From TechRadar

[janus]

:P :x

Some Google Chrome ad blockers could stop working next year
By Luke Hughes published about 8 hours ago
API changes meant to increase user privacy may have an unwelcome side-effect

The developer of a Google Chrome ad blocker extension has conceded that there isn’t “much point” to their latest release, as several key features have had to be removed.

Raymond Hill, the brains behind the popular uBlock Origin Chrome extension, made the comment in his commit of the new version(opens in new tab) on GitHub, in reference to Google’s upcoming shift to its Manifest v3 (MV3) API.

Hill cited the move to withhold "broad read/modify data permissions” from Chrome developers under MV3 as the “limiting factor” in the development of the new version of the extension, recommending that users continue to use the MV2 extension if they want to benefit from uBlock Origin’s current range of features.

Google Chrome's new API changes
Under development since 2018, Google’s new MV3 API is said to protect users’ security and privacy, as well as offering a material performance boost.

The removal of key read and modify data permissions relied on by most Chromium-based privacy and ad blocking tools may seem like a positive step in this direction, but Chrome users may find privacy tools harder to find and to use in the future.

They may instead look to VPN services and the best VPN routers to be safe online, or simply another web browser.

Since January, Google has already prohibited the creation of new MV2 extensions, but by January 2023, developers will be unable to update extensions on the old API, and they will cease to run entirely on consumer browsers.

From then on, Google Chrome ad blocking extension users may come across more informational pop-ups on websites asking them to accept cookies before being allowed to continue browsing, and be redirected away from websites without asking more often.

As a result, it’s uncertain whether there’ll be much of a future for the Chrome versions of ad blockers and privacy tools in the new year.

[janus]

Microsoft Office lets hackers execute arbitrary code, update now
By Sead Fadilpašić published 44 minutes ago

A newly discovered flaw in Excel lets hackers run arbitrary code

Cybersecurity researchers from Cisco Talos recently discovered a high-severity vulnerability in Microsoft Office that would allow potential threat actors to remotely execute malicious code on the target endpoint.

Announcing the news in a short blog post published earlier this week, the office software developer said its researcher Marcin 'Icewall’ Noga uncovered a class attribute double-free vulnerability affecting Microsoft Excel.

By running a weaponized Excel file, the victim would allow the attacker to execute arbitrary code on their device. The vulnerability is now being tracked as CVE-2022-41106, and other than that, details are scarce.

What we do know is that Microsoft was notified and has already provided a patch. Excel users are advised to update their software to version 2207 build 15427.20210 and version 2202 build 14931.20660.

Microsoft’s productivity suite continues to be one of the most popular attack vectors among cybercriminals. Up until recently, Office documents with malicious macros, distributed via email, were the most popular way to have office workers download and run malware on their computers, opening up the doors to more destructive cyberattacks such as ransomware or identity theft.

More recently, Microsoft decided to prevent the software from running macros at all, in files downloaded from the internet, as opposed to the trusted, local network.

That prompted cybercriminals to move away from macros and into Windows shortcut files (.lnk) which are now widely used to side-load malicious .dlls, and other kinds of malware.

Regardless of the security measures implemented by software makers and companies, one truth remains - the employees are still the weakest link in the cybersecurity chain. Unless they are educated and trained to stop cyberattacks, crooks will always find a way to trick them into downloading and running malware.

Besides this, making sure the staff isn’t overworked and distracted can also help improve the cybersecurity posture of any company.

[janus]

Microsoft’s embarrassing Windows 11 printer fail finally gets fixed – but is it too late?
By Darren Allan published about 1 hour ago

Windows 11 printer nightmare has at least now been resolved for good

Microsoft has officially marked a frustrating printer bug as resolved, and those folks who were being blocked from upgrading to Windows 11 22H2 due to the compatibility issue will doubtless be pleased to hear that.

You might recall this seriously troublesome bug that emerged in late September 2022, forcing printers to revert to their default settings. By default, many important features weren’t available – we’re talking about printing in duplex, higher resolutions, and maybe even color, which could obviously be major stumbling blocks.

