Definitive Best Free AntiVirus Software 2021
23 members have voted
Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
On-premises Exchange servers are under attack from a state-sponsored group
by Usama Jawad
Microsoft has announced that on-premises Exchange servers are under attack likely from a state-sponsored group operating from China. The group is named "HAFNIUM" and is using multiple 0-day exploits to access on-premises Exchange Server instances, which essentially gives access to the email account of victims as well. The malicious actors install additional malware which acts as a backdoor for future attacks as well.
Microsoft has patched all the vulnerabilities with CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, and has recommended that customers update their on-premises systems on an urgent basis. It has noted that Exchange Online is not affected by these attacks.
The Redmond tech giant says that the attack methodology is extremely similar to previous attacks by the HAFNIUM group, which have usually targeted multiple government and private entities in the United States. The details of the vulnerabilities that this group exploited in its latest attack can be seen below:
Microsoft claims that after exploiting the aforementioned vulnerabilities, the malicious actors were able to install web shells on the server, which allowed them to steal data such as offline address books for Exchange which contain information about a business and its users. They also performed certain activities to allow further malicious actions in the future.
In its "Can I determine if I have been compromised by this activity?" section, Microsoft has also outlined several indicators of compromise (IOCs) available in the logs, and hashes, paths, and names of web shells used in the attack. For remediation, it has recommended the use of Azure Sentinel and Microsoft Defender for Endpoint to detect malicious activities. All on-premises Exchange Server instances and systems need to be updated with the latest patches immediately, as per Microsoft.
By News Staff
Mobile Security: How to Secure, Privatize, and Recover Your Devices - free excerpt
by Steven Parker
Claim your complimentary eBook excerpt for free, before the offer expires. Chapter 3 - Privacy - Small Word, Big Consequences.
Learn how to keep yourself safe online with easy- to- follow examples and real- life scenarios. Written by developers at IBM, this guide is the only resource you need to keep your info private.
In this guide you will discover just how vulnerable unsecured devices can be, and explore effective methods of mobile device management and identity protection to ensure your data's security. There will be special sections detailing extra precautions to ensure the safety of family members and how to secure your device for use at work.
What you will learn from this book:
Learn how mobile devices are monitored and the impact of cloud computing Understand the attacks hackers use and how to prevent them Keep yourself and your loved ones safe online How to get it
Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!
Mobile Security: How to Secure, Privatize, and Recover Your Devices - free guide
Offered by Packt Enterprises, view their other free resources.
Not for you?
That's OK, there are other deals on offer you can check out here.
Home Gym Giveaway | Bitcoin (BTC) Investment Giveaway Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.
By Usama Jawad96
Microsoft open sources CodeQL queries used in Solorigate investigation
by Usama Jawad
Last week, Microsoft finally completed its Solorigate investigation, concluding that while some code files for Azure, Intune, and Exchange were accessed, no customer data was compromised. The cyberattack had caused major concern around the globe because it targeted the United States' federal departments, the UK, the European Parliament, and thousands of other organizations. Supply chain attacks were executed on SolarWinds, Microsoft, and VMware, with Microsoft President Brad Smith calling it "a moment of reckoning".
Now, Microsoft has open sourced the CodeQL queries that it utilized in the Solorigate investigation.
Image via Kevin Ku from Pexels For those unaware, CodeQL is code analysis engine which depends upon code semantics and syntax. It develops a database built around the model of the compiling code, which can then be queried just like a regular database. It can be used both for static analysis and retroactive inspection of code.
CodeQL queries were used by Microsoft in its Solorigate investigation in order to analyze its code in a scalable manner and pinpoint indicators of compromise (IoCs) and other coding patterns used by Solorigate attackers directly on a code-level.
Microsoft essentially built multiple CodeQL databases from various build pipelines, and then aggregated them in a single infrastructure to enable system-wide querying capabilities. This enabled the firm to detect malicious activity in code within hours of a coding pattern being described.
Given that this is more of a syntactic and semantic technique that depends upon identifying similarities in coding patterns such as the variable names used, Microsoft has emphasized that if you find the same patterns in your own code base, that does not necessarily mean that it's compromised. Multiple programmers can of course have the same coding style.
