By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Over the past few months, Windows 10 updates have caused serious issues for some people, and it seems like the company has released yet another disastrous patch – KB4560960 and KB4557957. The June 2020 cumulative update was supposed to be an important patch for people running the two most recent versions of Windows 10, but it appears to have introduced new bugs on some configurations. Both Windows 10 November 2019 Update and Windows 10 May 2020 Update recently had a patch issued to fix critical and important security problems. At the time of its release, we noted that Microsoft is not aware of any issues and we were wondering what it might break – and now we have more details. KB4557957 for Windows 10 version 2004 and KB4560960 for Windows 10 version 1909 are breaking down printers. This is according to several posts on Reddit, Microsoft’s Answers website, and other forums. “Has anyone had issues today with printing and the latest Windows update? We’re seeing problems with Ricoh printers that were previously stable. Changing the print driver seems to help but that’s going to be a pain if I have to roll it out to too many clients,” one user noted. In the same thread, other users also confirmed that this appears to be an issue with both KB4557957 and KB4560960 for Windows 10. “After this update, documents in my printing queue appeared for a second then disappeared. Uninstalling this update immediately fixed the problem,” another user wrote in Microsoft’s forum. The issue is that Windows 10 KB4557957 / KB4560960 updates are seemingly causing major problems mainly for Ricoh printers, but with some other brands too including Brother and Canon. Particularly, users have noted issues when printing their documents and the stability of the connection is also affected. A network technician claimed that PCL5 driver does not work with Windows 10 after installing the update and driver age does not matter. Things might improve if you install the newest version of PCL6 “universal driver”, but as one user notes, this is not a realistic approach for businesses to service hundreds of devices. The updates appear to be a complete nightmare for those with printers, which could be costly one in terms of the company’s reputation as the bug is also hitting businesses and organizations using Windows 10. Fortunately, Microsoft is aware of the reports and the company is already working on a fix, which could be deployed soon, according to a post published by Microsoft’s independent community advisor. If you’re unable to uninstall the update via Windows Settings, you can always remove it using Command Prompt. First, open Command Prompt with admin rights and run the following command after replacing the [id] with the KB (update) number. Users are also reporting other problems after recent Windows 10 cumulative updates. One user noted that the update removed their documents, files, background image, and the settings. We have more along with the steps necessary to uninstall the cumulative update posted on Our Forum.

When even the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is starting to get nervous about your unpatched Windows 10 system, maybe it’s time to make sure you’ve downloaded everything you need from Windows Update. This time around, the agency is reacting to the emergence of new proof-of-concept attacks related to a vulnerability that was discovered in March—yes, three months ago. The exploit, “SMBGhost,” take advantage of an issue with Windows’ server message block protocol that could give an attacker unrestricted access to run whatever they want on an affected machine. (That includes servers, obviously, but also any unpatched clients connecting to one that has already been hit.) All you have to do to stay safe is to make sure you’ve installed the latest updates for Windows 10. That’s it. It’s incredibly easy to do this on your home machines—and, really, they should be updated already if you’ve been using them regularly and have them connected to the internet. Here’s the quirk, though. If you’re using a version of Windows 10 that’s older than version 1903 (released in May of last year), you’re in the clear. Your operating system doesn’t yet support SMBv3.1.1 compression, which is the source of the bug that’s being exploited by SMBGhost. So, in some weird way, not updating has kept you safer from this attack than installing a major update and getting lazy about the rest. That’s not a practice you should continue, however. It’s time to update to the latest version of Windows—version 2004, as of when we wrote this article—and make sure you stay on top of your Patch Tuesday updates and any other critical out-of-schedule updates. But there’s a caveat to that, too. As you no doubt know, Microsoft tends to have some issues with its various Windows 10 updates. So much so that it’s probably not worth your while to install every single update you can get your hands on the minute it’s released. Were I you—and this is what I do, too—I’d make sure I’m using at least Windows version 1909. I’d then use its ability to pause Windows Updates, found via Settings > Update & Security, to keep your operating system from downloading and installing updates the moment they’re released. As for how long you should wait before you install one, that’s up to you and the severity of the update in question. If an update is patching a zero-day exploit, you might want to err on the side of installing it sooner; if it’s a gigantic feature update, you can probably wait a week (or two weeks) to make sure that system-breaking bugs haven’t revealed themselves as part of the update’s public launch. Is this taxing? Yes. Will you forget about it? Sure. Will you remember it when you can’t understand why your system worked well on Tuesday but is coughing up some terrible glitch on a Wednesday morning? You will now. We have more posted on OUR FORUM.
