Integer Software http://integer-software.co.uk/ Thu, 22 Jul 2021 00:20:58 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://integer-software.co.uk/wp-content/uploads/2021/05/cropped-icon-32x32.png Integer Software http://integer-software.co.uk/ 32 32 Vulnerable plugin exploited in spam redirection campaign https://integer-software.co.uk/vulnerable-plugin-exploited-in-spam-redirection-campaign/ https://integer-software.co.uk/vulnerable-plugin-exploited-in-spam-redirection-campaign/#respond Wed, 21 Jul 2021 23:52:11 +0000 https://integer-software.co.uk/vulnerable-plugin-exploited-in-spam-redirection-campaign/

A few weeks ago, a critical unauthenticated privilege escalation vulnerability was discovered in older, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file downloads, which is where we saw infections start. This plugin has over 400,000 installations, so we have seen a sustained campaign to infect sites with this plugin installed. In this article, I will review a common infection resulting from this vulnerability in the wp-user-avatar plugin. If you have this plugin on your website, be sure to update it immediately!

Upload a backdoor to a website

First, as is usually the case with such malware campaigns, attackers start by downloading a backdoor to the website. With this infection, they abused the download feature of the wp-user-avatar plugin. Files tend to be located in the following directories used by this plugin:

./wp-content/uploads/pp-avatar

./wp-content/uploads/pp-files

Here's an example backdoor that we have seen:

./wp-content/uploads/pp-files/tgvtfjwxdg.php

Downloaded backdoors tend to have random names like this:

05f37e8554c702cb916d2e792cd3e214.php

6c90b559bab0e8c0d71a9f48a45cd731.php

a08dd83861a5acb8ad242bb66b80ba7a.php

e2be10491059abfc31bfed87d1c441d2.php

Here's another example of an uploaded backdoor using this plugin.

./wp-content/uploads/pp-files/jfs.php

The file is huge, but it’s worth noting that it contains this snippet at the end which removes the vulnerable directory after infection:

Malware snippet 2

Why they would do this is a puzzle; perhaps they are also preventing other attackers from compromising the site.

The vulnerability also allows attackers to create an administrator account without any authentication, which gives them additional access to the website.

Fake “Zend Fonts” plugin

However, the main payload that we have seen uploaded to websites is a fake “Zend Fonts” plugin:

./wp-content/plugins/zend-fonts-wp/zend-fonts-wp.php

After verification, no such plugin actually exists in the WordPress repository. Typical with such bogus plugins, the top of the file looks harmless and legitimate:

Code snippet 3

But taking a closer look at the code, we can see that it is completely bogus and in fact redirects website visitors to bogus scam sites.

To note: If your website visitors have reported strange redirects, your website may be compromised by this malware.

Functions of the bogus “Zend Fonts” plugin

Let’s take a look at some parts of this fake Zend Fonts plugin. The malware writers actually left comments in their code explaining all of the different functions! This could help those to whom they sell their malicious code to modify it later to better meet their needs.

One of the simplest functions of this malware is quite typical of these bogus plugins: hiding it from view in wp-admin:

Code snippet 4

An interesting detail here is that the malware creates a database table called wzen_time_table and dumps the information retrieved from the administrator users on the site:

Snippet 5

The user agent and the IP address of all admin users are stored in this table which it uses to prevent redirection from occurring to identified admin users:

Code snippet 6

I can only assume that they are adding this feature in order to help stay hidden from admins for as long as possible to extend the effect of their payload.

Speaking of which, that brings me to the last part of the infection here:

Snippet 7

Lots of base64 encoded strings here, but once decoded we end up with the following redirect code:

Snippet 7

Which sends website visitors (but not the admin!) To spam sites like this:

Example of a malicious website

Users who click on these fraudulent links may be prompted to install Trojans or other malware on their devices or be redirected to phishing pages to enter sensitive data such as banking information or other corporate information. connection.

The area of ​​payload differs from variant to variant of this malware. In some cases, we’ve seen it leverage a legitimate ad network to grab the redirect payload domain:

Snippet 8

This could help attackers redirect to a more diverse variety of areas. It could also potentially increase traffic to any sites that are part of their ad campaigns of choice, such as those using blackhat SEO to improve their rankings and visitors.

Prevention of website attacks

The best way to ensure that your website does not fall victim to such an attack is to make sure that all of the software on your website is up to date. This is sometimes a daily chore ritual and it can be overwhelming to master, especially if you don’t have a dedicated website developer.

