey , went to the official Microsoft Office website on  this link , signed in, validated the license, downloaded and installed Office. Easier? Almost impossible. The price? That was very greedy!

The post Windows licenses for under 13 USD!(promote code) appeared first on TechWorm.

Windows 10 Is Adding an Ultimate Performance Mode For Pros

An anonymous reader quotes a report from Engadget: When you're creating 3D models or otherwise running intensive tasks, you want to wring every ounce of performance out of your PC as possible. It's a good thing, then, that Microsoft has released a Windows 10 preview build in the Fast ring that includes a new Ultimate Performance mode if you're running Pro for Workstations. As the name implies, this is a step up for people for whom even the High Performance mode isn't enough -- it throws power management out the window to eliminate "micro-latencies" and boost raw speed. You can set it yourself, but PC makers will have the option of shipping systems with the feature turned on. Ultimate Performance isn't currently available for laptops or tablets, but Microsoft suggests that could change.

Read more of this story at Slashdot.

Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs

A day after Microsoft announced it will be adding Windows Defender ATP down-level support for older OSes comes the news that its Windows Analytics service is getting new capabilities aimed at helping businesses tackle Meltdown and Spectre vulnerabilities on machines in their fleet. What is Windows Analytics? Windows Analytics is a free telemetry analysis tool for business administrators. It is meant for guiding organizations through upgrading to and staying current on Windows 10 by providing … More

Windows Analytics now includes Meltdown and Spectre detector

Good news for administrators of Windows systems, Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics.

Microsoft has added a Meltdown-and-Spectre detector to its telemetry analysis tool Windows Analytics. The Meltdown-and-Spectre detector was available since Tuesday when Microsoft announced the new capabilities implemented in the free Windows Analytics service

The new capabilities allow admin to monitor:

  • Anti-virus Status: Some anti-virus (AV) software may not be compatible with the required Windows Operating System updates. This status insight indicates if the devices’ anti-virus software is compatible with the latest Windows security update.
  • Windows Operating System Security Update Status: This Windows Analytics insight will indicate which Windows security update is running on any device and if any of these updates have been disabled. In some cases, IT Administrators may choose to install the security update, but disable the fix. Our complete list of Windows editions and security updates can be found in our Windows customer guidance article.
  • Firmware Status – This insight provides details about the firmware installed on the device. Specifically, this insight reports if the installed firmware indicates that it includes the specific protections required. Initially, this status will be limited to the list of approved and available firmware security updates from Intel4. We will be adding other CPU (chipset) partners’ data as it becomes available to Microsoft.

The check for the status of the Operating System could allow admins to verify if Meltdown and Spectre patched are correctly working.

The antivirus check allows admins to verify if the running AV is compatible with required Windows Operating System updates.

The check for firmware status currently works only for Intel chips.

Windows Analytics Meltdown Spectre

Meltdown-and-Spectre detector is available for Windows 7 through Windows 10 and requires that systems are running the February 2018 patch levels (Win7 SP1, KB2952664; Win8.1, KB2976978; and for Win10, KB4033631).

Pierluigi Paganini

(Security Affairs – Meltdown-and-Spectre detector, Windows Analytics)

The post Windows Analytics now includes Meltdown and Spectre detector appeared first on Security Affairs.

How artificial intelligence stopped an Emotet outbreak

At 12:46 a.m. local time on February 3, a Windows 7 Pro customer in North Carolina became the first would-be victim of a new malware attack campaign for Trojan:Win32/Emotet. In the next 30 minutes, the campaign tried to attack over a thousand potential victims, all of whom were instantly and automatically protected by Windows Defender AV.

How did Windows Defender AV uncover the newly launched attack and block it at the outset? Through layered machine learning, including use of both client-side and cloud machine learning (ML) models. Every day, artificial intelligence enables Windows Defender AV to stop countless malware outbreaks in their tracks. In this blog post, well take a detailed look at how the combination of client and cloud ML models detects new outbreaks.

Figure 1. Layered detected model in Windows Defender AV

Client machine learning models

The first layer of machine learning protection is an array of lightweight ML models built right into the Windows Defender AV client that runs locally on your computer. Many of these models are specialized for file types commonly abused by malware authors, including, JavaScript, Visual Basic Script, and Office macro. Some models target behavior detection, while other models are aimed at detecting portable executable (PE) files (.exe and .dll).

