By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

To track known issues in Windows 10 that Microsoft is aware of and actively resolving, you can use a Windows 10 Health Dashboard tool. Released on April 30th, 2019, Microsoft's Windows 10 Health Dashboard tracks the known issues in various versions of Windows 10, and even older versions such as Windows 7 and Windows 8.1. The Windows Health Dashboard is broken up into different sections based on the version of the operating system. This site allows Windows users to track the issues related to the feature update they currently have installed or are trying to install. For example, when the Windows 10 May 2020 Update was released, the operating system became Windows 10 version 2004. At the top of each section, Microsoft provides a brief message related to that version of Windows, including the status of the feature update's rollout and whether it is nearing the end of support. As you scroll further down the page, you will be shown the known issues being investigated, what cumulative update caused the problem, and when information about the issue was last updated. Finally, under each entry in the known issue list is a 'See details' link. When clicked on, this link will bring you to a more detailed description of the issue that may contain steps to resolving the issue. This detailed information will state if the issue has a 'compatibility hold' that would block a Windows user from upgrading to this new version of Windows.  We will discuss compatibility holds in the next section. As Microsoft releases new feature updates, they also tweak the operating system or add new security features. The changes could cause conflicts with hardware drivers, antivirus software, or other programs that worked fine in the previous version of Windows 10. These conflicts can cause Windows 10 not to start, have degraded performance, cause games not to work, or even cause a blue screen of death (BSOD) crash. When a known conflict occurs, and a Windows user is affected, Microsoft blocks that user from upgrading to the new version of Windows 10. This upgrade block is called a compatibility hold. As it is not always clear if your device is on a compatibility hold, Microsoft has started to notify users if they are blocked from upgrading. If you are are not being offered a new Windows 10 feature update or Windows is having problems after upgrading, the Windows Health Dashboard can be a useful tool. It is useful because the dashboard will display all the known issues that are causing a hold or problems in Windows, and offer guidance on how to resolve them. For example, using the Health Dashboard, we learn that NVIDIA drivers older than version 358.00 is causing a compatibility hold. Using this information, a blocked user can upgrade their NVIDIA graphics drivers to a newer version and see if that removes the hold. Another example was when Microsoft used the Health Dashboard to warn about a bug preventing the 'Reset this PC' feature from working correctly. Until the issue was fixed, Microsoft offered a workaround to get it working again. We have more complete details along with images posted on OUR FORUM.
A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cybercriminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organizations in the education and software industries. Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanized Java Runtime Environment, and is compiled in a Java image file (Jimage) to hide the malicious intentions. "These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks," Eric Milam, VP for research and intelligence at BlackBerry, told ZDNet. "Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code but were nonetheless successful in accomplishing their goals," he added. However, the first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing RDP servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop the removal of their attack. "Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways," said Milam. After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch, and .thanos – and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email. Get better informed by visiting OUR FORUM.
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said. "This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." First observed by CrowdStrike in 2013, Cycldek has a long history of singling out defense, energy, and government sectors in Southeast Asia, particularly Vietnam, using decoy documents that exploit known vulnerabilities (e.g., CVE-2012-0158, CVE-2017-11882, CVE-2018-0802) in Microsoft Office to drop a malware called NewCore RAT. Kaspersky's analysis of NewCore revealed two different variants (named BlueCore and RedCore) centered around two clusters of activity, with similarities in both code and infrastructure, but also contain features that are exclusive to RedCore — namely a keylogger and an RDP logger that captures details about users connected to a system via RDP. "Each cluster of activity had a different geographical focus," the researchers said. "The operators behind the BlueCore cluster invested most of their efforts on Vietnamese targets with several outliers in Laos and Thailand, while the operators of the RedCore cluster started out with a focus on Vietnam and diverted to Laos by the end of 2018." Both BlueCore and RedCore implants, in turn, downloaded a variety of additional tools to facilitate lateral movement (HDoor) and extract information (JsonCookies and ChromePass) from compromised systems. What's more, the malware is programmed to copy itself selectively to certain removable drives so it can move laterally to other air-gapped systems each time an infected USB drive is inserted into another machine. A telemetry analysis by Kaspersky found that the first instance of the binary dates all the way back to 2014, with the latest samples recorded at the end of last year. The initial infection mechanism relies on leveraging malicious binaries that mimic legitimate antivirus components to load USBCulprit in what's called DLL search order hijacking before it proceeds to collect the relevant information, save it in the form of an encrypted RAR archive, and exfiltrate the data to a connected removable device. Visit OUR FORUM to learn more.

