Jump to content

Search the Community

Showing results for tags 'spyware'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 31 results

  1. NSO sells its potent iPhone malware to governments, including Mexico and the United Arabs Emirates. But according to a newly released indictment, a disgruntled employee stole the company's code and tried to sell it for $50 million worth of cryptocurrency. NSO Group sells some of the most potent, off-the-shelf malware for remotely breaking into smartphones. Some versions allow a law enforcement or intelligence agency to steal essentially all meaningful data from an iPhone with no interaction from the target. Others just require the victim to click one link in a carefully crafted text message, before giving up their contacts, emails, social media messages, GPS location, and much more. NSO only sells its tools to government agencies, but a newly released, explosive indictment alleges that a company employee stole NSO’s spyware product, dubbed Pegasus, and tried to sell it to non-authorized parties for $50 million worth of cryptocurrency. These capabilities “are estimated at hundreds of millions of [US] dollars,” a translated version of the indictment reads. Several Israeli outlets were the first to report on and upload the indictment. The news shows a danger often highlighted by critics of the malware industry: that hacking tools or exploits typically reserved for law enforcement or intelligence agencies may fall into other hands. Omri Lavie, the co-founder of NSO, told Motherboard in an online chat “no comment.” Ron Deibert, director of the Citizen Lab, Munk School of Global Affairs at the University of Toronto, and which has exposed abuses of NSO's products, told Motherboard in an email "The commercial spyware industry as a whole is new, lucrative and powerful, but also immature, largely unregulated, lacking in professional conduct, and prone to abuse. Theft and illicit sale of powerful surveillance technologies will happen in such circumstances, and provides yet another example of the need for greater regulatory control over the industry." NSO has faced serious controversy for repeatedly providing phone spying tools to governments that went on to abuse them. In Mexico, authorities used NSO’s malware to spy on journalists and human rights activists. In the United Arab Emirates, the government targeted prominent activist and political dissident Ahmed Mansoor with Pegasus. According to Amnesty International, Mansoor was recently given a 10 year prison term. According to the indictment, the unnamed employee started work as a senior programmer at NSO last year. As part of his job, the employee had access to NSO’s product and its source code, the document adds. NSO’s computers have systems in place to stop employees attaching external storage devices to company computers. But the employee searched the internet for ways to disable those protections, turned them off, and then stole a cache of data, the document reads. That cache includes NSO’s product source code, “which allows exposure and a full understanding of how the system operates” and “cyber capabilities.” Shortly before the alleged theft, managers called the employee into a meeting, as the company was considering firing him, the document says. After stealing the bevvy of powerful malware, the employee allegedly took to the so-called dark net to try and sell the code for $50 million in cryptocurrencies such as Monero, Zcash, and Verge, the indictment adds. The document says the defendant created an account on the Mail2Tor email service. The defendant also allegedly searched Google for ways to sell cyber capabilities, and who to sell them to. A potential customer engaged the employee, who was now posing as a hacker that had penetrated NSO’s systems, but reported the attempted sale back to NSO. Then in collaboration with NSO, the customer asked the defendant for more details. Days later, police raided the employee’s apartment, the document adds. The indictment says that the defendant’s alleged actions have harmed the security of Israel, in part, because it could have “caused the collapse of NSO.” John Scott-Railton, a senior researcher also from Citizen Lab, told Motherboard in an online chat that "The concern about proliferation of spyware and exploit tech is not just about sales to paying customers, it's about the potential diversion and theft of the technology." The document says that, during the period relevant to the indictment, NSO employed around 500 workers and its market value was estimated at some $900 million. In May, Reuters reported that US surveillance giant Verint was in talks to buy NSO in a deal worth about $1 billion. Verint did not respond to a request for comment. Francisco Partners, the global equity firm which currently owns most of NSO, did not respond either. "If I were an investor looking at NSO, this case would make me deeply concerned: how much liability would I be exposed to if leaked or stolen code/exploits are used by non-customers are part of an attack?" Scott-Railton added. Update: This piece has been updated to include additional comment. Source
  2. Bitdefender 2018 Build 22.0.12.161 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/77459-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2018 Bitdefender Internet Security 2018 Bitdefender Antivirus Plus 2018 Platform: x86, x64 Version: 22.0.12.161 This version fixes the following issues: Fixed an issue with Active Threat Defense not activating Fixed an issue where the product would show "Last Update Never" Fixed an issue where the offline weekly updates would not detect Bitdefender 2018 Fixed an issue where Google would report SafePay is an outdated browser Fixed an issue where Custom Scans would not be saved after switching to Aggressive Fixed an issue where SafePay couldn't save bank statements(PDF) on hsbc.co.uk The following improvements were included: Wallet's compatibility with several websites Several Improvements to the in-product Support Tool Several interface improvements Various Install Engine optimizations Various SafePay optimizations and security improvements Several Firewall improvements Several Advanced Threat Defense improvements Improved compatibility with upcoming Windows release Several OneClick Optimizer improvements KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2018 22.0.12.161 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2018 22.0.12.161 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2018 22.0.12.161 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Bitdefender 2018 Offline Installation Guide: Bitdefender 2018 AV Plus / Internet Security / Total Security - Standalone Installers [Windows]: 32bit [x86]: https://download.bitdefender.com/windows/desktop/connect/cl/2018/all/bitdefender_ts_22_32b.exe 64bit [x64]: https://download.bitdefender.com/windows/desktop/connect/cl/2018/all/bitdefender_ts_22_64b.exe Bitdefender Agent - 2018 - Universal [Same Agent for AV Plus / IS / TS]: Note: Bitdefender Agent installer supports both x86 & x64 architecture. Note: Bitdefender Agent installer is the same for Antivirus Plus / Internet Security / Total Security. Direct Download: https://flow.bitdefender.net/connect/2018/en_us/bitdefender_windows.exe Install Notes: Precaution Note: If you've already installed older version of Bitdefender[incl. 2017/2016 version], we are sure that you'll lose your settings. Please take note of configuration, settings. whitelisted files and links Download and Install Bitdefender Agent. When it starts downloading the install files, Stop/Close it immediately. Note: Check whether there the Agent is installed only once in "Add/Remove Programs" or "Programs & Features". Note: Check in "Program Files" for folder named "Bitdefender Agent". Now, start installing offline installer and proceed with installation. Note: Please choose respective download link based on architecture x86/x64 for smooth installation. Note: Don't worry about AV Plus/IS/TS. The installer automatically modifies the installation depending on the license you entered. Once installation is done, configure accordingly for best protection and to avoid files from getting deleted. Configure Whitelist files and links if you have any. It is better to keep note of the configured settings for future use. User Guide: Bitdefender Antivirus Plus 2018: https://download.bitdefender.com/resources/media/materials/2018/userguides/en_EN/bitdefender_av_2018_userguide_en.pdf Bitdefender Internet Security 2018: https://download.bitdefender.com/resources/media/materials/2018/userguides/en_EN/bitdefender_is_2018_userguide_en.pdf Bitdefender Total Security 2018: https://download.bitdefender.com/resources/media/materials/2018/userguides/en_EN/bitdefender_ts_2018_userguide_en.pdf Uninstall Tool: Uninstall Tool For Bitdefender 2018 Products: https://www.bitdefender.com/files/KnowledgeBase/file/Bitdefender_2018_UninstallTool.exe NOTE: Bitdefender 2018 Uninstall Tool require KB2999226. If you didn't install, you'll get error "api-ms-win-crt-runtime-l1-1-0.dll" missing. You can download it here - KB2999226 Uninstall Tool For Bitdefender 2017 Products: https://www.bitdefender.com/files/KnowledgeBase/file/Bitdefender_2017_UninstallTool.exe NOTE: Bitdefender 2017 Uninstall Tool require KB2999226. If you didn't install, you'll get error "api-ms-win-crt-runtime-l1-1-0.dll" missing. You can download it here - KB2999226 Uninstall Tool For Bitdefender 2016 Products: http://www.bitdefender.com/files/KnowledgeBase/file/Bitdefender_2016_UninstallTool.exe Uninstall Tool For Bitdefender 2015 / 2014 / 2013 Products: http://www.bitdefender.com/files/KnowledgeBase/file/The_New_Bitdefender_UninstallTool.exe Uninstall Tool For Bitdefender 2012 Products and Earlier: http://www.bitdefender.com/files/KnowledgeBase/file/BitDefender_Uninstall_Tool.exe