In the case of the Emotet outbreak on February 3, Windows Defender AV caught the attack using one of the PE gradient boosted tree ensemble models. This model classifies files based on a featurization of the assembly opcode sequence as the file is emulated, allowing the model to look at the files behavior as it was simulated to run.

Figure 2. A client ML model classified the Emotet outbreak as malicious based on emulated execution opcode machine learning model.

The tree ensemble was trained using LightGBM, a Microsoft open-source framework used for high-performance gradient boosting.

Figure 3a. Visualization of the LightBGM-trained client ML model that successfully classified Emotet’s emulation behavior as malicious. A set of 20 decision trees are combined in this model to classify whether the files emulated behavior sequence is malicious or not.

Figure 3b. A more detailed look at the first decision tree in the model. Each decision is based on the value of a different feature. Green triangles indicate weighted-clean decision result; red triangles indicate weighted malware decision result for the tree.

When the client-based machine learning model predicts a high probability of maliciousness, a rich set of feature vectors is then prepared to describe the content. These feature vectors include:

  • Behavior during emulation, such as API calls and executed code
  • Similarity fuzzy hashes
  • Vectors of content descriptive flags optimized for use in ML models
  • Researcher-driven attributes, such as packer technology used for obfuscation
  • File name
  • File size
  • Entropy level
  • File attributes, such as number of sections
  • Partial file hashes of the static and emulated content

This set of features form a signal sent to the Windows Defender AV cloud protection service, which runs a wide array of more complex models in real-time to instantly classify the signal as malicious or benign.

Real-time cloud machine learning models

Windows Defender AVs cloud-based real-time classifiers are powerful and complex ML models that use a lot of memory, disk space, and computational resources. They also incorporate global file information and Microsoft reputation as part of the Microsoft Intelligent Security Graph (ISG) to classify a signal. Relying on the cloud for these complex models has several benefits. First, it doesnt use your own computers precious resources. Second, the cloud allows us to take into consideration the global information and reputation information from ISG to make a better decision. Third, cloud-based models are harder for cybercriminals to evade. Attackers can take a local client and test our models without our knowledge all day long. To test our cloud-based defenses, however, attackers have to talk to our cloud service, which will allow us to react to them.

The cloud protection service is queried by Windows Defender AV clients billions of times every day to classify signals, resulting in millions of malware blocks per day, and translating to protection for hundreds of millions of customers. Today, the Windows Defender AV cloud protection service has around 30 powerful models that run in parallel. Some of these models incorporate millions of features each; most are updated daily to adapt to the quickly changing threat landscape. All together, these classifiers provide an array of classifications that provide valuable information about the content being scanned on your computer.

Classifications from cloud ML models are combined with ensemble ML classifiers, reputation-based rules, allow-list rules, and data in ISG to come up with a final decision on the signal. The cloud protection service then replies to the Windows Defender client with a decision on whether the signal is malicious or not all in a fraction of a second.

Figure 4. Windows Defender AV cloud protection service workflow.

In the Emotet outbreak, one of our cloud ML servers in North America received the most queries from customers; corresponding to where the outbreak began. At least nine real-time cloud-based ML classifiers correctly identified the file as malware. The cloud protection service replied to signals instructing the Windows Defender AV client to block the attack using two of our ML-based threat names, Trojan:Win32/Fuerboos.C!cl and Trojan:Win32/Fuery.A!cl.

This automated process protected customers from the Emotet outbreak in real-time. But Windows Defender AVs artificial intelligence didnt stop there.

Deep learning on the full file content

Automatic sample submission, a Windows Defender AV feature, sent a copy of the malware file to our backend systems less than a minute after the very first encounter. Deep learning ML models immediately analyzed the file based on the full file content and behavior observed during detonation. Not surprisingly, deep neural network models identified the file as a variant of Trojan:Win32/Emotet, a family of banking Trojans.

While the ML classifiers ensured that the malware was blocked at first sight, deep learning models helped associate the threat with the correct malware family. Customers who were protected from the attack can use this information to understand the impact the malware might have had if it were not stopped.

Additionally, deep learning models provide another layer of protection: in relatively rare cases where real-time classifiers are not able to come to a conclusive decision about a file, deep learning models can do so within minutes. For example, during the Bad Rabbit ransomware outbreak, Windows Defender AV protected customers from the new ransomware just 14 minutes after the very first encounter.

