By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

FBI has updated and expanded the resources and tools designed to help political campaigns, private businesses, and individuals to better understand and mitigate risks posed by foreign entities' cyber intrusions and disinformation efforts during the 2020 U.S. election season. This information is shared through the Protected Voices initiative that raises awareness of potential cybersecurity vulnerabilities, thus making it possible for political campaign managers, staff, and IT directors to prevent foreign actors from hijacking their message. "We’ve created these Protected Voices videos to showcase the methods these adversaries might use, and to help campaigns practice good cyber hygiene because the foundation of election security is cybersecurity," Director of the FBI Chris Wray says. The FBI, in collaboration with the Department of Homeland Security (DHS) and the Director of National Intelligence (DNI), has released a series of short videos containing both guidance and information to help political campaigns identify defend their computer networks from foreign intelligence efforts as part of this effort initially launched in 2018. "The tutorials and online resources explain the nature of foreign influence and social engineering, highlight common areas of vulnerability, and offer cybersecurity measures to help campaigns, companies, and individuals protect themselves against common Internet-enabled crimes," says the FBI press release. "We were hearing campaign personnel say, ‘We know election security is important, but what do we need to do?’" Bradley Benavides, a section chief with the Foreign Influence Task Force, added. "The Protected Voices series is designed to answer that question. These are the steps your information technology team needs to take. This is the training you should give every campaign worker and volunteer. This is where you are vulnerable. This is where you need to be on guard." Full details can be found on OUR FORUM.

Microsoft’s contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday. The EDPS, the EU’s data watchdog, opened an investigation in April to assess whether contracts between Microsoft and EU institutions such as the European Commission fully complied with the bloc’s data protection rules. “Though the investigation is still ongoing, preliminary results reveal serious concerns over the compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services,” the EDPS says in a statement. The EU introduced new rules on data protection in 2018, known as GDPR, applicable to all companies operating in the bloc and designed to give individuals more control over their personal data and to create a more level playing field for businesses. “We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws,” a Microsoft spokesman said. “We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS.” The EDPS has worked with the Dutch ministry of justice, which carried out risk assessments last June and found that public authorities in member states face similar issues. The two have since set up a forum designed to set up fair rules for public administrations. For more on this and to keep up with changes and violations on GDPR visit OUR FORUM.

Installing the KB4520062 cumulative update for Windows 10 – released on October 15 – could break the Windows Defender Advanced Threat Protection (ATP) service. That’s the warning provided in Microsoft’s release notes, stating that certain customers should not install this update. “After installing this update, the Microsoft Defender Advanced Threat Protection (ATP) service might stop running and might fail to send reporting data,” the warning reads. “You might also receive a 0xc0000409 error in Event Viewer in MsSense.exe.” Before going on a red alert, this issue pertains to Microsoft’s enterprise-based customers. Microsoft Defender Advanced Threat Protection is a paid service for detecting, investigating, and responding to “advanced threats.” It’s built into Windows 10 but unrelated to the Windows Security platform found in Windows 10 Home and Pro. Microsoft notes that it’s currently “working on a resolution” but doesn’t expect an official fix until the middle of November. That means businesses and corporations should not install this update until then. If the update is already installed, issues with the Microsoft Defender Advanced Threat Protection platform may already be in effect. Uninstall the update and wait for a fix.

Two reports published in the last few months show that malware operators are experimenting with using WAV audio files to hide malicious code. The technique is known as steganography -- the art of hiding information in plain sight, in another data medium. In the software field, steganography -- also referred to as stego -- is used to describe the process of hiding files or text in another file, of a different format. For example, hiding plain text inside an image's binary format. Using steganography has been popular with malware operators for more than a decade. Malware authors don't use steganography to breach or infect systems, but rather as a transfer method. Steganography allows files hiding malicious code to bypass security software that whitelists non-executable file formats (such as multimedia files). All previous instances where malware used steganography revolved around using image file formats, such as PNG or JEPG. The novelty in the two recently-published reports is the use of WAV audio files, not seen abused in malware operations until this year. The first of these two new malware campaigns abusing WAV files was reported back in June. Symantec security researchers said they spotted a Russian cyber-espionage group known as Waterbug (or Turla) using WAV files to hide and transfer malicious code from their server to already-infected victims. The second malware campaign was spotted this month by BlackBerry Cylance. In a report published today and shared with ZDNet last week, Cylance said it saw something similar to what Symantec saw a few months before. But while the Symantec report described a nation-state cyber-espionage operation, Cylance said they saw the WAV steganography technique being abused in a run-of-the-mill crypto-mining malware operation. Further details are posted on OUR FORUM.

It seems Windows 10 KB4517389 Update hit hard with plenty of issues. We’ve earlier reported about the Start Menu bug and the broken Microsoft Edge browser, but besides these, it appears that Microsoft engineers need to fix two more bugs. Windows 10 KB4517389 Update is causing random BSOD, and they are particularly visible on laptops running the latest cumulative update. Interestingly enough, not a single case has been reported on desktop PCs. “On my laptop machine (but not on my desktop) I started getting BSOD failures in cldflt.sys after installing KB4517389,” a user wrote on Microsoft Community site. The user later confirmed that it was indeed the KB4517389 Update that caused the issue as the uninstalling the update brought everything back to normal( via Techdows). “Just FYI, I rebooted my Windows 10 laptop this morning to finish installing Windows Update KB4517389, and after that, I experienced several Windows failures, BSOD when using the menus in the Affinity applications, ” a user wrote on Affinity forum. Windows 10 KB4517389 Update hit with another issue where basic features like Start menu, Windows Search or Google Chrome will render incorrectly( via Windowslatest). But all PCs are a victim, PCs with Intel DCH display driver version are affected. Upgrading to a newer version of the display driver might solve the issue, you can also try to roll back to any previous version of the driver to avoid the aforementioned issues. Neither of the issues has been acknowledged by Microsoft, so there are no official fixes available at this moment. Follow this thread and many more at OUR FORUM.

Microsoft has announced today that the Windows 10 Tamper Protection security feature is now officially generally available for the Enterprise and consumers. Along with this announcement, Microsoft will be enabling this security feature on all Windows 10 devices by default. Tamper Protection is a security feature that was introduced in Windows 10 version 1903, otherwise known as the May 2019 Update. When enabled, Tamper Protection prevents Windows Security and Windows Defender settings from being changed by programs, Windows command-line tools, Registry changes, or group policies. Instead, users must modify security settings directly through the Windows 10 user interface or via Microsoft enterprise management software such as Intune. If Tamper Protection is not currently enabled on your Windows 10 device, Microsoft has told BleepingComputer that they will be rolling out this change to all Windows 10 users. It may take a few days, though, before it becomes enabled automatically for everyone. With the Windows Defender becoming a reliable antivirus solution and further security enhancements being added to Windows 10, malware has increasingly made efforts to bypass it. This is done by attempting to turn off or reduce the functionality of Windows Defender through PowerShell commands, group policies, or Registry modifications. With Tamper Protection enabled, though, these attempts to change Windows Defender or Windows Security settings will be ignored or simply reset. As Windows Defender automatically turns on when third-party antivirus software is removed, it is even more important to enable Tamper Protection so that Windows Defender can adequately protect you. Visit OUR FORUM to learn more and get the instructions on activating Windows 10 Tamper Protection.