  3. Bitdefender 2018 Build 22.0.13.169 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: N/A Update info shared by @boulawan A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2018 Bitdefender Internet Security 2018 Bitdefender Antivirus Plus 2018 Platform: x86, x64 Version: 22.0.13.169 KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2018 22.0.13.169 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2018 22.0.13.169 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2018 22.0.13.169 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Bitdefender 2018 Offline Installation Guide:
  4. Bitdefender 2017 Build 21.0.25.92 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/76152-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2017 Bitdefender Internet Security 2017 Bitdefender Antivirus Plus 2017 Platform: x86, x64 Version: 21.0.25.92 This version fixes the following issues: • Bitdefender Device Management would fail to connect with Windows KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.25.92 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.25.92 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.25.92 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Checksum - 30 May 2017 Offline Installer Update: bitdefender_ts_21_32b.exe (application/octet-stream) - 361535368 bytes MD5: 7953aad2edffcfcb19ed2eb4873627a7 SHA-1: 28c8aacf2aeb45345e8c9cdf34498dd8b0b5e1f0 SHA-256: 2da353fb0074db3fa0fd30c598e90817b3e43a85b4ff2fff9890636e97d1c2c4 SHA-384: c33279fd5c06f9a0e357e1e542a83f2964c84f409c419f59a8144c16fa73af539909b26928285ddf2f68c14702778245 SHA-512: ea2a46c91ebfdeade38d9da8cf53b33f3b1407ea83d18e0b5c20185820510b4c6a00ef4b15746599f9aef3dc34039c8f352ee1a32c052e5c3c1552a281c749ae bitdefender_ts_21_64b.exe (application/octet-stream) - 387255184 bytes MD5: f9cf114359ad76ad95216b43b722a016 SHA-1: 24c67202d6a92d488111aca6952b5b3d2d0a9822 SHA-256: 607999fb8be6a6d3322922548007258d19bdd2e046812ad47bde3186f66801ef SHA-384: a0597b34674815703d3ba192582e297fdbe830bed3faff85ddb1e295879390e5b1d6a2339986fae9a401d13affdd27ac SHA-512: d82fe9b728c14dd3685d52fff2d2e58acaf522f4e71a60cb36b95dda178348f60448b47509ebee5782d1f5cb12d6ff4237b404bc8f1fb024dcf976badd3717ea Bitdefender 2017 Offline Installation Guide:
  5. Bitdefender 2017 Build 21.0.25.84 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/75881-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2017 Bitdefender Internet Security 2017 Bitdefender Antivirus Plus 2017 Platform: x86, x64 Version: 21.0.25.84 This version fixes the following issues: • Rare issue where the Virus Shield would report a invalid current state 0 • Rare issue where the interface would go transparent while connected via RDP • Firewall crash caused by late BFE startup • Widget not saving its position after reboot The following improvements were included: • Added support for Korean and Vietnamese • Product interface fixes and improvements • Interface functionality • Rescue mode changed to Rescue Environment under Windows 10 • SafePay's ability to handle foreign languages • FileShreder engine functionality • Event engine functionality • Update engine functionality • Agent's functionality • Wallet's compatibility with several websites • Wallet's ability to handle browser extensions • Product stability KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.25.84 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.25.84 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.25.84 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Bitdefender 2017 Offline Installation Guide:
  6. Bitdefender 2017 Build 21.0.25.80 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/75881-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2017 Bitdefender Internet Security 2017 Bitdefender Antivirus Plus 2017 Platform: x86, x64 Version: 21.0.25.80 This version fixes the following issues: • Rare issue where the Virus Shield would report a invalid current state 0 • Rare issue where the interface would go transparent while connected via RDP • Firewall crash caused by late BFE startup • Widget not saving its position after reboot The following improvements were included: • Added support for Korean and Vietnamese • Product interface fixes and improvements • Interface functionality • Rescue mode changed to Rescue Environment under Windows 10 • SafePay's ability to handle foreign languages • FileShreder engine functionality • Event engine functionality • Update engine functionality • Agent's functionality • Wallet's compatibility with several websites • Wallet's ability to handle browser extensions KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.25.80 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.25.80 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.25.80 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Bitdefender 2017 Offline Installation Guide:
  7. Google and Lookout researchers published a report today revealing the activities of a new Android malware family, which they believe to be the Android counterpart of the Pegasus iOS spyware. After surfacing in 2016, the Pegasus spyware made headlines around the world after it was discovered that this wasn't your ordinary malware but a cyber-surveillance toolkit sold by an Israeli company called NSO Group. Similarly to Italian surveillance vendor HackingTeam, the NSO Group developed Pegasus and sold it to governments and law enforcement agencies across the world, even in countries with dictatorial regimes, where it was used to track down dissidents and journalists. At the time, Pegasus was the most advanced iOS malware ever discovered, using several iOS zero-days to infect and collect data from a victim's iPhone. Initial Pegasus investigation moved to Android ecosystem That investigation, spearheaded by security researchers from Lookout and Citizen Lab, continued after the publication of their Pegasus report. During the fall, as Apple was patching the zero-days used by Pegasus, Lookout researchers reached out to Google and sent over a list of suspicious apps, they thought to be connected with Pegasus and the NSO Group. An investigation from Google revealed a new Android malware family named Chrysaor, very similar to Pegasus. Chrysaor features included: Keylogging features Ability to silently answer phone calls and listen in on conversations (Users see a black screen and if they unlock the phone, the phone call is dropped immediately) Ability to take screenshots of the user's screen Ability to spy on users via the front and rear cameras Usage of the ContentObserver framework to gather any updates to apps such as SMS, Calendar, Contacts, Cell info, Email, WhatsApp, Facebook, Twitter, Kakao, Viber, and Skype Ability to collect data such as SMS settings, SMS messages, call logs, browser history, calendars, contacts, and emails Ability to steal messages from apps such as WhatsApp, Twitter, Facebook, Kakoa, Viber, and Skype Usage of alarm functionality to repeat malicious actions at certain intervals Ability to install itself in the /system folder to survive factory resets Ability to sabotage the phone's self-update features Ability to disable WAP push messages to hinder forensics operations Ability to delete itself when instructed or when the C&C server goes dormant Most of these features could be turned on by both an HTTP request from one of the attacker's C&C servers, but also via an SMS message. Chrysaor was by far the most sophisticated threat researchers encountered. In fact, researchers said Chrysaor was far more complex and full of features when compared to Pegasus. Chrysaor used in targeted attacks Just like Pegasus, Chrysaor was used in a small number of attacks, a clear sign this is an advanced tool deployed only by a few groups in targeted attacks, and not something me and you will ever come across. While the victims are unknown, Google said it identified at least three dozen users infected with Chrysaor. All of them got infected because they installed an app via a third-party app store. Using Android's Verify Apps feature, Google intervened and disabled the apps on the victims' phones. From the samples they found, Google and Lookout researchers say these apps appear to have been compiled in 2014, meaning there's likely more victims than the current headcount, most of which they'll never be able to identify. Most of these victims most likely switched or upgraded phones, and their trail was lost. Based on current data, the vast majority of Chrysaor victims were located in Israel, Georgia, Mexico, and Turkey. Security researchers always knew there was an Android version of Pegasus, based on NSO Group brochures, but until now, they were never able to discover a sample and study its behavior. The NSO Group, which is a licensed cyber-arms dealer, has remained quiet to all accusations of selling surveillance tools to oppressive regimes. The full technical report on Chrysaor is available here. Source
