Microsoft Issues Windows 10 Patch for Security Flaw That Google Revealed

Microsoft Issues Windows 10 Patch for Security Flaw That Google RevealedMicrosoft Issues Windows 10 Patch for Security Flaw That Google Revealed
HIGHLIGHTS
Patch is part of monthly cumulative update for Windows
Microsoft Edge users on Windows 10 Anniversary Update already covered
Microsoft identified Strontium as group that were targeting users
Microsoft has issued a patch for the critical Windows 10 system vulnerability brought to light by Google last week, it said in its security bulletin announcement on Tuesday. The Redmond-based software giant had expressed its displeasure with the disclosure by the search giant, which had cited the bug’s active targeting as its reasoning for going public.

The fix is available as part of Windows’ monthly updates. Microsoft claimed the vulnerability did not affect anyone using Microsoft Edge on Windows 10 Anniversary Update, and any attacks could also be detected using Windows Defender Advanced Threat Protection. For everyone else, hackers who manage to successfully exploit the vulnerability “could then install programs; view, change, or delete data; or create new accounts with full user rights”.

(Also see: Microsoft Says Russia-Linked Hackers Exploiting Google-Discovered Windows Flaw)
After Google’s Threat Analysis Group reported their findings, Microsoft traced the activity to a hacker group it calls Strontium, which mostly dabbles in “low-volume spear-phishing”. According to Microsoft, Strontium has been linked with more zero-day exploits to their name than any other group in 2016. The group mostly targets government agencies, diplomatic institutions, and military organisations, along with defence contractors and public policy research institutes.
And owing to the risk involved, Microsoft’s Windows and Devices Group VP Terry Myerson believes coordinated vulnerability disclosure is better for customers. “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” he added.

Now that Microsoft has a patch out, you should check the updates section to ensure you’re in the clear. And if you’re yet to update Adobe Flash, get on that pronto.

Tags: Google, Microsoft, Windows 10

[“Source-Gadgets”]

Microsoft Forces Windows Defender on Users, Disables Third-Party Security Apps: Kaspersky

Microsoft Forces Windows Defender on Users, Disables Third-Party Security Apps: Kaspersky

Microsoft Forces Windows Defender on Users, Disables Third-Party Security Apps: Kaspersky
HIGHLIGHTS
Kaspersky alleges Microsoft to force its own Windows Defender on users
Russia’s FAS has reportedly opened an investigation into Microsoft
Microsoft is yet to respond to the claims made by Kaspersky
Russia’s Federal Antimonopoly Service (FAS) has reportedly opened an investigation into Microsoft on receiving a complaint from Internet security company, Kaspersky Lab. Microsoft is alleged to force its own Windows Defender on Windows 10 users while disabling third-party security software.

According to the security company, Microsoft is using its dominating position in the market of operating systems to give an upper hand to its own products over others. “The company is foisting its Defender on the user, which isn’t beneficial from the point of view of protection of a computer against cyber-attacks. The company is also creating obstacles for companies to access the market, and infringes upon the interests of independent developers of security products,” wrote Eugene Kaspersky in a blog post.

ZDNet points out that Microsoft is said to violating Part 1 Article 10 of the Federal Law “On Protection of Competition” which states, “the actions (omission to act) of an economic unit occupying a dominant position which result or can result in barring, restricting or eliminating competition and (or) infringe upon the interests of other persons shall be prohibited.”
Microsoft has been also alleged to “automatically and without any warning deactivate” the already installed security software on the system. “When you upgrade to Windows 10, Microsoft automatically and without any warning deactivates all ‘incompatible’ security software and in its place installs… you guessed it – its own Defender antivirus,” added Kaspersky in his post.
Further adding, the blog post gave several examples how Microsoft is pushing its users to use Windows Defender instead of third-party software.

Kaspersky adds that Microsoft has limited the possibility of “independent developers” to warn users about their licenses expiring in the first three days after expiration. “Actually, a warning is there, but it’s buried in a Windows Security Center notification, which hardly ever gets read,” notes the blog. Unfortunately, Microsoft is yet to respond to the claims made by Kaspersky.

In a statement, Deputy Head of FAS Anatoly Golomolzin (via SoftPedia) said, “Since Microsoft itself develops antivirus software – Windows Defender that switches on automatically if third-party software fails to adapt to Windows 10 in due time, such actions lead to unreasonable advantages for Microsoft on the software market. Our task is to ensure equal conditions for all participants on this market.”

Tags: Microsoft, Kaspersky, Security, Windows, Windows 10

[“Source-Gadgets”]

Nexus 6 Users Start Receiving Android 7.0 Nougat Update, October Android Security Update Released

Nexus 6 Users Start Receiving Android 7.0 Nougat Update, October Android Security Update Released

HIGHLIGHTS

  • The October security update resolves more than 40 issues
  • This security bulletin has two security patch level strings
  • Factory Images and OTA images are live

After promising the Nexus 6 and Nexus 9 LTE devices would get the Android 7.0 Nougat update in “the coming weeks” in the middle of September, Google has finally made good on its promise – at least for the Nexus 6. The update was released alongside the monthly Android security update for Nexus and Pixel devices. According to the security bulletin, Google has released two security patch level strings, one on October 1 and the other on October 5. The first one is partial patch with few bug fixes, while the October 5 patch brings crucial fixes and is the final version.

In August, the Android 7.0 Nougat update was first released to Nexus 5X, Nexus 6P, Nexus 9, Nexus Player, Pixel C tablet, and Android One General Mobile 4G devices only; while the Nexus 6 and Nexus 9 LTE were left out. However, Google has finally started rolling the Android Nougat update out to Nexus 6 users as well. The factory image and the OTA build are available on Google’s developer pages, while the OTA update should be rolling out soon. The update is about 860MB in size, and has the build number NBD90Z. The update carries the October security patch as well, reports Android Police.

This comes just hours before the big Google event. The tech giant is expected to unveil two new Pixel smartphones, alongside the first Android Nougat maintenance release. We expect the Pixel and Pixel XL smartphones to run on Android Nougat 7.1 out-of-the-box, and this update will bring significant improvements along with it.

For now, we have the security patch releasing to all compatible Nexus and Pixel devices, and factory images and OTA images have gone live as well. Between the two patches Google has fixed more than 40 issues including over two-dozen high severity issues and five critical problems.

The security bulletin assures that OEM partners were notified about the issues, and source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.

Subscribe to Orbital: The Gadgets 360 Podcast via iTunes or RSS and just hit the play button below to catch us discuss Pixel phones and all other announcements from Google’s event on Tuesday.

 

[“source-ndtv”]

TPG Said to Be Among Possible Bidders for Intel Security Unit McAfee

TPG Said to Be Among Possible Bidders for Intel Security Unit McAfee

TPG Said to Be Among Possible Bidders for Intel Security Unit McAfee
HIGHLIGHTS
Deal could value McAfee at as much as $3 billion
Intel is also talking to other potential bidders
Intel’s strategy to focus on its more profitable data-center business
TPG is among potential bidders for Intel Corp.’s computer-security unit McAfee, people with knowledge of the matter said.

The private equity firm has held preliminary discussions with Intel about a deal that could value McAfee at as much as $3 billion, said the people, who asked not to be named because the process is private. Intel is also talking to other potential bidders, including buyout firms and corporate suitors, they said.

Talks are at an early stage and Intel may choose not to sell the business, the people said. The chipmaker hasn’t hired banks to run a formal sale process, they said.

Some buyout firms that had shown preliminary interest in McAfee, including Permira Holdings and Thoma Bravo, are not currently actively pursuing the unit, the people said. The potential suitors were put off by slower-than-expected growth of the business and a lack of obvious cost reductions, two of the people said.

