VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection
VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm.
https://thehackernews.com/2020/06/virustotal-cynet-malware-detection.html - June 23, 2020
Adobe will prompt Flash Player users to uninstall the application before the Dec. 31, 2020 end of life date hits.
With Flash Player’s Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months.
https://threatpost.com/adobe-prompts-users-to-uninstall-flash-player-as-eol-date-looms/156794/ - June 22, 2020
After prolonged use or after installing Windows 10 updates, third-party apps, drivers, or antivirus software, it is not uncommon for your computer to start performing poorly. To help with this, Microsoft offers a variety of refresh options that allow you to execute a factory reset or reinstallation of Windows 10.
The top one is 'Reset this PC,' which is available in all versions of Windows 10. Another option is 'Fresh Start,' which allows you to reinstall Windows while removing bloatware and crapware loaded on your system by the device manufacturer.
With the release of Windows 10 version 2004, the May 2020 Update, Microsoft has changed things a bit to simplify this process.
https://www.bleepingcomputer.com/news/microsoft/how-to-use-reset-this-pc-to-easily-reinstall-windows-10/ - June 21, 2020
79 Netgear router models risk full takeover due to unpatched bug - June 18, 2020
An unpatched zero-day vulnerability exists in 79 Netgear router models that allow an attacker to take full control over vulnerable devices remotely.
Amid pressure, Zoom will end-to-end encrypt all calls, free or paid - JUN 17, 2020
Bowing to critics, Zoom will offer E2EE if non-paying customers register an account.The registration process is similar to those required by end-to-end messaging services Signal and WhatsApp. Users of each service must prove they have control of a valid phone number. When combined with Zoom measures designed to detect illicit behavior, Yuan said the registration will allow his company to offer E2EE to all users and at the same time enforce safety on its platform.
O&O ShutUp10 v1.8.1413 released June 16, 2020
https://www.oo-software.com/en/shutup10/changelog
ESET rushes to defend rival Malwarebytes in legal war sparked by vendor upset at 'unwanted program' labeling
Security biz, academics, tech advocacy groups ask Supreme Court to review ruling that could derail antivirus industry - 15 JUN 2020The Trump administration has it out for § 230(c)(2)(A), which applies to those who actually restrict content (e.g. Twitter), and § 230(c)(2)(B) applies to those like Malwarebytes who provide the technical means (e.g filters) by which content restrictions are carried out.
A crucial difference between the two sections is that those taking action under section A are required to act in good faith while those providing the tools to take action are not subject to that requirement. Malwarebytes insists the law allows the company to take action against whatever it finds "objectionable," which in this case was Engima's software, without being sued for doing so. And the district court agreed.
But the Ninth Circuit Court of Appeals, in a 2-to-1 ruling, overturned that decision last September, asserting that the CDA is not limitless.
https://www.theregister.com/2020/06/15/eset_malwarebytes_enigma_supreme_court/
Sextortion, also known as “porn scamming“, is where the crooks send you an email claiming to have a video of you watching porn that they’ve acquired by implanting malware on your computer.
You’re probably not terribly surprised, then, to hear that the sextortion crooks are now turning their hands to what we’re calling “breachstortion”.
Instead of claiming to have infected your computer and made off with video filmed from your own webcam, the crooks are claiming to have hacked your website and made off with your data.
https://nakedsecurity.sophos.com/2020/06/15/youve-heard-of-sextortion-now-theres-breachstortion-too/
Windows privacy tool O&O ShutUp10 is ready for Windows 10 version 2004 - June 12, 2020
https://www.ghacks.net/2020/06/12/windows-privacy-tool-oo-shutup10-is-ready-for-windows-10-version-2004/
O&O ShutUp10 v1.8.1412 Released (June 9, 2020)
uBlock Origin for Chrome now blocks port scans on most sites
https://www.bleepingcomputer.com/news/security/ublock-origin-for-chrome-now-blocks-port-scans-on-most-sites/
According to Check Point, criminals are sending out emails with the subject lines “applying for a job” and “regarding job”, containing an Excel attachment with a malicious macro. Once the file is opened, the victim is prompted to “enable content”, which triggers the download of ZLoader malware.
ZLoader is capable of stealing credentials from the infected PC, as well as passwords and cookies stored in the target’s browser. With the stolen intel, the attacker could also use the victim’s device to make illicit financial transactions.
Check Point claims CV-themed scams are on the up in the US, doubling in the past two months alone. The latest figures suggest one of every 450 CVs delivered via email is malicious.
https://www.itproportal.com/news/malware-laced-cvs-steal-banking-credentials-from-users-pcs/ - 04 June 2020
“They are using CVs to gain precious information, especially as it relates to money and banking. I strongly urge anyone opening an email with a CV attached to think twice. It very well could be something you regret.”
Once opened, victims were infected with what researchers call IcedID malware, a banking malware that targets banks, payment card providers, mobile services providers, as well as e-commerce sites.
