starbuck

Windows 8.1 is now displaying full-screen alerts when logging into the operating system, warning that the OS is reaching the end of support in January 2023 and will no longer receive security updates. The notification was introduced yesterday as part of the Windows 8.1 KB5015874 cumulative update, which includes a new EOSnotify.exe program to display a warning that the operating system will soon be unsupported. "January 10, 2023 is the last day Microsoft will offer security updates and technical support for PCs that run Windows 8.1. We are reaching out now to thank you for your loyalty and help you prepare for what's next," reads the Windows 8.1 notification below. When displaying the notification, users can click on the 'Remind me later' option, which will cause the notification to be shown again in 35 days. Users can also click on the 'Remind me after the end of support date' option to only show the notification after Windows 8.1 reaches the end of support. Clicking on the 'Learn More' link will bring people to a Microsoft.com web page explaining that Windows 8.1 will soon reach the end of support. Microsoft states that the notification will not appear on managed Pro and Enterprise devices, as well as Windows Embedded 8.1 Industry Enterprise and Windows Embedded 8.1 Industry Pro devices. Finally, it is possible to prevent the notification from displaying at all by configuring the 'DiscontinueEOS' value, as shown below. While these alerts may be intrusive, users should upgrade to a newer version of Windows before it reaches the end of support. Not doing so will only cause the operating system to become more vulnerable to exploits, malware, and other bugs that may appear over time. Source: https://www.bleepingcomputer.com/news/microsoft/windows-81-now-shows-full-screen-end-of-support-warnings/

Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. This new malware distribution campaign is dubbed “FakeCrack,” and was discovered by analysts at Avast, who report detecting an average of 10,000 infection attempts every day from its customer telemetry data. Most of these victims are based in France, Brazil, Indonesia, and India. The malware distributed in this campaign is a powerful information stealer that can harvest personal data and cryptocurrency assets and route internet traffic through data-snatching proxies. A Black Hat SEO campaign The threat actors follow Black Hat SEO techniques to rank their malware-distribution websites high in Google Search results so that more people will be tricked into downloading laced executables. The lure seen by Avast is a cracked version of CCleaner Professional, a popular Windows system cleaner and performance optimizer that is still considered a “must-have” utility by many users. The poisoned search results take the victim through several websites that ultimately display a landing page offering a ZIP file download. This landing page is commonly hosted on a legitimate file hosting platform like filesend.jp or mediafire.com. Source and full report: https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user profiles to display interest-based advertisements, DuckDuckGo will use contextual advertisements from partners, like Ads by Microsoft. While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for "accounting purposes" but it is not associated with a user advertising profile. DuckDuckGo also offers a privacy-centric web browser for iOS and Android that promotes many privacy features, including HTTPS-always encryption, third-party cookie blocking, and tracker blocking. "Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data," explains the Apple App Store page for the DuckDuckGo Privacy Browser. DuckDuckGo browser allows Microsoft trackers However, while performing a security audit of the DuckDuckGo Privacy Browser, security researcher Zach Edwards discovered that while the browser blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running. Further tests showed that DuckDuckGo allowed trackers related to the bing.com and linkedin.com domains while blocking all other trackers. In response to Edwards' long thread on the subject, DuckDuckGo CEO and Founder Gabriel Weinberg confirmed that their browser intentionally allows Microsoft trackers third-party sites due to a search syndication agreement with Redmond. Source & full story: https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/

Merry Christmas to everyone.

Save yourself from bugs and other issues and skip the unofficial version. An unfinished build of what is assumed to be Windows 11 leaked online, and people are installing it. Based on early impressions, it looks like Windows users are in for a big overhaul: Screenshots show off an all-new macOS-like desktop layout, a redesigned Windows Explorer interface, new Start menus, and some of the best built-in wallpapers Windows has ever had. Some folks are excited by the changes, others not so much, but it’s safe to say everyone’s at least curious about Microsoft’s still technically unannounced operating system (it’s assumed the upcoming Sun Valley Windows 10 update will be renamed Windows 11). That said, you probably shouldn’t install the leaked Windows 11 update. The reasoning is the same as when we caution against installing beta builds of other operating systems and test apps like Chrome Canary: Windows 11 is unfinished and unstable. The leaked Windows 11 is also technically unofficial, so if you install it and something breaks, Microsoft won’t help you fix it—and something will probably break considering how notoriously buggy official Windows Updates are. Source: https://lifehacker.com/dont-install-the-leaked-windows-11-build-1847115234

