Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Friday, April 24, 2020

Windows 10 KB4549951 update fails to install, causes BSODs


By Sergiu Gatlan April 23, 2020 07:11 PM 1




The Windows 10 KB4549951 cumulative update is reportedly failing to install and is causing blue screens of death (BSOD) after installation reboots, among other issues, according to user reports.

KB4549951 is a cumulative update with security fixes released as part of this April 2020 Patch Tuesday for Windows 10, version 1909 and for Windows 10, version 1903.

To install KB4549951, you can either check for updates via Windows Update or manually download it for your Windows version from the Microsoft Update Catalog. Admins can distribute the update to users in their enterprise environments via Windows Server Update Services (WSUS).

For users with automatic updates enabled, installing this cumulative update requires no additional actions.

Microsoft says that they are not currently aware of any issues with the KB4549951 update according to this Windows support entry.


KB4549951 installation failures


Even though usually there are workarounds to install problematic updates manually when encountering errors, users who had to deal with KB4549951 failing to install have reported via Microsoft's official Feedback Hub, on the Microsoft Community website, and via Reddit that none of them helped.

0x80070bc2, 0x800f0900, 0x80070003, 0x80073701, 0x800f080a, 0x800f0986, and 0x80070002 errors while attempting to install KB4549951 were spotted and reported by multiple users since the cumulative update was released by Microsoft on April 14.

"It downloads and installs. During restart, I get msg that it could not install and it restores my PC back to before the update," one user says on Microsoft's Feedback Hub. "Last failed install attempt on ‎4/‎21/‎2020 - 0x80070003 troubleshooter could not fix the problem."

"Having now spent two hours waiting for these two updates to download and install then on restart it tells me we were unable to install so resetting back to how it was," another report adds.
Some of the KB4549951 issues reported via the Feedback Hub
Also causing BSODs and networking issues


More than a fair share of the user reports we saw since KB4549951 was released more than a week ago are mentioning blue screens of death (BSODs) after the system crashes during the restart that follows the update's installation process. In most of these cases, the device will reboot and will remove the update on its own.

"Windows Update KB4549951, released in the past week, caused a "BLUE SCREEN OF DEATH" on my laptop with the error message "BOOT DRIVE INACCESSIBLE", one report says.

"I came to this conclusion after 3 system restores, uninstalling recent updates sequentially and checking update reviews online. It appears that this specific update causes a system CRITICAL issue. Unfortunately, I can't pause updates for longer than a month so this is a ticking time-bomb if it's not fixed!"

Other users have also reported problems with their Windows 10 devices being unable to boot again after installing the KB4549951 cumulative update.

"My perfectly working PC died while automatically installing KB4549951 (never rebooted). Tried automatic repair, all other repair options including uninstall latest update," one Feedback Hub report says.

"Nothing worked. It was stuck in the BSoD loop, stating 'Critical Process Died'. SrtTrail log stated, 'A recently serviced boot binary is corrupt.' So I decided to clean install the Windows again. Formatted C drive, fresh clean install. Again after automatic update installing KB4549951 the system crashed and is going into 'automatic repair' mode."
Windows 10 BSOD after CRITICAL_PROCESS_DIED error
Display issues and freezes when using streaming services


Other users have experienced combinations of multiple errors ranging from their files being deleted, WiFi networking, and display issues [1, 2] that, in some cases, made their devices unusable.

"Since installing this update I have had a variety of serious issues. BSOD, Wifi connectivity issues, Display adaptor issues and a general system slowdown," a Feedback Hub report details."Streaming has become impossible on any service from Netflix to iTunes. The nastiest one is when the display goes into hibernation, the explorer goes into recovery mode and I have to restart the whole system. Not happy. when will there be a fix?"

Similar issues caused by streaming services are reportedly leading to system freezes according to other reports, with the problems disappearing once the cumulative update is uninstalled.

"Immediately after installing KB4549951 all streaming services (netflix/stan/ect) through both Edge and Chrome caused hard freezing the instant any video began playback (even the previews)," a Feedback Hub reports reads. "This issue was only triggered through playback via browser, gaming, and videos on HDD were unaffected."

"This issue was reproduced consecutively about 10 times while trying various settings to isolate the cause. Immediately after uninstalling KB4549951, postponing updates, and restarting PC, the issue was resolved and playback via browser was normal. Event Viewer shows no critical or unexpected events outside of the PC being terminated incorrectly."

