By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

An update was released today that adds SHA-2 code signing support to Windows 7 SP1 and Windows Server 2008 R2 SP1. If this update is not installed, these Windows operating systems will no longer be able to receive Windows updates starting on July 16th, 2019. Currently, all Windows updates are dual signed with both SHA-1 and SHA-2 code signing certificates. As there are flaws in the SHA-1 algorithm that make it less secure, Microsoft has stated that starting on July 16th, 2019, Windows updates will only be signed using the SHA-2 algorithm going forward. As both Windows 7 SP1 and Windows Server 2008, R2 SP1 does not support SHA-2 code-signing certificates, Microsoft has stated that they were going to release an update that would introduce this feature into the operating systems. As part of the March 2019 Patch Tuesday updates, Microsoft released updates KB4490628 and KB4474419 to add SHA-2 support to both Windows 7 SP1 and Windows Server 2008 R2 SP1. These updates will be installed automatically and should not be prevented as doing so will cause Windows Update to no longer work in the future. For users who decide to not install this update, Microsoft will redeliver them again as security updates on April 9, 2019. Learn more by visiting OUR FORUM.

In addition to encrypting a victim's files, the STOP ransomware family has also started to install the Azorult password-stealing Trojan on victim's computer to steal account credentials, cryptocurrency wallets, desktop files, and more. The Azorult Trojan is a computer infection that will attempt to steal usernames and passwords stored in browsers, files on a victim's desktop, cryptocurrency wallets, Steam credentials, browser history, Skype message history, and more. This information is then uploaded to a remote server that is under the control of the attacker. When we first covered the DJVU variant of the STOP Ransomware being distributed by fake software cracks in January, we noted that when the malware was executed it would download various components that are used to perform different tasks on a victim's computer. These tasks include showing a fake Windows Update screen, disabling Windows Defender, and blocking access to security sites by adding entries to Windows's HOSTS file. When ransomware researcher Michael Gillespie tested some recent variants he noticed that an Any.Run install indicated that one of the files downloaded by the ransomware created traffic that was from an Azorul infection. Gillespie further told BleepingComputer that four different samples all showed network traffic associated with Azorult. The Promorad Ransomware variant samples we tested also download a file named 5.exe and executed it. When executed, the program will create network traffic that is identical to known command & control server communications for the Azorult information-stealing Trojan.  Learn more by visiting OUR FORUM.

Huawei has already confirmed that it'll unveil a new batch of flagship smartphones, the P30 series, on March 26, 2019. Now, in what can only be described as a fairly unique marketing ploy, Huawei has started to reveal details about its as-yet-unannounced handsets ahead of the hotly-anticipated press conference next month. Huawei Vice President of Global Product Marketing Clement Wong has confirmed the P30 Pro will boast a new, periscope-style “superzoom” camera. Leaked images had already suggested the new flagship phone would include a 10x optical zoom feature akin to the system Oppo debuted at Mobile World Congress last month. Huawei Vice President Wong stopped short of confirming exactly what level of zoom customers can expect from the next handset, refusing to confirm the rumored 10x optical zoom functionality. However, Wong did tell AndroidCentral that the new periscope system would do  “something nobody [has done] before," which could hint towards an even greater level of zoom than rival Oppo has managed, or could suggest Huawei has managed to squeeze a mechanical zooming lens onto the back of its next smartphone. Either way, we're very excited. Wong also promised the P30 series will bring improvements to night mode. According to the executive, the new solution will be able to go further than “software-only” systems favored by rivals – an extremely thinly-veiled jibe at the Night Sight feature rolled-out to the Pixel 3 and Pixel 3 XL last year. Floow the upcoming launch of this amazing device on OUR FORUM.

The number of Android users attacked by banking malware saw an alarming 300% increase in 2018, with 1.8 million of them being impacted by at least one such attack during the last year. While in 2016 the overall number of attacked users was of 786,325 and during 2017 it dropped to 515,816, in April 2018 the number of attacks went on a severely increasing trend. The growth in the number of incidents reached the highest values during June and September, the year ending with an astounding 1,799,891 of users having been hit by at least one Android banking malware family. Out of the total number of Android users affected by financial malware, the highest percentage was found in Russia, South Africa, and the United States, while 85% of the attacks were conducted by bad actors using only three banking malware families. According to Kaspersky Lab's "Financial Cyber threats in 2018" report, "Asacub peaked more than twice to almost 60%, followed by Agent(14.28%) and Svpeng (13.31%). All three of them experienced explosive growth in 2018, especially Asacub as it peaked from 146,532 attacked users in 2017 to 1,125,258. While Asacub was also the top dog in the Android banking malware rankings in 2017, during 2018 this Android malware family was behind 58% of all detected attacks, more than doubling its "market share."  For the full scope of this banking malware problem visit OUR FORUM.

Google recommends users of Windows 7 to give it up and move to Microsoft’s latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild. The security bug affects Windows win32k.sys kernel driver and leads to privilege escalation on Windows 7. Google saw the Windows vulnerability in targeted attacks, chained with a zero-day vulnerability (CVE-2019-5786) in Chrome browser that received a patch on March 1 with the release of version 72.0.3626.121. The kernel driver vulnerability could also serve for sandbox escaping when chained with other browser security faults, so Windows users could still be impacted even if they applied correctly the most recent update for Google Chrome. Exploitation of the vulnerability in the wild targeted Windows 7 systems. Google believes that this is the only version of the OS where it works because the exploit mitigations Microsoft introduced in the newer versions of OS, Windows 10 in particular, would prevent it. If you still run an older version of Windows, the recommendation is to upgrade to Windows 10 and keep it updated with the newest patches. “The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,”  writes Clement Lecigne, member of Google’s Threat Analysis Group. Further details are posted on OUR FORUM.

Scammers pretending to be employees of the Social Security Administrations have caused last year losses of at least $16.6 million. Reports of the SSA scam have skyrocketed last year, records from the US Federal Trade Commission showing that there were over 63,000 reports of this particular fraud since January 2018. This is almost 20 times more than the reports recorded in 2017 when 3,200 people called about the SSA voice phishing (vishing). That year, the money losses were close to $210,000. Even if the latest official statistics are worrying, the actual numbers are likely higher because not all the victims register a complaint. Fraudsters come up with all sorts of reasons to elicit information from the victims or make them lose money. The purpose of the scam is to get the victim to send money through non-conventional methods or to obtain sufficient information that could be used for identity theft or applying for loans. There are multiple variations of the SSA phone fraud, but they all have some things in common. Pretending to be an SSA employee, the scammer at the other end of the line explains that the call was prompted by suspicions of crime-related activities or that someone used it to apply for credit cards. The deceit is further fueled by the fact that swindlers spoof the number of the SSA to make it look like the call is legitimate. Learn more by visiting OUR FORUM.