NetSpectre: new Spectre-based attack uses the network

We all expected Spectre to give security experts a headache. The fact that the attack takes advantage of unsolvable vulnerabilities found on CPUs forces us to include mitigations in every way possible, including the OS’ kernel, drivers (from components to GPUs), programs and apps, and third-party apps.

After two new Spectre-based vulnerabilities became known last month, now there comes an attack that affects systems with Intel CPUs. It was dubbed NetSpectre because it can be launched over the network, a greater risk than before because threats previously required some form of local code execution.

NetSpectre is a new remote side-channel attack that is related to Spectre variant 1 (CVE-2017-5753) and abuses speculative execution to perform bounds-check bypass and can be used to defeat ASLR. NetSpectre could allow an attacker to write and execute malicious codes that could potentially be exploited to extract data from previously-secured CPU memory, including passwords, cryptographic keys and other sensitive information. Instead of relying on covert cache channel, researchers demonstrated how NetSpectre works using the AVX-based covert channel that allowed them to capture data at a deficient speed of 60 bits per hour from the target system. Continue reading “NetSpectre: new Spectre-based attack uses the network”

Windows 10 turns three after some ups and downs

Windows 10 was officially released on July 29, 2015. Microsoft’s next-gen OS introduced major changes in terms of features and its business approach.

The Redmond giant adopted a clear strategy with Windows 7 and Windows 8.1: offering its operating systems as products, which was something the company also did with tools like Office 2013 and Office 2016. Office 365 has been one of Microsoft’s major shifts towards a service model, and Windows 10 was born out of that idea.

This means that Windows 10 is not a product anymore but a service, and the updates that the company releases twice a year prove it. Each of said updates are codenamed Redstone, although their release names have had a lot of different nuances (Anniversary Update, Creators Update and the latest April 2018 Update).

The update model adopted by Microsoft has been largely questioned, especially given the major problems it caused users due to errors and compatibility issues, which were not identified during beta testing. However, Microsoft will stick to the same model in the short run, so there will be more updates our way. Continue reading “Windows 10 turns three after some ups and downs”

This is how you can protect yourself against this new Trojan that can affect users in several ways

A new threat puts users’ security at risk. This is a new problem for which we must find a solution in order to avoid putting our devices at risk. We are talking about Parasite HTTP, a remote access Trojan (RAT) and an updated version of an already identified banking Trojan. It uses phishing campaigns targeting a wide variety of sectors. Its goal is the same: stealing users’ banking credentials.

Parasite HTTP, a new Trojan

According to Proofpoint researchers, this new malware is being distributed via emails. Said emails come with a Microsoft Word attachment containing hidden malicious macros that would download the RAT from a remote site.

As we have mentioned, this new banking Trojan has been dubbed Parasite HTTP. It has features that make it new, like anti-emulation, sandbox identification, and anti-debugging, to name a few.

The upgraded RAT is an advanced version of a previously detected banking Trojan. Additionally, according to researchers, Parasite HTTP’s modular structure adds newer modules once it compromises a device successfully.

We have to mention that Parasite HTTP is written in C language and has a size of only 49 KB. The malware communicates in an encrypted format and is able to bypass firewalls. Continue reading “This is how you can protect yourself against this new Trojan that can affect users in several ways”

What to do in terms of security if we get a new computer

Security is a key aspect to keep our phone working well. Therefore, we have to use tools and programs to keep malware at bay. Doing this will let us face possible threats that could cause our device to malfunction. However, taking measures is even more important in case of a new or recently bought computer or one that has been formatted to install a new OS from scratch. In this article, we will talk about the security measures we must take if we have a new computer.

First security measures on PCs

When we buy a new PC (or even phones or tablets), it is virtually empty. It has a few built-in apps, but setting the PC up is our responsibility. The first steps can make a difference in the medium and long run. I recently bought a new computer, and since it is my work tool, security is really important. This is why we will use this article to show some basic advices.