As usual, it's important to understand that these issues are most probably affecting a limited number of users and that rolling back the update will most likely fix any issues you might be experiencing.
Uninstalling KB4549951


Before uninstalling the KB4549951 Cumulative Update, you should know that you would also be removing mitigation for vulnerabilities affecting the Microsoft Scripting Engine, Windows App Platform and Frameworks, Windows Cloud Infrastructure, Windows Virtualization, Microsoft Graphics Component, Windows Kernel, Windows Media, Windows Shell, Windows Management, Windows Fundamentals, Windows Virtualization, Windows Storage and Filesystems, Windows Update Stack, and the Microsoft JET Database Engine.

If the issues you are experiencing after installing this cumulative update are making your Windows device unusable and you are willing to remove the security fixes it comes with, follow the procedure described below to roll back KB4549951.

Microsoft says in the update's details from the Microsoft Update Catalog that it can be removed "by selecting View installed updates in the Programs and Features Control Panel."

The step by step procedure requires you to open Control Panel, go to Programs > Programs and Features, and click on View installed updates in the left sidebar.

Next, right-click on KB4549951's entry in the list and confirm when asked if "Are you sure you want to uninstall this update?". Next, you'll have to click 'Yes' when asked and then restart your device.
Uninstalling the KB4549951 update

Wednesday, April 22, 2020

iOS Mail bug allows remote zero-click attacks





MAC


Posted: April 22, 2020 by Thomas Reed


On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable.

The way the attack works is that the threat actor sends an email message designed to cause a buffer overflow in Mail (or maild). A buffer overflow is a bug in code that allows an attack to happen if the threat actor is able to fill a block of memory beyond its capacity. Essentially, the attacker writes garbage data that fills up the memory, then writes code that overwrites existing code in adjoining memory, which later gets executed by the vulnerable process.
The bad news

The vulnerabilities disclosed by ZecOps would allow an attacker to use such a buffer overflow to attack an iOS device remotely, on devices running iOS 6 through iOS 13.4.1. (ZecOps writes that it may work on even older versions of iOS, but they did not test that.)

On iOS 12, the attack requires nothing more than viewing a malicious email message in the Mail app. It would not require tapping a link or any other content within the message. On iOS 13, the situation is worse, as the attack can be carried out against the maild process in the background, without requiring any user interaction (ie, it is a “zero-click vulnerability”).

In the case of infection on iOS 13, there would be no significant sign of infection, other than temporary slowness of the Mail app. In some cases, evidence of a failed attack may be present in the form of messages that have no content and cannot be displayed.

The messages—shown in the image above from the ZecOps blog—may be visible for a limited time. Once an attack is successful, the attacker would presumably use access to the Mail app to delete these messages, so the user may never see them.
The good news

I know how this sounds. This is an attack that can be carried out by any threat actor who has your email address, on the latest version of iOS, and the infection happens in the background without requiring action from the user. How is there good news here?!

Fortunately, there is. The vulnerabilities revealed by ZecOps only allow an attack of the Mail app itself. Using those vulnerabilities, an attacker would be able to capture your email messages, as well as modify and delete messages. Presumably the attacker would also be able to conduct other normal Mail operations, such as sending messages from your email address, although this was not mentioned. While this isn’t exactly comforting, it falls far short of compromising the entire device.

In order to achieve a full device compromise, the attacker would need to have another vulnerability. This means that if you have version 13.4.1, it would require a publicly unknown vulnerability, which would for the most part restrict such an attack to a nation-state-level adversary.

In other words, someone would have to be willing to risk burning a zero-day vulnerability, worth potentially a million dollars or more, to infect your phone. This means that you’re unlikely to be infected unless some hostile government or other powerful group is interested in spying on you.

If you are, for example, a human rights advocate working against a repressive regime, or a member of an oppressed minority in such a country, you may be a target. Similarly, if you are a journalist covering such news, you may be a target. You could also be at risk if you are an important business person, such as a CEO or CFO at a major corporation, or hold an important role in the government. The average person will not be at significant risk from this kind of attack.
Why disclose now?