The good news is that as Neowin spotted, Microsoft officially marked the issue as resolved just a few days ago (November 18). In actual fact, the safeguard blocking devices which could run into this bug was removed a week previously – therefore allowing those machines to update to Windows 11 22H2 – though it could still take some time for the upgrade to come through.

At this point, though, any machine with a connected printer that could fall prey to this bug should be able to go ahead and upgrade to 22H2 successfully without waiting.

Microsoft observed : “Any printer still affected by this issue should now get resolved automatically during upgrade to Windows 11, version 22H2.”

Analysis: A rocky road, for sure

This has been a bit of a rocky road for those with an affected printer wishing to upgrade to Windows 11 22H2, of course, as the bug has hung around for quite some time. As noted, it was two months ago that it first came to our attention, so this has hardly been a quick fix.

With a lot of questions being asked about the prevalence of Windows 10 bugs in the past, and now Windows 11 apparently continuing with a worrying amount of problems in terms of quality assurance, the whole affair isn’t a great look for Microsoft. Yes, we’ve banged this drum many times, but we’ll continue to do so while bugs like this printer-related gremlin – or other flaws such as File Explorer crashing or slowing down Windows 11 PCs – are still popping up far too often for our liking.

If you’ve been suffering at the hands of a gremlin in the works with Microsoft’s latest OS, be sure to check out our guide to solving common problems with Windows 11.

[janus]

:handgestures-thumbdown:

Windows 11 really wants you to get a VPN
By Craig Hale published about 11 hours ago
Windows 11 set to add new VPN icon

Windows 11 2022 update

The latest build of Windows 11 is set to get a VPN indicator in its notification area, making it easier for users to check their connection status or connect more easily.

According to multiple reports highlighted by Neowin upcoming builds of Windows 11 will feature the new icon as Microsoft addresses the growing popularity of VPN services across the world.

Apple fans will already be familiar with the feature, with VPN indicators available in the macOS taskbar along with a status bar icon for iOS devices. In fact, even Android devices have had an icon appear in their status bars, leaving Windows machines somewhat left out when it comes to using VPNs.

There are some caveats, though, as pointed out by Neowin. Firstly, the icon only appears to be working with a wired connection, so users with a Wi-Fi connection won’t be able to check their connection so easily.

Also, it seems that the operating system will not recognize third-party VPN apps, which will leave a large portion of VPN users uncatered for. The VPN connection will need to be set up from the system settings in order to function as described.

Then, of course, there is the fact that these are just rumours and speculations derived from those with early access, who have been fortunate enough to have a dig around build 25247. It’s likely that Microsoft will continue to fine-tune the VPN status icon to include Wi-Fi connections, and possibly third-party apps, maybe before its full release. That’s if it makes the cut, and isn’t delayed until the next build.

Also forming part of the latest update to the OS, users will be able to quickly toggle between video and mic effects from Quick Settings and select from energy saving options to improve efficiency. Details on these updates can be read on the Microsoft blog(opens in new tab).

[janus]

Antivirus software can be hijacked to wipe data
By Will McCurdy published about 9 hours ago


Up to 50% of popular antivirus tools could be impacted

Many popular pieces of antivirus software such as Microsoft, SentinelOne, TrendMicro, Avast, and AVG can be exploited for their data deletion capabilities, a top cybersecurity researcher has claimed.

In a Proof-of-Concept document(opens in new tab) dubbed "Aikido", Or Yair, who works for cybersecurity firm SafeBreach, explained how the exploit works via what is known as a time-of-check to time-of-use (TOCTOU) vulnerability.

Notably, in martial arts, Aikido refers to a Japanese style where the practitioner looks to use the movement and force of the opponent against himself.

How does it work?
The vulnerability can be used to facilitate a variety of cyber-attacks known as "Wipers" according to Yair, which are commonly used in offensive war situations.

In cybersecurity, a wiper is a class of malware aimed at erasing the hard drive of the computer it infects, maliciously deleting data and programs.

