Security news

Beware while using Disk Cleanup, as it cleans your Downloads Folder in the Windows 10 October 2018 Update

Microsoft recently paused the rollout of Windows 10 October 2018 update (version 1809) after users started complaining of data loss. Although Windows 10 October 2018 Update comes with a lot of new features, enhancements, and improvements to change your PC experience, it has its flip side too.

Also Read- How to fix No Audio Output Device Is Installed error In Windows 10

Apparently, Windows 10 October 2018 Update could wipe your entire downloads folder if you are not careful.

We all know that one of the basic features in Windows is the Disk Cleanup utility tool that allows you to free up some disk space by deleting temporary files, thumbnails, files in the Recycle Bin, and other unnecessary files that may clutter up your disk.

Now, Microsoft has quietly added the “Downloads” folder in the Disk Cleanup process as an additional location from where files can be removed to free up more space. The new option “Download folder” is unchecked by default. For those unaware, the “Download folder” is the default download location for files from the Internet.

While the new addition may be helpful for those who want to empty out the contents from the Downloads folder, but this could be a concern for those who are using the Disk Cleanup as they have done for years. In other words, if you are used to selecting everything on the Disk Cleanup list and end up overlooking the new “Downloads” option, it could delete all the files that you would have stored over the years from the Downloads folder during the cleaning process.

Also Read- How to Fix Blue screen windows 10 WDF_VIOLATION stop code error 

Disk Cleanup being deprecated in Windows 10

Microsoft recently confirmed that it plans to deprecate the Disk Cleanup tool in Windows 10. While the Disk Cleanup is still available in Windows 10 October 2018 Update, Microsoft will be removing it from a future release of Windows 10.

The company plans to move the Disk Cleanup tool over to the new Settings app within System > Storage in a setting called Storage Sense.

“The Disk Cleanup experience (“cleanmgr.exe”) is being deprecated. We’re retaining the Disk Cleanup tool for compatibility reasons,” stated a Microsoft blog post. “There’s no need to worry since Storage Sense’s functionality is a superset of what the legacy Disk Cleanup provides!”

The Disk Cleanup tool already has another option called “Free up Space Now” that is available from the Settings page. Since Disk Cleanup has been deprecated, Free Up Space Now is a better option to free up space that can be accessed through System > Storage > Free Up Space Now.

Critical vulnerability that could compromise your WhatsApp account when answering a video call fixed

Although WhatsApp uses end-to-end encryption method in messages/calls/video calling, your smartphone could still get hacked by just answering a video call.

This is what was discovered by Natalie Silvanovich,  a security researcher with Google’s Project Zero security research team. She found a severe vulnerability in WhatsApp Messenger that could have given hackers complete remote control of your WhatsApp just by video calling you over the messaging app.

Silvanovich reported the vulnerability to WhatsApp at the end of August this year. The company fixed the same on September 28 in the Android client and on October 3 in the iPhone client.

The vulnerability is a memory heap overflow issue. In other words, it is a “memory corruption bug in WhatsApp’s non-WebRTC video conferencing implementation”. The bug is triggered when a user receives a malformed RTP (Real-time Transport Protocol) packet via a video call, triggering the corruption error and crashing the WhatsApp mobile application.

“This issue can occur when a WhatsApp user accepts a call from a malicious peer,” Silvanovich said in a bug report. “It affects both the Android and iPhone clients.”

Silvanovich also published proof-of-concept code, along with instructions for reproducing the WhatsApp attack. The vulnerability only affects Android and iOS apps, since they use the RTP for video conferencing. On the other hand, WhatsApp Web that depends on WebRTC for video calls was unaffected.

Tavis Ormandy, another Google Project Zero researcher, said that the flaw was serious, as hackers could have completely taken control of your WhatsApp account and spied on your secret conversations.

“This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp,” Ormandy said.

Although the WhatsApp bug has been patched, we recommend WhatsApp users to update to the latest version of the messaging app on Android and iOS.

Google has definitely transformed and developed modern technology. This humungous tech firm has been immensely successful in many spheres like smartphone OS, search engine, and streaming services. That said, social media is the business where Google has failed to mark its presence.

