Support for Ukraine



Blog Archive Search Results

You searched for Microsoft

49 result(s) found!



Favicons may be used to track users

Full Story Blog Post Thursday, January 28, 2021 in Privacy   View No Comments No Comments		Privacy
Security researchers of the University of Illinois at Chicago have discovered a new method to track Internet users that is persistent across sessions, even if users clear cookies and the browsing cache.

The research paper Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers highlights that favicons may be used in conjunction with fingerprinting techniques to track users.

Favicons are used by site to display a small site icon, e.g. in the address bar of browsers that support it but also elsewhere, e.g. in the bookmarks or tabs. Favicons are cached by the browser, but are stored independently from other cached items such as HTML files or site images.

Users who use built-in functionality to clear the cache will have these cached files removed from storage but not favicons. In other words: favicons persist over browsing sessions even if the user clears the cache, and they are accessible even in private browsing or Incognito mode sessions.

Browsers detect and cache favicons of sites automatically, and sites may use a single line of code to specify their favicon.

A single favicon is not enough to identify users based on it, but the researchers discovered a way to plant multiple favicons in the favicon cache. The site does a series of redirects through several subdomains to save multiple different favicons in the cache. Each saved favicon creates its own entry in the cache, and all of them together can be used to identify users provided that enough favicons are saved using the methodology.

NAMERedirects happen without any user interaction as everything is controlled by the site in question.

The researchers tested the attack against the Chromium-based browsers Google Chrome, Brave, Safari and Microsoft Edge, and found them all vulnerable to the attack. They did try the attack on Firefox but found a bug that prevented the browser from reading cached favicon entries. Once fixed, Firefox would likely be vulnerable to the attack as well.

The attack takes a bit of time according to the research paper, but it should be possible to improve the performance with optimizations
We find that combining our favicon based tracking technique with immutable browser-fingerprinting attributes that do not change over time allows a website to reconstruct a 32-bit tracking identifier in 2 seconds.
The researchers suggest several mitigation and counter-measure options, all of which require that browser makers change favicon-related functionality.

ghacks.net



Windows 7 won't die, still second most popular operating system

Full Story Blog Post Tuesday, November 3, 2020 in Windows   View No Comments No Comments		Windows
NAMEThe data analysts firm NetMarketShare revealed that Windows 10 has seen another uptake in users and it went up to 64.04% from 61.26% last month. Linux (multiple distros) went from 1.14% to 1.65% and Ubuntu now holds a market share of 0.51%

The market share of Windows 7 has also dropped, but many users are still actively using outdated Windows 7, which could be due to its huge number of enterprise users.

According to NetMarketShare, Windows 7 saw a drop from 22.77% to 20.41% last month. The report shows that 20.41% of desktops still use Windows 7. Even worse, some are still using Windows XP, according to the report.


As of October 2020, the market share of Windows XP is 0.87%. On the other hand, macOS X 10.15 recorded a minor drop as it declined from 5.11% to 4.88%

bleepingcomputer.com



Microsoft says Iranian hackers are exploiting the Zerologon vulnerability

Full Story Blog Post Tuesday, October 6, 2020 in Security   View No Comments No Comments		Security
Microsoft links back the attacks to an Iranian hacker group known as Mercury, or MuddyWater.

Microsoft said on Monday that Iranian state-sponsored hackers are currently exploiting the Zerologon vulnerability in real-world hacking campaigns.

Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets.

The Iranian attacks were detected by Microsoft's Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet.
MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks. We strongly recommend patching. Microsoft 365 Defender customers can also refer to these detections: https://t.co/ieBj2dox78

Microsoft Security Intelligence (@MsftSecIntel) October 5, 2020
MSTIC linked the attacks to a group of Iranian hackers that the company tracks as MERCURY, but who are more widely known under their monicker of MuddyWatter.

The group is believed to be a contractor for the Iranian government working under orders from the Islamic Revolutionary Guard Corps, Iran's primary intelligence and military service.

According to Microsoft's Digital Defense Report, this group has historically targeted NGOs, intergovernmental organizations, government humanitarian aid, and human rights organizations.

Nonetheless, Microsoft says that Mercury's most recent targets included "a high number of targets involved in work with refugees" and "network technology providers in the Middle East."

zdnet.com



Permanently disabling Windows 10`s built-in virus scanner is no longer an option

Full Story Blog Post Saturday, August 22, 2020 in Windows   View No Comments No Comments		Windows
Microsoft removed a registry tweak that allowed users to permanently disable Windows Defender.
NAME
A recent update to Windows 10 took away the ability for consumers to permanently disable Defender, the built-in antivirus software, no matter what the reason. However, Defender should voluntarily step aside if it detects the installation of a third-party AV program (emphasis on should).

Before the update, if a user wanted to disable Defender on a permanent basis, they could edit a registry key called DisableAntiSpyware. That is no longer the case.

"DisableAntiSpyware is intended to be used by OEMs and IT Pros to disable Microsoft Defender Antivirus and deploy another antivirus product during deployment. This is a legacy setting that is no longer necessary as Microsoft Defender antivirus automatically turns itself off when it detects another antivirus program. This setting is not intended for consumer devices, and we`ve decided to remove this registry key," Microsoft explains in a support document (via Windows Latest).

www.pcgamer.com



Microsoft Warns of a 17-Year-Old `Wormable` Bug

Full Story Blog Post Thursday, July 16, 2020 in Security   View No Comments No Comments		Security
The SigRed vulnerability exists in Windows DNS, used by practically every small and medium-sized organization in the world.
NAME
Since WannaCry and NotPetya struck the internet just over three years ago, the security industry has scrutinized every new Windows bug that could be used to create a similar world-shaking worm. Now one potentially "wormable" vulnerability—meaning an attack can spread from one machine to another with no human interaction—has appeared in Microsoft's implementation of the domain name system protocol, one of the fundamental building blocks of the internet.

As part of its Patch Tuesday batch of software updates, Microsoft today released a fix for a bug discovered by Israeli security firm Check Point, which the company's researchers have named SigRed. The SigRed bug exploits Windows DNS, one of the most popular kinds of DNS software that translates domain names into IP addresses. Windows DNS runs on the DNS servers of practically every small and medium-sized organization around the world. The bug, Check Point says, has existed in that software for a remarkable 17 years.

Check Point and Microsoft warn that the flaw is critical, a 10 out of 10 on the common vulnerability scoring system, an industry-standard severity rating. Not only is the bug wormable, Windows DNS software often runs on the powerful servers known as domain controllers that set the rules for networks. Many of those machines are particularly sensitive; a foothold in one would allow further penetration into other devices inside an organization.

On top of all of that, says Check Point's head of vulnerability research Omri Herscovici, the Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack. "It requires no interaction. And not only that, once you`re inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy," says Omri Herscovici. "It`s basically game over."

www.wired.com

Prev 1 2 3 4 5 6 7 8 9 10 Next

Navigation :

Pricing :

Services :

?>