It is common practice as part of “responsible disclosure” to avoid public mention of a major vulnerability until after it has been fixed, or until sufficient time has passed that it is believed the software or hardware vendor does not intend to fix the vulnerability in a timely fashion. Release of this kind of information before a fix is available can lead to increased danger to users, as hackers who learn that a vulnerability exists can find it for themselves.

Of course, this must be balanced against the risk of existing attacks that are going undetected. Disclosure can help people who are under active attack to discover the problem, and can help people who are not yet under attack learn how to prevent an attack.

With this in mind, ZecOps mentioned three reasons why they chose to disclose now:
Since the disclosed vulnerabilities can’t be used to compromise the entire device without additional vulnerabilities, the risk of disclosure is lower.
Apple has released a beta of iOS 13.4.5, which addresses the issue. Although a fix in beta is not exactly the same as a fix in a public release, the changes in the beta could be analyzed by an attacker, which would lead to discovery of the vulnerabilities. Essentially, the vulnerabilities have been disclosed to malicious hackers already, but the public was unaware.
At least six organizations were under active attack using these vulnerabilities. (The organizations were not named.)
What you should do

First, don’t panic. As mentioned, this is not a widespread attack against everyone using an iPhone. There have been other zero-click vulnerabilities used to push malware onto iPhones in the past, yet none have ever been widespread. This is because the more widespread such an attack becomes, the more likely it is to be spotted, and subsequently fixed by Apple.

To protect their investment in million-dollar iOS zero-day vulnerabilities, powerful organizations use those vulnerabilities sparingly, only against targeted individuals or groups. Thus, unless you’re someone who might be targeted by a hostile nation or other powerful organization, you’re not likely to be in danger.

However, the risk does increase following disclosure, as malicious hackers can discover and use the vulnerability to attack Mail, at least. So you shouldn’t ignore the risk, either.

As much as I’d like to say, “Install Malwarebytes, run a scan, and remove the malware,” I can’t. Unlike macOS, installing antivirus software isn’t possible on iOS, due to Apple restrictions. So there is no software that can scan an iPhone or iPad for malware.

This, plus the lack of noticeable symptoms, means that it will be difficult to determine whether you’ve been affected. As always with iOS, if you have reason to believe you’ve been infected, your only option is to reset your device to factory state and set it up again from scratch as if it were a new device.

As for precautions to avoid infection, there are a couple things you can do. One would be to install the iOS 13.4.5 beta, which contains a fix for the bug. This is not something that’s easy to do, however, as you need an Apple developer account to download the beta. Plus, using a beta version of iOS, which may have bugs, isn’t recommended for all users.

The other possible security measure would be to disable Mail until the next version of iOS is released publicly. To do so, open the Settings app and scroll down to Password & Accounts. Tap that, then look at the list of accounts.

You may have multiple accounts, as shown above, or only one. For any accounts that say “Mail” underneath, that means that you’re using Mail to download mail for that account. Tap on each account, and on the next screen, look for the Mail toggle.

The image above shows that Mail is enabled. Toggle the switch to off. Do this for each of your accounts, and do not switch Mail back on again until you’ve updated to a version of iOS newer than 13.4.1.

Stay safe, everyone!

Thursday, April 16, 2020

Anonymous Global Hackers Crew: Αποκλειστική συνέντευξη στο SecNews


 By Hack Unamatata 16 Απριλίου 2020, 21:11

Η hacking ομάδα Anonymous Global Hackers Crew σε πρώτη αποκλειστική συνέντευξη στο SecNews παρουσιάζει την δική της οπτική για την (αν)ασφάλεια στο διαδίκτυο. Ο Anon, ένας από τους τέσσερις ιδρυτές του Global Hackers Crew μιλάει για την ιστορία της hacking ομάδας, τους δεσμούς που ενώνουν τα μέλη της, τον πόλεμο που δέχονται από τα Μέσα Μαζικής Ενημέρωσης και τις κυβερνήσεις, τις hacking εκστρατείες και τους στόχους τους, μείζονα θέματα επικαιρότητας όπως η πανδημία COVID-19 και πολλά άλλα.


