By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The technique is known as steganography -- the art of hiding information in plain sight, in another data medium. In the software field, steganography -- also referred to as stego -- is used to describe the process of hiding files or text in another file, of a different format. For example, hiding plain text inside an image's binary format. Using steganography has been popular with malware operators for more than a decade. Malware authors don't use steganography to breach or infect systems, but rather as a transfer method. Steganography allows files hiding malicious code to bypass security software that whitelists non-executable file formats (such as multimedia files). All previous instances where malware used steganography revolved around using image file formats, such as PNG or JEPG. The novelty in the two recently-published reports is the use of WAV audio files, not seen abused in malware operations until this year. The first of these two new malware campaigns abusing WAV files was reported back in June. Symantec security researchers said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation. Further details are posted on OUR FORUM.

It seems Windows 10 KB4517389 Update hit hard with plenty of issues. We’ve earlier reported about the Start Menu bug and the broken Microsoft Edge browser, but besides these, it appears that Microsoft engineers need to fix two more bugs. Windows 10 KB4517389 Update is causing random BSOD, and they are particularly visible on laptops running the latest cumulative update. Interestingly enough, not a single case has been reported on desktop PCs. “On my laptop machine (but not on my desktop) I started getting BSOD failures in cldflt.sys after installing KB4517389,” a user wrote on Microsoft Community site. The user later confirmed that it was indeed the KB4517389 Update that caused the issue as the uninstalling the update brought everything back to normal( via Techdows). “Just FYI, I rebooted my Windows 10 laptop this morning to finish installing Windows Update KB4517389, and after that, I experienced several Windows failures, BSOD when using the menus in the Affinity applications, ” a user wrote on Affinity forum. Windows 10 KB4517389 Update hit with another issue where basic features like Start menu, Windows Search or Google Chrome will render incorrectly( via Windowslatest). But all PCs are a victim, PCs with Intel DCH display driver version are affected. Upgrading to a newer version of the display driver might solve the issue, you can also try to roll back to any previous version of the driver to avoid the aforementioned issues. Neither of the issues has been acknowledged by Microsoft, so there are no official fixes available at this moment. Follow this thread and many more at OUR FORUM.

Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default. Tamper Protection is a security feature that was introduced in Windows 10 version 1903, otherwise known as the May 2019 Update. When enabled, Tamper Protection prevents Windows Security and Windows Defender settings from being changed by programs, Windows command-line tools, Registry changes, or group policies. Instead, users must modify security settings directly through the Windows 10 user interface or via Microsoft enterprise management software such as Intune. If Tamper Protection is not currently enabled on your Windows 10 device, Microsoft has told BleepingComputer that they will be rolling out this change to all Windows 10 users. It may take a few days, though, before it becomes enabled automatically for everyone. With the Windows Defender becoming a reliable antivirus solution and further security enhancements being added to Windows 10, malware has increasingly made efforts to bypass it. This is done by attempting to turn off or reduce the functionality of Windows Defender through PowerShell commands, group policies, or Registry modifications. With Tamper Protection enabled, though, these attempts to change Windows Defender or Windows Security settings will be ignored or simply reset. As Windows Defender automatically turns on when third-party antivirus software is removed, it is even more important to enable Tamper Protection so that Windows Defender can adequately protect you. Visit OUR FORUM to learn more and get the instructions on activating Windows 10 Tamper Protection.