The easiest way to make sure your website is up to date with all the latest fixes is to turn on automatic updates for your plugins and themes. You should always use it in conjunction with a daily backup service for your website, as sometimes plugin and wordpress updates can cause incompatibilities that can damage your website or cause errors.

If wp-cli is installed on your website, you can also configure a cron job on your server to run the following command daily:

php wp-cli.phar plugin update --all

Again, this should always be implemented with a regular backup service in case you need to restore from previous versions!

Prevent PHP from running

Another thing we recommend you do is harden the wp-content / uploads directory by placing a .htaccess with the following code inside:

<Files *.php>

deny from all

</Files>

htaccess file

This would prevent any PHP script from running from the uploads directory in an Apache environment. Even if an attacker were able to download their backdoor, there wasn’t much they could do with it.

Our website firewall service can help prevent your website from being infected with vulnerable plugins. In the advanced security options panel, there is an option to prevent any downloading of PHP or executable content:

WAF security options

Regardless of the vulnerability of the plugin in question, attackers would not be able to deliver their payload.

WordPress plugins operated

This example is just the most recent of an aggressive push by attackers to exploit vulnerable plugins in the WordPress repository. Fortunately, security researchers were just as aggressive in locating these vulnerable plugins and contacting the developers to implement a fix. However, even after fixes are released, many website owners do not install them immediately, if ever.

If you want to help prevent your website from these types of attacks, or if you need help removing malware, consider signing up for our security plan!

]]>
https://integer-software.co.uk/vulnerable-plugin-exploited-in-spam-redirection-campaign/feed/ 0
Apple Releases Safari Technology Preview 128 With Bug Fixes and Performance Improvements https://integer-software.co.uk/apple-releases-safari-technology-preview-128-with-bug-fixes-and-performance-improvements/ https://integer-software.co.uk/apple-releases-safari-technology-preview-128-with-bug-fixes-and-performance-improvements/#respond Wed, 21 Jul 2021 23:36:34 +0000 https://integer-software.co.uk/apple-releases-safari-technology-preview-128-with-bug-fixes-and-performance-improvements/

Apple today released a new update for Safari Technology Preview, the experimental browser first released by Apple in March 2016. Apple designed the “Safari Technology Preview” to test features that may be introduced in future versions of Safari.

‌Safari Technology Preview‌ version 128 includes bug fixes and performance improvements for Web Inspector, CSS, JavaScript, Live Text, Media, Performance API and Web API.

The current version of ‌Safari Technology Preview‌ is based on the new Safari 15 update included in macOS Monterey and as such includes several features of Safari 15. There is a new simplified tab bar with support for Tab groups to organize tabs, as well as improved support for Safari Web Extensions.

Live Text allows users to select and interact with text in images on the web, but the beta version of ‌macOS Monterey‌ and a Mac M1 are required. There is also Quick Notes support for adding Safari links and highlights to remember important information and ideas.

Other updates include WebGL 2 and new HTML, CSS, and JavaScript features.

The new ‌Safari Technology Preview‌ update is available for macOS Big Sur and ‌macOS Monterey‌, the latest version of the Mac operating system due out this fall.

The ‌Safari Technology Preview‌ update is available through the software update mechanism in System Preferences for anyone who has downloaded the browser. The full update release notes are available on the Safari Technology Preview website.

Apple’s goal with ‌Safari Technology Preview‌ is to get feedback from developers and users on its browser development process. ‌Safari Technology Preview‌ can work side-by-side with the existing Safari browser, and although designed for developers, it does not require a developer account to download.

Source link

]]>
https://integer-software.co.uk/apple-releases-safari-technology-preview-128-with-bug-fixes-and-performance-improvements/feed/ 0
Here’s how to scan your phone for Pegasus spyware using the Amnesty tool https://integer-software.co.uk/heres-how-to-scan-your-phone-for-pegasus-spyware-using-the-amnesty-tool/ https://integer-software.co.uk/heres-how-to-scan-your-phone-for-pegasus-spyware-using-the-amnesty-tool/#respond Wed, 21 Jul 2021 21:45:12 +0000 https://integer-software.co.uk/heres-how-to-scan-your-phone-for-pegasus-spyware-using-the-amnesty-tool/

Amnesty International, a member of the group that helped break the news to journalists and Heads of State being the target of NSO’s government-grade spyware, Pegasus – a took out a tool to check if your phone has been affected. Next to the tool is a large set of instructions, which should help you through the somewhat technical verification process. Using the tool involves backing up your phone to a separate computer and verifying that backup. Read on if you’ve been looking sideways at your phone since the news broke and looking for tips on using Amnesty’s tool.