Αυτοαποκαλούνται “cyber vigilantes” (ήρωες-τιμωροί) αλλά και hacktivists καθώς κύριος στόχος της δουλειάς τους είναι το κοινό καλό. Σύμφωνα με τον Anon «είναι υπέροχο να ξυπνάμε τους ανθρώπους και στόχος μας είναι να απελευθερώσουμε τις μάζες από την προπαγάνδα»

Η Anonymous Global Hackers Crew ομάδα αποτελείται από έμπειρους hackers, κάθε ηλικίας, με εξαιρετικές ικανότητες πάνω στον προγραμματισμό, το coding, Password guessing και cracking, session hijacking, session spoofing, network traffic sniffing, denial of Service attacks, exploiting buffer overflow vulnerabilities, SQL injection και άλλα.


Πως ξεκίνησαν οι Global Hackers Crew;

Οι Global Hackers Crew «δημιουργήθηκαν τυχαία», σύμφωνα με τον Anon.

«Ασχολούμαι με το hacking από το 93’-94’ κάνοντας παράλληλα και άλλα πράγματα γύρω από τους Η/Υ όπως το να τρέχω το δικό μου σύστημα με bots. Τότε γράφαμε κώδικα σε βάρδιες οπότε στο διάλλειμά μου έβλεπα τηλεόραση. Μια μέρα, σε κάποιο διάλειμμα μου έπεσα πάνω σε μια διαφήμιση για ένα site με webcam shows για ενήλικους. Από περιέργεια, το επισκέφτηκα χωρίς να γνωρίζω ακριβώς τι έκανα και άλλαζα συνεχώς «δωμάτια». Εκεί γνώρισα κάποια, που στην συνέχεια, έγινε η κοπέλα μου και μου έδειξε μια διαφορετική πλευρά αυτού του site», αναφέρει ο hacker. Στο συγκεκριμένο site γνωριμιών συνέβαιναν παράνομα πράγματα στο παρασκήνιο. Ο Anon θέλησε να ξεσκεπάσει τους διαχειριστές της ιστοσελίδας για τις ανήθικες δραστηριότητες τους.


«Έτσι, ξεκίνησα έναν μικρό πόλεμο με τα αφεντικά αυτής της εταιρείας και τυχαία ενώ πήγαινα να συναντήσω την κοπέλα μου, γνώρισα κάποιον στο λεωφορείο που ήταν και αυτός hacker με τον οποίον δεθήκαμε και, στη συνέχεια, έγινε ένα από τα ιδρυτικά μέλη των Global Hackers Crew,» τονίζει ο Anon. Στα ιδρυτικά μέλη προστέθηκαν και δύο ακόμη φίλοι των δύο hackers.

Με αυτόν τον τρόπο βρέθηκαν μαζί οι τέσσερις ιδρυτές των Global Hackers Crew. Με τον καιρό, η ομάδα μεγάλωνε καθώς όλο και περισσότεροι άνθρωποι ήθελαν να συμμετάσχουν στις επιχειρήσεις τους. «Δρούμε για το καλό των ανθρώπων, προειδοποιώντας τους για τους online κινδύνους όπως οι διαρροές ασφαλείας, κάτι που συνέβη πρόσφατα με το Zoom..» τονίζει ο hacker.

Οι Global Hackers Crew εντάχθηκαν στους Anonymous επειδή εντόπισαν πολλά κοινά στις επιχειρήσεις τους.


Οι Anonymous είναι μια αποκεντρωμένη διεθνής hacktivist ομάδα που είναι ευρέως γνωστή για τις διάφορες κυβερνοεπιθέσεις εναντίον πολλών κυβερνήσεων, κυβερνητικών θεσμών και κυβερνητικών υπηρεσιών και εταιρειών.

Οι Anonymous δημιουργήθηκαν το 2003 στο imageboard 4chan που αντιπροσωπεύει την έννοια πολλών χρηστών της κοινότητας στο διαδίκτυο αλλά και στη πραγματική ζωή που ταυτόχρονα υπήρχαν ως αναρχικοί. Τα ανώνυμα μέλη μπορούν να διακριθούν δημόσια από τη χρήση μάσκας Guy Fawkes στο στυλ που απεικονίζεται στο γραφικό μυθιστόρημα και την ταινία V for Vendetta. Ωστόσο, αυτό μπορεί να μην συμβαίνει πάντα, καθώς ορισμένα από τα μέλη προτιμούν να καλύπτουν το πρόσωπό τους χωρίς να χρησιμοποιούν τη γνωστή μάσκα ως μεταμφίεση. Μερικοί Anonymous επιλέγουν επίσης να καλύψουν τις φωνές τους μέσω των προγραμμάτων αλλοίωσης φωνής.