  8. Within days of Congress repealing online privacy protections, Verizon has announced new plans to install software on customers’ devices to track what apps customers have downloaded. With this spyware, Verizon will be able to sell ads to you across the Internet based on things like which bank you use and whether you’ve downloaded a fertility app. Verizon’s use of “AppFlash”—an app launcher and web search utility that Verizon will be rolling out to their subscribers’ Android devices “in the coming weeks”—is just the latest display of wireless carriers’ stunning willingness to compromise the security and privacy of their customers by installing spyware on end devices. The AppFlash Privacy Policy published by Verizon states that the app can be used to “collect information about your device and your use of the AppFlash services. This information includes your mobile number, device identifiers, device type and operating system, and information about the AppFlash features and services you use and your interactions with them. We also access information about the list of apps you have on your device.” Troubling as it may be to collect intimate details about what apps you have installed, the policy also illustrates Verizon’s intent to gather location and contact information: “AppFlash also collects information about your device’s precise location from your device operating system as well as contact information you store on your device.” And what will Verizon use all of this information for? Why, targeted advertising on third-party websites, of course: “AppFlash information may be shared within the Verizon family of companies, including companies like AOL who may use it to help provide more relevant advertising within the AppFlash experiences and in other places, including non-Verizon sites, services and devices.” In other words, our prediction that mobile Internet providers would start installing spyware on their customers’ phones has come true, less than 48 hours after Congress sold out your personal data to companies like Comcast and AT&T. With the announcement of AppFlash, Verizon has made clear that it intends to start monetizing its customers’ private data as soon as possible. What are the ramifications? For one thing, this is yet another entity that will be collecting sensitive information about your mobile activity on your Android phone. It’s bad enough that Google collects much of this information already and blocks privacy-enhancing tools from being distributed through the Play Store. Adding another company that automatically tracks its customers doesn’t help matters any. But our bigger concern is the increased attack surface an app like AppFlash creates. You can bet that with Verizon rolling this app out to such a large number of devices, hackers will be probing it for vulnerabilities, to see if they can use it as a backdoor they can break into. We sincerely hope Verizon has invested significant resources in ensuring that AppFlash is secure, because if it’s not, the damage to Americans’ cybersecurity could be disastrous. Verizon should immediately abandon its plans to monitor its customers’ behaviors, and do what it’s paid to do: deliver quality Internet service without spying on users. By Bill Budington and Jeremy Gillula and Kate Tummarello @EFF https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans
  9. Bitdefender 2017 Build 21.0.24.62 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/75587-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2017 Bitdefender Internet Security 2017 Bitdefender Antivirus Plus 2017 Platform: x86, x64 Version: 21.0.24.62 This version brings the following changes: Changes in the product's structure to protect from "Double-Agent" reported by Cybellum. KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.24.62 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.24.62 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.24.62 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Checksum - 30 Mar 2017 Offline Installer Update: bitdefender_ts_21_32b.exe (application/octet-stream) - 392912632 bytes MD5: 1537688f08598f05d31ab9f235b19825 SHA-1: 0d9301ff5f322e274f5899a91921262f84ad3bac SHA-256: e84449c5e99689eddb29b170d5b7e8cde8ba718c3ce54fb230f84a728b2feeb9 SHA-384: ad46ea34e7dbcb6f323cb3b5d7d713de808d6e8d631849a8b5f0a973907b56fd3c3a6db07f1cfad2a70194f131f5779a SHA-512: ffc4fbc721aeff9f661b2a9900783269069a8ba6fa11066238abf94c1013b8b35d537cf60080fe6329441ba11aa2ac5b0a6a23302c729e02091d082e0ec7e586 bitdefender_ts_21_64b.exe (application/octet-stream) - 434606552 bytes MD5: edfa84262e439dc17cef98e230717287 SHA-1: fd3ad69af01073ad8155b08ec2a64a695be50af9 SHA-256: 3d933d5353a98b9e85bbcb0be26decef25a858583eedab62afac43dae877f84a SHA-384: 382617dce692a3096982ae8f1f35f2d6f8bccaef4e6e6bb27070a443801c5d883866b3f3d8ef7a6c5d9c657f1b16eae6 SHA-512: 536ff2cc7d5f35ae8a43de93d96473892963b02b0735429c904f6c38bf53681c28cec5b42eda7d0bcea79a2481f377bbda63fe250f71d5fb7692ee093564137f Bitdefender 2017 Offline Installation Guide:
  10. Bitdefender 2017 Build 21.0.24.54 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: Yet to be Updated KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.24.54 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.24.54 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.24.54 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Checksum - 10 Mar 2017 Offline Installer Update: bitdefender_ts_21_32b.exe (application/octet-stream) - 391676120 bytes MD5: a66d418e7b88e99e16a6e0e4d6b39344 SHA-1: 7c0fc6a890d533a2ca1280afe748458d5fc409f1 SHA-256: 2b7b052f3f94f6172176d53c2d1ec58ab5f82d0170bbb722ff407f34860d8c3a SHA-384: 79cc8deb7b4756bfe37e692bcc44a3721a0391dac0e51146ff201c6bfa1b23ed649d5a6fd7849b65a9f2c04b4ec2b517 SHA-512: 06acde22d638d1effeda481c4808839fcc629bef6db71ee6f9ae2da1370e89fc895e1b31f7251f07b3e09ee1e4ae320494fff82d3b221baaea1fd95664aa59a1 bitdefender_ts_21_64b.exe (application/octet-stream) - 433246512 bytes MD5: 9591493ba9892384737795c8740ef668 SHA-1: 2339248747187c83401865dfd4a8f70783044b23 SHA-256: e3fead4b4b98819ed1ad71de046b6bd91ca3677c2fc5229bf00911727cd20b3e SHA-384: f0cf9c8ea055f1402225be630b25fdf113a1ec556eb102999be0d46d2339cac7fb0fc15780efb2364258e14664a01066 SHA-512: 346e3b2b8d213df5cfd822dae2fc564bf8f40b6d2ac5f72fd9a43efcd7f97da93f65bbebafad55c559d4d6bdd88e012d466317842739e90006cff6a85008cecd Bitdefender 2017 Offline Installation Guide:
  11. Over 600 GB have already been siphoned from over 70 victims A highly sophisticated malware which allows hackers to get their hands on sensitive data and eavesdrop on victims' networks is targeting businesses in Ukraine. According to threat intelligence firm CyberX, this new operation has already managed to siphon over 600 gigabytes of data from about 70 victims, all of them businesses from various areas of work, including news media and scientific research, but also critical infrastructure. "Operation BugDrop" is the name that was given to this malware campaign that is mainly targeting victims in the Ukraine, as well as Russia, Austria, and Saudi Arabia. The perpetrators are unknown at this point, but given the details of the operation that have been uncovered so far, they may be government-backed with plenty of resources. "Operation BugDrop is a well-organized operation that employs sophisticated malware and appears to be backed by an organization with substantial resources. In particular, the operation requires a massive back-end infrastructure to store, decrypt and analyze several GB per day of unstructured data that is being captured from its targets. A large team of human analysts is also required to manually sort through captured data and process it manually and/or with Big Data-like analytics," reads the blog post detailing the operation. What does it do? The malware was designed specifically to infiltrate the victim's computer, grab screenshots, collect documents and passwords, and more importantly, turn on the PC's microphone to capture audio recordings of all conversations taking place around the infected device. As many other malware, this one gets to its victims via malicious Microsoft Word documents sent in phishing emails. The documents contain malicious macros embedded, which are normally turned off unless the user expressly tells the computer to go ahead and run the macros. Once the malware is deployed, the computer sends all the data to Dropbox, from where hackers retrieve it. This is a particularly well-thought-out plan since most organizations don't monitor Dropbox data flux. The detection rates for this malware are quite low due to several aspects. On the one hand, the malware makes the audio data look like it's legitimate outgoing traffic. Then, BugDrop also encrypts all DLLs that are installed in order to avoid detection. Also, the malware uses public cloud service Dropbox for its activities, which isn't something that's normally monitored by network admins. What's also interesting about BugDrop is that it uses Reflective DLL Injection, which is a technique that was used against Ukraine in the past. For instance, the BlackEnergy malware that was used to attack the country's power grid employed the same technique, and so did the malware used in the Stuxnet attacks against Iranian nuclear facilities. "We have no evidence that any damage or harm has occurred from this operation, however identifying, locating and performing reconnaissance on targets is usually the first phase of operations with broader objectives," the security experts write. Credit: http://news.softpedia.com/news/operation-bugdrop-targets-ukrainian-businesses-turns-mics-into-spying-gear-513142.shtml