Intelligent real-time protection against modern threats

Machine learning and AI are at the forefront of the next-gen real-time protection delivered by Windows Defender AV. These technologies, backed by unparalleled optics into the threat landscape provided by ISG as well as world-class Windows Defender experts and researchers, allow Microsoft security products to quickly evolve and scale to defend against the full range of attack scenarios.

Cloud-delivered protection is enabled in Windows Defender AV by default. To check that its running, go to Windows Settings > Update & Security > Windows Defender. Click Open Windows Defender Security Center, then navigate to Virus & threat protection > Virus &threat protection settings, and make sure that Cloud-delivered protection and Automatic sample submission are both turned On.

In enterprise environments, the Windows Defender AV cloud protection service can be managed using Group Policy, System Center Configuration Manager, PowerShell cmdlets, Windows Management Instruction (WMI), Microsoft Intune, or via the Windows Defender Security Center app.

The intelligent real-time defense in Windows Defender AV is part of the next-gen security technologies in Windows 10 that protect against a wide spectrum of threats. Of particular note, Windows 10 S is not affected by this type of malware attack. Threats like Emotet wont run on Windows 10 S because it exclusively runs apps from the Microsoft Store. Learn more about Windows 10 S. To know about all the security technologies available in Windows 10, read Microsoft 365 security and management features available in Windows 10 Fall Creators Update.

 

Geoff McDonald, Windows Defender Research
with Randy Treit and Allan Sepillo

 

 


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.

Microsoft to provide Windows Defender ATP for older OS versions

Microsoft will backport Windows Defender Advanced Threat Protection (ATP) to meet the security needs of organizations that have not yet entirely switched to Windows 10. Windows Defender ATP provides deep insights into Windows 7 events on a rich machine timeline What is Windows Defender ATP? Windows Defender ATP is a unified endpoint security platform that provides administrators a central view of threats on company endpoints. For that to work, the OS must have the Windows … More

HiR Information Report: Bad idea? Let’s put a Windows 2000 server on the Internet.

Today, I decided to install Windows 2000 Advanced Server onto my Dell Latitude D610. The laptop itself is a workhorse, if a bit dated. Mostly, I was just curious what would happen if I left it out on the Internet without any service packs or firewall rules* and I live-tweeted it as I did my research.

Here's my twitter thread with just a few additional notes added. pcap and IDS alerts are at the end:






Alright, so my ISP is giving me some firewall rules of their own, probably to stop the spread of EternalBlue exploit bots and WannaCry ransomware. Honestly, I appreciate it, but it's not helping me get pwned.





With that, here are the links to those:
Sanitized pcap (gzip): http://stuff.h-i-r.net/win2k.pcap.gz
Sanitized IDS log: http://stuff.h-i-r.net/win2k-ids-alerts.txt


HiR Information Report

Windows 10’s next version ‘Redstone 4’ might be called ‘Spring Creators Update’

Is “Spring Creators Update” the new name for next version of Windows 10?

Microsoft had officially released the Windows 10 Fall Creators Update in mid-October last year. Now, the Redmond giant is gearing up to release its next major update of Windows 10 that will be released around March or April as usual.

The next version of Windows 10, codenamed Redstone 4, is likely to be called “Spring Creators Update”, which was accidentally leaked by Microsoft as part of the latest Insider Bug Bash announcement post and later tweeted by IT Pro Today’s Rich Hay (@WinObs).

Spring Creators Update will be the third Creators Update and will introduce a series of improvements. The main attraction will be Timeline, which allows you to view your own activity history and resume past activities on your PC. The activities will be synced in the background with Windows 10, Android and iPhones provided the same Microsoft account is being used.

“In Timeline, a user activity is the combination of a specific app and a specific piece of content you were working on at a specific time. Each activity links right back to a webpage, document, article, playlist, or task, saving you time when you want to resume that activity later,” Microsoft explains.

Besides Timeline, Windows 10 Spring Creators Update also brings many new and cool features, such as UI changes, Windows Shell improvements, Microsoft Edge new features and improvements, Cortana improvements and much more. You can always download the latest updates in advance by signing up for the Windows Insiders program.

