Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Saturday, January 18, 2020

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active

January 18, 2020Mohit Kumar internet explorer zero day vulnerability

Internet Explorer is dead, but not the mess it left behind. 

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. 
The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.
"The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user," the advisory says. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Microsoft is aware of 'limited targeted attacks' in the wild and working on a fix, but until a patch is released, affected users have been provided with workarounds and mitigation to prevent their vulnerable systems from cyberattacks.

 The affected web browsing software includes — Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 running on all versions of Windows 10, Windows 8.1, and the recently-discontinued Windows 7.
Workarounds: Defend Against Attacks Until A Patch Arrives According to the advisory, preventing the loading of the JScript.dll library can manually block the exploitation of this vulnerability.

To restrict access to JScript.dll, run following commands on your Windows system with administrator privileges.
For 32-bit systems:

takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

For 64-bit systems:

takeown / f% windir% \ syswow64 \ jscript.dll
cacls% windir% \ syswow64 \ jscript.dll / E / P everyone: N takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

When a patch update is available, users need to undo the workaround using the following commands:

For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems:
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

To be noted, some websites or features may break after disabling the vulnerable JScript.dll library that relies on this component, therefore, users should install updates as soon as they become available.


Mohit KumarHacker news

Αριθμοί υψηλής χρέωσης!!! Συχνές Ερωτήσεις Vodafone

Χρεώνομαι από ανεπιθύμητα πενταψήφια sms. Τι να κάνω; Ενεργοποίησε άμεσα τη φραγή μέσα από τις ρυθμίσεις στο My Vodafone app. Μπορείς επίσης να ζητήσεις από τον Tobi να ενεργοποιήσει τη φραγή για εσένα ή τηλεφωνικά από την εξυπηρέτηση στο 13830. Άλλος τρόπος είναι να επισκεφτείς ένα κατάστημα Vodafone. Αν ενεργοποιήσεις τη φραγή σε αριθμούς που ξεκινούν από 19 ή/ και από 54, σου διασφαλίζουμε πως δε θα έχεις μελλοντικά σχετικές χρεώσεις. Αυτό ωστόσο δεν αποκλείει την ενεργοποίηση κάποιας άλλης υπηρεσίας προστιθέμενης αξίας ή χρέωση από αποστολή SMS, σε κάποιον αριθμό εκτός από όσους ξεκινούν από 19 ή από 54. Τι είναι τα 5ψήφια SMS τρίτων εταιρειών; Είναι υπηρεσίες περιεχομένου που παρέχονται από τρίτες εταιρίες οι οποίες είναι αποκλειστικά υπεύθυνες για το περιεχόμενο και τον τρόπο που τις παρέχουν. Ποιο είναι το περιεχόμενο αυτών των υπηρεσιών; Το περιεχόμενο αυτών των υπηρεσιών δεν είναι συγκεκριμένο. Ποικίλει ανάλογα την εταιρεία. Για παράδειγμα μπορεί να αφορά λήψη ενημερώσεων σχετικά με ζώδια ή με αθλητικά νέα. Περισσότερα για το επίκαιρο θέμα εδώ: Συχνές Ερωτήσεις Vodafone

Thursday, January 16, 2020

Το νέο Microsoft Patch Tuesday διορθώνει και την ευπάθεια που εντοπίστηκε πρόσφατα στο CryptoAPI (Crypt32.dll) των Windows.


Microsoft Patch Tuesday Ιανουαρίου 2020: Διορθώνει 49 ευαπάθειες - https://www.secnews.gr/208236/microsoft-patch-efpatheies-diorthoseis-enimeroseis/

Posted by SecNews on Wednesday, January 15, 2020

Wednesday, January 15, 2020

please join the Coalition Against Stalkerware

Description

At USENIX’s Enigma 2020 Conference, please join the Coalition Against Stalkerware for a conversation about how online tools can perpetuate harassment, stalking, abuse, and violence. And, most importantly, the role of Silicon Valley technologists and companies in addressing the intimate partner threat model.
Agenda:
Hosted: David Ruiz, Online Privacy Writer, (Malwarebytes)
Lightning Talk: What’s at Stake ~ Corbin Streett, MSW, Technology Safety Specialist, Safety Net Project, National Network to End Domestic Violence
Panel Discussion: Fighting digitally-enabled Intimate Partner Abuse
  • Kim Zetter, award-winning investigative journalist, and author of “Countdown to Zero Day: Stuxnet and the Launch of the First Digital Weapon” (moderator)
  • Eva Galperin, Director of Cybersecurity, Electronic Frontier Foundation (panelist)
  • Laura-Kate Bernstein, Senior Counsel, Computer Crime and Intellectual Property Section, U.S. Department of Justice (panelist)
  • Kevin Roundy, Technical Director, NortonLifeLock Research Group (panelist)
OPEN TO THE PUBLIC; CONFERENCE REGISTRATION NOT REQUIRED

Microsoft's Chromium-based Edge browser is officially released and is now available for download