The first thing to note is that the tool is either command line or terminal based, so it will take either some technical skill or some patience to run it. We’re trying to cover a lot of what you need to know to be up and running here, but it’s something to know before you get started.

The second note is that the scan performed by Amnesty seems to work best for iOS devices. In its documentation, Amnesty states that the scan its tool can perform on Android phone backups is limited, but the tool can still search potentially malicious SMS and APK. Again, we recommend following his instructions.

To check your iPhone, the easiest way to start is to do an encrypted backup Is using iTunes or Finder on a Mac or PC. You will then need to locate this backup, which Apple provides instructions for. Linux users can follow Amnesty’s instructions on how to use the libimobiledevice command line tool to create a backup.

After getting a backup of your phone, you will then need to download and install Amnesty’s mvt program, which Amnesty also provides instructions for.

If you are using a Mac to run the check, you must first install both Xcode, which can be downloaded from the App Store, and Python3 before you can install and run mvt. The easiest way to get Python3 is to use a program called Homebrew, which can be installed and run from the terminal. After installing them you will be ready to browse Amnesty iOS Instructions.

If you’re having trouble trying to decrypt your backup, you’re not alone. The tool was giving me errors when I tried to point it to my backup, which was in the default folder. To resolve this issue, I copied the backup folder from this default location to a folder on my desktop and pointed mvt to it. My order ended up looking like this:

(For illustration purposes only. Please use commands from Amnesty’s instructions, as the program may have been updated.)

mvt-ios decrypt-backup -p PASSWORD -d decrypt ~ / Desktop / bkp / orig

When performing the actual scan, you will want to point to an Indicators of Compromise file, which Amnesty provides as a file called pegasus.stix2. Those new to using the terminal may be wondering how to actually point to a file, but it’s relatively easy as long as you know where the file is located. For beginners, I recommend that you download the stix2 file to the Downloads folder on your Mac. Then when you get to the step where you actually run the check-backup command, add

-i ~ / Downloads / pegasus.stix2

in the options section. For reference, my order ended up looking like this. (Again, this is for illustration purposes only. Trying to copy these commands and run them will result in an error):

mvt-ios check-backup -o logs –iocs ~ / Downloads / pegasus.stix2 ~ / Desktop / bkp / decrypt

(For reference, the ~ / acts more or less like a shortcut to your user folder, so you don’t need to add something like / Users / mitchell.)

Again, I would recommend following Amnesty’s instructions and using its commands, as there is always a possibility that the tool has been updated. Security researcher @RayRedacted on Twitter also a great yarn review some of the issues you may encounter while running the tool and how to resolve them.

Finally, Amnesty only provides instructions for installing the tool on macOS and Linux systems. For those looking to run it on Windows, The edge confirmed that the tool can be used by installing and using the Windows Subsystem for Linux (WSL) and following Amnesty’s Linux instructions. Using WSL will require downloading and installing a Linux distribution, like Ubuntu, which will take some time. This can, however, be done while you are waiting for your phone to backup.

After running mvt, you will see a list of warnings listing suspicious files or behavior. It should be noted that a warning does not necessarily mean that you have been infected. For me, some redirects that were totally above the board appeared in the section where it was checking my Safari history (sheets.google.com redirecting to docs.google.com, reut.rs redirecting to reuters.com, etc.) . Likewise, I had a few errors, but only because the program was looking for apps that I did not have installed on my phone.

The story around Pegasus has probably left many of us regarding our phones with a bit more suspicion than usual that we are likely to be targeted by a nation state. While running the tool can (hopefully) help allay some fears, it’s probably not a necessary precaution for many Americans. NSO Group said its software cannot be used on phones with US numbers, according to The Washington Post, and the investigation found no evidence that US phones had been successfully hacked by Pegasus.

While it’s nice to see that Amnesty has made this tool available with solid documentation, it only really helps resolve the privacy issues around Pegasus. As we saw recently, it is not necessary for a government to target your phone’s microphone and camera to gain private information – the data broker industry could sell your location history even if your phone is without Pegasus.


Source link

]]>
https://integer-software.co.uk/heres-how-to-scan-your-phone-for-pegasus-spyware-using-the-amnesty-tool/feed/ 0
How to activate Microsoft Defender Application Guard in Windows 10 https://integer-software.co.uk/how-to-activate-microsoft-defender-application-guard-in-windows-10/ https://integer-software.co.uk/how-to-activate-microsoft-defender-application-guard-in-windows-10/#respond Wed, 21 Jul 2021 20:18:23 +0000 https://integer-software.co.uk/how-to-activate-microsoft-defender-application-guard-in-windows-10/ Microsoft Defender Application Guard protects your networks and data from malicious apps running in your web browser, but you need to install and activate it first.