It is not yet certain whether the new Windows 10 update will be called ‘Spring Creators Update’. Since the new version will be finalized by next month, we can expect to officially hear from Microsoft very soon.

The post Windows 10’s next version ‘Redstone 4’ might be called ‘Spring Creators Update’ appeared first on TechWorm.

Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online […]… Read More

The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on The State of Security.

Microsoft Is Now Selling a Surface Laptop With An Intel Core m3 Processor For $799

Microsoft has begun offering a lower specced Surface laptop running Windows 10 S and an Intel Core m3 processor. It's priced at $799, compared to the standard model's $999 price, and is only available in the platinum color configuration. Windows Central reports: The Intel Core m3 spec is paired with 4GB of RAM and 128GB Storage. This is definitely not a high-end model of the Surface Laptop, but it's still a premium one, with the same Alcantara fabric and high-quality display found on other Surface Laptop SKUs. Microsoft offers an Intel Core m3 model of the Surface Pro priced at $799 also, however that SKU doesn't come bundled with a keyboard or pen. At least with the Surface Laptop, you're getting a keyboard and trackpad in the box, so perhaps the Intel Core m3 Laptop is going to be the better choice for many. If you're looking for a straight laptop by Microsoft, that is. Some other specs include a 2256 x 1504 resolution display, Intel HD graphics 615, 720p webcam with Windows Hello face-authentication, Omnisonic speakers with Dolby Audio Premium, one full-size USB 3.0 port, Mini DisplayPort, headphone jack and Surface Connect port. The device measures in a 12.13 inches x 8.79 inches x 0.57 inches and weighs 2.76 pounds.

Read more of this story at Slashdot.

Facebook, Microsoft announce new privacy tools to comply with GDPR

In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules (and avoid being brutally fined if they fail). One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being processed. Facebook users to get new privacy center … More

Microsoft is working on a new “modern” version of Windows 10 for PCs

Meet “Polaris” – the new, lighter and modern version of Windows 10 operating system

Microsoft has long been working on creating a modular operating system for Windows that can run across different platforms and form-factors.

Last year, Microsoft announced that they are working on turning Windows into a more modular operating system, a vision that has been codenamed “Windows Core OS.” Windows Core OS which will eventually be the future basis for all forms of Windows 10 is designed to provide flexibility that creates a versatile and an excellent new Windows experience for multiple device-form factors.

One such example is “Andromeda OS”, which is for the mobile version that will be installed on two-screen folding devices such as Surface Phone, operated primarily with the use of stylus.

Apparently, Microsoft is now working onto build a brand new version of Windows 10 for PC devices like desktop computers, laptops and 2-in-1’s that is entirely built on UWP (Universal Windows Platform), making it the company’s first truly modern Windows OS for the traditional PC form factor, reports Windows Central.

Codenamed as “Polaris”, this OS will eliminate old legacy components that have been part of the operating system for decades and are slowing it down. Polaris aims to create a much lighter software platform with less equipment loading, and thus lower power consumption. This system would also have a noticeably faster effect.

Microsoft is already developing an extensible and adaptable shell, known as CShell, to serve as the basis for the user interface of Polaris, Andromeda and Windows Core OS. This interface found in Polaris is supposed to build the wall of Andromeda OS and Windows Core OS.

It is worth emphasizing that Polaris will not get the native support of the Win32 application, as it will be replaced with UWP applications. However, Microsoft is considering the possibility of providing Win32 software support, but only through remote virtualization, suggest Windows Central’s sources.

Existing Windows users will not be able to switch to Polaris, either through an update or through a clean installation. This means that you cannot switch from Polaris to Windows 10 Pro or vice versa. Polaris will only be available on the devices that come with it.

Also, it is important to note that the currently available Windows 10 OS is not meant to be succeeded or substituted by Polaris. It is just a separate offer for those users looking for portability and a lightweight operating system.

It is assumed that Polaris will be ready for release in 2019.

The post Microsoft is working on a new “modern” version of Windows 10 for PCs appeared first on TechWorm.

Do I need Antivirus for Windows 10?

Whether you’ve recently upgraded to Windows 10 or you’re thinking about it, a good question to ask is, “Do I need antivirus software?”. Well, technically, no. Microsoft has Windows Defender, a legitimate antivirus protection plan already built into Windows 10.

