Tuesday, 16 May 2017

WannaCry: Everything You Need To Know About the Ransomware Sweeping the Globe

WannaCry – Ransomware Programme – Microsoft Windows OS

WannaCry is said to be a ransomware programme affecting Microsoft Windows operating system. A huge cyber-attack utilising it had been launched on May 12, 2017 infecting over 230,000 computers in about 150 countries demanding ransom payments in 28 languages in the cryptocurreny bitcoin. The outbreak spreads by various systems inclusive of phishing emails and on unpatched systems as computer worm which has been defined by Europol as first-time in scale.

 It was the worst ransomware attack ever faced in the world driving thousands to tears all across the world. WannaCry has held out a blatantwarning regarding the susceptibilities of our digital inter-linked presence. WannaCry is also known as WannaCrypt bug that encodes data on a computer within a few seconds displaying message demanding from the user to pay a ransom of $300 in Bitcoins to restore access to the device together with the data with it.

 Most surprisingly the attack also had affected the National Health Service of the United Kingdom obstructing surgeries together with the other critical patients’ treatment all over the British Isles making confidential information and documents of patient inaccessible. Several types of malware affecting a computer are available which may vary from those that may tend to steal your information to those that could delete information which is on the device.

ExternalBlue Exploit

Ransomware as the name indicate foils the user from accessing their devices as well as their data till a definite ransom has been paid to the initiator wherein the computers are locked and encrypts the data on it, thus preventing software together with the apps from functioning. The attack had affected Telefonica together with the other huge companies in Spain together with Britain’s National Health Service NHS, FedEx, Deutsche Bahn and LATAM Airlines.

Other targets in around 99 countries had also been reported to have affected around at the same time. WannaCry is said to have utilised the EternalBlue exploit that had been invented by the U.S. National Security Agency – NSA to gain access to Microsoft Windows computers that had been utilised by terrorist outfits and enemy statesin order to affect computers running Microsoft Windows operating systems.

EternalBlue tends to exploit vulnerability MS17-010 in in implementation of the Server Message Block – SMB protocol of Microsoft. Although a patch to eliminate the underlying susceptibility for the supporting systems, - Windows Vista and later operating systems, had been issued on 14th March 2017, delay in apply security updates together with the absence of support by Microsoft of legacy varieties of Windows had left several users helpless.

Under Control – Malware Tech

Owing to the measure of the attack and dealing with the unsupported Windows system together with an effort of controlling the spread of the ransomware, Microsoft had taken the unusual step of releasing the updates for all the earlier unsupported operating systems from Windows XP onwards.

The attack had been brought under control by a security researcher, an accidental hero who has asked to be identified only as a MalwareTech. He has discovered a hard-coded security control in the form of a connection to a ridiculous domain name and had bought the domain name for $10.69. This had triggered thousands of pings from attacked devices and killed the ransomware together with its spread.

Had this not been surfaced, there would have been millions of computers all over the world supposedly locked within a few days thus disturbing in all types of global services. Several surgeries had been reported to have been postponed, x-rays were cancels and ambulances had been called back within hours of the attack in the UK where a minimum of 40 hospitals under NHS had been affected.

Shadow Broker

Fear of this type of an attacked had been speculated for a long time which would bring public utilities or transport system to a stop compelling the government to pay a huge amount to bring the service back to normal. This had occurred though for a few hours on Friday 12th May. Interestingly a group known as Shadow Broker had stolen the NSA tool in April who had been unhappy with Donald Trump, the US President whom they had voted for. Microsoft had claimed that it had released a security update addressing the susceptibility which these attacks had exploited in March and had advised users to update their system to deploy latest patches.

 But in India, regular updates were not done since most of the official computers tend to run Windows and hence the exposure could be great. Personal online data have now been linked to Aadhaar data of more than a billion India.

Regional Director, ComTIA India, Pradipto Chakrabarty had mentioned that the linking of Aadhaar to bank accounts, income-tax together with other personal information has given rise to threat. Since the bank account of the user is connected with his Aadhaar number, the ransomware could probably lock down the account making it inaccessible unless a ransom has been paid.
Common Phishing Tactics
The Head of Asia Pacific, Corporate Business at F-Secure Corporation, Amit Nath had stated that success of the WannaCry ransomware attack has the potential of giving hostile nation state a cause to create cyber weapons where there could be no hope of recovering the data and it could be the worst case scenario.

One post accredited to the Principal Security Group Manager, Microsoft Security Response Centre, Phillip Misner had mentioned that the attacks had been utilising common phishing tactics such as malicious attachments asking users to be cautious while opening attachments and the least one could do is to refrain from clicking links which cannot be trusted and stop downloading software from the unfamiliar sources.