  12. Bitdefender 2017 Build 21.0.23.1101 Overview: The Bitdefender proprietary technologies, based on innovative ideas and leading trends in the information security industry, continue to be internationally recognized as the best Internet security software. The independent organizations which reward BitDefender outstanding results through numerous prizes and certifications are: Av-Test.org, Virus Bulletin, ICSA Lab, Checkmark, PC World Top 100, just to name but a few. Homepage: https://www.bitdefender.com/ Changelog: https://forum.bitdefender.com/index.php?/topic/74787-latest-changelog/ A new Bitdefender Classic Line product update has been released with the following details: Affected software: Bitdefender Total Security 2017 Bitdefender Internet Security 2017 Bitdefender Antivirus Plus 2017 Platform: x86, x64 Version: 21.0.23.1101 This version fixes the following issues: Fixed a crash caused by the Update module Fixed a rare crash caused by SafePay Fixed a issue with the Firefox extension signatures Fixed a issue causing the Bitdefender window to shift to the right Fixed a issue causing the Wallet to prompt for the account on the same browser session Fixed a issue where the Agent failed to stop Fixed a issue where the Wallet would display empty lists when scrolling down the menu Fixed a rare crash causing vsserv to crash Fixed a crash caused by SafePay Fixed a crash caused by the Agent Fixed a issue causing the Agent not to deploy properly Fixed a issue where the Custom Scan would not start at the proper time Fixed a issue where the email archives would be purged from the Quarantine Fixed a rare issue causing the Uninstaller to crash Fixed a issue where the Security Report would show the improper period Fixed a issue where the product would revert the default language to English after a repair Fixed a issue where SafePay would not keep the zoom settings from the previous session Fixed a issue causing SafePay to be unable to open PDF files The following improvements were included: The product now complies with the Microsoft DSA requirements Several improvements to the install engine Improved repair process Several improvements to the On-Access engine Product interface fixes and improvements Improved SafePay's functionality Several improvements to the product's self-defense mechanism Improved the way the Support Tool gathers Bitdefender related information Improvements to the Firewall engine Improved Wallet's compatibility with several websites Added support for the polish language Some improvements to the event engine Improved the way the product handles remote tasks (example : system scan from Central) Improved the way the product integrates with the Windows start-up process Some improvements to the Update engine KB is unavailable at this time. Downloads: Online Installers: Bitdefender Antivirus Plus 2017 21.0.23.1101 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_antivirus.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_antivirus.exe Bitdefender Internet Security 2017 21.0.23.1101 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_isecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_isecurity.exe Bitdefender Total Security 2017 21.0.23.1101 Online: https://download.bitdefender.com/windows/installer/en-us/bitdefender_tsecurity.exe XP | Vista: https://download.bitdefender.com/windows/installer/en-us/xp-vista/bitdefender_tsecurity.exe Offline Installers and Install Guide: Checksum - 19 Jan 2017 Offline Installer Update: bitdefender_ts_21_32b.exe (application/octet-stream) - 386983608 bytes MD5: 0444b93b3942f8f08a3cace4915290b3 SHA-1: d868a81dd02632716216671da19b928bc20fe91c SHA-256: f9f6c543d7e31c3289f43e0e9f85e279c0825a3df66eb7639ba496ba49535189 SHA-384: d5e643be48251de5dd77bb52318b6e1028668161630e51b1d1695864b52c469b3af02ff04e05c4d7ae3c2c89e026b8aa SHA-512: b612ff33eb172ff7ce2978399fc706aa91fee712124ed7a91c17bf52c183a1aeda1901c2558945462271e44261b2e86187b27082fb5b35f4363f4ede78fb5474 bitdefender_ts_21_64b.exe (application/octet-stream) - 428227776 bytes MD5: d9640741f295a8f4830b193108a164f6 SHA-1: 81906a9ade33889f2ccb1c2c0b2e0939ff1fe9ef SHA-256: c225869fd8175ccd8dfa1c9226ed466ec3795c5049dfed5e99e2cfaa871e47f2 SHA-384: 0057846870499ceb5407a81a8ff883c1f46c18afcc911b277b8f68ef02c1dff3f1cba479e9a5b61fe2a033de6c273e02 SHA-512: b0211315a8418fa7115a354db61b50a73d522ef3b6404f7cfd6cf0e7651b987dd9656fe8db9d680ee31f93048f1f5bcd47dccb34f42cf174a9e8a62597b3bc25 Bitdefender 2017 Offline Installation Guide:
  13. A group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team. On Monday, researchers released a technical report on a new type of Android malware designed to surreptitiously record video and audio, turn the GPS on and off, steal data from the phone and take screenshots, among other functions—”run-of-the-mill, boring, commercial spyware junk,” as one of the researcher put it in the report. Read more: Watch How Government Spyware Infects a Computer in This Leaked Demo Video What’s interesting is that the researchers said the spyware infected a victim working for a government, and they suspected it was made by Hacking Team. But in reality, the spyware was likely made by another Italian company, who hasn’t gotten much public attention yet. The prime suspect, Motherboard has learned, is a small startup based in Naples called Raxir. The spyware contacts a command and control server that uses an SSL digital certificate that contains the string Raxir in it. Raxir is a surveillance firm that is housed at the “Citta’ Della Scienza” in Naples, a tech startup incubator. According to the company’s page on the incubator’s website, Raxir was founded in 2013 and produces software systems to support legal and intelligence investigations. The company wrote in that page that it has customers in government and law enforcement, and that the use of its software is “reserved” for those entities, “at the moment” within Italy. (Raxir did not answer to a request for comment sent to its public email address.) Two former Hacking Team employees, who reviewed the report for Motherboard, said they were certain the malware wasn’t from their former company. “The sample has nothing to do with Hacking Team,” said another source, a security researcher with experience analyzing the company’s malware, who requested anonymity. “It’s structurally different from the ones attributed to Hacking Team and doesn’t share any part of the code.” Bill Marczak, a researcher at Citizen Lab, a digital rights watchdog at the University of Toronto's Munk School of Global Affairs, agreed that this sample is almost certainly not from Hacking Team. Marczak said in an online chat that the the spyware’s infrastructure isn’t linked to Hacking Team’s, which he has been tracking for months. Marczak also scanned the internet for traces of Raxir and found another server, whose digital certificate contains the string: “ProcuraNapoliRaxirSrv.” “The Procura di Napoli” is Naples’ office of the prosecutor, presumably a customer of Raxir. Tim Strazzere, the independent researcher who analyzed the malware, said he couldn’t reveal who was targeted by it, but he or she works for a government, and there’s an ongoing criminal investigation into the incident. More than a year after the devastating attack on Hacking Team, which exposed practically all the company’s internal emails, as well as the source code of its tools, new companies are popping up to fill the void. Raxir is just another one of those, and just like Hacking Team, and another little-known firm called RCS Lab, it’ based in Italy. As one Italian security researcher once jokingly tweeted: “Italy: Spaghetti, Pizza, and Spyware.” Article source
