Regardless of how the virus is delivered, the goal is to trick victims into opening emails containing weaponized documents, that direct them to the ObliqueRAT virus payload (version 6.3.5 as of November 2020) through malicious URLs which then ultimately exports sensitive data from their system.
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.
New research released by Cisco Talos reveals a new malware campaign targeting organizations in South Asia that utilize malicious Microsoft Office documents forged with macros to spread a RAT that goes by the name of ObliqueRAT.
Source: Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
If you’ve ever had issues with Windows updates — haven’t we all — this is the article for you. It tells you how to delay the updates until Microsoft gets the bugs out. After all, they’re not paying you to test their software. With their last earnings, they can afford to hire and pay employees to get the brunt of the bugs fixed before forcing a roll-out to its captive users.
Rumors swirling all over the blogosphere have Microsoft re-releasing the ill-fated Win10 version 1809 on Patch Tuesday this month. Personally, given the dearth of worthwhile features in 1809 and the painful first release last month, I’d rather that they just wait a week or a month or six, until it’s fully baked, but that probably won’t happen.
Better still, I wish they’d wait a year or two, roll in some new features worthy of a full reinstall, and then unleash something new and worthwhile. If wishes were horses …
While we wait for Pennywise the September October November 2018 Update clown to appear again, now’s a very good time to make sure your machine won’t install it — or any other poorly tested patches — until the cannon fodder has weighed in.
Source: Time to block Windows Automatic Update — with a new twist for Win10 Pro | Computerworld
If you’ve been procrastinating taking the plunge to windows 10, now’s the time to do it…
Should you need a Windows 10 upgrade after the December 31st cutoff, you’ll probably have to pay for it. A license for the Home edition starts at about $75 for a system builder OEM copy that is tied to a specific PC. Retail copies with less restrictive licensing are a bit more expensive, as is the professional version of the operating system.
Source: Microsoft Will End Final Free Windows 10 Upgrade Program On December 31 – ExtremeTech
This exploit uses the users’ common sense against themselves.
Security researchers at Cisco’s Talos threat research group have discovered one such attack campaign spreading malware-equipped Microsoft Word documents that perform code execution on the targeted device without requiring Macros enabled or memory corruption.
This Macro-less code execution in MSWord technique, described in detail on Monday by a pair of security researchers from Sensepost, Etienne Stalmans and Saif El-Sherei, which leverages a built-in feature of MS Office, called Dynamic Data Exchange (DDE), to perform code execution.
Dynamic Data Exchange (DDE) protocol is one of the several methods that Microsoft allows two running applications to share the same data. The protocol can be used by applications for one-time data transfers and for continuous exchanges in which apps send updates to one another as new data becomes available.
Read the article to see how this attack is accomplished…
Source: MS Office Built-in Feature Allows Malware Execution Without Macros Enabled
If you were infected by WannaCry, they have released a decryption tool to unlock your files without paying the ransom.
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.
Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.
WannaCry Ransomware Decryption Keys
The WannaCry’s encryption scheme works by generating a pair of keys on the victim’s computer that rely on prime numbers, a “public” key and a “private” key for encrypting and decrypting the system’s files respectively.
Read the entire article here…
Source: WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom
Make sure you get this Microsoft update asap.
Microsoft’s own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable.
Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend.
Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered “the worst Windows remote code [execution vulnerability] in recent memory.”
Natalie Silvanovich also published a proof-of-concept (PoC) exploit code
that fits in a single tweet.
The reported RCE vulnerability, according to the duo, could work against default installations with “wormable” ability – capability to replicate itself on an infected computer and then spread to other PCs automatically.
According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft Malware Protection Engine (MMPE) – the company’s own antivirus engine that could be used to fully compromise Windows PCs without any user interaction.
Source: Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner
Why not let Windows do all the heavy lifting when you have a problem?
Windows includes a variety of “troubleshooters” designed to quickly diagnose and automatically solve various computer problems. Troubleshooters can’t fix everything, but they’re a great place to start if you encounter a problem with your computer.
Troubleshooters are built into the Control Panel on Windows 10, 8, and 7, so practically all Windows users can take advantage of them. On Windows 10’s Creators Update, most troubleshooters are now available through the Settings app.
Read the article to find out more…
Source: How to Make Windows Troubleshoot Your PC’s Problems for You
Yet one more reason why Microsoft should be worried about their market share…
“It generates a random watermark for each document, inserts that watermark into the document, saves all such processed documents in an output directory, and creates a log file which identifies the watermarks inserted into each document,” Scribbles’ user guide manual reads.
Scribbles Only Works with Microsoft Office Products
The user manual also specifies that the tool is intended for off-line preprocessing of Microsoft Office documents. So, if the watermarked documents are opened in any other application like OpenOffice or LibreOffice, they may reveal watermarks and URLs to the user.
