By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

'The consequences of not patching the vulnerability are severe and widespread,' says National Security Agency, which found the bug. Windows 10 users have been urged to update their PCs or risk having private messages read. The huge vulnerability has been patched in an update but any computer that has not received the latest version of the operating system is at risk. The bug was discovered by the National Security Agency which alerted Microsoft, rather than using it to spy on citizens. The company then fixed the bug for all of its users through the latest free update, part of its "Patch Tuesday" program of regular fixes, which seals up the exploit and stops hackers from intercepting communications. There is no indication that the exploit has been used by hackers, Microsoft said, in a note that gave credit to the NSA for finding it. Amit Yoran, CEO of security firm Tenable, said it is "exceptionally rare if not unprecedented" for the U.S. government to share its discovery of such a critical vulnerability with a company. Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly. An advisory sent by the NSA on Tuesday said: "the consequences of not patching the vulnerability are severe and widespread." Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source. "The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider," the company said. If successfully exploited, an attacker would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information on user connections, the company said. Some computers will get the fix automatically if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings. Further details can be found on OUR FORUM.

Today is a really historic day for the Microsoft family. Almost 11 years after the launch of Windows 7, Microsoft has decided its time to pull the plug on support for one of their most popular Operating Systems ever. For younger people more familiar with Windows 10, it’s hard to explain just how good Windows 7 was at the time. It felt like the first really STABLE and really aesthetically pleasing Operating System that Microsoft offered. Though it’s hard to believe, for millions of people, logging in daily and seeing this image below brought a sense of real comfort to the day. Windows 7 was awesome. It was seen as a marked improvement over its predecessor Window Vista, adding new “fancy” features like the taskbar, Aero window management, file libraries, and much more. Even with all the warnings and the heads up, Windows 7 remains popular, even today. It runs on 26 percent of all PC’s which is a staggering number considering that Windows 10 has been out for 4+ years AND Microsoft offered (and still offers) Windows 10 as a FREE upgrade to customers. Microsoft has been notifying users about this day for a full year and they plan to step up the notifications. A full-screen notification will appear for Windows 7 users on Wednesday, warning users that their systems are now out of support. If you are a business or an academic institution, your users will be able to pay for extended security updates but, it’s going to be expensive. Obviously some discounts will be available with volume licensing but when you start to think about how the costs will add up, the question is naturally – why stay with Windows 7? As you can see from the prices above, a company with 100 or more employees will start to pay REAL money going forward but there are a lot of smaller companies that will stay on Windows 7 until the lights are turned off. The reason is, they have made the decision that it’s a business-critical tool for their business. It would shock you if you knew how many small hotels and businesses run proprietary Windows 7 software. For more facts and figures, please visit OUR FORUM.

The certainties that Windows 7 embodied have long gone, and that's no bad thing. In just a couple of days, Windows 7 finally goes out of support, which means no more bug fixes or updates for the millions who are still using the operating system, which first launched back in 2009. In many respects, the success of Windows 7 was the high water mark for the PC and for Windows. It has been much loved by PC users and admins in the past decade -- and not just for replacing its reviled predecessor, Windows Vista. It's had plenty of staying power, too: Windows 7 users largely (and probably rightly) ignored Windows 8 when it appeared, and only with Windows 10 maturing (and old hardware giving up) has migration from the reliable and comfortable Windows 7 finally gathered pace. But even with the clock ticking down towards the end of support, Windows 7 fans have proved stubborn. Although businesses have mostly made the move, there are still plenty of consumers hanging on to their old favorite. My colleague Ed Bott has done some smart number crunching and reckons there are about 1.2 billion Windows PCs in use around the world, with somewhere around a billion running Windows 10 and most of the rest running Windows 7. As he notes, that means somewhere near 200 million PCs could soon be running out-of-date software, and any new security holes are unlikely to get fixed (unless you are willing to pay for extended support). The Windows 7 era coincided with the high point of the PC era, and the end of Windows 7 marks the end of the PC era, too. When Windows 7 launched, the iPhone and its app store were around but were still novelties, while the iPad hadn't arrived yet. If you wanted to get work -- or pretty much anything -- done on a computer, you needed a PC. Just over a decade later, the picture is much more complicated. PC sales have been in decline for the last seven years; a slide which only ended with a small increase last year, largely because businesses needed to buy new PCs to run Windows 10, after bowing to the inevitable and upgrading. In many scenarios and use cases, the PC has been superseded by the smartphone, the tablet or digital assistants embodied in various other devices. And it's not just the PC -- Windows is no longer the defining product for Microsoft that it once was. That's not to say the PC is dead, of course: I'm typing on one now, and it will remain the primary device I use to do my job for the foreseeable future. Many office and knowledge workers will feel the same. But there are now plenty of other options: Follow the "End-of-Life" of Windows 7 on OUR FORUM.