Microsoft has released out-of-band non-security updates to fix a know Windows 10 issue causing blue screens when printing to network printers after installing the March 2021 cumulative updates. According to Microsoft, the cumulative updates released today are addressing "an issue that might cause a blue screen when attempting to print to certain printers using some apps and might generate the error, APC_INDEX_MISMATCH." The cumulative updates containing the fix released today are published as optional updates so they will not be installed automatically via Windows Update. To install the updates manually, you have will have to open Windows Update and 'Check for updates.' You’ll then be able to directly click a link to download and install the update or go to the 'Optional updates available' area and pick it from the list. Windows 10 emergency updates released to fix printing crashes

I like to imagine that there’s a sign someplace inside Microsoft’s HQ that tracks the number of days since the company screwed up a Windows update. It’s time to reset the counter to zero — it has now been zero days since Microsoft rolled out a busted update to Windows 10. A new security update is causing blue screens on computers when they attempt to use certain brands of printers, Windows Latest reports. As if printers and Windows updates weren’t annoying enough already, they have now joined forces. The update, known as KB5000802, began rolling out in the past few days. There are a huge number of Windows 10 devices around the world with very diverse hardware, so a few bugs are understandable. However, this update has sysadmins pulling out their hair. There’s a thread on Reddit where admins are trading horror stories and trying to come up with ways to mitigate the problem. As a security update, KB5000802 was installed automatically on many systems. For whatever reason, spooling up printer drivers from Kyocera, Zebra, and others causes the system to crash. Several solutions have been thrown around, but the only surefire way appears to be uninstalling the update, which is available from Settings > Update and Security > Windows Update. You can also enter “wusa /uninstall /kb:5000802” in a command prompt. Although, some PCs might fail to roll back the changes. Microsoft has been repeatedly chastised for its handling of Windows 10 updates, which often install automatically and force a restart. Microsoft gives users some modest controls, but enterprise clients can control more. It’s just that no one expected a minor patch to break printing. I’ve also personally seen the KB5000802 update cause repeated application crashes. Usually, this is where I express a solemn desire that Microsoft gets it together and fixes Windows updates, but I think I’m past hoping. Windows 10 turned five this past year, and Microsoft still rolls out buggy updates on an almost weekly basis. It might be time we accepted this is just how Windows works. There’s so much institutional momentum behind Windows at this point, it may not be possible to make the necessary changes to stabilize and streamline the OS. Yeah, it’s a depressing thought. Source: https://www.extremetech.com/computing/320757-new-windows-10-update-is-causing-blue-screen-crashes

Source: Update Regarding Add-ons in Firefox

At the moment it's 1C here..... but forecast to drop to -4C over the night.

When you install FF ( or any main browser) it'll ask if you want to import any bookmarks from other browsers that you have installed.

I wouldn't use the built in Windows facility or the Windows Update for updating any drivers. If I suspect that a driver needs updating, I'd go to the vendors website and download the drivers from there.

To be honest, I'd leave well alone. How often are you getting blue screens of death? if like most people, they are few and far between...... why worry about it. A long as your system is kept up to date ( including the drivers) you shouldn't really need it. I think the last BSOD that I had was about 2 years ago .... and that was down to a failing hard drive.