  14. Microsoft Security Bulletins November 2016 Microsoft Security Bulletins November 2016 offers an overview of all security and non-security patches for Windows and other Microsoft products. Yes, it is this time of the month again. Microsoft just released updates for all client and server versions of Windows and other company products. Our Microsoft Security Bulletins November 2016 provides you with information so that you can prioritize updates for deployment, or find out what they do before installing them. The overview begins with an executive summary that highlights the most important bits of information. It is followed by the operating system and other Microsoft product distribution that lists products and the number of security updates and their severity. This is followed by the list of security bulletins, security advisories and updates, and non-security updates released in the past 30 days. The last part details how to download these updates. It offers direct update download links that point to Microsoft's Update Catalog, and reference links that you can load for additional information and research. Microsoft Security Bulletins November 2016 Executive Summary Microsoft released 14 security bulletins on the November 2016 Patch Day. 6 of the bulletins are rated with a severity rating of critical, the remaining 8 with a rating of important. All client and server versions of Windows are affected by at least one critically rated bulletin. Microsoft published updates for Microsoft Edge, Microsoft SQL Server, Office and other Microsoft products as well. Operating System Distribution Windows 8.1 and 10 are affected by more vulnerabilities than Windows 7 and Vista on the client side. This is explained by the security update for Adobe Flash MS16-141 which is released for Windows 8.1 and 10 only, and MS16-129, the cumulative security update for Microsoft Edge. The new Windows Server 2016 is affected by MS16-130 and Ms16-131 critically, while previous versions of Windows Server are either not affected at all, or only with important severity. Windows Vista: 2 critical, 6 important Windows 7: 2 critical, 6 important Windows 8.1: 3 critical, 7 important Windows RT 8.1: 1 critical, 7 important Windows 10: 4 critical, 7 important Windows Server 2008: 1 critical, 6 important Windows Server 2008 R2: 1 critical, 6 important Windows Server 2012 and 2012 R2: 6 important, 2 moderate Windows Server 2016: 2 critical, 5 important Server core: 8 important Other Microsoft Products Microsoft Office 2007, 2010, 2013 and 2016: 1 important Microsoft Office 2013 RT: 1 important Microsoft Office 2011, 2016 for Mac: 1 important Microsoft Office Compatibility Pack Service Pack 3: 1 important Microsoft Excel Viewer: 1 important Microsoft PowerPoint Viewer: 1 important Microsoft SharePoint Server 2010, 2013: 1 important Microsoft Office Web Apps 2010, 2013: 1 important SQL Server 2012 Service Pack 2, Service Pack 3: 1 important SQL Server 2014 Service Pack 1, Service Pack 2: 1 important SQL Server 2016: 1 important Security Bulletins Red = critical MS16-129 -- Cumulative Security Update for Microsoft Edge (3199057) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. MS16-130 -- Security Update for Microsoft Windows (3199172) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application. MS16-131 -- Security Update for Microsoft Video Control (3199151) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. MS16-132 -- Security Update for Microsoft Graphics Component (3199120) This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. MS16-133 -- Security Update for Microsoft Office (3199168) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. MS16-134 -- Security Update for Common Log File System Driver (3193706) This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. MS16-135 -- Security Update for Windows Kernel-Mode Drivers (3199135) This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. MS16-136 -- Security Update for SQL Server (3199641) This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. MS16-137 -- Security Update for Windows Authentication Methods (3199173) This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. MS16-138 -- Security Update to Microsoft Virtual Hard Disk Driver (3199647) This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability. MS16-139 -- Security Update for Windows Kernel (3199720) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. MS16-140 -- Security Update for Boot Manager (3193479) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy. MS16-141 -- Security Update for Adobe Flash Player (3202790) This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. MS16-142 -- Cumulative Security Update for Internet Explorer (3198467) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Security advisories and updates KB3201860 -- MS16-128: Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 8 Embedded Standard, and Windows Server 2012 Non-security related updates Cumulative updates not yet published on the update history pages. Will update the article as soon as that happens. KB3197867 -- November, 2016 Security Only Quality Update for Windows 7 and Server 2008 R2 Security updates to Microsoft Graphics Component, kernel-mode drivers, Microsoft Video Control, Common Log File System driver, Windows authentication methods, Windows operating system, Windows File Manager, Windows registry, OpenType, Internet Explorer 11, and Windows Component. KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 Support page MIA. No information other than the security updates that it includes. KB3197873 -- November, 2016 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 Support page MIA. See KB3197867 above for list of updates. KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2 Support page MIA. No information KB3200970 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Addressed issues that prevented users from connecting to virtual private networks (VPNs). Improved reliability of Internet Explorer, Remote Desktop and multimedia audio. Fixed a system tray issue in regards to WiFi connections not showing up. Fixed unnamed issues in various Windows components including Microsoft Edge, Internet Explorer 11, Remote Desktop, Active Directory, Windows shell, enterprise security and more. Security updates for a number of Windows components including Boot Manager, kernel-mode drivers, Edge, IE11, Microsoft Video Control and more (as outlined in the Security Bulletins section above). KB3197954 -- Cumulative Update for Windows 10 Version 1607 and Windows Server 2016 Improved reliability of many components including Windows kernel, Internet Explorer 11, Start, File Explorer, graphics. Fixed crash in System Center Operations Manager (SCOM). Fixed connectivity issues in Remote Desktop Gateway. Addressed updates restoration issue when doing system resets. Fixed an issue that caused domain logons to fail after upgrading from Windows 10 Home to Pro. The HTTP Strict Transport Security (HTST) preload list was updated. Addressed unnamed issues affecting USB, Wi-Fi, Bluetooth, Windows kernel, Microsoft Edge, Internet Explorer 11, PowerShell, and more. Check out the support article linked above for a full rundown. KB2976978 -- Update for Windows 8.1 -- Compatibility update for keeping Windows up-to-date in Windows 8.1 and Windows 8 -- This update performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program KB3199375 -- Update for Internet Explorer -- FIX: "Do you want to open this file" error message after you apply security update 3185319 KB3200006 -- Update for Internet Explorer -- System Center Operations Manager Management Console crashes after you install MS16-118 and MS16-126 KB3192321 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2 -- Turkey ends DST observance KB3192403 -- October, 2016 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2 KB3192404 -- October, 2016 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 KB3192406 -- October, 2016 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012 KB3198591 -- Update for Windows 7 and Windows Server 2008 R2 -- Windows Server 2008 R2 domain controller crashes when two threads use the same LDAP connection How to download and install the November 2016 security updates Windows 7, 8.1 and 10 users get so-called monthly rollup releases. On Vista, individual patches are made available. Windows users can download and install the patches via Windows Update: Tap on the Windows-key, type Windows Update and hit the Enter-key. If the update check is not performed automatically, click on "check for updates" on the page that opens. Updates that are found may be installed automatically, or displayed to the user instead for manual selection. Updates are also made available on Microsoft's Download Center, as monthly security releases, and through the Microsoft Update Catalog. Direct Microsoft Update Catalog download links: Windows 10, Windows Server 2016 KB3200970 -- Cumulative Update for Windows 10 Version 1607 KB3197954 -- Cumulative Update for Windows 10 Version 1607 Windows 8.1, Windows Server 2012 R2 KB3197874 -- November, 2016 Security Monthly Quality Rollup for Windows 8.1 and Server 2012 R2 KB3197873 -- November, 2016 Security Only Quality Update Windows 7, Windows Server 2008 R2 KB3197868 -- November, 2016 Security Monthly Quality Rollup for Windows 7 and Server 2008 R2 KB3197867 -- November, 2016 Security Only Quality Update Additional resources Microsoft Security Bulletin Summary for November 2016 List of software updates for Microsoft products List of security advisories of 2016 Microsoft Update Catalog site Our in-depth update guide for Windows Windows 10 Update History Windows 8.1 Update History Windows 7 Update History Source