The first thing to do is to install security programs and tools regardless of the OS or platforms we use, as they are all vulnerable in some way. A good antivirus is important. Windows 10, the latest version of Microsoft’s OS, is widely used and comes with Windows Defender.

Additionally, I personally think it is really useful to uninstall useless apps that might come with the system and that we might not really need. They are not really bothersome or dangerous in terms of security, but it might be worth uninstalling them and somewhat clean the PC.

Continue reading “What to do in terms of security if we get a new computer”

Passera: protect services used on Android with passwords created by this generator

Protecting the services we use? A lot of users always use the same password to avoid wasting time creating new ones, but this is a huge mistake. Doing so allows cybercriminals to use a hacked service to attack other services. This is why we will use this article to talk about an app for Android devices that you will like. It is called Passera, a free password generator. Do you want to know more about it?

The reason why we wanted to talk about this app for Android is because of the OS’ market share. The amount of services used on Android smartphones and tablets keeps increasing.

This is why this type of apps becomes important for said devices.

A password generator prevents the user from having to come up with a password that is complex enough. Passera is a tool that provides unique passwords to the user easily. It is capable of turning any entered text into passwords up to 64 characters long. Continue reading “Passera: protect services used on Android with passwords created by this generator”

A new ransomware like WannaCry has appeared. This is how you can protect yourself

Ransomware threats have recently turned into one of the most worrisome security threats for users. This type of threat is widely spread nowadays and we are completely sure about not wanting to get infected by it. As we know, hackers take over PCs, encrypting files so the victim has to pay a ransom to decrypt them. This is a serious issue if the infected PC has important personal or work-related information. Today we are talking about a GandCrab ransomware variant and how to be protected against it.

New GanCrab ransomware variant

As we know, WannaCry is an example of the most dangerous ransomware with the most victims. This ransomware variant affected around 300,000 organizations worldwide. The similarity between GandCrab and WannaCry lies in the fact that both of them use the SMB protocol to attack Windows users.

GandCrab attacks victims via compromised websites. According to researchers, this new type of malware is updated every day to attack victims in different countries. Hackers scan the internet to find vulnerable websites to carry out the attacks. The latest version features a long list of websites that were compromised. Continue reading “A new ransomware like WannaCry has appeared. This is how you can protect yourself”

Redstone 5 will bring Dolby Vision to the Xbox One for better 4K HDR

A few years ago, Microsoft decided to introduce Windows 10 as the ultimate version of its OS, releasing periodic updates with a lot of new features. The latest update is Redstone 4, but Redstone 5 will be available during the second half of the year for PCs and the Xbox One S and Xbox One X consoles. One of the key new features is Dolby Vision.

We must thanks last-gen consoles for introducing 4K and HDR. The High Dynamic Range technology delivers a wider color gamut and an increased contrast ratio that translates into a greater visual experience. In terms of image quality, HDR is clearly amazing. Microsoft’s Redstone 5 is coming soon to Xbox Insiders. This new update will introduce Dolby Vision, Dolby’s HDR, to complement current HDR10 support.

Continue reading “Redstone 5 will bring Dolby Vision to the Xbox One for better 4K HDR”

Get Android notifications on Windows 10 using Chrome or Firefox

Whether we have an Android or an iOS device, we tend to receive a lot of notifications every day depending of our phone’s settings. Said notifications can be related to any feature or app installed on the phone.

This is one of the reasons why software developers are working to be able to sync mobile and desktop platforms as much as possible. Such a situation would allow us to use devices on both platforms at the same time. Nowadays, PCs are greatly complemented by phones and vice versa.

However, the process of syncing platforms is slowly taking shape in different schedules around Microsoft, Google’s Android and Apple’s iOS. We can always use third-party apps to get what we are looking for, and that is exactly what we will do right now. We will talk to you about Crono, an app that will allow us to get Android notifications on Windows 10 using Chrome or Firefox.

Continue reading “Get Android notifications on Windows 10 using Chrome or Firefox”