Traditional antivirus software has a tough time detecting malware used in the campaign. A new, active campaign is using malware capable of dancing around traditional antivirus solutions in order to empty cryptocurrency wallets. The malware is being used in the DarkGate campaign, a previously undetected hacking operation uncovered this week by enSilo security researchers. According to the team, DarkGate is currently underway in Spain and France, targeting Microsoft Windows PCs by way of torrent files. Torrent files are most commonly associated with pirated content, but the technology itself is not illegal and can be used by consumers and businesses alike to share files of large sizes. In this case, however, the infected .torrent files masquerade as pirated versions of popular television shows and films including The Walking Dead. The DarkGate malware uses a variety of obfuscation techniques to circumvent traditional antivirus solutions. The malware's command-and-control (C2) structure, which allows operators to send commands remotely and for the malware to transfer stolen data, is cloaked in DNS records from legitimate services including Akamai CDN and AWS. By hiding the C2 under the skirts of reputable DNS services, this allows the malware to pass a reputation check when it comes to shady services or bulletproof hosting platforms which have become associated with malware and criminal campaigns. In addition, DarkGate uses vendor-based checks and actions, including a method known as "process hollowing" to avoid detection by AV software. This technique requires a legitimate software program to be loaded in a suspended state -- but only to act as a container for malicious processes which are then able to operate instead of the trustworthy program. DarkGate will also perform a number of checks in an attempt to ascertain whether or not it has landed in a sandbox environment -- used by researchers to analyze and unpack malicious software -- and will perform a scan for common AV systems, such as Avast, Bitdefender, Trend Micro, and Kaspersky. The malware also makes use of recovery tools to prevent files critical to its operation from being deleted. enSilo says that the malware author "invested significant time and effort into remaining undetected," and during testing, it was found that "most AV vendors failed to detect it." When executed, DarkGate implements two User Account Control (UAC) bypass techniques in order to gain system privileges, download, and execute a range of additional malware payloads. These packages give DarkGate the ability to steal credentials associated with a victim's cryptocurrency wallets, execute ransomware payloads, create a remote access tunnel for operators to hijack the system, and also implement covert cryptocurrency mining operations. According to enSilo, the C2 is overseen by human operators who act when they are alerted to new infections related to cryptocurrency wallets by installing the remote access tools necessary to compromise virtual coin funds. Source: Most antivirus programs fail to detect this cryptocurrency-stealing malware | ZDNet

The malware is currently being distributed through the RIG exploit kit. The RIG exploit kit, which at its peak infected an average of 27,000 machines per day, has been grafted with a new tool designed to hijack browsing sessions. The malware in question, a rootkit called CEIDPageLock, has been distributed through the exploit kit in recent weeks. According to researchers from Check Point, the rootkit was first discovered in the wild several months ago. CEIDPageLock was detected when it attempted to tamper with a victim's browser. The malware was attempting to turn their homepage into 2345.com, a legitimate Chinese directory for weather forecasts, TV listings, and more. The researchers say that CEIDPageLock is sophisticated for a browser hijacker and now a bolt-on for RIG has received "noticeable" improvements. Among the new additions is functionality which permits user browsing activities to be monitored, alongside the power to change a number of websites with fake home pages. The malware targets Microsoft Windows systems. The dropper extracts a 32-bit kernel-mode driver which is saved in the Windows temporary directory with the name "houzi.sys." While signed, the certificate has now been revoked by the issuer. When the driver executes, hidden amongst standard drivers during setup, the dropper then sends the victim PC's mac address and user ID to a malicious domain controlled by a command-and-control (C&C) server. This information is then used when a victim begins browsing in order to download the desired malicious homepage configuration. If victims are redirected from legitimate services to fraudulent ones, this can lead to threat actors obtaining account credentials, victims being issued malicious payloads, as well as the gathering of data without consent. "They then either use the information themselves to target their ad campaigns or sell it to other companies that use the data to focus their marketing content," the team says. The latest version of the rootkit is also packed with VMProtect, which Check Point says makes an analysis of the malware more difficult to achieve. In addition, the malware prevents browsers from accessing antivirus solutions' files. CEIDPageLock appears to focus on Chinese victims. Infection rates number in the thousands for the county, and while Check Point has recorded 40 infections in the United States, the spread of the malware is considered "negligible" outside of China. "At first glance, writing a rootkit that functions as a browser hijacker and employing sophisticated protections such as VMProtect, might seem like overkill," Check Point says. "CEIDPageLock might seem merely bothersome and hardly dangerous, the ability to execute code on an infected device while operating from the kernel, coupled with the persistence of the malware, makes it a potentially perfect backdoor." According to Trend Micro, exploit kits are still making inroads in the cybersecurity landscape. RIG remains the most active, followed by GrandSoft and Magnitude. Source: Meet the malware which hijacks your browser and redirects you to fake pages | ZDNet

:up: