By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The United States had not provided Huawei Technologies with specific reports or evidence on cybersecurity flaws or vulnerabilities to back its claims, company vice-president Victor Zhang told Sputnik in a presser with UK media on Monday. Huawei's Cybersecurity Evaluation Centre (HCSEC) in Banbury, which works directly with the UK's National Security Advisor and others, "found no security vulnerabilities or backdoors" in the company's network products. Speaking on the need to collaborate on international security standards, he told Sputnik that global organizations such as 3GPP and others had a "very mature model for working not just with the industry, but also governments, with fairness and transparency to discuss these standards". 3GPP had "already taken serious measures on security management" on such standards. The comments follow an open letter to the UK public stating the Chinese firm had operated in Britain for 20 years and was 100 percent "owned by employees", as well as aimed to boost mobile and broadband connectivity across the UK. "Britain needs the best possible technologies, more choice, innovation, and more suppliers, all of which means more secure and more resilient networks. This is fundamental to achieving the government’s Gigabit broadband target by 2025. This is our commitment to the UK,” VP Zhang said in a statement. “Huawei grew up in the UK. We’ve been here for 20 years and were integral in building the 3G and 4G networks we all use every day," he said. The letter added that while many in cities had "fast, reliable connections", poor connectivity made "working from home, or running a small business, harder than it should be". The Chinese firm aimed to expand Britain's 5G and full-fiber broadband connectivity "to every part of the country" along with creating jobs, training engineers, and investing in the country's economy and university, the letter said. Huawei's pledge comes amid unconfirmed reports in UK media in late May citing anonymous Whitehall sources alleging the government could potentially phase out Huawei's role in building national 5G networks by 2023. But Downing Street announced in late May it had sought "new entrants into the market" to diversify suppliers and had informed allies, "including the United States" in previous talks. The UK National Cybersecurity Centre also announced it would assess the impact of phasing out Huawei's IT equipment from UK networks after UK prime minister Boris Johnson approved the Chinese tech giant's role in building IT networks in late January. But Washington extended its trade ban on Huawei, ZTE, and over 70 Chinese tech companies placed on an Entity List in May 2019 a further year over alleged national security concerns. Want to learn more please visit OUR FORUM.
To track known issues in Windows 10 that Microsoft is aware of and actively resolving, you can use a Windows 10 Health Dashboard tool. Released on April 30th, 2019, Microsoft's Windows 10 Health Dashboard tracks the known issues in various versions of Windows 10, and even older versions such as Windows 7 and Windows 8.1. The Windows Health Dashboard is broken up into different sections based on the version of the operating system. This site allows Windows users to track the issues related to the feature update they currently have installed or are trying to install. For example, when the Windows 10 May 2020 Update was released, the operating system became Windows 10 version 2004. At the top of each section, Microsoft provides a brief message related to that version of Windows, including the status of the feature update's rollout and whether it is nearing the end of support. As you scroll further down the page, you will be shown the known issues being investigated, what cumulative update caused the problem, and when information about the issue was last updated. Finally, under each entry in the known issue list is a 'See details' link. When clicked on, this link will bring you to a more detailed description of the issue that may contain steps to resolving the issue. This detailed information will state if the issue has a 'compatibility hold' that would block a Windows user from upgrading to this new version of Windows.  We will discuss compatibility holds in the next section. As Microsoft releases new feature updates, they also tweak the operating system or add new security features. The changes could cause conflicts with hardware drivers, antivirus software, or other programs that worked fine in the previous version of Windows 10. These conflicts can cause Windows 10 not to start, have degraded performance, cause games not to work, or even cause a blue screen of death (BSOD) crash. When a known conflict occurs, and a Windows user is affected, Microsoft blocks that user from upgrading to the new version of Windows 10. This upgrade block is called a compatibility hold. As it is not always clear if your device is on a compatibility hold, Microsoft has started to notify users if they are blocked from upgrading. If you are are not being offered a new Windows 10 feature update or Windows is having problems after upgrading, the Windows Health Dashboard can be a useful tool. It is useful because the dashboard will display all the known issues that are causing a hold or problems in Windows, and offer guidance on how to resolve them. For example, using the Health Dashboard, we learn that NVIDIA drivers older than version 358.00 is causing a compatibility hold. Using this information, a blocked user can upgrade their NVIDIA graphics drivers to a newer version and see if that removes the hold. Another example was when Microsoft used the Health Dashboard to warn about a bug preventing the 'Reset this PC' feature from working correctly. Until the issue was fixed, Microsoft offered a workaround to get it working again. We have more complete details along with images posted on OUR FORUM.