  15. The moment your computer connects to the internet, it becomes susceptible to a myriad of attacks like malware infection, hacking or others. On top of that, some websites also try to track down your web browsing patterns in order to make offers to you based on the collected data. There seems to be no escape from this situation no matter how many different tools you try. Now a new software called the BlackFog Privacy has come to the front of this ongoing battle to preserve the PC security and privacy. The BlackFog Privacy software can be used to monitor the network traffic, delete some of the cookies stored by various web browsers as well as the browser cache in order to boost the level of privacy. This software also makes sure that you stay protected from various forms of the malicious programs like ransomware, trojans, spyware in addition to the programs that could be collecting user generated data for their tracking services. The main window of the BlackFog Privacy shows you a basic overview of your system’s status – how much of the forensic data is present on your PC, how many devices are connecting to your PC, the network status and the telemetry report, and more. All of this data is presented graphically so that you can easily see which actions are required to secure your PC. You can obviously change the settings related to network traffic, forensic data removal, and the privacy system settings. It also shows the privacy score of your PC based on the various settings. According to the BlackFog Privacy software web site, it protects your PC from 26 million different malware, ransomware and spyware. This makes it a good antivirus product in itself. When you decide to remove the forensic data from your PC, it uses the popular DoD algorithm that repeatedly overwrites files with randomly generated data making it impossible to recover them later. http://www.blackfog.com/blackfog-privacy-2-5-real-time-network-protection-ransomware-spyware-malvertising/ Conclusion: BlackFog Privacy is a security software for PC that offers improvement in privacy, protection from malware and monitoring of network traffic to see all the connections made to or from your PC. Download BlackFog Privacy Article source
  16. Spyware Sold to Governments Behind Recent iOS Zero-Days Apple fixes three zero-days used by Pegasus spyware According to the two organizations, the zero-days were part of a software suite called Pegasus, developed and sold by Israeli company NSO Group to governments around the world, which deployed it against targets of interest. Pegasus, described as surveillance software developed for law enforcement agencies, is nothing different from spyware developed and sold on underground hacking forums. Governments, security vendors, and news agencies knew of Pegasus and NSO's existence for many years, but the company has always been outshined by its more powerful competitors, Gamma Group, which sells FinFisher, and HackingTeam which sells the RCS surveillance package. Apple patched zero-days that enabled Pegasus spying features Apple released a fix today to address Pegasus features that allowed it to spy on iOS users without them ever being aware. These features were powered by three zero-days that allowed a remote attacker to compromise iOS devices by fooling a victim into accessing a malicious website. Once the zero-day exploit code was executed, the attacker would use the Pegasus software to control the victim's iPhone or iPad. According to Lookout, the attackers had full control over the device, and could exfiltrate data, listen on conversations via the microphone, detect the user's GPS position, follow IM conversations, and many more others. Zero-Day Description Exploit Capability CVE-2016-4655 Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing him to calculate the kernel’s location in memory. An application may be able to disclose kernel memory CVE-2016-4657 Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to silently jailbreak the device and install surveillance software. An application may be able to execute arbitrary code with kernel privileges CVE-2016-4658 Memory Corruption in Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link. Visiting a maliciously crafted website may lead to arbitrary code execution "Pegasus is the most sophisticated attack we’ve seen on any endpoint because it takes advantage of how integrated mobile devices are in our lives and the combination of features only available on mobile," the Lookout team explained. A further, in-depth analysis of Pegasus also revealed traces of a kernel mapping table that has values that target previous iOS version, way back to iOS 7, meaning the spyware was used for years without being detected until this past month. Meet Ahmed Mansoor, the most spied on activist in the world One of the people targeted with Pegasus, and the one that detected something wrong and led to the discovery of the three zero-days, was Ahmed Mansoor, a human rights activist from the United Arab Emirates (UAE). Coincidentally, Mansoor was also targeted in the past with both FinFinsher and RCS spyware. As such, he was able to quickly recognize a phishing lure he received via SMS, which promised new details about torture practices in the UAE. Mansoor forwarded the SMS messages to Citizen Lab, an investigative interdisciplinary laboratory at the Munk School of Global Affairs at the University of Toronto, Canada, specialized in political cyber-espionage. Pegasus software also sold to Mexico and Kenya Recognizing the sophisticated campaign behind this SMS message, Citizen Lab brought in Lookout to investigate the technical side of the attack. Lookout discovered the three zero-days, while Citizen Lab connected the zero-days to the Pegasus software and the NSO Group, an Israeli company bought by US firm Francisco Partners in 2014. Citizen Lab tracked down the Pegasus software and discovered export licenses for various governments. The organization tied NSO's Pegasus suite used against a Mexican journalist who uncovered corruption by Mexico's President, and a few attacks against unknown targets in Kenya. "While these spyware tools are developed in democracies, they continue to be sold to countries with notorious records of abusive targeting of human rights defenders," the Citizen Lab team explains. "Such sales occur despite the existence of applicable export controls." Lookout provides a technical look at the three iOS zero-days fixed in iOS 9.3.5 in its report, while Citizen Lab's report focused on the morals and political background behind these recent attacks. Source
  17. After lying dormant for around nine years, new versions of the Bayrob trojan have surfaced, and security researchers say its operators have kept up with the times and updated their malicious code with new features. Security experts first stumbled upon Bayrob in the spring of 2007, and saw the last big campaign employing this trojan in the fall of the same year. Ever since then, the trojan never resurfaced in infections with enough numbers to trigger alerts with any security company, or at least not until last winter, and then two weeks ago, when new versions of this ancient threat started reappearing on some companies' radars. Bayrob resurfaces with a new look Initial descriptions categorized this malware as a trojan horse that sets up a proxy server in order to steal sensitive information from compromised computers. These recent versions didn't change that much, but only added small tweaks here and there, mainly to make reverse engineering harder and to avoid detection on infected targets. The new versions of Bayrob now clone themselves in order to launch multiple processes, each tasked with its own malicious routine. Since the trojan is packed inside other files, to avoid situations where the user double-clicks a file and nothing happens, Bayrob now shows an error message telling the user the file doesn't work with his version of Windows, and he needs to upgrade. Of course, this is a static message and will show regardless of platform. Bayrob now uses encryption and custom C&C protocols When stealing and exfiltrating information from your computer, Bayrob now also encrypts the data, which prevents nosey security experts and security products from detecting its actions. C&C server communications are also different now, and Bayrob uses a custom protocol over TCP/IP to talk to its server, also encrypted. Additionally, the Bayrob trojan also features strong code obfuscation and a lot of dead code, mainly, as mentioned above, to avoid detection and deter researchers from taking a closer look. Of course, the opposite happens, mainly because there's nothing more that draws the attention of an infosec researcher than obfuscated code. The Source