Παρακολουθήστε όλη την συνέντευξη των Anonymous Global Hackers Crew στο Youtube channel του SecNews και αν επιθυμείτε να μάθετε ακόμα περισσότερα για την δράση των hackers επισκεφθείτε το YouTube channel τους και το Twitter account τους.

Exclusive interview with Anonymous Global Hackers Crew


https://www.youtube.com/user/AnonymousGHC Exclusive interview with Anonymous Global Hackers Crew, the prominent Hackers...

Posted by SecNews on Thursday, April 16, 2020

Tuesday, April 14, 2020

TikTok Users Beware: This Is How Hackers Can Send Dangerous Videos To Your iPhone Or Android



 Zak Doffman Contributor Cybersecurity
I write about security and surveillance.





With heightened awareness of misinformation and the need to turn to official sources for online advice, the risk that hackers might be able to swap out that information is serious. Well, that’s what a pair of enterprising security researchers have managed to do, exploiting a security weakness with hyper-popular TikTok to plant videos in users’ feeds that appear to come from official sources.

The hack requires access to a user’s router, ISP or VPN, but in many parts of the world that’s easily done by threat actors. And it’s in those parts of the world that a campaign to plant misinformation would be most effective. TikTok has received its fair share of criticism over alleged content censorship in the past, but it has not been accused of manipulating official feeds. This, then, is a major issue.

The issue is TikTok’s continued use of an insecure HTTP connection for the delivery of its video content—this makes it faster and simpler, but also open to interception and manipulation. That’s the reason major platforms and browsers are pushing so hard for a shift to HTTPS. TikTok uses content delivery networks to push content to a global audience now measured in the hundreds of millions. Those CDNs distribute content over HTTP connections to TikTok users. “This can be easily tracked,” the researchers warn, “and even altered by malicious actors.”


The researchers have previous form with TikTok. Talal Haj Bakry and Tommy Mysk reported Apple’s copy/paste issue, whereby any active app can “snoop” on the universal clipboard. TikTok was highlighted as a high-profile example of one such app doing exactly that. For its part, TikTok said the fault was with an outdated version of a Google SDK which is due to be replaced in its next update. If so, that vulnerability will be closed. This latest one, though, remains open.


Apple and Google want all data pushed to users’ phones to be secure. But, as explained by the researchers, the two tech giants “still provide a way for developers to opt-out of HTTPS for backwards-compatibility. However, this should be the exception rather than the rule, and most apps have made the transition to HTTPS.” They warn users that “TikTok for iOS (Version 15.5.6) and TikTok for Android (Version 15.7.4) still use unencrypted HTTP to connect to the TikTok CDN.”

This security gap enabled the team to monitor the videos being watched by specific users or IP addresses, and, with control of a user’s access point, to mount a man in the middle attack “to alter the downloaded content.”

The researchers prepared some fake videos, using the newsworthy disinformation surrounding the coronavirus pandemic as their lure. “The circulation of misleading and fake videos in a popular platform such as TikTok poses huge risks,” they said, on disclosing their POC. They then hosted those videos on a server of their own that had been set up to mimic a TikTok CDN. With control of a user’s DNS settings, mimicking what's possible with control an ISP, potentially impacting millions, “we directed the app to our fake server. Because it impersonates TikTok servers, the app cannot tell that it is communicating with a fake server. Thus, it will blindly consume any content downloaded from it.”

The message to TikTok from the research team is the same as last time—please urgently address the security risk. “As demonstrated, HTTP opens the door for server impersonation and data manipulation—this makes a perfect tool for those who relentlessly try to pollute the internet with misleading facts. TikTok, a social networking giant with around 800 million monthly active users, must adhere to industry standards in terms of data privacy and protection.”

The integrity of the information we consume has never been more critical than now. Misinformation around coronavirus and 5G, as well as the ongoing political battles between the U.S. and China, has raised the stakes considerably. And with the U.S. election due in November, it has the potential to get worse. This risk is now in the public domain, it can therefore be exploited. It needs fixing and fast.

TikTok was approached for any comments on this story.