The malware’s aim is to trick users to submit their credentials on a fake page, which are sent to an attacker’s server.
https://securitybrief.co.nz/story/new-phishing-campaign-disguises-malware-as-cv-attachments - 04 June 2020
O&O ShutUp10 v1.8.1411 Released (June 2, 2020)
StopUpdates10
Take your Control over Windows updates with StopUpdates10 Free!
Version: 3.5.0.115 (Date: 06/01/2020 - June 1 2020)
Many well-known and heavily used web sites are using a fraud protection script that port scans your local computer for remote access programs.
Last weekend, news heavily circulated that eBay.com was port scanning visitors' computers when they browsed their site.
This port scanning was conducted by the LexisNexis' ThreatMetrix fraud protection script used to detect potentially hacked computers making fraudulent purchases.
When executed, a feature of this product uses WebSockets to scan 14 different TCP ports on a visitor's computer.
With Win10 version 2004 locked and loaded and ready to fire at any moment, now would be a very good time to store away an official, clean copy of Win10 version 1909.
What Is a Man-in-the-Middle Attack?
https://www.howtogeek.com/668989/what-is-a-man-in-the-middle-attack/
O&O ShutUp10 v1.8.1410 Released (May 12, 2020)
- NEW: Detected changes to the settings are displayed again when the program is started again, unless they have been explicitly accepted
- NEW: Accepted changes to the settings remain visible until the next program start
- NEW: Deactivate app access to diagnostic information on this device
- NEW: Deactivate app access to camera on this device
- NEW: Deactivate app access to microphone on this device
- NEW: Deactivate app access to notifications on this device
- FIX: Deactivate app access to diagnostic information for current users
- NEW: Deactivate app access to user account information for current users
- NEW: Deactivate app access to calendar for current users
- NEW: Deactivate app access to email for current users
- NEW: Deactivate app access to tasks for current users
- NEW: Deactivate app access to messages for current users
- NEW: Deactivate app access to documents for current users
- NEW: Deactivate app access to images for current users
- NEW: Deactivate app access to videos for current users
- NEW: Deactivate app access to the file system for current users
System Restore doesn't restore your system and has proven itself too unreliable to count on.
System Restore is best thought of as a registry backup, and nothing more.
In reality, it backs up more than the registry, but exactly what else is complicated, and more importantly, incomplete.
As a registry backup, it's reasonable. When it works, it's a fine way to take a snapshot of the registry that you can restore later, should something go wrong.
But only the registry.
Ironically, "System Restore" does not restore your system.
More specifically, it does not restore everything to the state it was at the time the restore point was created. It restores some things — like the registry — but not all things – like your files or whatever else you were hoping it would.
System Restore is not a substitute for backing up your system.
Much of my opinion on System Restore is not based on its definition, or even its intent.
In theory, it's a great concept, though poorly named, as System Restore doesn't restore your system. I'm not a fan of its user interface, but that seems to be improving, and doesn't really factor much into my opinion.
What does factor into my opinion is that in the real world, System Restore continues to have problems.
Your inability to manually create a restore point is just one example among many. Other common examples I hear include failures when restoring and missing or non-existent restore points.
Yes, sometimes, these are configuration issues. Sometimes, these are issues of mismatched expectations.
But often — too often — even understanding what should and should not be appropriate to expect, System Restore just lets people down.
To be completely fair, I do hear of successes. It's not uncommon to hear of problems caused by installing some application or another to be completely repaired by reverting to a recent restore point.
Like I said, it's a great concept.
But in my experience, you just can't count on it being there when you need it.
Given that it might work, but might not, what should you do?
Simple: don't rely on System Restore.
Leave it enabled, if you like, but don't count on it being there when you need it. Don't set things up such that a System Restore failure would cause you grief.
Be happy when it works; be prepared when it doesn't.
What I generally advise is to turn off System Restore completely (to free up the disk space allocated to it), and rely instead on a good system backup strategy.
By "good backup strategy," I mean that you regularly take full system backups of your machine, augmented with more frequent incremental backups — typically, monthly full and daily incremental.
If something goes wrong, restore from the most recent backup. Done. Everything — everything — will be restored to the state is was in when the backup was taken.
Yes, this can take more time than restoring to a System Restore restore point. Restoring from an image backup restores your entire system. But it's worth it, because it works.
It's what I do.
Choosing to leave System Restore enabled is a fine approach, but only in addition to having those backups. That way, when System Restore works for you, it's a shortcut — a time saver.
And when it fails, it's not a disaster.
Originally published as Why I Don't Like System Restore on Ask Leo!
07 May 20
Tech Support Scam Uses Child Porn WarningA new email scam is making the rounds, warning recipients that someone using their Internet address has been caught viewing child pornography. The message claims to have been sent from Microsoft Support, and says the recipient’s Windows license will be suspended unless they call an “MS Support” number to reinstate the license, but the number goes to a phony tech support scam that tries to trick callers into giving fraudsters direct access to their PCs.
https://krebsonsecurity.com/2020/05/tech-support-scam-uses-child-porn-warning/