According to the slide deck, the exploit redirects the "superpower" of endpoint detection software to "delete any file no matter the privileges".

The complete process outlined involved creating a malicious file in "C:\temp\Windows\System32\drivers\ndis.sys".

This is followed by holding its handle and forcing the "AV/EDR to postpone the deletion until after the next reboot".

This is followed by then deleting the "C:\temp directory" and "creating a junction in C:\temp --> C:\", followed by then rebooting the machine.

Only some of the most popular antivirus brands were impacted, around 50% according to Yair.

According to a slide deck prepared by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus were some of those affected by the vulnerability.

Luckily for some, products such as Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender were unscathed.

[massimilianogoi]

That happened to me with paid BitDefender back in 2016: I got a cryptolocker, the worst virus ever, that screwed almost all my photos, videos and files by overwriting them. NEVER, EVER SPEND MONEY OR INSTALL BITDEFENDER! Many IT articles, mostly written by newbies just copying and who never tried it, claim it to be the best antivirus, while it's the worst ever, working as a backdoor for the worst hackers on the planet.

The antivirus that is in Windows is more than enough, from 8.1 to above.

Antivirus software can be hijacked to wipe data
By Will McCurdy published about 9 hours ago


Up to 50% of popular antivirus tools could be impacted

Many popular pieces of antivirus software such as Microsoft, SentinelOne, TrendMicro, Avast, and AVG can be exploited for their data deletion capabilities, a top cybersecurity researcher has claimed.

In a Proof-of-Concept document(opens in new tab) dubbed "Aikido", Or Yair, who works for cybersecurity firm SafeBreach, explained how the exploit works via what is known as a time-of-check to time-of-use (TOCTOU) vulnerability.

Notably, in martial arts, Aikido refers to a Japanese style where the practitioner looks to use the movement and force of the opponent against himself.

How does it work?
The vulnerability can be used to facilitate a variety of cyber-attacks known as "Wipers" according to Yair, which are commonly used in offensive war situations.

In cybersecurity, a wiper is a class of malware aimed at erasing the hard drive of the computer it infects, maliciously deleting data and programs.

According to the slide deck, the exploit redirects the "superpower" of endpoint detection software to "delete any file no matter the privileges".

The complete process outlined involved creating a malicious file in "C:\temp\Windows\System32\drivers\ndis.sys".

This is followed by holding its handle and forcing the "AV/EDR to postpone the deletion until after the next reboot".

This is followed by then deleting the "C:\temp directory" and "creating a junction in C:\temp --> C:\", followed by then rebooting the machine.

Only some of the most popular antivirus brands were impacted, around 50% according to Yair.

According to a slide deck prepared by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus were some of those affected by the vulnerability.

Luckily for some, products such as Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender were unscathed.

[janus]

That happened to me with paid BitDefender back in 2016: I got a cryptolocker, the worst virus ever, that screwed almost all my photos, videos and files by overwriting them. NEVER, EVER SPEND MONEY OR INSTALL BITDEFENDER! Many IT articles, mostly written by newbies just copying and who never tried it, claim it to be the best antivirus, while it's the worst ever, working as a backdoor for the worst hackers on the planet.

The antivirus that is in Windows is more than enough, from 8.1 to above.

Antivirus software can be hijacked to wipe data
By Will McCurdy published about 9 hours ago


Up to 50% of popular antivirus tools could be impacted

Many popular pieces of antivirus software such as Microsoft, SentinelOne, TrendMicro, Avast, and AVG can be exploited for their data deletion capabilities, a top cybersecurity researcher has claimed.

In a Proof-of-Concept document(opens in new tab) dubbed "Aikido", Or Yair, who works for cybersecurity firm SafeBreach, explained how the exploit works via what is known as a time-of-check to time-of-use (TOCTOU) vulnerability.

Notably, in martial arts, Aikido refers to a Japanese style where the practitioner looks to use the movement and force of the opponent against himself.

