By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

A new malware strain targeting Windows systems is rearing its ugly head. Named SystemBC, this malware installs a proxy on infected computers. The bad news is that SystemBC never comes alone, and usually, the presence of this malware indicates that a computer was also infected by a second threat. Proofpoint researchers, who recently analyzed the malware, say its creators are advertising it on underground cybercrime forums to other malware authors. The SystemBC malware is effectively an on-demand proxy component that other malware operators can integrate and deploy on compromised computers alongside their primary strain. SystemBC's main role is to create a SOCKS5 proxy server through which the other malware can create a tunnel to bypass local firewalls, skirt internet content filters, or connect to its command-and-control server without revealing its real IP address. Proofpoint researchers said they identified an ad on a hacking forum for an unnamed malware strain that appears to be SystemBC, dated in early April, about a month before the malware was first seen online, in May. The ad includes images of the SystemBC backend, through which other malware operators can list active installs, update the malware on users' computers, or configure the final IP to which the malware relays traffic from infected hosts. While initially the malware has been seen in some isolated campaigns, Proofpoint researchers say they've now seen it in the past two months being distributed via exploit kits, such as RIG and Fallout. Follow this thread on OUR FORUM.

A report backed by the Dutch Ministry of Justice and Security is warning government institutions not to use Microsoft's Office Online or mobile applications due to potential security and privacy risks. A report from Privacy Company, which was commissioned by the ministry, found that Office Online and the Office mobile apps should be banned from government work. The report found the apps were not in compliance with a set of privacy measures Redmond has agreed to with the Dutch government. The alert notes that in May of this year Microsoft and the government of the Netherlands agreed to new privacy terms after a 2018 report, also compiled by Privacy Company, found that Office 365 ProPlus was gathering personal information on some 300,000 workers via its telemetry features and storing them in the US. These included such things such as email addresses and translation requests. While other Windows and Office apps have been brought in compliance with those rules and no longer gather the user information, the Privacy Company said that the mobile apps and Office online are still gathering information about user activity, as are some of the features in Windows 10 Enterprise. "Moreover, certain technical improvements that Microsoft has implemented in Office 365 ProPlus are not (yet) available in Office Online," Privacy Company said, "From at least three of the mobile apps on iOS, data about the use of the apps are sent to a US-American marketing company that specializes in predictive profiling." For more visit OUR FORUM.

A new version of the TrickBot banking Trojan continues its evolution of targeting security software in order to prevent its detection and removal. In this new version, TrickBot has set its sights on Windows Defender, which for many people is the only antivirus installed on a Windows 10 machine. TrickBot is a banking Trojan that attempts to steal online banking credentials, cryptocurrency wallets, browser information, and other credentials saved on your PC and browser. When TrickBot is executed it first starts a loader that gets the system ready by disabling Windows services and processes associated with security software and performing elevation to gain higher system privileges. When that is completed, it will load the "core" component by injecting a DLL that then downloads modules used to steal information from the computer, contains the communication layer, and perform other tasks. Prior to this version, the TrickBot loader would perform a basic targeting of Windows Defender, soon to be called Microsoft Defender. Because that wasn't enough, in a new TrickBot sample found by security researchers MalwareHunterTeam and Vitali Kremez, who reverse-engineered it, it is seen that the Trojan has added further attempts to disable Windows Defender. As you can see below, TrickBot has now added 12 additional methods to target and disable Windows Defender and Microsoft Defender APT in Windows as shown below. These methods utilize either Registry settings or the Set-MpPreference PowerShell command to set Windows Defender preferences. When TrickBot detects certain security programs installed, it will configure a debugger for that process using the Image File Execution Options Registry key. This causes the debugger to launch before the program that is executed, and if that debugger does not exist, the expected program will fail to launch. More complete details can be found on OUR FORUM.