Source: Source Code for CIA’s Tool to Track Whistleblowers Leaked by Wikileaks
Here are some good safety tips for opening Word documents, especially since Microsoft seems to be so slow at patching known exploits. The easiest and most foolproof (so far) method is to open your documents in an online service: either Office online or Google Docs. This way the desktop exploits can’t be utilized.
Microsoft Office document files you download from the internet can harm your PC. Office files can contain dangerous macros, but macros aren’t the only risk. With new malware attacking PCs through dangerous Office documents that don’t even contain macros, keeping yourself safe in Office is just one of the security practices you should follow.
Source: How to Open Office Files Without Being Hacked
As a general rule, you should never open a file from anyone that you aren’t expecting. If your best friend or family member sends you a file you didn’t ask for, email them and make sure they sent it. This exploit bypasses the disabled macro settings and is very devious.
According to researchers, this zero-day attack is severe as it gives the attackers the power to bypass most exploit mitigations developed by Microsoft, and unlike past Word exploits seen in the wild, it does not require victims to enable Macros.
Due to these capabilities, this newly discovered attack works on all Windows operating systems even against Windows 10, which is believed to be Microsoft’s most secure operating system to date.
Besides this, the exploit displays a decoy Word document for the victims to see before terminating in order to hide any sign of the attack.
Read the entire article…
Source: Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
Microsoft has always collected data for diagnostics, but it’s never really said what data it actually collects:
… now for the first time, Microsoft has revealed what data Windows 10 is collecting from your computer with the release of the Windows 10 Creators Update, bringing an end to nearly two years of its mysterious data collection practices.
The Windows 10 Creators Update, which will be available from April 11 for users to download for free, comes with a revamped Privacy settings section.
Read the article…
Source: Microsoft Finally Reveals What Data Windows 10 Collects From Your PC,
Again, how can this be good for Microsoft business?
This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare.
Besides this, Google last week disclosed an unpatched vulnerability in Windows Graphics Device Interface (GDI) library, which affects Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
While the Windows vulnerability has yet to be patched by the company, Google today released the details of another unpatched Windows security flaw in its browser, as Microsoft did not act within its 90-day disclosure deadline.
Read the article…
Source: Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability
Could this be one of the reasons why Microsoft is no longer an industry leader?
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
A few months back, the search engine giant disclosed a critical Windows vulnerability to the public just ten days after revealing the flaw to Microsoft.
Source: Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!
You won’t believe your eyes while reading this, but this is true. Microsoft just joined the Linux Foundation as a high-paying Platinum member.
Microsoft’s love with open source community is embracing as time passes. At its first Connect event in 2013, the company launched Visual Studio 2013. A year later, Microsoft open sourced .NET, and last year, it open sourced the Visual Studio Code Editor, as well.
Read the entire article…
Source: Microsoft Joins The Linux Foundation — Turns Love Affair Into a Relationship
Users are advised to update their Flash software now and apply Windows patches as soon as they become available.
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.
Yes, the critical zero-day is unpatched and is being used by attackers in the wild.
Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time to patch issues and deploy a fix.
Source: Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable
Another older article, but because of the recent Win10 updates, it is still relevant. Learn why.
Just one day after Microsoft released its new operating system, over 14 Million Windows users upgraded their PCs to Windows 10. Of course, if you are one of the Millions, you should aware of Windows 10’s Wi-Fi Sense feature that lets your friends automatically connects to your wireless network without providing the Wi-Fi password. Smells like a horrible Security Risk! It even triggered a firestorm among some security experts, who warned that Wi-Fi Sense is a terrible and dangerous feature and that you should
disable it right away.
Even some researchers advised Windows 10 users to rename their Wi-Fi access points.
Before discussing the risks of Wi-Fi Sense, let’s first know how it works.
Read the rest of the article…
Source: Windows 10 Wi-Fi Sense Explained: Actual Security Threat You Need to Know
This is an older article, but one you may have missed. Simple instructions on how to turn off the keylogger and why you should.
Do you know? Microsoft has the power to track every single word you type or say to its digital assistant Cortana while using its newest operating system, Windows 10.Last fall, we reported about a ‘keylogger’ that Microsoft openly put into its Windows 10 Technical Preview saying the company ‘may collect voice information’ as well as ‘typed characters.’It was thought that the company would include the keylogger only within the Technical Preview of Windows 10, just for testing purpose. But, the thought was Wrong!
Read the rest…
Source: Reminder! If You Haven’t yet, Turn Off Windows 10 Keylogger Now
After the upcoming July 29, Windows 10 upgrade won’t be free anymore. As the free offer for Windows 7 and 8.1 users will expire, one will need to pay $119 for a fresh copy of Windows 10.
Source: Microsoft: “Windows 10 Free Upgrade Offer Is Soon Coming To An End”
If you receive a mail masquerading as a company’s invoice and containing a Microsoft Word file, think twice before clicking on it.