How does it work?
The vulnerability can be used to facilitate a variety of cyber-attacks known as "Wipers" according to Yair, which are commonly used in offensive war situations.

In cybersecurity, a wiper is a class of malware aimed at erasing the hard drive of the computer it infects, maliciously deleting data and programs.

According to the slide deck, the exploit redirects the "superpower" of endpoint detection software to "delete any file no matter the privileges".

The complete process outlined involved creating a malicious file in "C:\temp\Windows\System32\drivers\ndis.sys".

This is followed by holding its handle and forcing the "AV/EDR to postpone the deletion until after the next reboot".

This is followed by then deleting the "C:\temp directory" and "creating a junction in C:\temp --> C:\", followed by then rebooting the machine.

Only some of the most popular antivirus brands were impacted, around 50% according to Yair.

According to a slide deck prepared by the researcher, Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus were some of those affected by the vulnerability.

Luckily for some, products such as Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender were unscathed.

If I remember correctly you posted about this at the time - horrible experience.

[janus]

Three In One !


Microsoft’s campaign to popularize Edge appears to be paying off - but is it?
By Lewis Maddison published about 11 hours ago
Big increase in Microsoft download page visits looks impressive, but will the browser edge out the competition soon?

Microsoft’s push to attract users to proprietary Edge browser seems to be working, at least according to one major traffic metric.

There has been a sustained effort from Microsoft to promote Edge since its relaunch in January 2020, and figures provided to TechRadar Pro by SimilarWeb reflect this: visits to the browser’s download page increased that month by over six and a quarter million compared to December 2019, from 228,644 to 6,524,646.

There was another spike in May 2022, with visits going up by almost a million over the previous month - possibly due to Microsoft's April 2022 announcement that Edge would support the use of VPNs.

Anyone using Windows machines or Microsoft applications will be well aware of the constant prompts to use Edge, with links to the download page accompanied by promises of faster performance with first-party services such as its email provider Outlook.

The company has certainly focused on integrating these services within the browser, however despite these efforts, Microsoft Edge still pales in comparison to Google Chrome and Apple’s Safari in terms of overall usage.

Although SimilarWeb was unable to provide download metrics for these browsers - their respective privacy policies prevent such data from being gathered - it is well known that these rivals dominate the browser space by a huge margin(opens in new tab).

However, Edge is gaining ground on Mozilla’s Firefox, once one of the most popular browsers in the world. Between May and September 2022, Edge has consistently outperformed Firefox in the number of download page visits, averaging a million more than its rival.

In fact, when looking at confirmed downloads, Firefox’s popularity appears to have waned significantly. Its global monthly average for confirmed downloads between October 2019 and September 2022 was just under 60,000.

On this front, it was beaten most comprehensively by Opera (2,312,387), which has surged in popularity in recent years, perhaps due to its free integrated VPN, a browsing feature which continues to gain traction with general users.

The anonymous browser Tor also bested Firefox, with a monthly average of 1,046,939 confirmed downloads. In fact, the only browser in the data to perform worse than Firefox was Brave, which managed an average of just over 30,000 confirmed downloads during the period.

Tor’s relative success speaks to the rising concern of online privacy, as users become more conscious and even suspicious of the often relentless gathering of personal data by Big Tech. In fact, according to a recent survey jointly conducted by Opera and ad filter firm Eyeo, over 80% of consumers are willing to switch browsers if it means improving their privacy protections.

It appears Microsoft Edge is hoping to emulate the success of Safari and Chrome by becoming the default browser for many users. The problem is that these browsers have the benefit of being tied into each of their company’s vast ecosystems - Microsoft doesn’t have that same grip. At the moment, it is trying its best to make it the default browser for Windows 11 users, but currently there are few of these around.

The company does appear to be continuing to cultivate its own ecosystem, though. With PC sales down, and more worryingly, the tumbling revenue of its flagship Windows OEM sector, it seems the OS giant is shifting focus in other directions. Its cloud services, such as Azure and Microsoft 365, as well as video conferencing platform Teams, are seeing success in the business sector, but for the general user Microsoft is often again eclipsed by its two biggest rivals.