Europe’s top court has made a ruling that could affect scores of websites that embed the Facebook  ‘Like’ button and receive visitors from the region. The ruling by the Court of Justice of the EU states such sites are jointly responsible for the initial data processing — and must either obtain informed consent from site visitors prior to data being transferred to Facebook or be able to demonstrate a legitimate interest legal basis for processing this data. The ruling is significant because, as currently seems to be the case, Facebook’s Like buttons transfer personal data automatically, when a webpage loads — without the user even needing to interact with the plug-in — which means if websites are relying on visitors’ ‘consenting’ to their data being shared with Facebook they will likely need to change how the plug-in functions to ensure no data is sent to Facebook prior to visitors being asked if they want their browsing to be tracked by the ad tech giant. The background to the case is a complaint against online clothes retailer, Fashion ID, by a German consumer protection association, Verbraucherzentrale NRW — which took legal action in 2015 seeking an injunction against Fashion ID’s use of the plug-in which it claimed breached European data protection law. Like ’em or loathe ’em, Facebook’s ‘Like’ buttons are an impossible-to-miss component of the mainstream web. Though most Internet users are likely unaware that the social plug-ins are used by Facebook to track what other websites they’re visiting for ad targeting purposes. The Fashion ID case predates the introduction of the EU’s updated privacy framework, GDPR, which further toughens the rules around obtaining consent — meaning it must be purpose-specific, informed and freely given. Today’s CJEU decision also follows another ruling a year ago, in a case related to Facebook fan pages, when the court took a broad view of privacy responsibilities around platforms — saying both fan page administrators and host platforms could be data controllers. Complete details can be found on OUR FORUM.

Microsoft recently revealed that the outdated Intel RST driver causes system reliability problems on Windows 10 May 2019 Update. To prevent further problems, Microsoft has opted to block the May 2019 Update to such PCs. If you’re running outdated versions of the Intel Rapid Storage Technology drier, you won’t be able to install the May 2019 Update, according to Microsoft. If you attempt to install Windows 10 May 2019 Update with Update Assistant Tool, you’ll receive an error message. Microsoft says the upgrade block is lifted when updated Intel RST driver is running, but users are reporting that they are still unable to install Windows 10 May 2019 Update. Even if you installed an updated driver, there’s a chance that you still won’t be able to upgrade to Windows 10 version 1903. According to various reports (1, 2, 3,) – the above error notification won’t go away and the upgrade installation refuses to proceed. “I’ve literally been trying to fix this for hours. I’ve updated the version numerous times, uninstalled everything numerous times, yet every time I try to update, I get the same error over and over again,” a user documented the problem on Reddit. “Same issue as well. I’ve tried the recommended version, the latest and uninstalled. Continue to get the same Upgrade error about RST compatibility,” another user noted. It’s not clear why the upgrade is still being blocked, but it could be possible that Update Assistant Tool is unable to detect the new driver. A solution is yet to be found, but if you really want the May 2019 Update, you can manually install it with Media Creation Tool only after double-checking the driver version. We will continue following this thread and report any updates or workarounds as they become available. For the complete publication of this article, Please stop by OUR FORUM.

The issue with Huawei as a "threat" to security is code language. Huawei IS a threat, but only to the security of other telecoms in the West because the Chinese got to a viable 5G network before anyone else did. In a recent piece about the politicization of news concerning the Chinese telecom giant Huawei, some of our readers on made interesting comments that actually help one to connect the dots and see more clearly just how invasive the US government thinks it can be in terms of one’s personal privacy. The comments in question (slightly redacted for conciseness here), said the following: “Huawei categorically will NOT put back doors in their hardware for the NSA and other alphabet agencies to use to spy on all of us. That is the REAL reason.” “The [effort] to demonize Chinese companies, especially the two biggest and best Chinese tech companies, has two [purposes]: one is to use their plight as leverage in the ongoing trade negotiations; the other is the US desire to destroy the Chinese economy so China would have to submit under US hegemony. [Looking] at the spying accusations with a bit more common sense: what would China want to do with this flood of useless information? Contrary to the NSA who justifies its $85bn yearly budget by compiling a file on every person in the world and especially in the US to prevent terrorism, China spies only in directed ways. The terrorism the NSA is afraid of is not ISIS type terrorism from outside and it hasn’t prevented any of these attacks. What the NSA and the US government are afraid of is revolt by organized citizens. Hence the surveillance and scrutiny of activists and any organized group of people. China has no use for such data from the US and given a smaller budget, uses it to keep order in China and elsewhere by spying when other signs indicate a problem could be brewing. Dragnets are the specialty of US [spycraft].

 

GTranslate