Image: Mix Tape / Shutterstock

In a previous article, we noted that many of the security features listed as absolute requirements for a successful Windows 11 installation are already available as options in Windows 10, you just need to enable them manually. If you’re wondering if your current Windows 10 PC will run Windows 11, enabling these security protocols will give you the answers you’re looking for.

Activation for TPM 2.0 and HVCI has already been explained, but now we will look at the activation procedures for Microsoft Defender Application Guard in Windows 10. MDAG uses virtualization-based technology to protect your systems from malicious websites and criminals you visit with your web browsers like Edge, Chrome and Firefox.

SEE: Checklist: Securing Windows 10 Systems (TechRepublic Premium)

How to activate Microsoft Defender Application Guard

Microsoft Defender Application Guard works by creating an isolated memory instance of your browser. These Hyper-V containers prevent malicious scripts or other malware attacks from reaching the inner workings of your Windows 10 operating system protecting your networks and data. MDAG also works with applications such as Word and Excel running as part of a Microsoft 365 productivity environment.

Unfortunately, for Windows 10 Home users, MDAG is included by default with Windows 10 Pro, Enterprise, and Education versions. MDAG is part of the Windows functionality for these versions, so we will have to call the Control Panel.

The easiest way to get to the screen we need is to type “Windows features” into the search box on your Windows 10 desktop. Make sure you select the Turn Windows features on or off item in the Search results. You should see a dialog window that looks like Figure A.

Figure A

a-activate-defender-app-guard-win10.jpg

Scroll down the list of features until you see Microsoft Defender Application Guard. Check the box for that item and click the OK button. The MDAG app will install and then ask you to restart to activate it.

Now that MDAG is installed and activated, it’s time to check its settings. Click or tap the Start menu button and select Settings (gear icon). On the Settings page, select Update & Security, and then select the Windows Security item in the left navigation bar, as shown in Number B.

Number B

b-activate-defender-app-guard-win10.jpg

In the right pane, click the Application and Browser Control item to display the screen displayed in Figure C.

Figure C

c-activate-defender-app-guard-win10.jpg

As you can see under Isolated Browsing, MDAG runs and works with Edge to protect you from malware.

The security settings under MDAG are more stringent than what many of us are used to, so you may want to make some adjustments. Click the Change Application Guard Settings link on this page to view a list of security features that you can enable or disable based on your activity. As you can see in Number D, by default, these potential security vulnerabilities are disabled.

Number D

d-activate-defender-app-guard-win10.jpg

The settings on this page are self-explanatory. If you need to print from a website or want to allow access to your camera and microphone, you will need to go to this page and toggle the appropriate switches to the “on” position. This will increase potential security risks, so approach these decisions with caution.

Also look

Source link

]]>
https://integer-software.co.uk/how-to-activate-microsoft-defender-application-guard-in-windows-10/feed/ 0
Current Productivity Software Market Scenario On Analysis Of Growth And High Demand Until 2027 – NeighborWebSJ https://integer-software.co.uk/current-productivity-software-market-scenario-on-analysis-of-growth-and-high-demand-until-2027-neighborwebsj/ https://integer-software.co.uk/current-productivity-software-market-scenario-on-analysis-of-growth-and-high-demand-until-2027-neighborwebsj/#respond Wed, 21 Jul 2021 10:02:01 +0000 https://integer-software.co.uk/current-productivity-software-market-scenario-on-analysis-of-growth-and-high-demand-until-2027-neighborwebsj/

Productivity Software Market

New research report from ResearchMoz gives 360-degree analysis of the Productivity Software Market for the analysis period 2021 to 2027. Thus, the assessment document offers a meticulous study of the various trends, opportunities, drivers, restraints and challenges in the Productivity Software market. Apart from this, the report throws light on the competitive landscape and regional analysis of the global Productivity Software market. Thus, this study helps the readers to gain real knowledge about the current situation of the productivity software market.

The report presents a list of major players operating in the global productivity software market, such as: dapulse, IDoneThis, Office.com, Google, Astro Technology, ProofHub, OffiDocs, TrackTik, Kingsoft Office Software, Statdash, Kdan Mobile Software, Apache Software Foundation

Regional Analysis Of Productivity Software Market

The regional analysis segment of the report covers the analysis of all the crucial aspects showing the impact on each region of the Productivity Software market. Thus, the study presented in this section is the result of the analysis of the environmental, economic, political, social and technological situation of all regions of this market. In addition to this, report provides data on volume, share, revenue, production capacity, and list of players in each region of the Productivity Software market.