At the same time, it is also important to remember that a malicious actor is not constrained to a single coding style. Essentially, if the attacker deviates significantly from their usual implant pattern, they would be able to circumvent Microsoft's CodeQL queries. Regarding the syntactic and semantic code pattern identification capabilities of the CodeQL engine, the Redmond tech giant notes that:
More information about using Microsoft's CodeQL queries is available here. You can find out more about how to deploy queries here.
By Abhay V
Google announces a bunch of new Android features
by Abhay Venkatesh
Google today announced a few new features coming to Android, both via updates to select apps and the OS itself. The features related to security, accessibility, and more, and the rollout is similar to how the company introduced added capabilities to older Android versions late last year.
The first on the list today is the addition of the Password Checkup tool natively to Android, something that first debuted as an extension and then made it to the Chrome browser itself. As the name suggests, the feature helps users keep a tab on the integrity of their saved passwords by notifying them if their credentials have been exposed. This allows users to act on compromised credentials and avoid using passwords that might have been exposed on the web.
Now, the feature integrates with Autofill on Android 9 and newer, notifying users of any potential password exposures and a guide to reset them. Additionally, Autofill can also generate unique passwords and secure that information via biometric authentication, making it a great overall tool for password management.
Next up is a nifty new update to the Messages app that brings the ability to schedule messages to be sent later. Long pressing the send button will now provide an option to set the date and time to deliver the text message. The option to schedule messages has been present for users on Samsung devices via the default Messages app that ships with those devices. Alternatively, users have had to rely on third-party offerings such as Pulse SMS for the feature. The updated Messages app is now rolling out to users on Android 7 and newer.
As for accessibility improvements, the search giant announced a new update to TalkBack, its screen reader for those with impaired vision. The updates include new multi-finger gestures on Pixel and Samsung phones that can be used to perform preset commands like selecting and editing text. There are also new swipe commands for reading through just the headlines or through entire paragraphs. The firm is also adding 25 voice commands to help with actions such as finding particular text on the screen and more. Lastly, there are two new languages for the Braille keyboard.
Google assistant is also receiving some updates that let users interact with it better on the lock screen. The company is adding a new card layout to review Assistant commands right from the lock screen, including alarm and timer options, sending messaging using voice, and more. The firm adds that users can “get things done on [their] phone without needing to be right next to it”.
Another highly awaited feature announced today is the rollout of a dark theme for Maps. While Maps automatically switches to a darker theme when navigating, a proper dark mode has been teased for a while. Users will finally be able to switch to the darker side permanently from the settings, a welcome addition for those that prefer the theming option to conserve battery on AMOLED displays, or just as a matter of preference.
Lastly, the Mountain View company announced new Android Auto features such as “car-inspired backgrounds” and Assistant actions – features that began rolling out earlier this month. For long journeys, the in-car system is also adding voice-activated trivia games. Other new features include a split-screen view of Maps and audio controls – like on Apple CarPlay – on wide screens and a new privacy screen to “control when Android Auto appears on your car display”. These Android Auto features are rolling out to users running Android 6 or newer.
Samsung now promises four years of security updates for Galaxy devices
by João Carrasqueira
Longer-lasting software support has long been one of the factors pointed out when talking about the advantages of iOS compared to Android. In recent years, we've seen an increasing amount of effort from some companies to keep devices updated, with Google itself offering three years of feature and security updates for its Pixel devices.
Now, Samsung is trying to take things a step further by offering a minimum of four years of security updates for its Galaxy devices. Depending on the device you have and how old it is, security updates may be rolled out on a monthly or quarterly basis, but either way, getting security updates for four years is a welcome boon if you want your devices to last longer.
This isn't just a benefit for the latest devices coming out this year, either, nor does it target just flagships. Samsung provides a decently long list of devices that will be eligible for the extended security update period, going back to the Galaxy S10 and Note10 families, the Galaxy A series, and a wide range of tablets. Here's the full list provided by Samsung:
It's worth noting that this support period is even longer than what Google promises for its own Pixel phones - though it should be remembered that these are minimum support periods, and Google has supported some of its phones for longer than the minimum. Either way, if you happen to own or you're considering getting one of these devices, you may rest assured your phone or tablet will be kept safe for a while longer. This doesn't, however, include new Android feature updates, so you won't necessarily getting Android 12 or 13 when those versions are released.