Doing so could cripple your system and could lead to a catastrophic destruction.
Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed “Locky,” into their systems.
Read More: How Just Opening an MS Word Doc Can Hijack Every File On Your System | The Hacker News
With Bing2Google, you can change this Bing search engine from your Cortana desktop search.
Source: How To Change Cortana’s Bing Search to Google in Windows 10 Using Bing2Google
Bing’s search function is intricately integrated into the Cortana desktop, so changing your desktop search engine default is extremely difficult. This Chrome extension does it in a much simpler way.
A new feature within Windows called “Wi-Fi Sense” shares Wi-Fi passwords with contacts by default, lowering one’s network privacy and security.
Source: ‘Wi-Fi Sense’ Vulnerability in Windows 10, the “Most Secure Windows Yet” | Hacked
Yes, there is an official site urging you to break up with IE8. Not just to make us developers lives so much easier — and one less browser to test — but because, little one, it’s definitely way past time. They even make it fun! Start the breakup today!
From the official site:
You’ve spent six long, excruciating years trying to extract joy from your tired relationship with IE8. That’s a lifetime of cache-clearing, vm-running despair you’ll never get back. March 19, 2015 was your six year anniversary, so we think it’s time to cut your losses and start seeing other browsers.
To put it in perspective, six years in internet time is something like 20 cat years, which makes Internet Explorer 8 very old indeed. Also, when IE8 came out, Susan Boyle was cool. Just sayin’.
(Now we put our serious face on)
For whatever reason, Internet Explorer 8 recently increased in browser share… which is a real kick in the pants for your garden-variety webhead. The sooner we all stop supporting it, the sooner we can collectively work on a more awesome interweb.
Join the intervention and stop supporting IE8. It’s time for an upgrade.
What is two-factor authentication? According to Wikipedia:
Two-factor authentication (TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: “something the user knows”, “something the user has”, and “something the user is”.
There are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor authentication requires the system to use two of these.
Why should you care? For extra security, having two or more of the mentioned security factors for authentication helps to make your login more secure.
For email purposes, currently only Google’s Gmail service is the only major webmail provider that offers this option, although Microsoft Hotmail’s forum moderators recently thought differently. An interesting article by Fahmida Y. Rashid outlines the questions asked of the support forum regarding Microsoft Hotmail’s authentication with some surprising responses. It only took 3 weeks for an informed response to be posted.
So now you know what two-factor authentication is, shock and awe your friends!
One of my favorite e-magazines is Windows Secrets (http://windowssecrets.com). This is a free and for-pay newsletter that gets to the bottom of many Windows (and other) issues. Windows Secrets is also the voice of reason when deciding whether to run a Microsoft/Windows security, or other, update. As you know, many updates issued by Microsoft have the Windows community recipients beta testing half-assed solutions to serious issues. Almost always, the intrepid team at Windows Secrets has advised on the side of caution, having recipients wait until all testing had been done and showing issues so we could make informed decisions.
So, when Brian Livingston of Windows Secrets advises everyone to install the new MS patch without hesitation, you know it’s serious. Brian states that this is the first time in 1-1/2 years that Microsoft has released an emergency fix outside of its monthly “Patch Tuesday” cycle.
There’s a fake Microsoft email message with a nasty file attachment wending it’s way around the internet. It’s supposedly a Windows update .exe sent as an attachment to a Microsoft email.
Though almost all email programs block .exe attachment files by default, they don’t always send the entire email to the junk mail folder. Although, having an executable as an attachment should tip the junk filter to the suspicious category and at least send it to the Junk Folder in an abundance of caution.
If you see this email message, DELETE it post haste. Microsoft would NEVER send an .exe or .msi file through the email system. Microsoft sends updates through the update process on your PC or MAC.
The current message supposedly comes from “Microsoft Update Center [firstname.lastname@example.org]” and contains an attachment KB825559.exe – which should NOT be opened under any circumstances.
The complete message and details can be found on the Office Watch website http://news.office-watch.com/?699.
Make sure you’ve glanced over Part 1 to make sure this process is right for you.
Setting up your POP3 accounts into Outlook is a fairly simple process. However, in order to do this, you need to have the following information from your POP3 email account provider:
- The Incoming Mail Server (POP3);
- The Outgoing Mail Server (SMTP);
- The Server Port Number (if it requires something other than the default).
Please note that each email provider can have different and specific information for each of these areas and you may need to visit their site or call them to get this information.
Did you know that you can collect all of your various webmail, html, and POP3 email accounts into Outlook? As of the date of this writing, I have over 40 POP3 accounts and a hotmail and msn account feed into my permanent Outlook account, making it easy for me to save attachments in appropriate client folders on my hard drive, keep my external accounts clean, and facilitate archiving (which will be another important topic for a later post).
This category covers Microsoft applications and hardware, including tips, tricks and reviews.