For Better Understanding, Download FREE Sample Copy of this One-Step Report @ https://www.researchmoz.us/enquiry.php?type=S&repid=2919312

Productivity Software Market

Highlights of this report:

Segmentation of key companies in the productivity software market

To broaden understanding of opportunities in the Global Productivity Software Market report, closely examine the opportunities and new avenues in the following key segments:

  • Small and medium-sized enterprises (SMEs)
  • Large companies

In addition to understanding the demand patterns of the various end users, the Productivity Software market report also enumerates the trends that are expected to attract investment from various other associated industries.

On the basis of product types, the Productivity Software market report offers an overview of key adoption trends for the following segments:

Schedule a FREE consultation call with our analysts / industry experts to find a solution for your business @ https://www.researchmoz.us/enquiry.php?type=E&repid=2919312

Based on region, the global productivity software market is categorized into numerous geographic regions such as:
Asia Pacific (Vietnam, China, Malaysia, Japan, Philippines, Korea, Thailand, India, Indonesia and Australia)
Europe (Turkey, Germany, Russia UK, Italy, France, etc.)
North America (United States, Mexico and Canada.)
South America (Brazil etc …)
The Middle East and Africa (GCC countries and Egypt.)

Impact of the COVID-219 pandemic on the productivity software market

With the staggering number of COVID-19 patients in different parts of the world, the goal of major governments as well as non-governmental organizations around the world is to contain the spread of the disease. Thus, government agencies are launching vaccination programs against COVID-19. That aside, companies across a wide range of industry verticals are embracing the concept of “remote working” as a new standard.

This assessment report successfully attempts to give a clear idea of ​​the impact of the COVID-19 pandemic on the overall growth of the global productivity software market. It also provides reliable information on the evolution of regulatory frameworks due to the pandemic scenario.

Main information that the study will provide:
360-Degree Market Snapshot of the Impact of COVID-19 on Productivity Software Based on Global and Regional Levels
Market share and sales revenue by key players and emerging regional players
Competitors – In this section, various major players in the Impact of COVID-19 on Productivity Software industry are studied based on their company profile, product portfolio, capacity, price, cost and of their income.
A separate chapter on the impact of COVID-19 on the entropy of the productivity software market to gain insight into the aggressiveness of executives towards the market [Merger & Acquisition / Recent Investment and Key Developments] Patent analysis ** Number of patents / Trademark registered in recent years.

Limited Time Offer / Buy It Now Discount @ https://www.researchmoz.us/enquiry.php?type=D&repid=2919312

Contents:

1. Report preview
2. Market Analysis by Types
3. Product Application Market
4. Manufacturer Profiles / Analysis
5. Market performance for manufacturers
6. Market performance of regions for manufacturers
7. Global Impact of COVID-19 on Productivity (Point of Sale) Software Market Performance
8. Development trend for regions (point of sale)
9. Upstream source, technology and cost
ten. Channel analysis
11. Consumer analysis
12. Market forecast 2021-2027
13. Conclusion

* If you need more personalized reports than these, let us know and we will prepare the report according to your needs.

For more information, please contact:

ResearchMoz Global Pvt Ltd

90 State Street, Albany, NY 12207, United States

]]>
https://integer-software.co.uk/current-productivity-software-market-scenario-on-analysis-of-growth-and-high-demand-until-2027-neighborwebsj/feed/ 0
Windows 10 bug, HiveNightmare CVE-2021-36934 exposes administrator passwords https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords-2/ https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords-2/#respond Wed, 21 Jul 2021 07:16:33 +0000 https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords-2/

July was not a good month for Microsoft Windows 10 users. First, there was the PrintNightmare security vulnerability which was quickly followed by the announcement of a facial recognition bypass bug. Windows Hello. Now things have gone from bad to worse with Microsoft’s confirmation of a vulnerability that can expose administrator passwords to any local Windows 10 user.

What is the HiveNightmare or SeriousSAM vulnerability?

Jonas Lykkegaard seems to have been the first security researcher to notice that, for some strange reason, the Security Account Manager (SAM) file had become activated in READING for all users. Initially, it was for the preview of Windows 11, but Jonas took hold quite quickly, because confirmed by many others, that Windows 10 was also vulnerable to this security bug. A bug, which was tagged as both HiveNightmare and SeriousSAM, which meant that security sensitive and related Windows registry files could be viewed by ordinary local users. Files like SAM containing all hashed user passwords, including administrator passwords.