What’s more, Microsoft is virtually non-existent in the mobile market, which has brought Apple and Google so much success. With mobile devices ubiquitous around the world, nearly all of them either Android or iPhone, users are again tied into their systems and software, which includes their first-party browsers. Microsoft’s entry into the mobile market is all but dead, having failed to get off the ground in the slightest.

And then there is the hassle of switching browsers, with users having all their login and password stored in them, all the extensions and settings they have tailored to their personal preferences, built up over years and integrated with other services. If you are a user of Safari or Chrome, why on earth would you bother switching to Edge now?

The same of course is true for anonymous browsers. Despite the aforementioned survey from Opera and Eyeo, it appears that their optimistic results haven’t manifested themselves in the real world.

But if the minor trend of using anonymous browsers does take off, then Edge will be hung out to dry. The browser’s record on safeguarding user privacy is no better than its mainstream rivals, and the same goes for Microsoft in general, with Windows 11 receiving flak for its invasive practices too.

So, Microsoft Edge looks like it wants to muscle in on the default browser space, adopting the same promotional tactics as its rivals ahead of them. If we look solely at download page visits, then it seems like Edge is gaining ground. However, despite the rising numbers, Edge’s adoption rates pale in comparison to the big two. If Microsoft is serious about taking them on, then it's going to need a much more compelling reason for users to switch than it working a bit better with Outlook and a few business apps.



Microsoft bans cryptomining in Azure
By Lewis Maddison published about 7 hours ago
Microsoft is worried about damage to its online services and fraudulent activities


Microsoft has officially banned cryptomining within its Azure cloud services in a rather inconspicuous way.

An update(opens in new tab) to its Universal License Terms for Online Services, which mainly applies to its cloud platform, states that "mining cryptocurrency is prohibited without prior Microsoft approval."

The post goes on to explain that written approval is needed for those looking to use the company's services for cryptomining, clarifying that "neither customer, nor those that access an online service through customer" are permitted to leverage them for this purpose.

The policy change was also posted(opens in new tab) in the Azure Solution Area of Microsoft's Partner Community webpage, under the heading "Important actions partners need to take to secure the partner ecosystem".

Here, it was listed as among the changes to "minimize potential fraud damage to your customers’ subscriptions". Again, it stressed the need for "written pre-approval... granted by Microsoft" to sanction the use of its servers for sourcing the digital tokens.

Microsoft is concerned about the dangers such activities present to their infrastructure. In responding to a query from the The Register(opens in new tab), the tech giant commented that mining for cryptocurrencies can "cause disruption or even impairment to online services and its users", adding that cryptomining "can often be linked to cyber fraud and abuse attacks such as unauthorized access to and use of customer resources."

They did add the caveat, however, that cryptomining "may be considered for testing and research for security detections."

Microsoft isn't alone in restricting cryptomining on its cloud platforms. Google Cloud, Oracle and OHVcloud have all banned it from their services, and Amazon Web Services only allows it within its paid subscription tiers.

Microsoft has prohibited mining for a while on its free tier, but has only now escalated its policy to its paid-for options as well.



This Android browser might have leaked the details of millions of users
By Craig Hale published about 10 hours ago
As many as five million users could have had data compromized


A popular Android browser app with more than five million downloads on the Google Play Store may have been leaking user data including browser history, experts have claimed.

Cybernews(opens in new tab) says it discovered that the ‘Web Explorer - Fast Internet’ app had left its Firebase instance open - a mobile application development platform that’s designed to assist with analytics, hosting, and cloud storage.

At risk is five days’ worth of redirect data, including country, direct initiating address, redirect destination address, and user country, all presented by user ID.

Cybernews senior journalist Vilius Petkauskas, explains that getting their hands on this data alone may not be enough to give threat actors what they seek, however cross-referencing it with additional details could prove harmful.

