Security & Privacy Archives - Page 8 of 13 - Chipp.in Tech News and Reviews

New 0-Day Windows vulnerability steals credentials in the simplest way possible

Posted on December 7, 2024December 7, 2024 by Martin Brinkmann

Micro-patching service 0Patch have disclosed a new 0-day vulnerability that affects all recent client and server versions of the Windows operating system.

A successful exploit gives the attacker access to a user’s credentials. All that is required for that is that the user opens a folder on Windows that contains a malicious file.

0Patch releases micro-patches for security issues. It supports various Windows and Office clients, even after Microsoft ended support for them officially.

The company released a patch in February for a vulnerability that Microsoft did not consider worthy of a patch.

0Patch reveals in a blog post that the issue affects Windows 7 to Windows 11 version 24H2, and Windows Server 2008 R2 to Server 2022. Windows Server 2025 is likely also affected, but it is still under testing since its release in November 2024.

The company writes:

Our researchers discovered a vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2022. The vulnerability allows an attacker to obtain user’s NTLM credentials by simply having the user view a malicious file in Windows Explorer – e.g., by opening a shared folder or USB disk with such file, or viewing the Downloads folder where such file was previously automatically downloaded from attacker’s web page.

Good to know: NTML, which stands for New Technology Lan Manager, is a set of security protocols used by Microsoft in all recent versions of Windows.

0Patch says that it has reported the vulnerability to Microsoft and that it is withholding information about the issue until it is fixed by Microsoft.

It is the third 0-day vulnerability that 0Patch reported to Microsoft recently. The previous two, a Windows theme file issue and a Mark of the Web issue, have not been fixed by Microsoft according to 0Patch.

Micro-patches are available for all three 0-Day vulnerability. 0Patch subscribers should get these automatically, provided that they run the 0Patch application on their Windows devices.

As per the usual terms, the company is providing free users with the micro-patches as well, as Microsoft has not yet created an official patch to protect devices against potential attacks.

Additional information about the issue is available on the linked website.

5 Takeaways from NSA’s Best Practices for Mobile Devices

Posted on November 17, 2024November 17, 2024 by Martin Brinkmann

Mobile devices are seemingly everywhere. Many people carry them around all day. This makes them a valuable target for attacks.

The NSA published a document earlier this year in which it highlights best practices for mobile devices. It is a simple document, that divides suggestions into the labels avoid, disable, do, and don’t.

Some suggestions appear very basic for experienced users. Like, making sure that the operating system and apps are up to date, not opening attachments or links from untrusted sources, or not having sensitive conversations on personal devices..

Related content:

Nord Security launches File Checker online tool

A few of the suggestions may be new advice, even for experienced users. Or, it may be known but not practiced.

Here are five takeaways that I found interesting

You should reboot the device at least once a week.
Do not have sensitive conversations in the vicinity of the mobile device.
Use a protective case that “drowns the microphone” and block the camera when it is not used.
Disable Bluetooth, Location, and Wi-Fi when it is not used. Never connect to public Wi-Fi networks.
Use a protective case that “drowns the microphone”. Also block the camera when it is not in use.

Some of these make using mobile devices cumbersome and that is likely one of the main reasons why most mobile users are probably not restarting their device once a week or turning of Wi-Fi.

You can check out the full list of suggestions here.

What is your take on this? Do you restart your device regularly or follow some or all of the other suggestions? Feel free to leave a comment down below.

Mullvad VPN adds protections against AI traffic analysis

Posted on October 26, 2024October 26, 2024 by Martin Brinkmann

One of the best things you can do to protect your data and privacy while online is to use a good VPN. Not all VPNs offer equally good protections; some even collect and sell user data.

Mullvad VPN is already offering some of the strongest privacy protections in the industry. This begins with options to buy access anonymously, but does not end there. You may also run Mullvad Browser, a hardened fork of the Firefox web browser.

Also great:

DNS Forge Review: privacy-friendly censorship-free DNS with ad-blocking

Mullvad announced a new protective feature against AI-based traffic analysis in May of this year. Defense against AI-guided Traffic Analysis (DAITA) is designed to protect user data against the growing thread of the use of AI to analyze traffic to identify patterns and users, even when VPNs are used.

This form of traffic analysis works in the following way according to Mullvad:

Whenever you visit a website or use a service on the Internet, network packets are transferred.
While ISPs and network listeners do not know the content of these packages, they do know a) the size of the packets, b) when and how often they are sent.
AI may identify websites, services, and even people you message based on network packages.

