By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A publicly accessible Elasticsearch database discovered on March 27 exposed various types of personally identifiable information (PII) and medical info of more than 100,000 individuals. Security Discovery's researcher Jeremiah Fowler who discovered the unprotected Elasticsearch database found out after further investigation that the leaked data belonged to SkyMed, a company which provides medical emergency evacuation services for about 30 years. As the researcher says, the Elastic database was "set to open and visible in any browser (publicly accessible) and anyone could edit, download, or even delete data without administrative credentials." The database contained 136,995 records of SkyMed members and included PII data such as full names, addresses, dates of birth, email addresses, phone numbers, with some of the entries also including medical information. Besides finding hundreds of thousands of leaked member records, Fowler also discovered that the company's network might have also been infected at some point in time with an unknown ransomware strain. This was revealed when the researcher found a ransom note entry named "howtogetmydataback" in SkyMed's unsecured ElasticSearch database. While the company did not provide any feedback to the researcher's reports on the exposed database, the good news is that SkyMed did take down the database eventually. "The first data incident notification was sent on March 27th (the same day it was discovered). On April 5th we verified that the database was closed and no longer publicly accessible. No one from SkyMed replied to either message," stated Fowler. BleepingComputer also reached out to SkyMed to ask if breach notifications were sent to the impacted individuals but the company did not provide a response prior to publication. Learn more by visiting OUR FORUM.

Windows 10 May 2019 Update will begin rolling out to the compatible devices in late May 2019. Windows 10 version 1903 is currently only available to Windows Insiders, but the update for Windows 10 is now being blocked from installing on systems with certain configurations. In an updated blog post, Microsoft quietly shared a list of current upgrade blocks for Windows 10 May 2019 Update. At least three sets of devices could be affected during installation due to the blockade. Microsoft says that you cannot upgrade to Windows 10 May 2019 Update if your company is using a USB storage device or SD memory card, but there’s an easy workaround to deal with this problem. Microsoft has advised users to remove any external USB storage devices and/or SD memory cards to start the upgrade installation process. If you have older versions of anti-cheat software that comes bundled with many popular games, you may not be able to install the Windows 10 May 2019 Update. Microsoft discovered a bug where the older versions of anti-cheat software may cause Windows 10 May 2019 Update PCs to experience crashes. Most games have been already updated with a fix for the bug and Microsoft is actively working with affected partners. Microsoft has also blocked the Windows 10 May 2019 Update from installing on devices with any Known Folders or empty folder with that same name is created in your %userprofile% directory when you update. Follow this on OUR FORUM.

Multiple malicious spam campaigns using signed emails have been observed while distributing the GootKit (aka talalpek or Xswkit) banking Trojan with the help of a multi-stage malware loader dubbed JasperLoader over the past few months. This loader is the third one detected by Cisco Talos' research team since July 2018, with Smoke Loader (aka Dofoil) being employed by threat actors to drop ransomware or cryptocurrency miner payloads last year, while Brushaloader was identified during early 2019 and seen while making use of Living-of-the-Land (LotL) tools such as PowerShell scripts to remain undetected on compromised systems. Malware loaders are popular tools for adversaries who want to make the job of dropping various malware payloads onto to their victims' machines easier because they make it possible to maximize their profits by switching the pushed malware to one suited to the infected computer. The current loader tracked by Cisco Talos is JasperLoader and its activity has been picking up during the past months, with malspam campaign operators distributing it to targets from Central Europe, with an apparent focus on Italian and German targets. "JasperLoader employs a multi-stage infection process that features several obfuscation techniques that make the analysis more difficult," says Cisco Talos. "It appears that this loader was designed with resiliency and flexibility in mind, as evidenced in later stages of the infection process." As unearthed by the researchers, JasperLoader has been disseminated by multiple malspam campaigns throughout the last months and it has been used to drop the Gootkit banking Trojan — previously distributed by DanaBot, Neutrino exploit kit and Emotet — which acts as a backdoor and can steal sensitive user information. More in-depth details are posted on OUR FORUM.

