Recently Browsing 0 members
No registered users viewing this page.
by Razvan Serea
WinLock ensures that only authorized people can access sensitive information on your computer. With WinLock you can control how long others can use your computer. It runs from the system tray and requires a password to gain access to the available settings. It loads automatically with Windows and allows you to add an optional startup message, provide audio notification, and set the time limit. Once that limit is reached, Windows is summarily shut down. You can toggle the timer on and off from the tray. When enabled, there is no way around it without the proper password.
WinLock also allows to disable Windows hot keys (such as Alt-Ctrl-Del, Alt-Tab, Ctrl-Esc, etc.), lock Windows desktop, customize Start menu, hide Start button and Switch bar, and much more...
Block Windows and Lock Files features allow to block virtually any application or any part of it (window, popup message, dialog box), Explorer Windows (My Computer, Recycle Bin etc.), and lock selected files. Restricted sites feature filters Internet content and prohibits access to questionable websites.
WinLock is available in two editions: Standard and Professional. WinLock Professional offers all features of the WinLock, plus several advanced security capabilities of interest to the professional users. The advanced features of the Professional edition are:
Support for multi-user environment Internet Explorer restrictions Google Chrome restrictions Search through website for prohibited keywords Guest password USB key authentication Webcam snapshots Flexible removable drive restrictions WinLock 9.0.3 changelog:
System window frame option.
Active days of week under timer settings.
Redirect now works with most known browsers.
Download: WinLock 9.0.3 | WinLock Pro 9.0.3 | ~10.0 MB (Shareware)
Links: WinLock Home Page | WinLock Pro Screenshot
Get alerted to all of our Software updates on Twitter at @NeowinSoftware
Google thinks bug hunting could get easier thanks to its new unified platform
by Sayan Sen
Google has launched today its new dedicated website for bug hunters which can be accessed via the following URL: bughunters.google.com. The new website unifies all the Vulnerability Rewards Program (VRPs), which comprises Google, Android, Chrome, Google Play, as well as Abuse, and should make submitting newfound bug reports and such easier. The platform has been launched to celebrate the 10-year anniversary of the VRP launch although the celebration appears to be a bit late.
Other improvements that Google notes are detailed below:
Google says that when it launched its bug-hunting program back in 2010, the company received 25 reports far exceeding the expectations, and after 10 years, here's how it stands:
Total bugs rewarded: 11,055
Number of rewarded researchers: 2,022
Total rewards: $29,357,516
You may find more information on the official blog post here.
By Usama Jawad96
Fake Windows 11 installers are being used to distribute malware
by Usama Jawad
Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.
This distribution of Windows 11 via fake installers isn't sophisticated by any means. It relies on people downloading a shady installer and then clicking through the terms and conditions without reading them to initiate the installation.
A report from Kaspersky states that a file called "86307_windows 11 build 21996.1 x64 + activator.exe" is making the rounds on the internet. While the file size is 1.75GB and the name indicates that it contains Windows 11 build 21996.1 - which is actually an outdated build that leaked ahead of Microsoft's official unveiling of the OS - and a key activator on top, it is actually a single and "useless" DLL file.
When users initiate the installation process via this file, it downloads and runs another executable. It also comes with a full-fledged license agreement which states that some "sponsored programs" will be installed on your machine. People who accept it without reading it get malicious software installed on their PC. Kaspersky notes that this software can be anything ranging from adware to Trojans to programs that steal your credentials. The company says that it has tackled hundreds of infection attempts that utilize this technique to supposedly distribute Windows 11.
Kaspersky can cautioned that official methods such as the Windows Insider Program should be used to install builds, and that the OS should not be installed on a primary machine yet since it can lead to stability issues.
Source and image: Kaspersky via XDA Developers
By Usama Jawad96
Microsoft acquires CloudKnox Security to enhance unified privileged access management
by Usama Jawad
In the past couple of months, Microsoft has made two major acquisitions when it comes to enhancing the security of its cloud platform. It acquired cybersecurity firm RiskIQ for a reported $500 million earlier this month as well as ReFirm Labs in June to improve its Azure Defender for IoT platform. Today, it has announced that it is purchasing CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM).
CloudKnox Security's expertise lies in helping organizations enforce least-privilege access, right-size permissions, ensure compliance, and provide analytics to identify potential attack surfaces in cloud environments.
Microsoft says that while traditional entitlement management solutions work well in on-premises environments, they do not cater to multi-cloud and hybrid environments. Even if the attack surface is reduced by having siloed systems, there is generally a lack of unified visibility across environments. Considering that customers now have lots of service entities running and communicating with each other without human intervention, this makes it difficult to configure the correct permissions - the lack of which results in security breaches.
This is where CloudKnox Security comes into play. Microsoft says that via this acquisition, it will offer Azure Active Directory (AAD) customers continuous monitoring at a granular level across hybrid and multi-cloud environments and will enable auto-remediation capabilities as well.
The ultimate goal is to provide customers with a solution through which they have visibility over privileged access management, identity governance, and entitlement management. This will be accomplished by automated enforcement of policies, anomaly detection via machine learning, and integration with existing Microsoft security solutions such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel.
By Usama Jawad96
Chrome now features better privacy and security without draining the battery
by Usama Jawad
Google Chrome 92 is rolling out later today with a number of enhancements such as Bluetooth device filtering, enhancements to PWAs, and deprecation of a payment handler configuration. Now, the company has detailed certain privacy- and security-related features that it is rolling out to Chrome today as well.
Chrome users may have noticed that some sites ask for extra permissions such as microphone and location. To allow you to keep track of what permissions a site is utilizing, you can simply click on the lock icon in the address bar which now shows an updated panel showing the permissions you have granted. You can toggle these permissions as well. Currently, this capability is only present on Android phones and tablets. Google says that future enhancements will also include the ability to delete the site from your browsing history.
Improvements are being made to Chrome Actions as well. For those unaware, this feature was introduced in Chrome 87 in November 2020, and enables users to perform actions such as deleting history or cookies right from the address bar of the browser. Today, it is getting new actions such as the ability to type "safety check" to validate the security of your passwords and scan for malicious extensions. Other actions include "manage security settings" and "manage sync".
Finally, on the security front, Google is expanding Site Isolation on Chrome. In-depth technical details can be found on the technical blog here, but in a nutshell, the capability isolates sites and extensions from each other so a malicious extension or site is not able to steal your data from another website. The feature is being expanded to cover more websites and extensions. The company has boasted that with new image processing techniques in Chrome, it has also made phishing detection 50 times faster with the process draining even lower battery than before. You can find out more details about this here.