DAITA

DAITA is designed to protect against any form of network packet analysis to determine visited websites, services, or communication.

This is achieved in the following way (again according to Mullvad):

DAITA changes the size of all packets send over the VPN to be the same size.
Random background traffic is added to the communication.
Data pattern distortion by sending cover traffic between the client and the VPN server.

DAITA is available in Mullvad VPN for Android already. You need to enable ti manually under Settings > VPN Settings > DAITA.

Note that DAITA works with select servers, Mullvad lists Amsterdam, London, Los Angeles, and New York, at the time.

Do you use a VPN service? If so, which and why this one? What is your take on Mullvad’s new privacy feature? Feel free to leave a comment down below.

KeePass 2.57.1 Security Update is now available after a code analysis

Posted on October 8, 2024October 8, 2024 by Martin Brinkmann

Good news for everyone who is using the password manager KeePass. A new update is now available that fixes two minor security issues in the client. These have come to light during a code analysis that was sponsored and run by the German Federal Office for Information Security and MGM Security Partners.

The new is good, because no medium, high, or critical issues were discovered during the audit. Note that the audit focused on the actual KeePass application and not third-party forks or plugins.

Also good to know:

Should you save passwords in a browser?

The full report will be published on this (German) website later on. Previous reports have been in German, and it is likely that the KeePass report will also be available in German only.

KeePass users may want to upgrade the password manager to the new version as soon as possible. The two discovered security issues have a low severity rating.

The official release notes go through the findings and provide notes on the discovered issues. It is unfortunately difficult to understand at this point as the report is not quoted.

Closing Words

The results of the code audit should instill confidence in the password manager. I’m keeping an eye on the download page of the report to read it once it is published.

Which password manager do you use? Is it KeePass or something else? Leave a comment down below to let us all know!

Google removes Kaspersky antivirus from Google Play

Posted on October 7, 2024October 7, 2024 by Martin Brinkmann

Things are heating up for the Russia-based cybersecurity company Kaspersky. After the company’s antivirus desktop version was hit by a ban in the United States, it is facing a second major drawback.

The details:

Google removed Kaspersky’s antivirus app from Google Play worldwide.
Google confirmed the removal.
Kaspersky apps remain available on the Apple App Store, third-party Android stores, and direct downloads.

Related content

Google services dominated web tracking last year

Google confirmed the removal of Kaspersky apps from Google Play in a statement to Bleeping Computer:

The U.S. Department of Commerce’s Bureau of Industry and Security recently announced a variety of restrictions on Kaspersky. As a result, we have removed Kaspersky’s apps from Google Play.

A search for Kaspersky or any Kaspersky app comes up empty on Google Play. Other antivirus apps are highlighted instead.

Kaspersky says that users may download their apps from third-party sources or from Kaspersky directly.

Kaspersky representatives say that the company is investigating the removal of its apps from the Play Store. It seems unlikely that the apps will be reinstated any time soon.

The removal is another heavy blow for the cybersecurity company. While alternatives remain available, the bulk of Android users rely on the Play Store for all-things app related.

Closing Words

Whether you truly need an antivirus solution for Android is up for debate. A good trusted VPN on the other hand is a recommended addition, if you happen to connect your device to public or third-party wireless networks at times.

What is your take on all of this? Do yo use extra security apps on Android or iOS? If so, which do you use and for what purpose? Feel free to leave a comment down below.

Google services dominated web tracking last year

Posted on September 25, 2024September 25, 2024 by Martin Brinkmann

When it comes to user tracking on the Internet, Google continues to have a firm hold on the top positions. Kaspersky released its annual web tracking report for the past year.

The data comes from a Do Not Track plugin that Kaspersky uses in its software products. It is designed to prevent different forms of tracking, but is disabled by default.

The key findings:

Google dominates tracking on the Internet.
Other companies that track users are Microsoft, Amazon, and Yahoo.

Note: The data comes from products from a single company. It may not reflect the monitoring landscape as accurately as possible because of that.

Google’s dominance becomes clear when you look at regional tracking. Here in Europe, Google Display & Video 360, and Google Analytics are the dominating trackers with an exposure of 17.27% and 11.93%. Third-placed Amazon sits at 9.13% and fourth placed Criteo at 6.80.