  18. Malware most likely used in cyber-espionage campaigns Furtim malware is very careful not to get caught A security researcher that goes online only by the nickname of FireFOX (@hFireF0X) has discovered and analyzed a unique malware family that pays a lot of attention to remaining undetected, and not to having great features or efficient data exfiltration procedures. The researcher named the malware Furtim, the Latin word for "stealthy" and tracked down some of its command & control servers to a Russian domain, which resolves back to a Ukrainian IP. At the time of his analysis, despite managing to break down a large part of Furtim's mode of operation, FireFOX didn't manage to discover how crooks are spreading the malware, how it gains an initial foothold on the infected devices, or what kind of targets it is seeking. Furtim, a.k.a. "the paranoid malware" FireFOX also noted something different about Furtim that he didn't see in other types of malware. Furtim paid a lot of attention, actually more than it should, to avoiding getting detected by security products. During its installation, the malware would check for the presence of virtualized or sandboxed environments, tools which security researchers use for malware debugging. Additionally, Furtim also includes filters for over 400 security products. If it finds at least one of these installed on the PC, Furtim aborts the installation. After it has set up itself, the malware blocks DNS filtering services by replacing DNS servers with public IPs provided by Google and Level3 Communications, and also blocks users from accessing nearly 250 websites from the infosec domain. Furtim is really, really, really paranoid But the self-defense mechanism doesn't stop here, though, because Furtim also disables the Windows notification and pop-up mechanisms, and his access to the command line and the Task Manager. After Furtim feels comfortable within its infected environment, it collects data from the infected device and sends it to the server. The server uses this data to identify between its targets and also deliver the final payloads since Furtim is only a malware downloader, a stepping stone for more dangerous threats. FireFOX noticed that the server sent the malware payloads only once to each target, a tactic also employed to make reverse engineering by security researchers much harder. Furtim delivers the Pony infostealer and another unknown payload The final payload is actually made up of three files. The first is a power configuration file for the infected computer that removes sleep mode and hibernation settings. The second is the Pony infostealer, malware specialized in stealing all kinds of sensitive data, from FTP and email client credentials to browser history and stored passwords. The third and final payload is currently unknown, FireFOX saying he wasn't able to crack it. "We do know that a third binary is downloaded. It is identified as generic by certain AVs, possibly due to the fact that it is packed. We have yet to analyze it to completely understand what it does," FireFOX wrote today. "We do know though, that it communicates back a list of certain discovered processes to another Russian server." With all these data exfiltration features and focus on stealth, Furtim sure looks like the spawn of a cyber-espionage group, even if FireFOX didn't say so. Coincidentally or not, at the time of publishing, FireFOX's blog went mysteriously offline just a few hours after publishing his research. DDoS attack? Maybe. But it sure looks like someone doesn't want the world to know about Furtim. Article source
  19. Spyware sold to governments around the world has allegedly been found in a Sydney datacentre, with initial reports claiming its origin is Indonesia. FinFisher, the sophisticated spyware suite sold to government agencies, has been found in a Sydney datacentre, the ABC has reported. According to the report, the user of the spyware is the Indonesian government, using the Australian datacentre to house its proxy server. Previously, it was reported that two government groups from Indonesia including the National Encryption Body (Lembaga Sandi Negara), amongst other agencies from 32 countries were FinFisher customers. Bill Marczak, a researcher with Toronto-based IT, human rights, and security focused laboratory Citizen Lab, told the ABC that Indonesia appears to be one of the largest customers of FinFisher, finding evidence that there were many other government users in addition to the National Encryption Body inside Indonesia. "I felt very concerned about the list of countries we had found," Marczak said. "I think I would have felt far less concerned if the spyware was only turning up in countries which had robust rule of law and oversight of intelligence and law enforcement." Information from users infected by an Indonesian department was going through Australia, according to Marczak. The spyware is able to remotely control any computer it infects, copy files, intercept Skype calls, and log keystrokes, and has allegedly been found inside the Global Switch Sydney East datacentre in Ultimo, which opened almost two years ago at a cost of AU$300 million. Sydney East is the company's second facility in Sydney and was built next door to the existing Sydney West datacentre. Global Switch originally announced in late 2010 that it was constructing a second centre as part of the company's £1 billion expansion plan. Global Switch is headquartered in London and has datacentres also in London, Amsterdam, Frankfurt, Paris, Madrid, Singapore, and Hong Kong. ZDNet contacted Global Switch for comment, but no response was received by the time of publication. Developed by Munich-based FinFisher Gamma Group, the software is touted as a way to "help government law enforcement and intelligence agencies identify, locate and convict serious criminals." In late 2014, WikiLeaks revealed that the New South Wales Police, amongst others, were on the FinFisher surveillance suite customer list. The NSW Police was listed as having purchased €1.8 million worth of FinFisher software, as well as submitting support requests relating to wanting to categorise keylogged conversations to avoid hot water by intruding on legal privilege, asking for reporting features to meet warrant requirements, and problems with FinSpy updates. It was alleged at the time that a support ticket from NSW Police states that FinSpy had an issue with OS X when a surveillance target was offline. "When a mac target is online, there is a configuration link which allows updating the configuration of the target and Trojan," the ticket said. "However, when the target is offline, there isn't any configuration link. This only appears on a mac target. Linux and Windows targets have configuration links when the target is both online and offline." At the time, the NSW Police told ZDNet that "given this technology relates to operational capability, it's not appropriate to comment". Singapore-based PCS Security, police forces from the Netherlands, and the intelligence arms of the Hungarian, Qatari, Italian, and Bosnian governments were also on the leaked customer list. Less than a year ago, the NSW Police found itself embroiled in another spyware saga along with the Australian Security Intelligence Organisation, Victoria's Independent Broad-based Anti-corruption Commission, the Australian Federal Police, and the Northern Territory Police. It was reported that the Australian government agencies were interested in using products from Milan-based surveillance software company Hacking Team. Like FinFisher, Hacking Team developed spyware and malware designed to infiltrate a variety of devices and platforms, and sells its services to governments and businesses worldwide. In late 2013, former Prime Minister Tony Abbott refused to address claims that Australian intelligence agencies had intercepted the communications of Indonesian President Susilo Bambang Yudhoyono in 2009. At the time, Abbott said that all governments gather information and all governments know that every other government gathers information, but that he would not be drawn on commenting on this alleged incident. "Australian government never comments on specific intelligence matters, this has been the long tradition of governments of both political persuasions, and I don't intend to change that today," he said. "I should also say that the Australian government uses all the resources at its disposal, including information, to help our friends and our allies, not to harm them." "It's in no one's interests to do anything or to say anything that would jeopardise that relationship, and certainly I'm not going to." Later that day, the former Foreign Minister Bob Carr described the diplomatic row between Australia and Indonesia over spying allegations as "catastrophic", calling on Abbott to apologise immediately, saying Indonesia feels it is being treated with contempt by Australia. The Source
  20. Sup. Keep getting this, after sleep or reboot. I have tried all three choices and it still appears. Any ideas on how to remove? Thanks in advance.