However, not all antivirus software are the same. Windows 10 users should examine recent comparison studies that show where Defender lacks effectiveness before settling for Microsoft’s default antivirus option. 

An AV Comparatives 2017 study shows Windows Defender falls behind other antivirus software in protection, usability, and performance. Defender also lacks consumer-friendly features that are growing in popularity — like password managers and a built-in virtual private network (VPN).

Overall Protection: Defender Falls Behind Other Software

Any antivirus software needs a good protection rating. Detecting and eliminating malware threats is the primary consideration. Be aware of future trends in malware attacks and choose antivirus software based on its ability to defend against growing threats such as zero-day attacks and ransomware.  

The AV Comparatives study tested 17 major antivirus software brands and ran from July to November 2017. Defender received an overall protection rating of 99.5%, falling behind seven other cybersecurity software.

Another 2017 study by the IT-Security Institute showed Defender falling behind other antivirus software in preventing zero-day malware attacks. Zero-day attacks happen the same day developers discover a security vulnerability, and they’re growing in popularity among cybercriminals.


The IT-Security Institute’s test results (for July and August) showed Defender as only 97.0% effective against zero-day malware attacks, 2.5% below the industry average. The difference may seem small, but the stakes are high for zero-day attacks. It only takes one ransomware or botnet attack to hijack your computer or steal your identity.  

Defender causes usability problems

All antivirus software impacts how you use your computer because it scans all of the websites, files, and other software your system interacts with. With antivirus software, consumers want the most protection with the least interference. Compared to other antivirus products, Defender struggles to stay out of your way.

False positives

When antivirus software scans files and websites for potential threats, they can mistakenly flag some as dangerous. These “false positives” can get really annoying because they block access to safe websites or stop the installation of legitimate software. These issues can slow you down and are distracting.

The AV Comparatives study (below) found Defender had a higher false positive rate compared to the majority of major antivirus software packages.

Defender struggles particularly with flagging legitimate software as malware. The IT-Security Institute’s tests showed Defender having a higher than average rate of false detections for safe software. Users who want to get around this issue by lowering Defender’s protection settings become more vulnerable to real malware attacks.

Defender’s performance

All antivirus software slows down your computer at least a little. After all, it takes computing power to scan all of the bits of information running through your computer’s processor, but a bulky or inefficient antivirus package can mean slower website loads, crawling status bars, and sluggish software launches.

The IT-Security Institute’s test results (above) showed Defender scoring below industry average for standard software application launches and frequently used applications. Its performance score was 4.5 out of 6.0.

Defender will make your favorite programs run slower when you use your computer at home. If you own a business, your employees will be slowed down too. Overly burdensome antivirus software coupled with outdated computers means a loss of worker productivity and revenue.

The Problem with Standard Antivirus Protection

Fans of Defender point out that  it comes standard with Windows 10, which means no extra software to download and install onto your computer. Pre-installed standard software is convenient from a usability perspective, but it also leaves you more vulnerable to attack.

Cyberthieves make Defender a priority one target because it works the same for every computer. Any standard way to doing anything makes it easier to predict and circumvent. Defender is no exception. Hackers make sure they’re malware designs can avoid Defender’s basic detection and take advantage of its vulnerabilities. Less standard antivirus software take unique approaches to finding and eliminating viruses—approaches difficult to predict.

To protect yourself, your family, and your devices, you need the best free antivirus protection available. While some users may still see Defender as a viable option based upon their specific needs, they’re trading convenience for effectiveness — a luxury with personal and financial costs that increase every year.

Download your Antivirus

The post Do I need Antivirus for Windows 10? appeared first on Panda Security Mediacenter.

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. They have dubbed the threat Dark Caracal, and have traced its activities to as far back as 2012. The malware used by Dark Caracal The attackers went after information stored on targets’ Android devices … More

Microsoft updates messaging app in Windows 10

Microsoft implements Fluent design in the updated messaging app

The latest Windows 10 PC Insider Preview build 17074 for Insiders released recently in the Fast and Skip Ahead rings has an updated version of Microsoft Messaging app (3.36.14001.0) with Fluent Design.