Then it is Google again with YouTube Analytics (5.65%), Microsoft with Bing (5.33%) and Google again with Adsense (5.23%).

In North America, it is again Google Display & Video 360 (16.84%) that dominates. Amazon is second this time (9.08%), but then it is Google again with Analytics (8.42%). Google is also placed fifth and sixth in North America.

The situation is similar in other regions. In Latin America, Google holds the first three spots and the fifth. In the Middle East, Google holds the first four spots. In Africa, it is the top three and the sixth.

It is interesting to note that some Google services lost eyes on users compared to the year before in many regions. Growth was limited to East Asia and Commonwealth of independent states. Google’s monitoring declined in all other regions, but it still dominates by a large margin.

Google Adsense and YouTube Analytics are the two exceptions. They managed to increase significantly in nearly every region.

You can check out the entire report on the Secure List website.

How do you protect yourself from tracking? Do you run content blockers? Other options? Feel free to leave a comment down below.

ConfigureDefender: open source tool to manage Microsoft Defender settings

Posted on September 20, 2024September 20, 2024 by Martin Brinkmann

Microsoft Defender is the default security solutions on all modern versions of Windows. Users have to become active to replace it with another security solution. It is probably a safe bet that Defender is the tool on most Windows 10 and 11 systems.

It is different from tools like SuperMSConfig, which provide broader tweaking options.

The operating system offers several options to configure Microsoft Defender. The most common for home users is to use Windows Security. It divides settings on multiple pages and subpages, and may leave out some settings depending on certain factors.

ConfigureDefender is a long-standing open source tool to improve this. Just launch the small app after you have downloaded it from its GitHub repository to get started.

The app displays all settings on a single page.

You have two main options now:

Change individual settings directly.
Use a preset to change the status of multiple settings at once.

Presets offer a quick way to change settings, but it is rather difficult to understand what each setting does. Max, for example, looks like it would set everything to the highest values, but you still do not know what that actually means.

ConfigureDefender supports four presets: default, high, interactive and max. Default is handy, as it resets all settings to their default values.

A click on the info-button opens a readme with the information. There you find information about each preset. It will take some time to go through the listing though.

The second option gives you full control over the settings. Some users may have difficulties understanding what some of the settings do. While experienced users may understand that PUA Protection refers to “potentially unwanted applications”, inexperienced users may not.

It may be necessary to search for specific terms on the Internet to find out what they do.

The program supports a large number of settings. These are divided into basic, admin and exploit guard settings. Each preference is modified through a simple menu. Click on the menu and ConfigureDefender displays the available options. Pick one and hit the refresh button. The program reminds you that a restart of the Windows PC is required to apply the change.

Closing Words

ConfigureDefender speeds up the configuration of Microsoft Defender on non-managed systems. It is easy to use, especially for users who know what each of the settings do. New users may need to spend time in the beginning researching some of the preferences to understand what they do.

All in all, it is a useful helper app for Windows users.

Which security solution(s) do you use? Is Microsoft Defender one of them? Feel free to write a comment about this.

Bitdefender launches security product promising 24/7 YouTube account protection

Posted on September 5, 2024September 5, 2024 by Martin Brinkmann

Bitdefender Security For Creators is a new security product that the company says helps creators focus on content creation and growing their communities instead of the management of security tasks.

So, what do you get when you sign-up for the product?

YouTube channel and account monitoring, alerts for “alerts for mass deletion of videos, alterations to account name, profile picture changes, descriptions and more”.
Phishing protection that flags “phishing and scam emails” automatically.
Hacking prevention that protects logins and sensitive data against “infostealers, online threats, and hidden malware designed to steal your information”.
Account recovery assistance that provides users with step-by-step guides to recover account access or data.

Some of these features are unique. This includes the YouTube channel and account monitoring feature. Others, not so much. Most antivirus solutions offer phishing protections. Unless BitDefender has found a unique way to handle those, you best bet is to stay alert regardless of that. Some phishing emails will bypass protections.

The price is quite hefty for the product. Bitdefender Security for Creators is available for $15 per month or $180 yearly, and that is already 50% off the regular price.

While that may not be much for content creators who have millions of followers, it is a sizeable sum, especially when compared to regular security services and products.

Also, YouTube is the only service that it monitors right now. That leaves plenty of other services, Twitch, Instagram, Facebook, TikTok, and others. Whether these will be added in a future update is unclear. Bitdefender confirms that it is working on adding other platforms soon. It mentions Instagram and TikTok specifically.