What is the threat to Windows 10 users?

The threat here is obvious: an attacker with limited local user privileges could potentially get the passwords hashed and use them relatively easily to elevate his privileges to administrator level. At this point the game is over because then they can pretty much do whatever they want. The problem is compounded by the fact that the “shadow copy” of the system drive where these files can be found is created when someone performs a Windows update if that drive is larger than 128GB. So even if your version of Windows 10 was not initially impacted, it may be after the update.

What is Microsoft saying about CVE-2021-36934?

Microsoft confirmed the vulnerability as CVE-2021-36934 on July 20. Microsoft has stated that “overly permissive access control lists (ACLs) on several system files, including the Security Account Manager (SAM) database,” allow elevation of privilege. A successful attacker could, according to Microsoft, “install programs; view, modify or delete data; or create new accounts with full user rights ”. All versions of Windows 10 from 1809 are vulnerable to this method of attack, Microsoft has also confirmed.

Is there a workaround until Microsoft fixes the bug?

As for the patches, well, there aren’t any yet. Instead, Microsoft released a workaround to restrict access using Command Prompt or PowerShell and then remove existing system restore points. This workaround can be found here. I contacted Microsoft for more information and a spokesperson told me, “We are investigating and will take appropriate action if necessary to help protect customers.


Source link

]]>
https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords-2/feed/ 0
Windows 10 bug, HiveNightmare CVE-2021-36934 exposes administrator passwords https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords/ https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords/#respond Wed, 21 Jul 2021 07:16:33 +0000 https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords/

July was not a good month for Microsoft Windows 10 users. First, there was the PrintNightmare security vulnerability which was quickly followed by the announcement of a facial recognition bypass bug. Windows Hello. Now things have gone from bad to worse with Microsoft’s confirmation of a vulnerability that can expose administrator passwords to any local Windows 10 user.

What is the HiveNightmare or SeriousSAM vulnerability?

Jonas Lykkegaard seems to have been the first security researcher to notice that, for some strange reason, the Security Account Manager (SAM) file had become activated in READING for all users. Initially, it was for the preview of Windows 11, but Jonas took hold quite quickly, because confirmed by many others, that Windows 10 was also vulnerable to this security bug. A bug, which was tagged as both HiveNightmare and SeriousSAM, which meant that security sensitive and related Windows registry files could be viewed by ordinary local users. Files like SAM containing all hashed user passwords, including administrator passwords.

What is the threat to Windows 10 users?

The threat here is obvious: an attacker with limited local user privileges could potentially get the passwords hashed and use them relatively easily to elevate his privileges to administrator level. At this point the game is over because then they can pretty much do whatever they want. The problem is compounded by the fact that the “shadow copy” of the system drive where these files can be found is created when someone performs a Windows update if that drive is larger than 128GB. So even if your version of Windows 10 was not initially impacted, it may be after the update.

What is Microsoft saying about CVE-2021-36934?

Microsoft confirmed the vulnerability as CVE-2021-36934 on July 20. Microsoft has stated that “overly permissive access control lists (ACLs) on several system files, including the Security Account Manager (SAM) database,” allow elevation of privilege. A successful attacker could, according to Microsoft, “install programs; view, modify or delete data; or create new accounts with full user rights ”. All versions of Windows 10 from 1809 are vulnerable to this method of attack, Microsoft has also confirmed.

Is there a workaround until Microsoft fixes the bug?

As for the patches, well, there aren’t any yet. Instead, Microsoft released a workaround to restrict access using Command Prompt or PowerShell and then remove existing system restore points. This workaround can be found here. I contacted Microsoft for more information and a spokesperson told me, “We are investigating and will take appropriate action if necessary to help protect customers.


Source link

]]>
https://integer-software.co.uk/windows-10-bug-hivenightmare-cve-2021-36934-exposes-administrator-passwords/feed/ 0
Fix Apple’s Embarrassing Error on MacBook Pro https://integer-software.co.uk/fix-apples-embarrassing-error-on-macbook-pro/ https://integer-software.co.uk/fix-apples-embarrassing-error-on-macbook-pro/#respond Wed, 21 Jul 2021 00:18:13 +0000 https://integer-software.co.uk/fix-apples-embarrassing-error-on-macbook-pro/

Apple is preparing to launch its new high-end MacBook Pro laptops later this year. It has worked to prepare consumers and developers for the changes and benefits of moving to the ARM-based Apple Silicon processor. What a pity that this care and attention was lacking during the introduction of the now decried touch bar.