Researchers have discovered a web site pushing a PC cleaner tool for Windows that in reality is just a front for the Azorult password and information-stealing Trojan. AZORult is a trojan that when installed attempts to steal a user's browser passwords, FTP client passwords, cryptocurrency wallets, desktop files, and much more. Instead of renting distribution methods such as spam, exploit kits, or being dropped by other trojans, the attackers decided to create a fake Windows utility and an accompanying web site to distribute the Trojan instead. According to the site, G-Cleaner or Garbage Cleaner is a Windows junk cleaner that removes temporary files, broken shortcuts, and unnecessary Registry entries. Overall, it's promoted like all the other system optimization tools that we see regularly being offered. Even when you download and run the program, it looks like countless other homemade PC cleaners and states it will scan your computer for junk files and remove them. When the G-Cleaner program is installed, it will download the main components of the fake PC cleaner and save them to the C:\ProgramData\Garbage Cleaner or C:\ProgramData\G-Cleaner folders depending on the version. It will then extract a randomly named file to the %Temp% folder and execute it. This file is the malware component that will attempt to steal your computer's passwords, data, wallets, and other information. Even though this site and the malware that is being pushed is over one month old, the site is still up and running. Just yesterday, another researcher named JamesWT discovered it again and even a month later, few antivirus vendors were detecting it as malicious. Further details can be found on OUR FORUM.

If you using a Roaming User Profile and customize your Windows 10 Start Menu, any changes will be reset after upgrading to a newer version of Windows 10. Windows creates a profile for every user, which contains the changes made by the logged in user to the Windows configuration or application settings. These user profiles are normally stored on the local computer, but domain admins can configure users so that their profiles are instead stored on a network share as a Roaming User Profile. This allows users to configure the appearance of Windows or make changes to a program's configuration and have those same settings available on any other computer they log into on the same domain. In a support article, Microsoft has stated that users using a Roaming User Profile and who customize the appearance of the Start Menu will have those changes reset after upgrading to a new version of Windows 10. According to Microsoft, you can fix this issue by installing the latest cumulative update for Windows and performing the following a few easy steps. Microsoft notes that this fix will only work if the Start Menu customizations that are stored locally and have not been deleted due to a group policy configured by an administrator. "This will only work if a user’s profile with start menu customization is available locally.  If the profile was deleted due to a group policy, creating a new roaming profile will not help.​" We have the workaround posted on OUR FORUM.

There is a growing disparity in the US between the demand for STEM-related employment and the education and training students receive in preparation for those jobs.  According to the iDTech’s report of 2018 STEM statistics, only 36% of high school graduates are ready for college-level science and “US universities are expected to produce only 29% of the required number of grads” to fill the 1.4 million computer specialist job openings reported by the Department of Labor. Based on most statistics, the issue in a lack of a prominent STEM-educated workforce is the shortcoming of nurturing early interest to which young girls and women becoming rounding errors when all is said and done. Despite 74% of middle school girls expressing some level of interest in math, science, and engineering only 0.3% decided to make a go at in college and of the ones who do seek STEM-related fields in college, they make up 18% of the total computer science undergrad population. The matters are further compounded when breaking down racial segmentation, where the National Science Foundation reported that while math and science scores for 8th graders were increasing ‘modestly’ overtime across the board, “by 2013, the average score of blacks was just above the basic level, whereas whites and Asians/Pacific Islanders had scores near and above the proficient level, respectively.” In an attempt to address the issue of generating and nurturing interest in one of the most underserved communities in young African American women, Microsoft and Black Girls CODE have teamed up to open up a Seattle Chapter of the Oakland based community project dedicated to educating girls of color between the ages of 7 and 17 about computer programming and technology. Learn more by visiting OUR FORUM.