By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Scammers running business email compromise (BEC) fraud have grown in number, attack more often, and turn to remote access trojans as the preferred malware type to accompany their raids. Although the FBI's Internet Crime Complaint Center (IC3) developed a Recovery Asset Team has made a difference in reducing losses caused by BEC scams, now there are more fraudsters than ever. Since its establishment in early 2018, IC3's asset recovery team has recorded a success rate of 75% for the incidents it investigated, retrieving over $192 million in funds misdirected in BEC scams. BEC is a global threat, but there is one place where making money through this type of fraud is the norm. This type of activity is rife in Nigeria, home of the infamous 419 email scam (the prince is still looking for someone to help move his wealth out of the country). Palo Alto Networks' Unit 42 has been monitoring the Nigerian cybercrime since 2014 and documented its evolution into using malware for reaching the financial goal. In 2017 there were around 300 unique actors or groups engaged in BEC fraud, and the next year the number grew to over 400. The researchers track them under the code name SilverTerrier. With swelling their numbers, activity from SilverTerrier also surged last year, by 54% compared to 2017. This translates into a monthly average of 28,227 attacks Unit 42 saw aimed at its customers. High-tech was the most targeted industry, with over 120,000 attacks recorded last year, up from 46,000. Moving behind at a rapid speed is the wholesale sector, which faced four times more attacks, around 80,000. Further details posted on OUR FORUM.

Today Nvidia released GeForce Game Ready WHQL 430.64 drivers for Windows 10, 8, 8.1 and 7 with a slew of bug fixes. Nvidia 430.64 driver update includes security fixes and as well as Game Ready status for a couple of new games. Nvidia 430.64 also comes with a fix for a bug that caused higher CPU usage by NVDisplay.Container.exe. About a week ago, Nvidia fixed this critical bug with the 430.53 hotfix update and the company has also included the fix in the latest update. The fix for higher CPU usage isn’t the only change as Nvidia has packed a few more improvements into this driver. As mentioned, GeForce Game Ready WHQL 430.64 drivers also add Game Ready status to three new titles – World War Z, Total War: Three Kingdoms and RAGE 2. There are several bug fixes included in this driver update. For example, Nvidia has fixed an issue where users experienced flickering when the benchmark is launched. Another bug where the application crashes when the game is launched has been fixed. The update includes a fix for Shadow of the Tomb Raider where the game freezes when launched in SLI mode. Crashing issues with Hitman 2 in DirectX 12 has been also addressed. Nvidia is also fixing the desktop flickers when videos are played on the secondary monitor. Nvidia is aware of a couple of problems with the driver on Windows 10 machines. In the changelog, Nvidia says that when 3D Settings page > Vertical Sync setting is set to Adaptive Sync, V-Sync works only at the native refresh rate after rebooting the system. Learn more and download from OUR FORUM.

Microsoft is releasing Windows 10 Insider Preview Build 18894 (from the 20H1 branch) to Windows Insiders in the Fast ring. There are a number of improvements, bug fixes, and performance enhancements coming with today’s preview build. However, there is also quite a long list of known issues so make sure to pay attention to those before installing the latest Windows 10 2020 Preview Build. We’ve heard your feedback asking for increased consistency, and to make it easier to find your files. Over the next few days, we’ll be starting to roll out a new File Explorer search experience – now powered by Windows Search. This change will help integrate your OneDrive content online with the traditional indexed results. This rollout will start with a small percentage, and then we’ll increase the rollout to more Insiders as we validate the quality of the experience. What does that mean for you? Once you have the new experience, as you type in File Explorer’s search box, you’ll now see a dropdown populated with suggested files at your fingertips that you can pick from. These improved results can be launched directly by clicking the entry in the new suggestions box, or if you want to open the file location, just right-click the entry and there’ll be an option to do so. If you need to use commands or dig deeper into non-indexed locations, you can still press enter and populate the view with the traditional search results. For more visit OUR FORUM.