Released in 2016, the Touch Bar replaced the physical function keys at the top of your MacBook Pro keyboard with a long, thin, continuous strip across the width of the device. It’s the only touchscreen you’ll find in MacOS, and it certainly showed promise in its early days. Promises that have never really been kept.

Apple’s default options were contextual, but very little to say – the ultimate default was to show twelve serious buttons containing a number of key UX features such as volume, media playback, backlighting, screen and application launcher. In other words, the same functions in the same place as the function keys.

Apple highlighted the Emoji “keyboard” which was available in almost every app, as well as how to use the touch bar to navigate audio and video while editing.

So why hasn’t the Touch Bar taken off and why hasn’t it become a key part of the Mac platform?

One of the biggest issues is that the developers could never assume the Touch Bar was there. It was only available on the MacBook Pro. The most popular MacBook Air retained the physical function keys, and Apple never released a magic keyboard that included a touch bar; denying any of the seriously desktop-related Macs the new features.

Any functionality of the touch bar had to be replicated through menus, keyboard shortcuts and on the main screen. The developers had to bypass the Touch Bar, by making an auxiliary functionality of their applications. Over the years, as countless Mac owners upgraded, the ability to incorporate the Touch Bar into Apple’s distinctive offering faded.

Put simply, Apple never put its full weight behind the Touch Bar… and the Touch Bar has become a cute thing at the top of your keyboard rather than a necessity. It should be removed from the new design. While the Touch Bar is still part of the new design for the 14-inch and 16-inch MacBook Pros, the problems will persist.

Now compare that with another change made by Apple; the move to ARM-based Apple Silicon.

It was not forced on consumers or the public, Tim Cook and his team carefully laid the groundwork for WWDC 2020 about 5 months before the first material was released. They created ARM based software development kits so that there is ARM compiled software when launching new laptops. And perhaps more importantly, Apple has made sure that ARM machines are as compatible as possible with older x86 apps.

Much of this success was achieved quietly in the years leading up to the launch of the ARM project; removing support for older APIs and UI kits; the shutdown of 32-bit applications; and the specific requirements of the code delivered to the Mac App Store reduced permutations, guided developers and users to the goal, and ensured a smooth introduction.

Apple has also been clear on the timescale of the switchover (end of 2022) and the scale (every Mac). Consistency has been promised and clearly signaled. Everything that didn’t happen with the Touch Bar happened with the move to ARM.

The Touch Bar remains one of the most visible entries in Apple’s “Miss” column, but the lessons of the Touch Bar are clear to all.

Now read on for the latest upcoming MacBook Pro hardware delay …

Source link

]]>
https://integer-software.co.uk/fix-apples-embarrassing-error-on-macbook-pro/feed/ 0
How to add weather to lock screen, desktop, and taskbar in Windows 10 https://integer-software.co.uk/how-to-add-weather-to-lock-screen-desktop-and-taskbar-in-windows-10/ https://integer-software.co.uk/how-to-add-weather-to-lock-screen-desktop-and-taskbar-in-windows-10/#respond Tue, 20 Jul 2021 17:42:15 +0000 https://integer-software.co.uk/how-to-add-weather-to-lock-screen-desktop-and-taskbar-in-windows-10/

The lock screen on a Windows computer is the window you see every time you start up, just as you are about to log into your system. The screen is highly customizable on Windows computers. Since it’s the first thing you see every time you start working on your computer, it’s important that it has all the important things in it, things you need to catch up on instantly. For many people, this can be the weather forecast for the current and future days. In this article, we’ll show you how to add the weather widget to your lock screen, as well as your Windows 10 desktop screen and taskbar.

How to add a weather widget to the lock screen in Windows 10

The process to do this is unsurprisingly easy. All you need to do is change your Windows settings and you are good to go. Here is what this change consists of:

  1. Open Windows settings by simultaneously pressing the Windows and “I” keys
  2. From the options available in the main window, go to Personalization
  3. Here, click on Lock screen in the left options pane
  4. Here you see an option to add items to your lock screen. This usually includes the date and time, next to which is a “+” sign.
  5. Click on it and in the list, select “Weather”
  6. If you want to undo this change, click on it again and this time select “None”

How to add the weather to the desktop in Windows 10

The process is not as easy to replicate with your desktop as it is with the lock screen. In fact, Microsoft does not offer its users to add a weather widget to their desktop screen using a built-in utility. So, we have to rely on third party apps for the same. The most reliable and efficient for this is a package named Widget Launcher. It consists of not only weather, but several other widgets like date and time, currency conversion, etc.