For those unaware, the Microsoft Messaging app in Windows 10 is based on Skype and was announced back in 2015. The Microsoft Messaging app in Windows 10 on PC keeps a record of messages sent from Windows 10 PCs with cellular connectivity and SMS messages sent via Skype SMS Relay service. However, the app cannot be used to actually send text messages on PC. Back in 2016, Microsoft had pulled Skype integration from the app.

This is the first major refresh for UI (user interface) of Windows Operating System as per Microsoft’s latest Fluent design guidelines. It is suspected that the update could likely be related to the upcoming Always Connected PCs and long rumored Andromeda device (also referred to as the Surface Phone) that will run on Windows 10 S and have LTE connectivity would require a desktop messaging app.

The built-in messaging app’s user interface (UI) now includes Acrylic blur and Reveal effects that are part of the Fluent Design System, which was announced by Microsoft back in May 2017.

Fluent Design is based on five key components: Light, Depth, Motion, Material, and Scale. The visual effect of the design language can be noticed only when users hover the cursor on the menu. By implementing the Fluent Design in the Messaging app, it improves the overall experience. However, the app still misses some important features.

“The new Reveal Highlight behaviour is an interaction visualization that helps guide users. Reveal is now enabled by default on ListView and other XAML collection controls in experiences that target the Fall Creators Update,” the company said.

Earlier last year, Microsoft had revealed Fluent Design System alongside the Fall Creators Update. Around three months ago, initial implementations of this system were observed with the release of the Fall Creators Update. Microsoft’s upcoming feature updates, Redstone 4 and Redstone 5 are too expected to include even more Fluent Design additions in 2018.

As of yet, the update hasn’t been rolled out for Windows 10 Mobile.

Source: Neowin

The post Microsoft updates messaging app in Windows 10 appeared first on TechWorm.

Russian ATM hacked with 5 keystrokes – Video

Slapping a full-size QUERTY keyboard on an automated teller machine is not the best way to keep the ATM safe from prying hands, as one Sberbank customer found out this holiday season.

In early December, an employee of Russian website Habrahabr went to get some cash from a Sberbank ATM that incidentally had a full-size keyboard. Out of boredom, as the man recalls, he started hitting the Shift key repeatedly when, all of the sudden, the Sticky Keys feature switched on, giving him full access to the machine’s underlying Windows XP operating system.

Sticky Keys, an accessibility feature originating in Apple’s System 6, is shared by many GUI-based operating systems, including Microsoft’s ancient Windows XP.

By pressing the Shift key five times in a row, Windows serializes keystrokes, allowing the user to press and release modifier keys. This eliminates the need to hold one key with a finger while reaching for other keys.

While it’s certainly helpful to users who have physical disabilities or to those with Emacs Pinky syndrome, Sticky Keys leaves Windows-based ATMs vulnerable to attacks – especially when customers are offered a full-size keyboard. The hack was captured on video and posted to YouTube (embedded below) for everyone’s viewing pleasure.

https://youtu.be/vMP6zu38YE4

As the footage shows, Sticky Keys let the user quickly access the Windows XP UI, including the Start menu and taskbar. Access to these areas of the OS means a malicious user could try to modify the way the ATM works, shut down the machine, use the ATM as a regular PC and, under the right conditions, maybe even deploy malware.

Sberbank took weeks to fix the problem, according to the Habrahabr post, but eventually patched all its ATMs. A bank statement appeared to downplay the flaw as a “peculiarity” of its systems that otherwise “did not carry any risks for device security.”

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Smashing Security podcast #058: Face ID, Firefox, and Windows SNAFUs, plus Bitcoin FOMO

Is Face ID racist? Has Mr Robot infected your Firefox browser? Has Microsoft pushed a buggy password manager onto your Windows PC?

All this and much much more is discussed in the special first birthday edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original co-host Vanja Švajcer.

Free tools: Internet traffic monitoring

Are you an amateur analyst or security enthusiast looking for free tools to do some basic Internet traffic monitoring? You’ve come to the right place. Not everyone is versed in the use of robust tools like Wireshark (even though it is worth the trouble of learning if you have to do network traffic analysis on a regular basis). So let’s take a look at some free, simple tools to get started.

There are several alternatives to Wireshark for Windows systems, and we will shed a little light on the ones that we like the most. Each has its own strength, and therefore it will depend on your specific needs to select the program that’s right for you. We have focused on tools that you can use on a local system and that run on the same system, to the exclusion of remote traffic monitoring and network monitoring software.