Security researchers brought to life and released a wicked variant of Clippy, the recently resurfaced assistant in Microsoft Office that we all loved so much to hate, that makes it more difficult to detect a malicious macro in documents. Dubbed Evil Clippy, the tool modifies Office documents at file format level to spew out malicious versions that get by the static analysis of antivirus engines and even utilities for manual inspection of macro scripts. To do this, it takes advantage of undocumented features, unclear specifications, and deviations from intended implementations. Macros are snippets of VBA (Visual Basic for Applications) code that automate tasks in Microsoft Office applications. They are constantly used to deliver malware when the user opens a document. Researchers at Dutch security testing company Outflank developed Evil Clippy for professionals running red team attacks against a client organization. The tool runs on Windows, macOS, and Linux. The tool can be used with documents formats for Microsoft Office 97 - 2003 (.DOC and .XLS), and  2007 and above (.DOCM and .XLSM, which are basically ZIP containers and come with macros enabled). All these file types use the Compound File Binary Format (CFBF) and Outflank's program modifies it using the OpenMCDF library. One technique Evil Clippy uses to generate a maldoc is "VBA stomping," a method detailed by Walmart's security team, by which the original code of the VBA script can be replaced by a compiled version for the VBA engine called pseudo-code, or p-code in short. Infosec expert Vesselin Bontchev detailed publicly that VBA scripts can execute at runtime in three forms, with p-code being the most popular. We more posted on OUR FORUM.

Microsoft will begin to ship an in-house custom built Linux kernel starting with the Windows 10 Insider builds this summer. This kernel is to become the backbone for the new Windows Subsystem for Linux 2.0 or WSL2. Unlike WSL1, which used a Linux-compatible kernel, WSL2 will use a genuine open-source kernel compiled from the stable 4.19 version release of Linux at While Microsoft will be providing the Linux kernel, they will not provide any Linux binaries to go with it. Instead, users will still need to download their favorite Linux distribution from the Microsoft Store or by creating a custom distribution package. While the source code for the kernel will come from, Microsoft has stated that they will apply custom patches that reduce the memory footprint of the kernel and provide hardware compatibility. In the first iteration of the Windows Subsystem for Linux (WSL1), Microsoft had to translate Linux system calls so they could communicate and work with the Windows NT kernel. With the use of a true Linux kernel, it is no longer necessary to use a translation layer and apps will have full access to their normal system calls. Removing the translation layer not only improves compatibility for Linux apps but also increase file system performance. According to tests performed by Microsoft, the new Linux kernel has improved the performance of WSL, with unpacking archives up to 20x faster and tools such as npm, git, and cmake being 2-5x faster. To make it easier to administer WSL2, Microsoft will also include the Linux kernel in Windows Update so that security updates and improvements will automatically be delivered to Windows 10. Learn more by visiting OUR FORUM.

Google is looking at more options to boost its bottom line, and one of them seems to be shopping links tucked under YouTube videos. The company is running a test where it displays recommended products along with prices on its video-sharing platform, according to The Information. It seems some test ads have popped up under Nike videos. Clicking on them would take you to the Google Express marketplace to complete the purchase. More and more retailers are joining Express, according to the report, while earlier this year Google started testing shoppable ads in image searches. The company is said to be banking on these features to boost its shopping business. Parent company Alphabet reported this week that revenue for physical products such as Pixel phones and Home smart speakers year-over-year, highlighting that there's an opportunity for growth. Meanwhile, Amazon's ad business is growing, which might be prompting Google to focus on other revenue streams since ads are a key source of its income. Google takes a cut from goods sold through Express, though revenue pales next to Amazon's retail income. Express is said to have pulled in a little under $1 billion is 2018, while Amazon's retail arm generated around $141 billion in North America last year. Google is set to hold an event later this month called Google Marketing Live (at which it has revealed ad products in the past), while the I/O developer conference takes place next week, so we might have an official word about the YouTube product ads soon. There's more posted on OUR FORUM.