Google’s own social media platform i.e. Google+ is now shutting down permanently for consumers.

ALSO READ: How To Fix Err_cache_miss in Google Chrome

Google+: Users Data Exposed

According to the Wall Street Journal, data of hundreds of thousands of Google+ social media users were exposed after a software glitch between 2015 and March 2018. Well, this is a major security flaw that brought users personal data to risk. Furthermore, Goole even decided not to disclose this bug to the public as it feared Repercussions.

This bug helped outside developers to gain access to users personal data. This leaked data included full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status. That said, Google had confirmed that the data hasn’t been misused.

This tech giant has now come up with a number of plans as data privacy measures. Well, these plans even include permanently shutting down all consumer functionality of Google+. This massive shutdown of Google+ will occur over the next 10 months.

ALSO READ: Google says Goodbye to social networking service Orkut

Google+: Google’s Failed Attempt At Social Media

Google+ is an Internet-based social network that was launched in June 2011 and is owned and operated by Google. The major reason why Google developed this social media platform was to compete with the exponentially growing social-media platform Facebook.

To increase the active user base Google interlinked Google+ with other services like Gmail and Youtube, but that didn’t work out. Infact even after massive investments and development Google+ didn’t gain immense popularity among users.

Do share your thoughts and opinions on Google+ being shut down in the comments section below.

Microsoft suspends rollout of Windows 10 October 2018 update citing data loss

Microsoft released the Windows 10 October 2018 update (version 1809) to the general public on October 2. However, just two days after its release, the Redmond giant has paused the rollout after users started complaining of data loss.

Apparently, only those people who manually installed the Windows 10 October 2018 update feature are facing this problem, since Microsoft had not started automatically rolling this latest update.

Users took to social media forums such as Twitter, Reddit, and even Microsoft’s own support website to complain that the Windows 10 October 2018 update process deleted their documents, including user profiles, photos and music.

Microsoft confirmed the news to suspend the public delivery of Windows 10 October 2018 update on its Windows 10 Update History page. It further said that the company is investigating the reports and the update will be republished when a fix is arranged to address the critical bug.

“We have paused the rollout of the Windows 10 October 2018 Update (version 1809)* for all users as we investigate isolated reports of users missing some files after updating.

“If you have manually downloaded the Windows 10 October 2018 Update installation media, please don’t install it and wait until new media is available.

“We will provide an update when we resume rolling out the Windows 10 October 2018 Update to customers.”

Dona Sarkar, who runs the Windows Insider Program, tweeted that those who are affected by this issue to call Microsoft’s support lines.

#WindowsInsiders If you’ve run into the “missing files after update” issue for 1809/October 2018 Fall update, please call our support line. They have the tools to get you back to a good state. This build is no longer available to download manually: https://t.co/Ce9WVILknppic.twitter.com/fvisQi1c8g

— Dona Sarkar (@donasarkar) October 6, 2018

We hope that Microsoft rolls out a fix by Patch Tuesday next week.

Those who are facing problems after installing the Windows 10 October 2018 Update, can recover their data by going back to the previous update under Settings > Update & Security > Recovery. Alternatively, you can recover the data by using freely available third-party software, as the bug only deletes your files, and not moves or overwrite them.

And for those who are planning to manually upgrade, please ensure that you take a full backup of your files on an external hard drive before starting the upgrade process.

Apple, Amazon denies report of servers being compromised by Chinese spy chips

Chinese spying chips have been found on servers used by nearly 30 American companies, including Apple and Amazon, according to a Bloomberg BusinessWeek report on Thursday. However, Apple, Amazon Web Services and other involved companies have denied reports of being spied upon by the Chinese government.

The tiny surveillance chip, which is not much bigger than a grain of rice, can bypass all security checks and give Beijing secret access to internal networks, Bloomberg BusinessWeek reported citing 17 unnamed intelligence and company sources.

According to Bloomberg BusinessWeek, a unit of the Chinese People’s Liberation Army intruded the supply chain of US-based computer hardware maker Super Micro Computer Inc to plant malicious chips that could be used to steal corporate and government secrets.