 F-Secure had also emphasized on the need of a four-phase approach to cyber-security – Predict, Prevent, Detect and Respond, wherein you predict by performing an exposure analysis. Prevent by organizing a defensive solution in reducing the attack surface. Respond by defining on how a breach tends to occur and what are the impacts it tends to have on the systems, detect by monitoring infrastructure for any indications of intrusion or any suspicious behaviour.

Intel chip flaw allows hackers to hijack thousands of PCs

Thousands of Window computers were exposed to remote hacking due to a security flaw in the Intel chip. Dating almost back to a decade, this bug allows hackers to remotely access the keyboard and mouse of a computer even when it’s switched off, thereby granting them complete access to that PC’s files and folders and allowing them to install viruses. In this defect, the “AMT” port security, used by IT departments to support and install softwares through remote access, can be easily bypassed by hackers.

This AMT feature is mostly used by IT administrators for remotely accessing computers for support, maintenance and software updates installation. AMT can also be accessed via a web browser interface which would be protected by an admin password and can be remotely accessed even the computer is off.Last week, Intel revealed that this defect in security meant allowing hackers to exploit computers but it is now appearing to be that one could gain access which would be as easy and simple as ignoring the requirement of a password while logging in.

The flaw was discovered by researchers at the Embedi security group and they have circulated further details disclosing that hackers could enter into a system through the AMT system by simply leaving the password field empty.Hackers can also gain entry into the system through networking ports. An address on an internal home network can easily be accessed with the help of a web browser.

Intel did not disclose any statistics on how many computers were affected because of this defect but a search on a public web ports-scanning website called Shodan revealed that more than 8,000 computers were affected. Compared to consumer desktops and laptops, this technology is present only corporate PCs but sensitive information could be exploited by hackers if they gain access.

Identifying the defect

This flaw is more likely to affect Intel Chips dating as far back to 2008 that run management firmware versions from 6 and 11.6. Intel also released a security advisory that precautionary corrective steps need to be taken for a system that is runs AMT.

Researchers at Embedi warned that any systems facing internet with open ports 16992 and 16993 were more prone to the hack. After the disclosure of this flaw, scans on these affected ports have increased in number which means that hackers are actively on the lookout for such susceptible systems to take advantage.

Precautionary measures

In order to overcome this defect in the Intel chip, Intel has advised a few precautionary steps. Firstly, one needs to determine if their system has an Intel AMT capable system. Then, the system needs to be analysed for the flaw with a tool published by Intel which lets you check if your system is susceptible and disable the AMT technology.

Next, a check needs to be made for updated firmware versions. Most of the affected and vulnerable systems are older and no longer receive firmware updates. The AMT is disabled on such computers. Intel is working hard to fix this bug in the Intel chip and their hardware partners are in process to push fixes to the vulnerable systems. It is expected that computer companies like Dell, Fujitsu, HP and Lenovo will issue their patches soon and have already issued security advisories.

Monday, 15 May 2017

Google Launches Event Finder in Mobile Search

Event Finder
Did you missed the musical concert of your favourite singer that happened near your locality? Do you want an expert to work for you and remind the events that going to happen in your area? The Internet Giant google will help you to never miss any of your favorite event in upcoming days! Very recently, google has introduced event finder in mobile search. Google as well as intelligibly trying to address Facebook’s new ascendance in the event space, merely without any unified social attributes, prospects would credibly just exercise Facebook to take care events with your buddies.

The application can mark you by not only showing the upcoming concerts but also the events that are going to occur today or tomorrow or next week and so on.

This wonderful new feature of google's event finder has made the US users to find their favourite events and also buy tickets. A real sweet surprise for the entire US!

iOS and Android of Google's app now provide an systematic summing up of forthcoming events in results for searches regarding local events come with by date, time, and location information.

There is also a cutoff to the online website where passes can get for their local events such as musical concerts, local celebrations... We can modify the focus of search results through filters for everyday.

The mobile characteristic event finder, that was launched by google on Wednesday, lights-out into event services such as Eventbrite and Meetup to bring forth database for a scope of targeted searches.
To know the details of the event, we need to snap on the results that fetch you a card the offers that displays the everything about the event. As well as you can also can go through the options to track the event.

But now it has been released only for people of US and can obtain its wonderful usage through mobile browsers also.

More over, the google has rendered a new guide meant for web developers to evaluate up their events, thus they could be able to discover in search, that contains the directions to constitute the details for its event format. Alas, you cannot make use of this wonderful service to support non-events and discounts, but you can use this service to track or mark the events, i.e., from concerts to dance classes.

How, When, and Why to Set a Connection as Metered on Windows 10

If you are still looking for an elegant solution for the manual control of Windows Updates, you should read these Windows 10 tips and tricks .

If you are traveling with your mobile phone or tablet via a mobile connection, the switched connection prevents large amounts of data, such as Windows 10 tips and tricks, Windows updates, etc., from being downloaded. Only when you are allowed to download (click on download), it will be loaded.

