The Windows 7 operating system is still popular. However, due to the lack of security updates, it has become vulnerable to some attacks that do not work on newer operating systems.
Experts recently found a modification of the Trojan Qbot (also known as Qakbot), which uses a DLL substitution technique. It is noteworthy that the calculator in Windows 7 is involved for this.
In the first stage, the virus spreads through email. The victim is sent an HTML file, which then downloads a ZIP archive with a password. Inside it is an ISO image that contains the calc.exe file, two libraries – WindowsCodecs.dll and 7533.dll, and a shortcut with the “.lnk” extension. It pretends to be a PDF file with important data or a file that opens in the Microsoft Edge browser. However, when it is opened, the calculator is launched, which initiates the infection.
The fact is that calc.exe loads the WindowsCodecs.dll library, but if a library with the same name is placed next to the start file, then it will be used. Thus, it is possible to replace a legitimate library with a malicious copy.
Note that this attack only works on Windows 7, since the vulnerability with the library has been fixed in newer OSes.
Microsoft has previously updated Windows 7, Windows 8.1, Windows 10 and Windows 11.
Google releases urgent Chrome update
Google has released an extraordinary update to its proprietary Chrome browser for Windows, macOS and Linux.
Chrome update number 104.0.5112.101 (for macOS and Linux) and 104.0.5112.102/101 for Windows is intended to fix a serious zero-day vulnerability CVE-2022-2856, which was used by attackers in attacks.
Vulnerabilities have been assigned a high severity level. It was discovered by Ashley Shen and Christian Resell of the Threat Intelligence team at Google. The vulnerability allows malicious sites to execute arbitrary code on a user’s computer. This is the fifth zero-day vulnerability in Chrome discovered in 2022.
In addition, the update fixes 10 more security vulnerabilities ranging from “critical” to “medium”.
Google notes that the Chrome update will automatically roll out to users in the coming days/weeks. However, you can install the update manually right away by simply going to the Chrome menu > Help > About Google Chrome.
Android 13 fixes over 150 bugs on Pixel smartphones
Recently, Google unexpectedly released the final version of the Android 13 OS, which became available for Pixel smartphones. And, it seems, the owners of such devices should install it now.
It turned out that in Android 13, the search giant fixed a huge number of bugs that existed in Pixel smartphones. More specifically, the list includes 151 issues that Google has fixed in the update.
In particular, the Pixel 6 and 6 Pro have a much better in-display fingerprint scanner, the slowness of which many have complained about. We also fixed the issue with double-tap to wake up the screen, Always-On Display, auto-brightness, auto-rotate the screen, and more. Users of the new Pixels say that smartphones have simply become faster and more stable.
As a reminder, Android 13 is available for Google models starting with the Pixel 4 line.
iOS has a VPN issue that Apple is aware of but won’t fix
Network security specialist Michael Horowitz reported problems with VPN on iOS. As it turns out, the operating system does not completely pass network traffic through the virtual private network, which is a potential security issue. The manufacturer has known about this for years, but does nothing.
According to the expert, it seems that everything is working, because the third-party VPN provides a new IP address, DNS servers and a tunnel for traffic. However, sessions and connections established before the VPN is enabled do not switch to the encrypted channel, but function in parallel with it.
The problem is confirmed by a report from May 2020, when specialists discovered the same situation. As evidence, Horowitz cited a screenshot where an iPad connected to a VPN transmits data to both its main VPN provider (18.104.22.168) and Apple Push (22.214.171.124). Thus, there is a potential leak that will reveal the user’s real network address, which can lead to problems. Horowitz tested the system with several types of VPNs, including WireGuard, but the problem remained there.
According to Swiss-based Proton, this problem occurred at least in iOS 13.3.1 and remained in newer versions of the system. In theory, connecting through a VPN should close existing connections, but this does not happen.
Later it became known that Apple added a Kill Switch feature to block existing connections, but this feature does not seem to work or only partially works. According to the source, the problem is relevant for those users who live in conditions of total surveillance.
By the way, Proton offered a solution – to manually close all connections before connecting to the VPN, using the “flight mode”. However, it is unlikely that many users do this. But Horowitz has not yet named any specific solution to the problem.
“The sale of SIM cards is really becoming more expensive and meaningless,” MTS will reduce sales of SIM cards and the number of communication stores
MTS President Vyacheslav Nikolaev said that the company plans to move towards reducing sales of SIM-cards, as well as reducing...
The SpaceX Starship interplanetary spacecraft has not yet made a single orbital flight, but the Japanese have already announced the launch of their telecommunications satellite on it
One of Asia’s largest telecoms and pay-TV operators, Japanese company Sky Perfect JSat, has announced that it plans to use...
Hackers cracked the latest Pentagon technology
Hackers at the DEF CON 2022 event in Las Vegas managed to break into a new technology of the US...
Leica D-Lux 7 “A Bathing Ape x Stash” camera introduced
Leica has released a special edition of the D-Lux 7 “A Bathing Ape x Stash” camera, which is priced at...
Phones4 days ago
iOS 16 and iPhone 14 will bring with them a huge amount of advertising
Phones7 days ago
The smartphone market is declining, but Apple does not expect demand for the iPhone to fall and has ordered 90 million units of the iPhone 14
Phones4 days ago
The world’s thinnest smartphone Xiaomi Mix Fold 2 goes on sale in China tomorrow
Electric Cars6 days ago
Revealed jet-powered Zapata JetRacer flying car that flies on kerosene