These malicious chips, which were not part of the original server motherboards, had been hidden on server motherboards during the manufacturing process in China. Further, these chips were disguised as signal conditioning couplers, to motherboards that ended up in US servers. Then, the infected motherboards were deployed by U.S. military, U.S. intelligence agencies, and many U.S. companies like Apple and Amazon.

“Apple made its discovery of suspicious chips inside Supermicro servers around May 2015, after detecting odd network activity and firmware problems, according to a person familiar with the timeline,” the report said.

“Since the implants were small, the amount of code they contained was small as well. But they were capable of doing two very important things: telling the device to communicate with one of several anonymous computers elsewhere on the internet that was loaded with more complex code; and preparing the device’s operating system to accept this new code.”

According to the publication, the chips were reportedly added to help Chinese government spy on American companies and their users, which is “more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.”

“Depending on the board model, the chips varied slightly in size, suggesting that the attackers had supplied different factories with different batches,” the report said.

During the same period, Amazon Web Services (AWS) too found the malicious chips. While the Bloomberg report states that both Apple and AWS notified the same to U.S. authorities, the above companies are claiming that none of it was found in reality and the infiltration never happened.

In regards to this, Apple issued a statement, which reads, “Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple. Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them. We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.

“On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.”

AWS also denied the report. “It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware,” the Amazon statement said.

“We’ve re-reviewed our records relating to the Elemental acquisition for any issues related to SuperMicro, including re-examining a third-party security audit that we conducted in 2015 as part of our due diligence prior to the acquisition. We’ve found no evidence to support claims of malicious chips or hardware modifications.”

Similarly, Supermicro also strongly denied Bloomberg’s findings and said in its statement, “While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.

“Furthermore, Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.”

Flaw in Apple’s iOS 12 allows an attacker to access contacts and photos in iPhone XS model

A passcode bypass vulnerability has been discovered in Apple’s new iOS version 12 that could allow an attacker to access photos and contact details on a locked iPhone XS as well as other Apple devices.

Jose Rodriguez, a Spain-based clerk who claims to be an Apple enthusiast, discovered the vulnerability released a video on his YouTube channel under the account name Videosdebarraquito that shows a complicated 37-step bypass process in Spanish.

The process involves tricking Siri, Apple’s VoiceOver screen reader feature, and Notes application. The video also shows that the method works on iPhones running the iOS 12.1 beta and iOS 12, including models which have Face ID or Touch ID biometric security.

However, in order to take advantage of the vulnerability, the targeted iPhone must be in the hands of the attacker to work. The vulnerability allows the attacker to access images by editing a contact and changing the image associated with that contact.

Although Apple had built in some security measures to stop this from taking place, the video below shows that Rodriguez figured out a way to sidestep those security barriers.

The above bypass method has been authenticated by an independent news site, Threatpost. This passcode bypass works on any iPhone running iOS 12 and on various iPhone models including iPhone XS. Besides this, the hack also allowed access to other features such as the entire address book, it allowed to make calls, and create a custom text message.

It appears that the flaw has not been patched by Apple with the iOS 12.1 beta. The Cupertino giant has yet to comment on the issue.

For those concerned can prevent this attack by navigating to Settings > Face ID & Passcode (that’s Settings > Touch ID & Passcode (on iPhones with Touch ID) and disabling the Siri toggle under the “Allow access when locked” menu.

Also Read: iPhone XS And iPhone XS Max: Specifications, Features, And Pricing

Telegram desktop app leaked IP addresses in calls – Patch released

Instant messaging app Telegram has released a fix that caused the messaging app to expose users’ IP addresses during voice calls.

Dhiraj Mishra, a security researcher, discovered a vulnerability (CVE-2018-17780) in the official Desktop version of Telegram (tdesktop) for Windows, Mac, Linux, and Telegram Messenger for Windows apps that exposed and recorded the IP address of a user by default while taking a call due to its peer-to-peer (P2P) framework.