Microsoft Edge
Microsoft's Chromium-based Edge browser is officially released and is now available for download. This new browser ditches Microsoft's home-grown EdgeHTML rendering engine for Google's open-sourced platform called 'Chromium' and the Blink rendering engine, which will add greater compatibility and performance.
This first Stable release is Microsoft Edge 79 and can be downloaded immediately from the Microsoft Edge site for both Windows and Mac. Otherwise, Microsoft Edge will be installed automatically over the next coming months via Windows Update.
Microsoft plans on first releasing Microsoft Edge to Windows Insiders in the Release preview ring and then slowly expanding to all other Windows 10 users via Windows Update.
When the new Microsoft Edge is installed, it will replace the existing Edge browser that normally comes with Windows 10. If you do not wish to replace this browser and want to block its install via Windows Update, please see the last section of this article.
It is also possible to run both the classic Edge and the new Microsoft Edge side-by-side using these instructions.
Below we have outlined many of the new features in the new Microsoft Edge browser.

What's new in Microsoft Edge

The new Microsoft Edge is based on Google Chrome so it has many similar features. 
Microsoft, though, has also added some features to their browser that makes it stand out from the rest, which we have outlined below.

Block potentially unwanted apps (PUAs)

Chromium-based Microsoft Edge blocks Potentially Unwanted Programs (PUPs) that may display unwanted ads, modify the search engine of the browser, or claim to update your drivers when actually performing malicious or unwanted behavior.
This 'Block potentially unwanted apps' feature blocks Edge from downloading or installing potentially unwanted programs on Windows 10 systems. The feature is not enabled by default and can be enabled from Edge's privacy settings, as highlighted below:
  1. Open Edge settings.
  2. Navigate to Privacy and services settings.
    Edge PUPs
  3. Locate "Block potentially unwanted apps" section and enable the feature.

Media Autoplay Blocking

Like the classic Edge, Chromium Edge also comes with a setting to block media autoplay. This prevents videos on random websites with audio from playing in the background without user permission or interaction.
Media play
Media autoplay block settings can be configured from Edge > Settings > Content (edge://settings/content/mediaAutoplay).

Tracking Prevention

Microsoft Edge includes a Tracking prevention feature that blocks third-party tracking scripts on web sites you visit to improve your privacy.
Edge privacy
You can disable this feature off from Edge > Privacy settings or enable the advanced settings to block all trackers.

Use Collections to stay organized

The browser includes a new feature called 'Collections' that helps users organize similar data and save it under one collection.
Collections
This is helpful when comparing shopping items from different stores like Amazon or Microsoft or collect or combine information from multiple sites for a project.
To enable Collections in Microsoft Edge, follow these steps:
  1. In the address bar, enter edge://flags or edge://flags#edge-collections. If you open edge://flags menu, you will have to search for Collections.
    Collections
  2. Click the dropdown and choose Enabled.
  3. Click the Restart button located at the bottom banner to relaunch Microsoft Edge with the Collections feature.

Stream 4K Netflix Video

Microsoft Edge is the first Chromium browser to stream Netflix content at 4K resolution. This is done through Microsoft's PlayReady DRM implementation.
Edge 4K
Google Chrome, on the other hand, can only stream Netflix at 1080p HD only.

Edge can Read Web Pages in 24 Different Voices

Microsoft is updating Edge's built-in Read Aloud feature with 24 male and female voices from different parts of the world including the United States, United Kingdom, and India.
The accents of China, Japan, the UK, France, Germany, and Mexico are also supported.

Block Microsoft Edge forced installation

If you want to continue using the Classic Microsoft Edge, Microsoft has released a tool called the 'Microsoft Edge Blocker Toolkit' to prevent the forced installation of Chromium Edge.
With Blocker Toolkit, you can prevent Microsoft from replacing the current Edge browser on your Windows 10 Home, Pro or Enterprise systems.
  • The Blocker Toolkit only prevents the browser from being automatically installed via Windows Update on Windows 10 RS4 and newer.
  • The Blocker Toolkit will not prevent users from manually installing Microsoft Edge after you have blocked Windows Update.
  • Organizations do not need to deploy the Blocker Toolkit in environments managed with an update management solution such as Windows Server Update Services or System Center Configuration Manager. Organizations can use those products to fully manage the deployment of updates released through Windows Update and Microsoft Update, including Microsoft Edge (Chromium-based), within their environment.
Microsoft says Blocker Toolkit may create a Registry value that blocks the automatic installation of the new Microsoft Edge on Windows 10 April 2018 Update (version 1803) or newer.
The Registry value is created under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EdgeUpdate key and value is called DoNotUpdateToEdgeWithChromium.
When you use the tool, the value is set to 1 and Edge installation via Windows Update will be blocked. If the value is 0 or not set, Edge will be automatically downloaded and installed.
You can learn more about this process in our dedicated article: How to Block Windows 10 Update Force Installing the New Edge Browser.