If you're an Nvidia GeForce Now Founder's subscriber, it's likely you're nonplussed over the continued losses to the cloud gaming service's roster. Many notable videogames and publishers have dropped from the service since it launched on February 4, 2020—apparently those holding all the cards are "still figuring out their cloud strategies"—and if that isn't a bad omen of things to come, I don't know what is. Why? Because Nvidia's service offers something akin to the PC gaming experience. It is (theoretically) open to all, it allows you to access the games you already own, and it is more or less a back to basics promise of a half-decent gaming PC in the cloud—it even offers RTX graphics for cheap. Without it, or those other services like it, the future of cloud gaming looks a lot more… exclusive. Nvidia was unlucky in its game streaming rollout. Just as the ball started rolling on its initially successful cloud gaming ambitions, and fresh out of beta, a couple of major publishers (Activision Blizzard, Bethesda Softworks, 2K Games) swiftly dropped out from the service, and even made quite a palaver out of it. It appears as though that sentiment only gained momentum from there. Further games have been pulled from the service since, and while many more have embraced it with open arms, there are some huge games notably missing from its cloud-compatible library. Nvidia's since adopted a less pro-active opt-in approach for developers and publishers on GeForce Now as a result. So what is it that makes Nvidia's service so frowned upon by publishers? I'd have to guess that it's merely the sheer size, scale, and monetary worth of the potential 'platform'. No one batted an eyelid for the many cloud streaming services that came before, despite being much like Nvidia GeForce Now—those that allow a user to hook in their existing libraries and play the games they own across a range of digital storefronts on hardware they couldn't otherwise afford or access. So you'd expect that it wouldn't matter whether you play your game on the hardware you own—a trusty gaming PC—or one that's rented to you and served up out of a server rack. You bought the game, right? That's yours and you get to say how you play it. Well, not so fast. Gaming licenses have never been straightforward. Do you own a game or a license to the game? Well, the answer is actually relatively simple: you own a license that allows you to use someone's software, as they intended. What that End User License Agreement (EULA) means for you, and what you're allowed to do and not allowed to do with it (such as modding), varies between platform and developer. Therein lies the thorn in Nvidia's side, and the stipulation that gives ultimate control to the publisher. And it's only a microcosm of a wider issue—if cloud gaming inherently relies on publishers and developers to specifically allow access to the videogames we own a license to, then it's going to run into burgeoning costs, exclusivity, and a lack of interest from gamers with access to an already fairly simple solution that (mostly) bypasses these issues: a physical gaming PC. For more please visit OUR FORUM.