A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign. Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cybercriminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organizations in the education and software industries. Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanized Java Runtime Environment, and is compiled in a Java image file (Jimage) to hide the malicious intentions. "These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks," Eric Milam, VP for research and intelligence at BlackBerry, told ZDNet. "Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code but were nonetheless successful in accomplishing their goals," he added. However, the first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing RDP servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop the removal of their attack. "Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways," said Milam. After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch, and .thanos – and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email. Get better informed by visiting OUR FORUM.
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom tools, tactics, and procedures in attacks against government agencies in Vietnam, Thailand, and Laos. "One of the newly revealed tools is named USBCulprit and has been found to rely on USB media in order to exfiltrate victim data," Kaspersky said. "This may suggest Cycldek is trying to reach air-gapped networks in victim environments or relies on physical presence for the same purpose." First observed by CrowdStrike in 2013, Cycldek has a long history of singling out defense, energy, and government sectors in Southeast Asia, particularly Vietnam, using decoy documents that exploit known vulnerabilities (e.g., CVE-2012-0158, CVE-2017-11882, CVE-2018-0802) in Microsoft Office to drop a malware called NewCore RAT. Kaspersky's analysis of NewCore revealed two different variants (named BlueCore and RedCore) centered around two clusters of activity, with similarities in both code and infrastructure, but also contain features that are exclusive to RedCore — namely a keylogger and an RDP logger that captures details about users connected to a system via RDP. "Each cluster of activity had a different geographical focus," the researchers said. "The operators behind the BlueCore cluster invested most of their efforts on Vietnamese targets with several outliers in Laos and Thailand, while the operators of the RedCore cluster started out with a focus on Vietnam and diverted to Laos by the end of 2018." Both BlueCore and RedCore implants, in turn, downloaded a variety of additional tools to facilitate lateral movement (HDoor) and extract information (JsonCookies and ChromePass) from compromised systems. What's more, the malware is programmed to copy itself selectively to certain removable drives so it can move laterally to other air-gapped systems each time an infected USB drive is inserted into another machine. A telemetry analysis by Kaspersky found that the first instance of the binary dates all the way back to 2014, with the latest samples recorded at the end of last year. The initial infection mechanism relies on leveraging malicious binaries that mimic legitimate antivirus components to load USBCulprit in what's called DLL search order hijacking before it proceeds to collect the relevant information, save it in the form of an encrypted RAR archive, and exfiltrate the data to a connected removable device. Visit OUR FORUM to learn more.