Representatives for TPG, Intel and Thoma Bravo declined to comment. A spokeswoman for Permira didn’t immediately respond to a request for comment.
(Also see: Intel’s Slowing Data Centre Growth Overshadows Strong Profit)

Intel is considering offloading the anti-virus software unit as part of a strategy to focus on its more profitable data-center business. The Santa Clara, California-based chipmaker acquired McAfee in 2011 for $7.7 billion (roughly Rs. 51,467 crores) to build security features directly into its silicon products.

© 2016 Bloomberg L.P.

Share a screenshot and win Samsung smartphones worth Rs. 90,000 by participating in the #BrowseFaster contest.

Tags: Intel, McAfee, TGP, Security, Internet, Apps

[“Source-Gadgets”]

Shahid Afridi Urges Subcontinent Teams to Show Unity and Counter Security Fears

Shahid Afridi Pakistan

Shahid Afridi was not happy with Australia cancelling their tour to Bangladesh.

© AFP

Karachi: Pakistani all-rounder Shahid Afridi criticised Australia’s decision to call off their Bangladesh tourciting terrorism fears, saying Monday that while security was paramount tours should “not be cancelled over minor issues”.

Australia scrapped its two-Test tour of Bangladesh last week after official warnings militants may attack Western interests.

The head of the Bangladesh Cricket Board Nazmul Hassan said measures to tighten security should have satisfied any safety concerns, telling reporters in Dhaka that while many countries face such terror threats, “it never stops cricket”.

Afridi echoed that statement on the sidelines of a visit in Karachi to meet Pakistan and Bangladesh’s women’s teams. “Security is paramount but tours should not get cancelled over minor issues,” he told reporters.

“Pakistan, India, Bangladesh and Sri Lanka should show some unity and counter these security fears as we have suffered a lot with international teams not coming to Pakistan,” said Afridi.

International cricket was suspended in Pakistan after a deadly 2009 attack on the Sri Lanka team bus in Lahore. But the country hosted its first Test-playing nation in six years in May, when Zimbabwe toured for a short limited-over series, raising hopes that bigger teams might also come to Pakistan again.

Afridi said Bangladesh’s decision to send their women’s team was a good sign.

“Our country is going through a difficult phase but cricket will be revived through the efforts of Pakistan Cricket Board and we should thank the Bangladesh government for sending their women’s team,” he said.

“I am sure this is the first good step before sending Bangladesh men’s team.”

The popular Twenty20 captain appeared to have charmed the Bangladeshi players, with many posing for selfies with him.

“It’s nice to see women playing good cricket and I congratulate both the teams for their competitive style,” said

Afridi.

Former Bangladesh opener Athar Ali Khan said Afridi’s visit had been “great encouragement” for the women’s teams.

“It will go a long way in raising their performance in the last match,” said Khan, who played 19 one-day internationals for Bangladesh.

[“source-ndtv”]

Cybercrime Rose Significantly in 2015: Dell Security Annual Threat Report

Cybercrime Rose Significantly in 2015: Dell Security Annual Threat Report

Multinational computer technology company Dell on Saturday warned that cybercrime increased significantly around the world in 2015 despite organisations deploying end-to-end security solutions perfectly.

Cybercriminals employed a number of new tactics to better conceal exploit kits from security systems including the use of anti-forensic mechanisms and URL pattern changes, the company said in its “Security Annual Threat Report”.

Modifications in landing page entrapment techniques; steganography which is concealing the file, message, image, or video within another file, message, image, or video, and modifications in landing page entrapment techniques, were also used effectively to compromise the security, it added.

“Cybercrime has increased significantly around the globe in 2015 and there have been repeated incidents of breaches against organisations who believed that they had carried out their end-to-end security deployment perfectly.” said Amit Singh, country manager, Dell SonicWALL.

The company emphasised on the criticality of maintaining 360 degrees of vigilance.