If you are now at home with a PC that has only LAN, it looks officially different. There is thus a function not offered. Windows updates are loaded and installed without request. But there is remedy. LAN (Ethernet) can also be activated as a switched connection.

Through the windows 10 tips and tricks , it is now possible to make this change directly in the settings. And so it goes:

Open Settings -> Network and Internet -> Ethernet
Here, press the name of the connection (Network Connected).
In the new window, Metered Connection appears.
In the Settings -> Network and Internet you will find under Ethernet no possibility. This change must be made in the registry. And so it goes: Press the Windows key + R Press regedit and start
To the path
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \
NetworkList \ DefaultMediaCost.
By means of this windows 10 tips and tricks it is possible in the new version of Windows 10 from the Creators Update, you can also make this network setting via the Windows Settings app. The appropriate setting can be found under the point "Network and Internet", then on "Ethernet", then click on the "Connected symbol" and then the following setting option appears. In the left tree, right-click on DefaultMediaCost -> Permissions, and then change the owner to Administrators or your user name. Confirm the name and set a checkmark at the bottom left to accept all the objects underneath.

If the owner has been taken over and the checkbox is set to Full Control, you can now change the rule entry.
In the right pane, double-click Ethernet and change the value from 1 to 2.

Save and reboot.

That's it.. Now, Ethernet (LAN) is set as a switched connection and is recognized by Windows as such.

Anyone who wants to reset the ownership rights for the registry key can do so. You just have to enter NT Service \ TrustedInstaller as the name, confirm it and the rule entry is protected again.

If one goes now in the settings to Windows Update and security and looks for updates, the message that "updates are available. They will be downloaded if you do not use a clocked connection. ".

Now you can manually download the updates whenever you want. Anyone who runs the Defender does not need to worry either. Unless the service is completely disabled, the defaults for the Windows Defender are downloaded directly from the Defender. Or you use through Windows 10 tips and tricks to load these definition updates manually via a script .

If you have a limited data tariff and want more control over the data usage, set this connection as a switched network. Some apps may work differently to reduce data usage when connecting to this network.

Microsoft also points to this setting again on the Windows Update page and explains.

Friday, 12 May 2017

Microsoft Makes Emergency Security Fix

Security Fix
In order to stop hackers from taking control of computers with the help of one single email, Microsoft issued an urgent update. There was a possibility of hacking the recipient’s system even without the recipient opening it which was caused due to an unusual bug in Microsoft’s anti-malware software such as Window Defender. After this vulnerability in the Microsoft Malware Protection Engine was discovered by two Google security experts at the weekend, Microsoft immediately released an emergency out-of-band update as a security fix.

The security experts were researchers currently on Google’s Project Zero cyber-security outfit. The Security fix was released immediately when discovered and even before Microsoft’s monthly security update which happens on the second Tuesday of every month. Hackers could take advantage of this defect by simply emailing infected content, sending an instant message or just by getting the recipient to click on a web link.

Effect on Protection Systems

This security fix was vital as this susceptibility could be triggered if the anti-virus software on the system such as Windows Defender simply scanned the harmful content. Some scans are timed and set in such a way on some systems that they immediately scan for protection or take place at a later time.

The Microsoft Malware Protection Engine (MsMpEng) is a core service that comes in default with Windows 7, Windows 8.1, Windows 10 and Windows Server 2016.Many Microsoft security tools run on this core such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, etc.TheMsMpEng has a component called NScript that handles everything that looks like JavaScript. This bug causes NScript to create a confusion in the way it handles or interpret some JavaScript object types which in turn makes the system open to hackers.

How Hackers could take advantage of this bug?

This defect for allows remote code execution which is what computer hackers look for. Through remote code execution, hackers can install any code on our systems without our knowledge and permission which is basically hijacking our computer. This bug could be exploitable with almost no user interaction. Since the defence systems by Microsoft are default, this exposure makes innumerable PCs more prone to remote hacking.

Prompt Security Fix

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich were the experts who found this bug and Mr. Ormandy was taken aback with the prompt response Microsoft gave in order to fix it.Within a short time, Microsoft took quick action to issue a security fix unlike the past where months were taken to resolve a bug.

In order to fix this defect in MsMpEng service, within just a few days’ time, a new patch was prepared and was already shipped. The first version of the Microsoft Malware Protection Engine was v1.1.13701.0 which was affected because of this defect.

 As a security fix, Microsoft released v1.1.13704.0 within a few hours, in which the issue was patched and had already reached some of the users. Microsoft also stated that this risk of vunerability would have been much lower if users turned on a security attribute called Windows CFG (Control Flow Guard) that made memory-based defects and flaws much harder to exploit. US-CERT also issued an alert to spread awareness.