The issue has been around for at least eight years and affects versions of Windows 10 21H1 and Windows 10 21H2.
Cybersecurity Researcher at SentinelOne discovered dangerous vulnerability in Windows Defender. Its operation allows attackers to find out the places on the system that are excluded from scanning by the anti-virus solution, and place malware there.
According to some users, the problem exists has been at least eight years old and affects versions of Windows 10 21H1 and Windows 10 21H2.
Like any antivirus solution, Microsoft Defender allows you to add locations (local or network) on your systems to exclude from malware scanning. Typically, such exclusions are needed to prevent antivirus software from interfering with the functionality of legitimate applications that are erroneously identified as malware.
Since the list of scan exclusions differs from one user to another, this information is extremely useful for attackers. Criminals can place malicious files in safe places without fear of being detected.
As the information security expert noted, any local user can access the list of locations excluded from scanning by Windows Defender. This information is not protected in any way and running the reg query command reveals all exceptions for scanning, whether they are files, folders, extensions or processes.
According to information security specialist Nathan McNulty problem is present in Windows 10 versions 21H1 and 21H2, but does not affect Windows 11. In addition, the vulnerability allows you to get a list of exceptions from the registry tree with entries that store group policy settings. This information is more sensitive because it provides exceptions for multiple computers.
Vulnerability in Safari could leak browser history and Google account information
Users of Apple devices have encountered a serious vulnerability in a proprietary browser. It allows attackers to access your browser history and some Google account information. The vulnerability exists in Safari 15 on all supported platforms, and even in third-party browsers running on iOS 15 and iPadOS 15, as it is related to the IndexedDB framework, which is used in many browsers to store data. It breaks the same-origin principle, which prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another. As a result, websites with the corresponding code have access to the above information.
Attackers only know the names of the records, not the values. However, this is enough to get the Google username, find the profile picture, and learn more about the user. The history can also be used to build a rudimentary profile of the sites he likes. As stated, the vulnerability cannot be hidden even in private browsing mode.
According to the source, he reported the problem to Apple on November 28, but the company has not yet fixed it with security patches.
Android users can now disable 2G for security
2G networks, like 3G networks, have become obsolete after the arrival first of 4G and later of 5G. However, as things have not been done as well as they should have been, we rely on them for mobile calls (operators without VoLTE) or to connect older IoT devices. For this reason, they have even considered switching off 3G before 2G, thus leaving more room for the development of 4G and 5G.
It is not a new concept, since we have been hearing about it for a long time, but everything was blown up about three years ago when the United States Department of Homeland Security (DHS) detected in Washington the presence of Stingrays, also known as “IMSI catcher”. These devices that connect to the mobile network act as fake repeaters and spy on the information that passes through them.
This includes access to calls, text messages or images sent without encryption. Basically, they force the use of older, outdated and less secure 2G technology to easily intercept communications. In fact, work has been done so that this no longer a problem with 5G since these mobiles will have a Subscription Permanent Identifier (SUPI). This will use the encryption key of the network operator and will allow the mobile to know if an antenna is legitimate.
Is the solution to disable 2G?
The EFF (Electronic Frontier Foundation) speaks of victory after learning that Android will allow you to disable 2G connections on your terminals. This is something that Google introduced at the end of last year and that we had not had much news about. They point out that it is a fantastic option to protect the privacy of users and the EFF applauds that the Internet giant has implemented it on mobile phones with its operating system. Now, the ball is in Apple’s court, which must also do so for the safety of its users.
To give us an idea, 2G is a technology created in 1991, so he is over 30 years old. That makes it have many problems because, in its design and conception, the circumstances and requirements were not the same as now. First of all, it has a very weak encryption between the repeater and the mobile, which allows the interception of the traffic. Second, it does not authenticate with the 2G tower in any way, allowing anyone to impersonate it.
To protect ourselves, the EFF invites us to deactivate 2G. To do this, we will go to Settings > Network and Internet > SIM cards > Allow 2G. By default, the option for our mobile to use 2G networks is activated. His thing would be to disable it, although this possibility would only be present in more modern mobiles such as the Pixel.
The big problem could be loss of coverage or problems making calls. If we live in areas dependent on 2G right now or if our operator does not allow us to make calls with the 4G network, it is possible that the remedy is worse than the disease. However, it will always be good to know that we have this possibility.
Chrome will restrict access to private networks for security reasons
The restrictions will be implemented through the implementation of the Private Network Access specification in the browser in the first half of 2022.
Chrome browser coming soon will start block sites from responding to and interacting with devices and servers on local private networks. The reason is security concerns and known cases of abuse.
The changes will be implemented by rolling out a new W3C specification called Private Network Access (PNA) to the browser in the first half of 2022. The new PNA specification adds a mechanism to Chrome through which sites can ask systems on local networks for permission to establish a connection.
Chrome will start sending a CORS pre-request before any private networks request for a subresource, Google explained. This preflight request is an explicit permission request from the target server. The preflight request will contain the new Access-Control-Request-Private-Network: true header, and the response will also need to contain the Access-Control-Allow-Private-Network: true header.
If local devices (servers, routers, etc.) do not respond, sites will not connect to them.
Since the early 2010s, cybercriminals have realized that browsers can be used as proxies to connect to internal corporate networks. For example, a malicious site may contain code that tries to connect to an IP address like 192.168.0.1, which is the address of most router administration panels.
When users visit such a malicious site, their browsers can automatically query the router without the users’ knowledge, sending malicious code capable of bypassing the router’s authentication and modifying its settings. This type of attack is not only theoretical and is periodically used in practice.
Variants of these attacks can also attack other local systems such as internal servers, domain controllers, firewalls, and even locally deployed applications (via a domain http://localhost or other locally defined domains).
By adding the PNA specification to Chrome and its permission negotiation system, Google intends to prevent such automated attacks.
According to Google, PNA is already shipping with Chrome 96, but full support will roll out this year in two phases to Chrome 98 (early March) and Chrome 101 (late May).
This Telegram feature allows you to store unlimited files online
Highly appreciated by Internet users for the transfer of unlimited files, the Telegram application receives a new very practical service....
The Tesla Cybertruck electric pickup truck will have a “little brother” in miniature form
While Elon Musk and Tesla continue to push back the start of production of the Cybertruck electric pickup truck to...
WhatsApp will soon be able to draw with different strokes
The Meta (former Facebook) team of the popular WhatsApp messenger is working on a new interesting feature for users. In...
Taiwan strives to become self-sufficient in semiconductor equipment
Taiwan President Tsai Ing-Wen told local media that she believes Taiwan can become self-sufficient when it comes to semiconductor equipment,...
News3 days ago
19-year-old hacker claims to have taken control of 25 Tesla cars around the world
Phones3 days ago
The first radical change in the iPhone for many years: iPhone 14 Pro and iPhone 14 Pro Max smartphones will receive a camera with a resolution of 48 megapixels
Phones7 days ago
How to contact TikTok by email, phone and other ways?
How To4 days ago
How to hide programs in Windows without uninstalling