The app leaked both public and private IP addresses during voice calls. Although users can disable P2P calls option in iOS and Android, they do not have an option to turn off the feature in the desktop client of the app and its Windows application.

Users can change settings to disable the visibility of their IP address. “Telegram is supposedly a secure messaging application, but it forces clients to only use P2P connection while initiating a call, however this setting can also be changed from “Settings > Privacy and security > Calls > peer-to-peer” to other available options,” Mishra said.

“The tdesktop and telegram for windows breaks this trust by leaking public/private IP address of end user and there was no such option available yet for setting “P2P > nobody” in tdesktop and Telegram for Windows.”

Dhiraj reported the issue to Telegram along with a proof of concept video and got €2,000 as a bug bounty reward. The company promptly issued a fix for the issue in v1.3.17 beta and v1.4.0 of Telegram for desktop to disable the P2P settings.

ALSO READ: 10 Cool Telegram Messenger App Tricks That You Must Know (2018)

Is Facebook really safe? Well, these days we came across with tons of news related to Facebook account hacks and all.

The biggest social media company in the world is really struggling very hard to keep its user’s data safe and sound. But there are some notorious hackers who swiped the sleep of Facebook’s security researchers team.

Also Read- Top 10 Ways That Hackers Use To Hack Facebook Accounts

Recently Facebook said that over 50 million of its users’ data is left exposed by a security flaw. The company also said that by taking the advantage of this flaw, hackers somehow managed to exploit a vulnerability in a feature known as “View as” to get an access over people’s accounts.

The breach was discovered on Tuesday and Facebook immediately informed the police after that.

Now, as a result, the users who got affected by this attack were bound to re-log-in on Friday.

What is ‘View as’

It’s a feature from Facebook which allows people to see, how their profile looks to others. In short how their information is displayed to friends or friends of friends or to anyone.

Hackers discovered so many bugs in this feature which ultimately allowed them to steal Facebook access tokens. These Facebook access tokens could be used to take over people’s accounts and they did exactly this. Facebook has temporarily disabled this feature to investigate more on it.

According to Mr. Ronsen “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.” He then said that the breach comes into the picture when the firm is struggling to convince lawmakers in the US and beyond, that it is capable of protecting user data.

In the face of constant attacks. Mark Zuckerberg (CEO or co-founder of Facebook) at the conference call on Friday said that company is taking security seriously.

He also posted about this attack on his Facebook account

Who got affected?

Offcourse facebook won’t be ever admitting who were those 50 million users. But they have informed Irish data regulators where Facebook’s European subsidiary is based.

The users who are affected were prompted to re-log-in on Friday as they don’t have any other option. The company also said that users need not worry about the password change.

Facebook team has just started their investigation process. They are not sure if the accounts are misused or not. They also don’t know who did that? and from where they belong from.

At last, the flaw is fixed. Confirmed by the head security of the firm Guy Rosen. He also said that all the affected accounts had been reset. Plus they even did the same for another 40 million as a precautionary step.

By this news, Facebook which has more than two billion monthly active users saw its share price drop by more than 3% on Friday.

Google still allows third-party developers to scan your Gmail accounts

In July this year, we had reported how Google is allowing third-party app developers access to user’s private messages in Gmail.

Now, the search giant has officially admitted in a letter to US lawmakers that it allows third-party apps to access and share data from Gmail accounts, even though Google itself has stopped the practice for the purpose of ad targeting last year.

“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” wrote Susan Molinari, Vice President of Public Policy and Government Affairs for the Americas at Google in the letter sent to the US Senators in July, which was made public on Tuesday.

Also Read- Worried about privacy, forget Google and try these search engines

Molinari also reiterated that Google employees can read Gmail users’ email content only in cases where a user has given consent, or where the content is required to be inspected by the company for security purposes, such as investigating a bug or abuse.

She wrote that the company ensures that the relevant privacy policy is “easily accessible to users to review before deciding whether to grant access.”

In the letter, the company said that it thoroughly vets any third parties that are granted 9access, and also manually reviews privacy policies and uses computer tools to detect any significant changes to the behavior of the apps.