URL Revealer by Kahu security

URL Revealer is a web proxy that will capture requests and then drop them. I use it primarily to find out what a script or program is trying to download, especially when I have no interest in the files it’s trying to download. This happens a lot when we already know what malware will be downloaded but want to know the domains they’ll be coming from (so we can block them). The program is a command line utility. You can use the –o switch to write the log to a text file, from which you can easily harvest the resulting domains. The beauty of the dropped requests is that any dropper or downloader will assume the download it tried first is off-line and will move on to try the next one. This way you can grab all the options the downloader tries without getting actual malware on your system.

TCPView and Tcpvcon by Microsoft sysinternals

TCPView is a program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and the state of active TCP connections. Since TCPView also shows you which program is responsible for which connection, it is very suitable to figure out which process is communicating on that strange port you noticed.

TCPView

A cryptominer in a Chrome process

The program Tcpvcon that comes with TCPView is a command line utility which is very similar to netstat. The –c switch exports the output as a CSV file.

Fiddlercap by Telerik

Fiddlercap is the little brother of Fiddler, and it’s so easy to use that specialists often ask users to use it and capture a small portion of traffic so they can remotely analyze if there are any bugs. The tool creates a .saz file, which allows the specialist to replay the events in Fiddler or Wireshark. This is ideal to find bugs on sites or observe strange browser behavior. Fiddler itself is a free web debugging proxy for any browser, system, or platform. But there’s a bit of a learning curve to use its full potential.

BitMeter 2 by Codebox Software

If you are only interested in how much of your bandwidth is being used—maybe because your ISP has restricted your usage—then BitMeter 2 might be what you are looking for. It displays your current usage and you can set an alarm to warn you when your usage reaches a certain percentage of your cap.

Built-in Windows tools

It’s sometimes easy to forget Windows comes with built-in tools like Resource Monitor that can show you the current usage by the application on the Network tab.

Resource Monitor

And if you’re running Windows 10, you can use the App history tab in Task manager to see the usage from the date when Windows 10 began monitoring your apps. You can also click the Delete usage history link to reset the data usage counter, otherwise it will reset automatically every 30 days.

Suggestions?

Do you have your own favorites? Please let us know about them in the comments! But, no URLs please, or your post will be “automagically” blocked by our filters.

The post Free tools: Internet traffic monitoring appeared first on Malwarebytes Labs.

Yes, your PC is getting slower. But why?

I’m sure you know the feeling. You used to have a nice brand-new computer and everything loaded so quickly. It was a pleasure to use it. But now it is slowing down and you see more and more of the dreaded spinning hourglass, or some other animated mouse pointer. Yes, a computer is really like a marriage. Everything is so nice in the beginning, but friction is often building up over time. Both need some maintenance to avoid problems. 😉

You have to fix your marriage yourself, I’m not an expert in that field. But let’s take a closer look at the computer because it’s a lot easier to understand. First the three most common reasons for slowness.

  1. Your system is getting clogged up by junk. You have unnecessary programs installed and there is virtual garbage everywhere.
  2. Your system is just getting too old. You are running out of hardware capacity as you want to do more with the latest program versions.
  3. You are infected. Malware on the system is stealing your capacity.

I will in this article focus on the first point as it is by far the most common reason. But first a couple of words about the other reasons. Number 2 is pretty obvious. If your system is too old then you need to get a new computer. My only advice here is to consider if you really need a traditional PC or if a tablet could do the work. The mobile devices have a much more modern architecture, which improves security. Number 3 is also quite straightforward. If you suspect this, you just need to check out F-Secure Internet Security  or SAFE.

Ok, but now to the real beef. Your problem is most likely an messy system, but what to do? This problem is technically complex and there is probably a large number of smaller factors that all contribute to a significant slowdown. Now you have two options, do it yourself or get a cleaning tool. A lot can actually be done manually. Just Google for “speed up PC”, or something similar, and you have tons of instructions of varying relevance, quality and level of technical competence. Works well for nerds, but many don’t want to go there.

That’s why we made F-Secure Booster. I have been running this tool for a while on my computer, and it’s really a convenient way to keep the system in shape. You can clean a lot automatically just by a clicking a button. But Booster also has a fairly comprehensive set of optimizations that you can review and select one by one. So it’s easy to use, but can also keep the more technically savvy users occupied for a while. Quite a nice combination in my opinion.