“Many of the breaches in 2015 were successful because cybercriminals found and exploited a weak link in victims’ security programs due to disconnected or outdated point solutions that could not catch these anomalies in their ecosystem,” said Curtis Hutcheson, general manager, Dell Security.

Dell SonicWALL noted a rise in the use of exploit kits.

While the year’s most active kits were Angler, Nuclear, Magnitude and Rig, the overwhelming number of exploit kit options gave attackers a steady stream of opportunities to target the latest zero-day vulnerabilities, including those appearing in Adobe Flash, Adobe Reader and Microsoft Silverlight, the report said.

It also noted that malware attacks nearly doubled to 8.19 billion with Android ecosystem being prime target, putting a large percent of smartphones at risk globally.

According to Patrick Sweeney, vice president of product management and marketing, Dell Security, although the release of Android 6.0 Marshmallow operating system in October 2015 included a slew of new security features, “we can expect cybercriminals to continue finding ways to circumvent these defences”.

“Android users should exercise caution by only installing applications from trusted app stores like Google Play, keeping their eye on the permissions being requested by apps, and avoid rooting their phones,” he added.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Cybercrime, Internet, Security Annual Threat Report
[“Source-Gadgets”]

Stanford launches new online courses in computer security

Image from Stanford Advanced Computer Security Certificate Program website (http://computersecurity.stanford.edu/)

STANFORD, Calif., April 10, 2016 /PRNewswire/ — Staying ahead in the cyber security game is critical to defending against new threats. To protect against cybercrime, corporations, business and government must continuously update their security measures and keep employees properly trained.

Since 2005, Stanford has provided professionals around the world with the opportunity to learn the latest real-world applications of computer security through the Stanford Advanced Computer Security Certificate Program. The six-course online program provides participants with the advanced skills needed to learn how to protect networks, secure electronic assets, prevent attacks, and build secure infrastructures.

Continue reading

Ongoing updates to curriculum ensure participants obtain the best education. Stanford recently made several enhancements to the online certificate program, adding a new course called Network Security and updating the Emerging Threats & Defensescourse to reflect the latest knowledge.

Network Security addresses one of the most important computer science issues today. Participants will learn current and trending practices for building reliable and secure code to defend against various attack techniques, harmful viruses and threats. Participants will learn how to identify operating holes and explore the trends in malware, privacy and security for mobile devices.

In the new and improved Emerging Threats & Defenses course, participants will explore the growing challenges of securing sensitive data, networks and mobile devices, and learn the latest applications to defend against malicious acts.

With online access to video lectures, materials and exams from Stanford faculty and industry experts, participants across the globe can advance their knowledge of computer security while maintaining their jobs. The program is directed and taught by Stanford Professors John Mitchell and Dan Boneh as well as industry expert Neil Daswani. Boneh, Professor of Computer Science and of Electrical Engineering at Stanford, is nationally recognized for his work in cyber security. His research focuses on building security mechanisms that are easy to use and deploy. Mitchell is Vice Provost for Teaching and Learning and Professor of Computer Science and, by courtesy, of Electrical Engineering and of Education at Stanford. His research in computer security focuses on cloud security, mobile and web security, privacy and network security. Daswani is an expert in web application security, the co-founder of the security company Dasient, and the chief information security officer at LifeLock. He is also aStanford alumnus and the author of the book Foundations of Security: What Every Programmer Needs to Know.

Acceptance into the Stanford Advanced Computer Security Certificate Program is ongoing and participants may apply through the Stanford Center for Professional Development. Details can be found at computersecurity.stanford.edu.

About the Stanford Center for Professional Development
The Stanford Center for Professional Development makes it possible for today’s best and brightest professionals to enroll inStanford University courses and programs while they maintain their careers. Courses and programs from the School of Engineering and related Stanford departments are delivered online, at Stanford, at company work sites and international locations—providing a global community of learners with flexibility and convenience, and enabling them to apply their education to their work.

[“source-Gadgets”]