An Android malware strain camouflaged as a system app is used by threat actors to disable the Google Play Protect service, generate fake reviews, install malicious apps, show ads, and more. The heavily obfuscated malware dubbed Trojan-Dropper.AndroidOS.Shopper.a uses a system icon and the ConfigAPKs name which closely resembles the name of a legitimate Android service responsible for app configuration the first time a device is booted. "Trojan-Dropper.AndroidOS.Shopper.a was most widespread in Russia, where the largest share of infected users (28.46%) was recorded in October – November 2019," Kaspersky Lab researcher Igor Golovin said. "Second place went to Brazil (18.70%) and third to India (14.23%)." Once it infects a victim's Android device, the malware downloads and decrypts the payload, then goes straight to information harvesting, collecting device info such as country, network type, vendor, smartphone model, email address, IMEI, and IMSI. All this data is then exfiltrated to the operators' servers which will send back a series of commands to be run on the infected smartphone or tablet. The attackers will utilize the Shopper.a Trojan to boost other malicious apps' ratings on the Play Store, post fake reviews on any apps' entries, install other apps from the Play Store or third-party app stores under the cover of an "invisible" window. All this is done by abusing the Accessibility Service, a known tactic used by Android malware to perform a wide range of malicious activities without needing user interaction [1, 2, 3, 4]. If it has no permissions to access the service, the Trojan will use phishing to get them from the compromised device's owner. "The lack of installation rights from third-party sources is no obstacle to the Trojan — it gives itself the requisite permissions through Accessibility Service," Kaspersky Lab researcher Igor Golovin explained. "With permission to use it, the malware has almost limitless possibilities for interacting with the system interface and apps. For instance, it can intercept data displayed on the screen, click buttons, and emulate user gestures." "Cybercriminals use Trojan-Dropper.AndroidOS.Shopper.a to boost certain app’s rating and increase the number of installations and registrations," Golovin added. "All this can be used, among other things, to dupe advertisers. What’s more, the Trojan can display advertising messages on the infected device, create shortcuts to ad sites, and perform other actions."Get the full scoop by visiting OUR Forum.

Apple scans photos to check for child sexual abuse images, an executive has said, as tech companies come under pressure to do more t. o tackle the crime. Jane Horvath, Apple’s chief privacy officer, said at a tech conference that the company uses screening technology to look for illegal images. The company says it disables accounts if Apple finds evidence of child exploitation material, although it does not specify how it discovers it. Apple has often clashed with security forces and authorities, refusing to break into criminals’ phones and applying encryption to its messaging app in the name of protecting its users’ privacy. Speaking at the Consumer Electronics Show in Las Vegas, Ms. Horvath said removing encryption was “not the way we’re solving these issues” but added: “We have started, we are, utilizing some technologies to help screen for child sexual abuse material.” An Apple spokesman pointed to a disclaimer on the company’s website, saying: “Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space. “As part of this commitment, Apple uses image-matching technology to help find and report child exploitation. Much like spam filters in email, our systems use electronic signatures to find suspected child exploitation. “Accounts with child exploitation content violate our terms and conditions of service, and any accounts we find with this material will be disabled.” The company did not elaborate on how it checks for child abuse images, but many tech companies use a filtering system called PhotoDNA, in which images are checked against a database of previously identified images using a technology known as “hashing”. The technology is also used by Facebook, Twitter, and Google. Apple made a change to its privacy policy last year that said it may scan images for child abuse material. Ms. Horvath defended Apple’s decision to encrypt iPhones in a way that makes it difficult for security services to unlock them after the FBI raised the prospect of another clash with the company by asking it to unlock an iPhone allegedly owned by a dead gunman who killed three people at a naval base in Florida last month. “End to end encryption is critically important to the services we come to rely on…. health data, payment data. Phones are relatively small they get lost and stolen. More posted on OUR FORUM.

In the days after the US government said it would bar Huawei Technologies Co from buying vital American components, the Chinese company’s founder, Ren Zhengfei, pulled together an emergency meeting of his top lieutenants at headquarters in Shenzhen. In a large conference room, the billionaire asked for a report from the head of each business unit on how they would be affected by the Trump administration’s ban, which blocks US companies from supplying everything from semiconductors to the software. Their assessments were dire. "We thought we had lost the world,” said Will Zhang, who attended as president of corporate strategy. It turns out they were far too pessimistic. Huawei recorded an 18% rise in sales to a new high of 850bil yuan (RM500.52bil) last year, although that was down from about 23% in the first half and missed its own internal targets. Company projections for 2020 are similar. Huawei holds the enviable position of being the world’s largest supplier of communications equipment to telecom operators and the largest smartphone maker globally after Samsung Electronics Co. Huawei isn’t just surviving; it’s actually thriving in some areas. The question is for how long. Last week, executives warned in a New Year’s memo that survival itself is a priority, urging employees to brace for a difficult 2020. Inventories stockpiled months in advance of the May blacklisting are drying up. The company can no longer count on momentum alone to drive the business, Rotating Chairman Eric Xu warned. How Huawei survived the US blacklisting could prove a case study in unintended consequences and a vast shift underway in global IT production. Huawei is a big customer for all of its suppliers, and a few actually cut ties after the blacklisting. Others lost out to rivals in Japan and South Korea. But American companies with extensive global operations, including Microsoft Corp and chipmaker Micron Technology Inc, found legal ways around the ban, leaning on the production outside the US so Huawei-destined products wouldn’t be hit. Huawei itself put armies of engineers to work redesigning products to reduce its reliance on American parts. Trump’s attack also had surprising implications for Huawei’s brand. A few countries, like Australia, agreed with the US president’s assessment and barred its equipment from their networks. But in the rest of the world, Huawei’s name recognition soared. After laboring in obscurity for decades, the maker of digital piping was suddenly front-page news everywhere. Beyond the US and its close allies, telecom operators wanted to find out what all the fuss was about. In China, consumers and carriers rallied to Huawei’s side in response to what they saw as unfair persecution, driving a sales boom. The Trump sanctions in some ways validated Huawei’s ability to develop cutting-edge technology, from fifth-generation networking gear to AI chips. Follow this in-depth on OUR FORUM.