There is a 30-day money back guarantee and also versions for teams of up to three or five. These cost $18 or $21 respectively.

Closing words

Bitdefender Security For Creators is a product for content creators who want to protect their accounts. The monitoring is the key feature that separates it from regular antivirus solutions.

This is limited to receiving alerts, however. When someone mass deletes your videos, you should know. But you receive the alert once the software detects the mass deletion. This also means that someone got access to the account.

I can see this becoming popular with a specific breed of creators, especially once new services do get added to the monitoring and alerting functionality.

What is your take on this? Would you say this is a product designed for a specific audience that could do well, because of that? Feel free to leave a comment down below.

VeraCrypt: first update of the year improves security and fixes bugs

Posted on August 31, 2024August 31, 2024 by Martin Brinkmann

The developers of the open source encryption software VeraCrypt have released VeraCrypt 1.26.14 for all supported platforms. The new version adds a notification if volumes are affected by the XTS master key vulnerability.

The issue was fixed last year in VeraCrypt 1.26.7, but only for newly created volumes. While unlikely even then, the newly added notification ensures that users are informed if one of their encrypted volumes are still affected by the vulnerability.

Installation or upgrade

The new release installs over existing installations. This should not be problematic for most users. A system restore point is created by default during the installation. Note that a restart is required to complete the process. You cannot mount volumes until the final restart.

VeraCrypt 1.26.24 does not mount TrueCrypt volumes anymore. This was the case for last year’s release as well, but is still noteworthy.

If you still have an old TrueCrypt volume, e.g., on a removable drive you have not touched for years, you may want to use an earlier version of VeraCrypt to decrypt the encrypted volume before you encrypt it again using the software.

Note that you may download older VeraCrypt versions from the official project website. VeraCrypt 1.25.9 was the last to support TrueCrypt volumes.

An overview of the changes of VeraCrypt 1.26.14

The update is a bug fix release for the most part. It does come with updated translations and documentation as well as some compatibility improvements on non-Windows systems.

Here is a short list of the most important changes and fixes:

Windows: VeraCrypt Expander: Fix expansion of volumes on disks with a sector size different from 512.
Linux: Enhance ASLR security of generic installer binaries by adding linked flag for old GCC version.
macOS: Fix near zero width PIM input box and simplify wxTextValidator logic.
FreeBSD: Support automatic detection and mounting of ext2/3/4, exFAT, NTFS filesystems.

You can check out the full changelog here. As you can see, it is mostly maintenance related changes and a fix bug fixes.

Closing Words

Still, it is a good idea to upgrade to the new version because of these fixes and the notification if one of the volumes has a vulnerable XTS master key.

Now You: do you use encryption software? Maybe even VeraCrypt? Or do you swear on a different software? Feel free to leave a comment down below!

Mozilla removes Adjust marketing integration from Firefox Mobile

Posted on August 25, 2024August 25, 2024 by Martin Brinkmann

Mozilla has used Adjust in Firefox for mobile products for years for a very specific purpose: to determine if the installation of the mobile browser originated from an advertising campaign.

In other words, Adjust helped Mozilla track conversions of its advertising campaigns. It also send anonymous usage summaries occasionally, according to Mozilla.

Starting in Firefox 129.0.2 for Android and iOS, Adjust appears no longer integrated in the Firefox browser.

When you check Settings > Data Collection after upgrading to the latest version, you will notice that the Adjust option is no longer listed.

Firefox Mobile Adjust Marketing — **Left side**: Firefox with Adjust. **Right side**: Latest Firefox without Adjust

The Marketing data option is no longer available. It allowed Firefox users to enable or disable the sharing of usage data with Mozilla.

Mozilla did not mention the removal in the official release notes. It is therefore unclear why it has been removed, if you just look at the changelog.

Bugzilla listings confirm that this has not been done in error. Bug 1913363, for example, confirms the removal of the “metric service” and the toggle in Firefox. (via Sören Hentzschel)

Closing words

The removal addresses a major issue that some users have with Firefox: that the browser’s defaults are not ideal for a browser that strives to protect the privacy of users.

With Adjust gone, there is one less thing to worry about in this regard.

Which browser do you use on your mobile devices? Why do you use that browser and not another? Feel free to leave a comment down below.