A major teaching hospital in London, UK, is using the Microsoft HoloLens on its COVID-19 wards to keep doctors safer as they help patients with the virus. Staff at Imperial College Healthcare NHS Trust are wearing the HoloLens with Dynamics 365 Remote Assist using Microsoft Teams to send a secure live video feed to a computer screen in a nearby room, allowing healthcare teams to see everything the doctor treating Covid-19 patients can see while remaining at a safe distance. This has resulted in a fall in the amount of time staff are spend in high-risk areas of up to 83% and it has also significantly reduced the amount of personal protective equipment (PPE) being used, as only the doctor wearing the headset has to dress in PPE by up to 700 items of PPE per ward, per week. James Kinross, a consultant surgeon at Imperial College Healthcare and senior lecturer at Imperial College London, said: “Protecting staff was a major motivating factor for this work, but so was protecting patients. If our staff are ill they can transmit disease and they are unable to provide expert medical care to those who needed it most.”Kinross, who had used the HoloLens for surgery before, noted that it had unique features, such as being a hands-free solution that could be used with PPE, and that it already featured telemedicine capabilities.“It solved a major problem for us during a crisis, by allowing us to keep treating very ill patients while limiting our exposure to a deadly virus. Not only that, but it also reduced our PPE consumption and significantly improved the efficiency of our ward rounds,” he noted. Using Remote Assist, doctors wearing HoloLens on the Covid-19 wards can hold hands-free Teams video calls with colleagues and experts anywhere in the world. They can receive advice, interacting with the caller and the patient at the same time, while medical notes and X-rays can also be placed alongside the call in the wearer’s field of view. “We’re now looking into other areas where we can use HoloLens because it is improving healthcare without removing the human; you still have a doctor next to your bed, treating you,” Kinross said. “Patients like it, too. They are interested in this new piece of technology that’s helping them.” HoloLens is also being used to teach students at Imperial College London’s medical school, regarded as one of the best in the world after the Covid-19 pandemic led to the academic areas to close “practically overnight”, Kinross said. Students can use laptops and mobile devices at home to watch a live feed from lecturers wearing HoloLens and learn about a range of topics including anatomy, surgery, and cardiology. Read more on OUR FORUM.

Today marks the second anniversary of the introduction of the EU's General Data Protection Regulation (GDPR). With privacy in the spotlight at the moment due to COVID-19 tracing apps, we got the views of some industry experts on the effect that GDPR has had on our individual privacy and on the way businesses handle data. "While it's the second anniversary of GDPR, being GDPR-compliant isn't about a point in time," says Steve Grewal CTO of data management firm Cohesity. "Compliance is an on-going process that requires organizations to take the utmost care in managing and protecting personal data. This means minimizing data volumes, reducing data fragmentation, and -- absent standardized policies in the US across all 50 states on personal data and privacy -- taking a proactive approach to ensure data is secure and protected. In 2020, it’s imperative that organizations are good stewards of customer data. Failing to make compliance a key part of an overall data management strategy can severely damage trust and erode brand reputations." Grewal also believes any erosion of privacy due to tracing apps will be temporary, "Just as individuals were asked to trade privacy to access social networks, individuals are being asked to consider a lower level of personal privacy while being under lockdown, as governments are exploring the use of tracking apps to track the spread of the virus. Though Europe's laws are strict, exemptions for public-health crises are written into EU data protection rules. Any use of data must be proportionate and fall away once the crisis has passed." Bob Swanson, a security research consultant at SOAR company Swimlane believes GDPR enforcement has yet to fully bite, "When we look at the introduction of GDPR everyone was focused on proposed fines. But have the actual fines issued lived up to that? No they have not. How you institute change is through collaboration and accountability, specifically among the largest most influential organizations. Take Google for example. Of the millions in fines issued in 2019, the majority of those were issued to Google. However when you compare Google's 2019 issuance of $57 million in fines to annual revenue, some would say this fine more closely resembles a slap on the wrist, versus a mechanism to institute change among the tech giants. These types of organizations will be the ones to truly influence the adoption, adaptation, and staying power of such legislation." Others though think GDPR has been a success. Grant Geyer, chief product officer of operational technology platform Claroty believes, "Just as important as the principles the regulation stands for, the European Union’s global enforcement of blatant and willful violations of the rights of European citizens to have their personal data safeguarded has raised its prominence to the gold standard of data protection regulations worldwide. In today's global economy, GDPR has swiftly created a replicable regulatory blueprint that represents a win for citizens to maintain ownership over their personal data.  That's a sacred right in a digital economy where for many years personal data has been abused and monetized without awareness, consent, or recourse." "It is clear GDPR has so far been a success," says Paul Breitbarth, director, EU policy, and strategy at privacy management company TrustArc. "Companies around the world have become much more aware of the importance of privacy compliance, updating their approach to how their customers’ data is collected, used, and safeguarded." To learn more, visit OUR FORUM.