  21. Destroy Windows Spying Destroy Windows Spying is the most popular program to remove spyware on Windows 7/8/8.1/10 Features Remove all spyware modules Remove spying apps Add to hosts spying domains! Remove Spying services Remove Windows 10 Metro Apps Support Windows 7/8/8.1/10 or Server 2008-2012 R2 Remove Office 2016 thelemetry Open Source! Screenshots Download DWS Lite Build 637 TH2 RTM https://github.com/Nummer/Destroy-Windows-10-Spying/releases/download/1.5.637/DWS_Lite.exe Website http://dws.wzor.net/
  22. Hacking Team Is Back, Now Selling New Encryption Cracking Tools Hacking Team announces its comeback with new tools The revelation comes from Vice reporters who were alerted of a new email that the company's CEO, David Vincenzetti, sent to its current and potential customers via Hacking Team's mailing list. A short snippet of the email says: "Most [law enforcement agencies] in the US and abroad will become ‘blind,’ they will ‘go dark:’ they will be simply be [sic] unable to fight vicious phenomena such as terrorism. Only the private companies can help here, we are one of them." The email then continues: "It is crystal clear that the present American administration does not have the stomach to oppose the American IT conglomerates and to approve unpopular, yet totally necessary regulations." This email has been sent out on October 19, almost four months after a hacker only known as PhineasFisher has breached the company's servers, stole and then dumped over 400 GB of data. Is this Remote Control System version 10? The 400 GB of files contained a slew of zero-day exploits in various applications, complex spyware and surveillance tools, hacking (intrusion) tools, internal company emails, a list of customers and their purchases, and the source code of the company's main product: Remote Control System (RCS), version 9. After the hack had happened, the company's CEO vowed to make a return, and during the appearances he made at various conferences over the summer, he announced that his team has already started work on RCS 10. It is unclear if the email sent out a few days ago is referring to RCS 10 or something new completely. One thing is clear, and that's the new tools will provide the ability for governments and companies to crack encrypted files and Web traffic, a problem that many governments like the US and the UK are trying to get around in one way or another. Source
  23. Last week, Bit9 + Carbon Black released a paper stating that five times more malware for OS X has appeared in 2015 than during the previous five years combined. Their findings are interesting, but are not well understood by many Mac users. Some have reacted with disbelief, others with great fear for this dangerous new future. It turns out that the findings are completely true, but depend entirely on your definition of the word “malware.” Malware is a general term for any kind of malicious software. Viruses, trojans, worms, spyware, and illicit keyloggers and remote access software all fall under the umbrella of malware. Differences in function and installation methods are irrelevant; if it’s malicious, it’s malware, and thus illegal. There are also some classes of software that live in more of a gray area. PUPs – Potentially Unwanted Programs – are applications whose behavior is questionable, but not actually crossing the line into illegality. Adware is a particular kind of PUP, whose purpose is to push ads of some kind at the user. PUPs, including adware, are not actually malicious. If an app displays malicious behavior, it would be called malware, rather than a PUP. This doesn’t mean such apps are worth having, of course! These programs may harass you, degrade your system’s performance and stability, and even get you to spend money on something that you didn’t really need, but by definition, they’re not doing anything outright malicious. This is where Bit9 + Carbon Black’s findings need some clarification. By my definition of the term “malware,” I’d say that the appearance of new malware in 2015 has fallen still further from its peak in 2012. By my counts, six new malware families appeared in 2014, and that number has been lower each year since 2012. So far, 2015 has yet to rival that, with only three new malware threats: OceanLotus, malware that only affected a few users in China, an unnamed piece of malware that only affected a very small number of people with MacKeeper installed, and the recent XcodeGhost malware, which involved an infected copy of Xcode and in turn infected many iOS apps in the App Store (mostly in China). However, as Bit9 + Carbon Black has observed, there has been a very steep rise in PUPs – specifically, adware – on the Mac in the last year. Adware on the Mac is multiplying like the proverbial rabbits. Back in 2012, when malware on the Mac was hitting its peak, Mac adware was still mostly unheard of. Today, countless Mac users are being affected by a wide variety of different adware programs. Fortunately, adware isn’t stealing from the users of the infected systems. Instead, it’s going after much more meaty targets: advertising networks and search engines, who foot the bill for the misbehavior of adware creators by actually paying them for their harassment. Still, adware is a serious problem, causing major inconveniences for end users. Adware, beyond simply being annoying, can ruin the performance of the system, cause crashes and result in security vulnerabilities that could be utilized by something far less benign. Yet, in a way, adware may actually be a good thing for the Mac community. Adware helps to make Mac users more aware of online threats through harassment, rather than true danger. This can help them develop the good security habits that, before now, they have been frequently told are not needed, since “Macs don’t get viruses.” And those good habits can make all the difference when, in the future, something truly malicious appears again. Source
  24. A new research conducted by Citizen Lab revealed that the number of governments using the FinFisher surveillance software has increased. Researchers at Citizen Lab have been monitoring the use of surveillance tools like FinFisher over the past years reporting its use by totalitarian governments. The researchers tracked the physical locations of servers belonging to the control infrastructure used by the Germany-based FinFisher GmbH. The infrastructure aims to cover the operation and the identity of the attackers, each FinFisher customer use master server dubbed “FinSpy Master” and multiple relays, the FinSpy Relays, that act as command and control (C&C) servers. The FinFisher spyware, once infected the target machine, communicates with the relay servers, which act as a link to the master server. The experts at the Citizen Lab used the Zmap tool to reveal the existence of 135 servers (FinSpy Masters and Relays). As explained by the experts the master servers are usually deployed on the customer’s meanwhile proxy servers could be located elsewhere. “We employed zmap to scan the entire IPv4 Internet (/0) several times since the end of December 2014 and throughout 2015, using a new FinFisher server fingerprint that we devised by analyzing FinFisher samples. Our scans yielded 135 servers matching our fingerprint, which we believe are a mix of FinSpy Masters and FinSpy Relays.” states the report published by Citizen Lab. It is curious to note that the analysis of the Relay servers used to protect the identity of the Master, allowed the researchers at the Citizen Lab to find the locations of the Masters. If someone tries to connect the IP address of a FinSpy Relay with a common browser, he is usually presented with a decoy page, often Google.com or Yahoo.com. The researchers discovered that if the decoy page is Google, running a query for “my ip address” the search engine will display the real IP address of the FinSpy Master. “We found some variation in the decoy pages used by FinFisher servers that we detected, though the bulk used either www.google.com or www.yahoo.com. Peculiarly, FinSpy Relays appear to return decoy pages fetched by their FinSpy Master, rather than directly fetching the decoy pages themselves. Thus, in many cases, the pages returned by the FinSpy Relays contain location data apparently about the FinSpy Master (e.g., certain Google and Yahoo pages embed the requester’s IP address or localized weather), which can reveal the location of FinSpy Masters.” continues the report. In the case of the Yahoo decoy page, Citizen Lab used an alternative method to obtain the FinSpy Master location, in this case, in fact, the web page’s source code contains location data because Yahoo uses it to display customized weather information and news on the homepage. The experts highlighted that the number of servers returning decoy pages has decreased over time, the researchers identified FinFisher users in 32 countries. Last analysis conducted by the organization allowed it to identify customers in 16 countries, the newly discovered countries are Angola, Egypt, Gabon, Jordan, Kazakhstan, Kenya, Lebanon, Morocco, Oman, Paraguay, Saudi Arabia, Slovenia, Spain, Taiwan, Turkey, and Venezuela. In some cases, the experts were able to trace the identified IP addresses to specific government offices. The systems of FinFisher were hacked last year and hackers disclosed 40 GB of data of FinFisher government spyware. Source
  25. In the past two days, Microsoft has released (more accurately, re-released) six patches. Almost all of them have been identified, in the past, as “snooping” or “nagware” patches. One is marked “Important,” at least on some machines, so folks with Automatic Update turned on will get the new versions automatically, potentially wiping out any precautions they’ve taken before. Here’s the list: KB 3035583, re-released for Windows 7 on Oct 5, version 8. I described this as a Windows 10 nagware patch back in May. It’s responsible for installing the Get Windows 10 nagware program GWX. There is no information in the KB article about why the patch has been re-released. I have reports from one Windows 7 user who claims this patch is marked “Important,” and the Windows Update master list says it’s “Recommended.” On my Windows 7 machines, it’s unchecked and in the Optional bucket. On the “Important” machine the patch is checked and ready to install with Automatic Update. I have no idea why. KB 2952664, re-released for Windows 7 on Oct. 6, version 13. I talked about the way this patch triggered daily telemetry runs back in April. It was the first “snooping” patch I found. The KB article continues to identify the patch as a “Compatibility update for upgrading Windows 7.” There's no indication why it was re-released. KB 2976978, re-released for Windows 8.1 on Oct. 6, version 19. Still labeled a “Compatibility update for Windows 8.1,” it’s a scanning program. In June, I found the claimed connection with the Windows Customer Experience Improvement Program to be tenuous, at best. KB 2977759, re-released for Windows 7 on Oct. 6, version 12. Analogous to the KB 2976978 patch for Windows 8.1, this one is also a scanner. The KB article says it’s a compatibility update for Windows 7 RTM. KB 3083710 is a new update client for Windows 7, with no further details available. KB 3083711 is also new, and it appears to be an analogous update client change for Windows 8.1. Be careful what you patch. Source
×