So why not give F-Secure Booster a try right away? It may push the end-of-life of your PC forward by several years. And makes sure you get less gray hair.

 

Safe surfing,
Micke

 

PS. I wish there was a simple tool for revitalizing marriages too. And I leave it to you to come up with funny analogies between marriages and the problems #2 and #3. 😉

 

Image by Kimchi.sg

Which operating system is the most secure? Four points to remember.

No, you are almost certainly wrong if you tried to guess. A recent study shows that products from Apple actually are at the top when counting vulnerabilities, and that means at the bottom security-wise. Just counting vulnerabilities is not a very scientific way to measure security, and there is a debate over how to interpret the figures. But this is anyway a welcome eye-opener that helps kill old myths.

Apple did for a long time stubbornly deny security problems and their marketing succeeded in building an image of security. Meanwhile Windows was the biggest and most malware-targeted system. Microsoft rolled up the sleeves and fought at the frontline against viruses and vulnerabilities. Their reputation suffered but Microsoft gradually improved in security and built an efficient process for patching security holes. Microsoft had what is most important in security, the right attitude. Apple didn’t and the recent vulnerability study shows the result.

Here’s four points for people who want to select a secure operating system.

  • Forget reputation when thinking security. Windows used to be bad and nobody really cared to attack Apple’s computers before they became popular. The old belief that Windows is unsafe and Apple is safe is just a myth nowadays.
  • There is malware on almost all commonly used platforms. Windows Phone is the only exception with practically zero risk. Windows and Android are the most common systems and malware authors are targeting them most. So the need for an anti-malware product is naturally bigger on these systems. But the so called antivirus products of today are actually broad security suites. They protect against spam and harmful web sites too, just to mention some examples. So changes are that you want a security product anyway even if your system isn’t one of the main malware targets.
  • So which system is most secure? It’s the one that is patched regularly. All the major systems, Windows, OS X and Linux have sufficient security for a normal private user. But they will also all become unsafe if the security updates are neglected. So security is not really a selection criteria for ordinary people.
  • Mobile devices, phones and tablets, generally have a more modern systems architecture and a safer software distribution process. Do you have to use a desktop or laptop, or can you switch to a tablet? Dumping the big old-school devices is a way to improve security. Could it work for you?

So all this really boils down to the fact that you can select any operating system you like and still be reasonable safe. There are some differences though, but it is more about old-school versus new-school devices. Not about Apple versus Microsoft versus Linux. Also remember that your own behavior affects security more than your choice of device, and that you never are 100% safe no matter what you do.

 

Safe surfing,
Micke

 

Added February 27th. Yes, this controversy study has indeed stirred a heated debate, which isn’t surprising at all. Here’s an article defending Apple. It has flaws and represent a very limited view on security, but one of its important points still stands. If someone still thinks Apple is immortal and invincible, it’s time to wake up. And naturally that this whole debate is totally meaningless for ordinary users. Just keep patching what you have and you will be fine. 🙂 Thanks to Jussi (and others) for feedback.

 

Wirelurker for OSX, iOS (Part I) and Windows (Part II) samples


PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao



PART I


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector


Sample credit: Claud Xiao


Download

Download Part I
Download Part II

Email me if you need the password




List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595


│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt


Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases
│       foundation
├───dropped
│   ├───version_A
│   │   │   com.apple.globalupdate.plist
│   │   │   com.apple.machook_damon.plist
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │   watch.sh
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │       com.apple.globalupdate.plist
│   │       com.apple.itunesupdate.plist
│   │       com.apple.machook_damon.plist
│   │       com.apple.watchproc.plist
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │   com.apple.appstore.plughelper.plist
│       │   com.apple.appstore.PluginHelper
│       │   com.apple.MailServiceAgentHelper
│       │   com.apple.MailServiceAgentHelper.plist
│       │   com.apple.periodic-dd-mm-yy.plist
│       │   com.apple.systemkeychain-helper.plist
│       │   periodicdate
│       │   stty5.11.pl
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
├───iOS
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       stty5.11.pl
├───IPAs
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
├───original
│       BikeBaron
│       CleanApp
│       FontMap1.cfg
│       start.sh
└───update
        start.sh
        update