Suzanne Frey, Google’s director of security, trust, and privacy explained in a blog post in July that Google grants certain permissions to third-party apps and services in order to enhance the experience for Gmail users.

“We make it possible for applications from other developers to integrate with Gmail – like email clients, trip planners and customer relationship management (CRM) systems – so that you have options around how you access and use your email.” Ms Frey wrote.

Any non-Google app first goes through a “multi-step review process” before accessing a person’s Gmail messages that includes assessing the app’s privacy policy to ensure that it’s a legitimate app, Ms Frey said.

“We strongly encourage you to review the permissions screen before granting access to any non-Google application,” she added.

Those who do not wish third-party apps scan your emails, then it is suggested that you can either uninstall extensions that you don’t trust and use apps from reputed developers or choose not to install the apps at all.

Source: WSJ

Mirai botnet creators avoid prison time by assisting FBI as part of their sentencing

Remember the three young hackers who were sentenced in December last year for creating and spreading Mirai botnet that took over about 500,000 IoT devices and caused a DDoS attack?

The U.S. Department of Justice (DOJ) on Tuesday sentenced all the three men, Paras Jha, Josiah White, and Dalton Norman, all aged in their 20s, to just five years of probation—no prison time. The decision was announced after U.S. prosecutors said that the three men had provided “extensive” and “exceptional” assistance to the U.S. Federal Bureau of Investigation (FBI) in several cybersecurity matters.

The trio will also have to serve 2500 hours of community service and need to pay US$127,000 (A$175,000) in restitution each. Additionally, the trio voluntarily surrendered significant amounts of cryptocurrency seized during the investigation into their activities, the DOJ said.

“By working with the FBI, the defendants assisted in thwarting potentially devastating cyber attacks and developed concrete strategies for mitigating new attack methods,” US attorneys said in a motion filed Sept. 11. “The information provided by the defendants has been used by members of the cybersecurity community to safeguard US systems and the Internet as a whole.”

For those unaware, Jha, White and Norman had created Mirai botnet originally to take down rival Minecraft servers with distributed denial-of-service attacks (DDoS). The trio used the botnet for their own criminal activities and leased it to others. But after noticing its strength, Mirai was released into the wild on a hacker forum, the DoJ said. Since then, other criminal actors have used Mirai variants in a variety of other attacks.

As a result, the Mirai botnet was used in a massive cyberattack in October 2016 against DNS service Dyn, an internet company that directs traffic on the web, which interrupted access to dozens of websites across the United States and Europe including ones run by Twitter, PayPal Holdings, and Spotify.

The three also admitted to having developed a second piece of malware that attacked IoT devices such as wireless cameras, routers, and digital video recorders and joined them into a botnet. That botnet compromised over 100,000 devices in the U.S., and was used by the trio primarily in advertising fraud, including “clickfraud,” a type of Internet-based scheme that makes it appear that a real user has “clicked” on an advertisement for the purpose of artificially generating revenue.

“Cybercrime is a worldwide epidemic that reaches many Alaskans,” said U.S. Attorney Bryan Schroder. “The perpetrators count on being technologically one step ahead of law enforcement officials. The plea agreement with the young offenders, in this case, was a unique opportunity for law enforcement officers, and will give FBI investigators the knowledge and tools they need to stay ahead of cybercriminals around the world.”

“The sentences announced today would not have been possible without the cooperation of our partners in international law enforcement and the private sector,” said Special Agent in Charge of FBI’s Anchorage Field Office, Jeffery Peterson.

“The FBI is committed to strengthening those relationships and finding innovative ways to counter cybercrime. Cybercriminals often develop their technical skills at a young age. This case demonstrates our commitment to hold criminals accountable while encouraging offenders to choose a different path to apply their skills.”

Jha, White, and Norman who were behind the Mirai botnet had pleaded guilty last December and were able to stay out of jail by co-operating with the FBI on cybercrime and security matters.

The court’s documents state that the trio has cooperated with the FBI for more than a year and that they will continue to work with the FBI on cybercrime and cybersecurity matters.