The app was also found to be hardcoding on the client side, including keys relating to anonymized partial user browsing history, unique public identifiers, and a cross-server communication enabler.

“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” CyberNews noted.

It has since been discovered that the open Firebase instance has been closed and is no longer accessible, which means that threat actors can no longer access sensitive data. However, it’s not all good news: Cybernews reached out to the app’s team about its findings, but it’s yet to receive a reply.

Further digging also uncovers that the app was last updated in October 2020, meaning that the hardcoded ‘secrets’ are likely still there. The researchers write: “...we can only guess what other information could be leaking through the application’s secrets”.

[janus]

:greetings-clappingorange:

This critical Windows security flaw could be as serious as WannaCry, experts claim
By Sead Fadilpašić published about 10 hours ago

A patch is already available, so update Windows now

A vulnerability more serious than EternalBlue was sitting in Windows for some time, before being finally discovered and patched, experts have revealed.

For those with shorter memory, EternalBlue was an NSA-built zero-day for Windows which gave birth to WannaCry, possibly the most devastating global ransomware threat to ever emerge.

Researchers from IBM, which discovered the flaw, said that it was even more potent as it resided in a wider range of network protocols, giving threat actors more flexibility when conducting their attacks.

The flaw, tracked as CVE-2022-37958, isn’t exactly new, as it was discovered - and patched - three months ago.

The news is that no one - not the researchers, not Microsoft issuing the patch - knew exactly how dangerous it really was. In reality, it allows threat actors to run malicious code without the need for authentication. Furthermore, it’s wormable, allowing threat actors to trigger a chain reaction of self-multiplying exploits on other vulnerable endpoints. In other words, the malware abusing the flaw could spread across devices like wildfire.

Discussing the findings with Ars Technica, Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said an attacker could trigger the vulnerability via “any Windows application protocol that authenticates.”

“For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”

When Microsoft first patched it three months ago, it believed the flaw could only allow threat actors to grab some sensitive information from the device, and as such, labeled it as “important”. Now, the company amended the rating, labeling it as “critical”, with a severity score of 8.1.

Unlike EternalBlue, which was a zero-day and left security experts and software makers scrambling to build a fix, the patch for this flaw has been available for three months now, so its effects should be somewhat limited.

[janus]

Google Chrome and Android drop TrustCor support following privacy scare
By Craig Hale published about 9 hours ago

Google, Microsoft, and Mozilla all ditch TrustCor

Google has announced that it is set to drop TrustCor Systems as a root certificate authority (CA) for its web browser.

The tech giant cited a “loss of confidence in its ability to uphold these fundamental principles and to protect and safeguard Chrome's users” in a group discussion(opens in new tab).

Joel Reardon, a professor and mobile space privacy researcher at the University of Calgary, said that his team had “uncovered and disclosed a spyware SDK embedded in apps that were invasively tracking users”.

In a joint effort with Wall Street Journal investigative journalists, it was found that TrustCor was registered just a month apart from the company behind the SKD, known as Measurement Systems, both in Panama.

Reardon points out in his notice: “To be clear, I have found no evidence of TrustCor issuing a bad certificate or otherwise abusing the authority they have in code signing, SMIME, and domain validation… Perhaps the identical ownership of TrustCor and Measurement Systems is a coincidence.”

Beyond this, there are a number of unfortunate, related coincidences that have led companies like Microsoft and Mozilla to drop TrustCor as a root CA, too.

The change is set to take effect with the rollout of Chrome 111, which is set to land on March 7, 2023, following a beta release around one month before. Previous versions of Chrome capable of receiving component updates will also be included in the change.

Just how long we’ll have to wait for the change to make its way to Android devices is uncertain. Unlike Chrome for desktop, which can be tweaked by itself, Android’s root certificate is updated as part of the entire operating system, which is likely to cause a delay.

While some apps, like Firefox for Android, can configure their own set of CAs on top of the operating system’s root store, this isn’t the case with Chrome.

While tech giant Apple is yet to announce any decision that it will make, TrustCor has published a public statement on its website(opens in new tab).