The process of setting up the app is quite straightforward and only takes a few minutes. Here is what you need to do:

  • Download the Widget launcher app from the Microsoft Store. (He was called HD Widget before, so you can search with that name too).
  • Launch the app once downloaded.
  • There you will see all of the widgets that the package has to offer.
  • The last one on the list will be the one named “Weather”.
  • Click to configure it.

Type in your location, or the location whose weather you want to track, and enter it.

add weather to lock screen, desktop, and taskbar

You will find a widget like below on your desktop screen. You can customize this widget based on your preferences, such as its colors and how transparent you want it to be.

You can also drag to increase or decrease its size depending, again, on your choice and how many apps you have on your desktop, as a large widget can make it look cluttered. If you want to get rid of it, just open Widget Launcher and turn it off.

How to add a weather widget to the taskbar in Windows 10

This isn’t something a user of the latest version of Windows would ask for, as it has been supported by Microsoft with the News & Interest feature. This utility sits on a user’s taskbar, showing the weather forecast, and when you hover your mouse over it, you see several maps, some with the news you want to read and things that interest you.

So, the best way to get the weather feature on your taskbar without resorting to a third-party utility is to update your PC to the latest version of Windows and use the News & Interests feature.

We hope you have found this article helpful and now you can view the weather widget anywhere on your PC.

add weather to lock screen, desktop, and taskbar Source link

]]>
https://integer-software.co.uk/how-to-add-weather-to-lock-screen-desktop-and-taskbar-in-windows-10/feed/ 0
Researchers Report 7-Year-Old Privilege Escalation Flaw in Linux Kernel (CVE-2021-33909) https://integer-software.co.uk/researchers-report-7-year-old-privilege-escalation-flaw-in-linux-kernel-cve-2021-33909/ https://integer-software.co.uk/researchers-report-7-year-old-privilege-escalation-flaw-in-linux-kernel-cve-2021-33909/#respond Tue, 20 Jul 2021 16:26:18 +0000 https://integer-software.co.uk/researchers-report-7-year-old-privilege-escalation-flaw-in-linux-kernel-cve-2021-33909/

A vulnerability (CVE-2021-33909) in the Linux kernel file system layer that could allow unprivileged local attackers to gain root privileges on a vulnerable host has been discovered by researchers.

“Qualys security researchers were able to independently verify the vulnerability, develop an exploit, and gain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are probably vulnerable and possibly exploitable ”, mentionned Bharat Jogi, Senior Manager, Vulnerabilities and Signatures, Qualys.

They also reported CVE-2021-33910, a closely related vulnerability in systemd that could lead to a denial of service condition.

About vulnerabilities (CVE-2021-33909 and CVE-2021-33910

The source of both flaws is the incorrect handling of long path names.

“The first vulnerability (CVE-2021-33909) is an attack on the Linux kernel. An unprivileged local attacker can exploit this vulnerability by creating, mounting, and deleting a deep directory structure with a total path length exceeding 1 GB. A successful attack results in elevation of privilege, ”explained the security team at Red Hat.

“The second vulnerability (CVE-2021-33910) is an attack against systemd (the system and service manager) and requires a local attacker capable of mounting a filesystem with a long path. This attack causes systemd, the services it manages, and the entire system to crash and stop responding.

Qualys researchers dubbed CVE-2021-33909 “Sequoia” – “a pun on the root-privileged bug’s deep directory tree” – and stated that all versions of the Linux kernel from 2014 onwards (Linux 3.16) are vulnerable.

More technical details, fault analysis, PoC, operational details and mitigations are included in Qualys Safety Advisory. Additional details and a PoC video are available here.

Patches are available

Qualys sent notices of the two vulnerabilities to Red Hat Product Security in early June, and Red Hat sent the fixes they wrote to linux-distros @ openwall and to the security @ kernel mailing list earlier this month.

CVE-2021-33909 affects Red Hat Enterprise Linux 8, 7, and 6, and CVE-2021-33910 affects Red Hat Enterprise Linux 8.

“Additionally, any Red Hat product supported on Red Hat Enterprise Linux (including RHEL CoreOS) is also potentially impacted,” the company said. mentionned.

They provided a vulnerability detection script that customers can use to determine if their system is currently vulnerable, and advised customers running affected versions of Red Hat products to immediately apply available updates.

The Debian project also recommended update its linux and systemd packages.

Source link

]]>
https://integer-software.co.uk/researchers-report-7-year-old-privilege-escalation-flaw-in-linux-kernel-cve-2021-33909/feed/ 0