Windows 10 1903 users continue to complain that Start Menu is giving a critical error message and that Edge now will not launch after installing the latest KB4517389 cumulative update. For some, uninstalling the recent cumulative update has fixed these issues, but for others, the Start Menu problem persists. With new cumulative updates routinely introducing new issues in Windows 10, it has become difficult to diagnose what exactly is causing these issues. Was it a previous update that made a change that persisted after uninstall or something new that was introduced in the latest update? The other frustrating part of these issues is that only some people experience them and others perform their updates without a problem. For example, I personally have not had any issues after installing the recent Windows 10 1903 updates. While Microsoft has not acknowledged any issues with this update in the Windows 10 health dashboard, these issues are being reported in the Feedback Hub, Microsoft's community forums, and elsewhere. Therefore, it is assumed they are aware of them. Below we will take a look at the issues users are experiencing in Windows 10 1903 after installing the KB4517389 cumulative update that was released on October 8th, 2019. With the release of the KB4524147 cumulative update on October 3rd, Windows 10 1903 users started reporting that when they click on the Start Menu button, Windows would display a Critical Error message. Users reported that uninstalling the KB4524147 update would fix the Start Menu issue. After installing this week's KB4517389 cumulative update, users are once again reporting that the Start Menu is giving the same critical error again. Most have reported getting their Start Menu working by uninstalling the KB4517389 update and others have said they also had to uninstall the KB4524147 before the error would go away. With the release of KB4517389, users are also reporting being unable to launch Microsoft Edge. Some have stated that they can launch Microsoft Edge if they click on a link on a web page, but double-clicking on the icon does not do anything. Learn more by visiting OUR FORUM.

Nothing much. That is if you want the short answer. For the long answer, you are invited to give this article a scan, as we take a look at what exactly will Windows 10 November 2019 Update brings to the table. If you have been following along the development of the operating system, you may have noticed some silence on the 19H2 front. Microsoft has moved the majority of the new features to early next year, reserving them for the 20H1 release. What this means is that while there are a number of new additions to November 2019 Update (codenamed 19H2), the focus for this is on optimizations and refinements, as well as under the hood changes. To some, this makes the most lackluster since the Windows 10 November 2015 Update, which was the first major OS update. A case can be made that 19H2 rivals that version in terms of new features that it brings. However, this fall release of Windows 10 still brings along valuable refinements, small as they are, to your PC. Not to mention the stability and performance enhancements that the company will build future versions on. Microsoft stirred things up a bit recently when it made the decision to split the major Windows 10 releases into two distinct flavors — the first one being a fully-fledged update with new features, and the other one being a secondary patch update. Since we already got the first major update for the year as 19H1, this new release is now on the horizon. What separates this release from the previous versions is how Microsoft plans to ship it to users. 19H2 will arrive in the form of a cumulative update that end-users will be able to install on top of their current Windows 10 19H1 installation. This is a significant change for the company and should result in an overall smaller download and faster install process. Speaking of changes, another notable change is that the 19H2 update is only being tested in the Slow Ring of the Windows Insider Program. That is because the Fast Ring of the preview program is paying host to the 20H1 release, which is well in development now. More complete details can be found posted on OUR FORUM.

Several companies from the automotive industry were targeted by BitPaymer ransomware operators during August, in attacks that used an Apple zero-day vulnerability impacting the Apple Software Update service bundled with iTunes and iCloud for Windows. Apple Software Update is an updater service that gets automatically installed computers when users install iTunes or iCloud for Windows or when using Boot Camp Assistant to install Windows on a Mac. This service is designed to keep all Apple apps up to date on a Windows device, as well as to deliver software and security updates to Windows installations running on Macs computers. BitPaymer's operators found an unquoted path vulnerability within Apple Software Update for Windows which allowed them to launch their ransomware payload on the devices of any target that used iTunes or iCloud, as well as on those where they were previously uninstalled since the updater service is not also removed automatically. As part of their attacks, the BitPaymer operators executed a previously dropped ransomware payload instead of the Apple Software Update binary by abusing the zero-day. They did this by taking advantage of the fact that Apple's developers did not surround the service binary's execution path with quotes. This made it possible for them to launch the BitPaymer ransomware dropped in the form of a binary named 'Program' without an extension. Given that the Apple Software Update binary is signed by Apple, using it to launch the ransomware payload also enabled them to evade detection, fooling the behavioral engine of anti-malware solutions present on the compromised systems. Learn more by visiting OUR FORUM.