If you're an Nvidia GeForce Now Founder's subscriber, it's likely you're nonplussed over the continued losses to the cloud gaming service's roster. Many notable videogames and publishers have dropped from the service since it launched on February 4, 2020—apparently those holding all the cards are "still figuring out their cloud strategies"—and if that isn't a bad omen of things to come, I don't know what is. Why? Because Nvidia's service offers something akin to the PC gaming experience. It is (theoretically) open to all, it allows you to access the games you already own, and it is more or less a back to basics promise of a half-decent gaming PC in the cloud—it even offers RTX graphics for cheap. Without it, or those other services like it, the future of cloud gaming looks a lot more… exclusive. Nvidia was unlucky in its game streaming rollout. Just as the ball started rolling on its initially successful cloud gaming ambitions, and fresh out of beta, a couple of major publishers (Activision Blizzard, Bethesda Softworks, 2K Games) swiftly dropped out from the service, and even made quite a palaver out of it. It appears as though that sentiment only gained momentum from there. Further games have been pulled from the service since, and while many more have embraced it with open arms, there are some huge games notably missing from its cloud-compatible library. Nvidia's since adopted a less pro-active opt-in approach for developers and publishers on GeForce Now as a result. So what is it that makes Nvidia's service so frowned upon by publishers? I'd have to guess that it's merely the sheer size, scale, and monetary worth of the potential 'platform'. No one batted an eyelid for the many cloud streaming services that came before, despite being much like Nvidia GeForce Now—those that allow a user to hook in their existing libraries and play the games they own across a range of digital storefronts on hardware they couldn't otherwise afford or access. So you'd expect that it wouldn't matter whether you play your game on the hardware you own—a trusty gaming PC—or one that's rented to you and served up out of a server rack. You bought the game, right? That's yours and you get to say how you play it. Well, not so fast. Gaming licenses have never been straightforward. Do you own a game or a license to the game? Well, the answer is actually relatively simple: you own a license that allows you to use someone's software, as they intended. What that End User License Agreement (EULA) means for you, and what you're allowed to do and not allowed to do with it (such as modding), varies between platform and developer. Therein lies the thorn in Nvidia's side, and the stipulation that gives ultimate control to the publisher. And it's only a microcosm of a wider issue—if cloud gaming inherently relies on publishers and developers to specifically allow access to the videogames we own a license to, then it's going to run into burgeoning costs, exclusivity, and a lack of interest from gamers with access to an already fairly simple solution that (mostly) bypasses these issues: a physical gaming PC. For more please visit OUR FORUM.

A major teaching hospital in London, UK, is using the Microsoft HoloLens on its COVID-19 wards to keep doctors safer as they help patients with the virus. Staff at Imperial College Healthcare NHS Trust are wearing the HoloLens with Dynamics 365 Remote Assist using Microsoft Teams to send a secure live video feed to a computer screen in a nearby room, allowing healthcare teams to see everything the doctor treating Covid-19 patients can see while remaining at a safe distance. This has resulted in a fall in the amount of time staff are spend in high-risk areas of up to 83% and it has also significantly reduced the amount of personal protective equipment (PPE) being used, as only the doctor wearing the headset has to dress in PPE by up to 700 items of PPE per ward, per week. James Kinross, a consultant surgeon at Imperial College Healthcare and senior lecturer at Imperial College London, said: “Protecting staff was a major motivating factor for this work, but so was protecting patients. If our staff are ill they can transmit disease and they are unable to provide expert medical care to those who needed it most.”Kinross, who had used the HoloLens for surgery before, noted that it had unique features, such as being a hands-free solution that could be used with PPE, and that it already featured telemedicine capabilities.“It solved a major problem for us during a crisis, by allowing us to keep treating very ill patients while limiting our exposure to a deadly virus. Not only that, but it also reduced our PPE consumption and significantly improved the efficiency of our ward rounds,” he noted. Using Remote Assist, doctors wearing HoloLens on the Covid-19 wards can hold hands-free Teams video calls with colleagues and experts anywhere in the world. They can receive advice, interacting with the caller and the patient at the same time, while medical notes and X-rays can also be placed alongside the call in the wearer’s field of view. “We’re now looking into other areas where we can use HoloLens because it is improving healthcare without removing the human; you still have a doctor next to your bed, treating you,” Kinross said. “Patients like it, too. They are interested in this new piece of technology that’s helping them.” HoloLens is also being used to teach students at Imperial College London’s medical school, regarded as one of the best in the world after the Covid-19 pandemic led to the academic areas to close “practically overnight”, Kinross said. Students can use laptops and mobile devices at home to watch a live feed from lecturers wearing HoloLens and learn about a range of topics including anatomy, surgery, and cardiology. Read more on OUR FORUM.