The United States had not provided Huawei Technologies with specific reports or evidence on cybersecurity flaws or vulnerabilities to back its claims, company vice-president Victor Zhang told Sputnik in a presser with UK media on Monday. Huawei's Cybersecurity Evaluation Centre (HCSEC) in Banbury, which works directly with the UK's National Security Advisor and others, "found no security vulnerabilities or backdoors" in the company's network products. Speaking on the need to collaborate on international security standards, he told Sputnik that global organizations such as 3GPP and others had a "very mature model for working not just with the industry, but also governments, with fairness and transparency to discuss these standards". 3GPP had "already taken serious measures on security management" on such standards. The comments follow an open letter to the UK public stating the Chinese firm had operated in Britain for 20 years and was 100 percent "owned by employees", as well as aimed to boost mobile and broadband connectivity across the UK. "Britain needs the best possible technologies, more choice, innovation, and more suppliers, all of which means more secure and more resilient networks. This is fundamental to achieving the government’s Gigabit broadband target by 2025. This is our commitment to the UK,” VP Zhang said in a statement. “Huawei grew up in the UK. We’ve been here for 20 years and were integral in building the 3G and 4G networks we all use every day," he said. The letter added that while many in cities had "fast, reliable connections", poor connectivity made "working from home, or running a small business, harder than it should be". The Chinese firm aimed to expand Britain's 5G and full-fiber broadband connectivity "to every part of the country" along with creating jobs, training engineers, and investing in the country's economy and university, the letter said. Huawei's pledge comes amid unconfirmed reports in UK media in late May citing anonymous Whitehall sources alleging the government could potentially phase out Huawei's role in building national 5G networks by 2023. But Downing Street announced in late May it had sought "new entrants into the market" to diversify suppliers and had informed allies, "including the United States" in previous talks. The UK National Cybersecurity Centre also announced it would assess the impact of phasing out Huawei's IT equipment from UK networks after UK prime minister Boris Johnson approved the Chinese tech giant's role in building IT networks in late January. But Washington extended its trade ban on Huawei, ZTE, and over 70 Chinese tech companies placed on an Entity List in May 2019 a further year over alleged national security concerns. Want to learn more please visit OUR FORUM.
To track known issues in Windows 10 that Microsoft is aware of and actively resolving, you can use a Windows 10 Health Dashboard tool. Released on April 30th, 2019, Microsoft's Windows 10 Health Dashboard tracks the known issues in various versions of Windows 10, and even older versions such as Windows 7 and Windows 8.1. The Windows Health Dashboard is broken up into different sections based on the version of the operating system. This site allows Windows users to track the issues related to the feature update they currently have installed or are trying to install. For example, when the Windows 10 May 2020 Update was released, the operating system became Windows 10 version 2004. At the top of each section, Microsoft provides a brief message related to that version of Windows, including the status of the feature update's rollout and whether it is nearing the end of support. As you scroll further down the page, you will be shown the known issues being investigated, what cumulative update caused the problem, and when information about the issue was last updated. Finally, under each entry in the known issue list is a 'See details' link. When clicked on, this link will bring you to a more detailed description of the issue that may contain steps to resolving the issue. This detailed information will state if the issue has a 'compatibility hold' that would block a Windows user from upgrading to this new version of Windows.  We will discuss compatibility holds in the next section. As Microsoft releases new feature updates, they also tweak the operating system or add new security features. The changes could cause conflicts with hardware drivers, antivirus software, or other programs that worked fine in the previous version of Windows 10. These conflicts can cause Windows 10 not to start, have degraded performance, cause games not to work, or even cause a blue screen of death (BSOD) crash. When a known conflict occurs, and a Windows user is affected, Microsoft blocks that user from upgrading to the new version of Windows 10. This upgrade block is called a compatibility hold. As it is not always clear if your device is on a compatibility hold, Microsoft has started to notify users if they are blocked from upgrading. If you are are not being offered a new Windows 10 feature update or Windows is having problems after upgrading, the Windows Health Dashboard can be a useful tool. It is useful because the dashboard will display all the known issues that are causing a hold or problems in Windows, and offer guidance on how to resolve them. For example, using the Health Dashboard, we learn that NVIDIA drivers older than version 358.00 is causing a compatibility hold. Using this information, a blocked user can upgrade their NVIDIA graphics drivers to a newer version and see if that removes the hold. Another example was when Microsoft used the Health Dashboard to warn about a bug preventing the 'Reset this PC' feature from working correctly. Until the issue was fixed, Microsoft offered a workaround to get it working again. We have more complete details along with images posted on OUR FORUM.
A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cybercriminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organizations in the education and software industries. Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanized Java Runtime Environment, and is compiled in a Java image file (Jimage) to hide the malicious intentions. "These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks," Eric Milam, VP for research and intelligence at BlackBerry, told ZDNet. "Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code but were nonetheless successful in accomplishing their goals," he added. However, the first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing RDP servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop the removal of their attack. "Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways," said Milam. After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch, and .thanos – and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email. Get better informed by visiting OUR FORUM.
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said. "This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." First observed by CrowdStrike in 2013, Cycldek has a long history of singling out defense, energy, and government sectors in Southeast Asia, particularly Vietnam, using decoy documents that exploit known vulnerabilities (e.g., CVE-2012-0158, CVE-2017-11882, CVE-2018-0802) in Microsoft Office to drop a malware called NewCore RAT. Kaspersky's analysis of NewCore revealed two different variants (named BlueCore and RedCore) centered around two clusters of activity, with similarities in both code and infrastructure, but also contain features that are exclusive to RedCore — namely a keylogger and an RDP logger that captures details about users connected to a system via RDP. "Each cluster of activity had a different geographical focus," the researchers said. "The operators behind the BlueCore cluster invested most of their efforts on Vietnamese targets with several outliers in Laos and Thailand, while the operators of the RedCore cluster started out with a focus on Vietnam and diverted to Laos by the end of 2018." Both BlueCore and RedCore implants, in turn, downloaded a variety of additional tools to facilitate lateral movement (HDoor) and extract information (JsonCookies and ChromePass) from compromised systems. What's more, the malware is programmed to copy itself selectively to certain removable drives so it can move laterally to other air-gapped systems each time an infected USB drive is inserted into another machine. A telemetry analysis by Kaspersky found that the first instance of the binary dates all the way back to 2014, with the latest samples recorded at the end of last year. The initial infection mechanism relies on leveraging malicious binaries that mimic legitimate antivirus components to load USBCulprit in what's called DLL search order hijacking before it proceeds to collect the relevant information, save it in the form of an encrypted RAR archive, and exfiltrate the data to a connected removable device. Visit OUR FORUM to learn more.