NEW AVG Beta version 20.1.3112

Hi all NEW AVG Beta version 20.1.3112 Hi everyone, I`m glad to announce that new beta version is ready - 20.1.3112 (build 20.1.5069). What was fixed Fixed crash in network stream filter Fixed...

Announcing Windows 10 Insider Preview Build 19569

Hello Windows Insiders, today we’re releasing Windows 10 Insider Preview Build 19569.1000 to Windows Insiders in the Fast ring. You can check out our Windows Insider Program documentation here, including a list of all the new features and...

Bitdefender Total Security

Bitdefender Total Security offers great protection from a company that's known with its ethics.
All the benefits end here unfortunately.
Interface is cluttered and badly-organised.
The whole configuration is bloated with all the wrong features.
Noticeable performance impact.

Kaspersky 2020

Kaspersky has always offered ironclad, layered protection. Many features however, feel like pure bloatware and require additional downloads and purchases.

Webroot SecureAnywhere Internet Security Complete

Panda DOME Advanced

F-Secure TOTAL 2020

The Finnish F-Secure has never disappointed. Although in the past it used to be quite heavy, I am glad to see that it has improved and is now one of the lightest.
The improvement is probably due to replacing Bitdefender's engine with Avira.

Norton 360 Premium

Stalkerware infections grew by 60% in 2019, says Kaspersky

The number of users infected with stalkerware went up by almost 60% in 2019, from 40,386 in 2018, to 67,500 this year, Russian antivirus maker Kaspersky said today in its yearly mobile malware threats report.

The number went up in 2019 despite the fact that Google set off on a concerted effort to remove all stalkerware-like apps from the Play Store at the end of 2018.

This shows that despite stalkerware apps not being available on the official Android app store, many abusers are now going to great lengths to side-load (install) these apps from unofficial sources, such as manually downloading the app from its website and secretly installing it on a victim's handset.

Kaspersky's numbers, however, don't go back years, so we don't have a full picture of how this ecosystem evolved.
The antivirus vendor only began detecting and marking stalkerware apps in the spring of 2018, after pressure from Eva Galperin, the Electronic Frontier Foundation's director of cybersecurity.

Other vendors followed in Kaspersky's footsteps, and most are now members of the Coalition Against Stalkerware, a multi-industry group specialized in fighting the harmful effects of this kind of apps.

The term stalkerware (also known as spouseware) refers to a certain type of apps, many of which also have legitimate use cases, but are also often abused to spy or stalk victims.

uBlock Origin 1.25 Now Blocks Cloaked First-Party Scripts, Firefox Only

On February 19th, 2020, uBlock Origin 1.2.5 was released and allows the ad blocker to block these cloaked tracking scripts by performing a DNS lookup before loading them.

If the subdomain is a CNAME to a third-party host, then uBlock Origin will block the script from loading.

When cloaked first-party trackers are blocked, they will appear in the log as blue entries with the uncloaked domain shown underneath in a smaller font.
Uncloaked first-party trackers

Uncloaked first-party trackers
Unfortunately, the DNS API that allows DNS lookups is only available for Firefox, so Chrome users are out of luck and cannot take advantage of this feature. [....]

McAfee WebAdvisor remote code execution vulnerability

A vulnerability is a flaw in a software program that can potentially allow a hacker, also known as an attacker, to gain access to the device running the vulnerable software, or other connected devices. This Security Bulletin describes a vulnerability in a McAfee program, and provides ways to fix the issue or minimize its impact.
Both Firefox and Chrome are affected.

A nice example why browsers should be used with less as possible add-ons

DeletedMessiah's 2020 configuration

Sona's laptop configuration 2020

Avast Free Antivirus 20.1 is out

Mobile Networks Vulnerable to IMP4GT Impersonation Attacks

A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users.

Called IMP4GT (IMPersonation attacks in 4G NeTworks), the attack demonstrates that the currently used mutual authentication method, where the smartphone and the network verify their identities, is not a reliable security feature in Long Term Evolution (LTE). The authentication is established on the control plane and does not feature integrity protection of the user plane.

By exploiting the missing integrity protection for user data, IMP4GT allows an attacker to impersonate a user towards the network and vice versa. Furthermore, a reflection mechanism of the IP stack mobile operating system can be abused to build an encryption and decryption oracle and inject arbitrary packets and to decrypt packets, the researchers reveal.

In IMP4GT attack, the researchers explain in a whitepaper (PDF), the impersonation can be conducted on either the uplink direction (the attacker poses as the user towards the network, using the victim’s identity to access IP services) or the downlink direction (the attacker establishes a TCP/IP connection to the phone, bypassing the LTE network’s firewalls).

“This attack has far-reaching consequences for providers and users. Providers can no longer assume that an IP connection originates from the user. Billing mechanisms can be triggered by an adversary, causing the exhaustion of data limits, and any access control or the providers’ firewall can be bypassed,” the researchers say.

Firefox continues push to bring DNS over HTTPS by default for US users

oday, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

A little over two years ago, we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, we need to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as, to a computer-friendly series of numbers, called an IP address (e.g. By performing a “lookup” in this database, your web browser is able to find websites on your behalf. Because of how DNS was originally designed decades ago, browsers doing DNS lookups for websites — even encrypted https:// sites — had to perform these lookups without encryption. We described the impact of insecure DNS on our privacy:

Because there is no encryption, other devices along the way might collect (or even block or change) this data too. DNS lookups are sent to servers that can spy on your website browsing history without either informing you or publishing a policy about what they do with that information.

At the creation of the internet, these kinds of threats to people’s privacy and security were known, but not being exploited yet. Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your computer to websites you visit.

Since our work on DoH began, many browsers have joined in announcing their plans to support DoH, and we’ve even seen major websites like Facebook move to support a more secure DNS.

If you’re interested in exactly how DoH protects your browsing history, here’s an in-depth explainer by Lin Clark.

We’re enabling DoH by default only in the US. If you’re outside of the US and would like to enable DoH, you’re welcome to do so by going to Settings, then General, then scroll down to Networking Settings and click the Settings button on the right. Here you can enable DNS over HTTPS by clicking, and a checkbox will appear. By default, this change will send your encrypted DNS requests to Cloudflare.

Users have the option to choose between two providers — Cloudflare and NextDNS — both of which are trusted resolvers. Go to Settings, then General, then scroll down to Network Settings and click the Settings button on the right. From there, go to Enable DNS over HTTPS, then use the pull down menu to select the provider as your resolver.

Source: Firefox continues push to bring DNS over HTTPS by default for US users – The Mozilla Blog

New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros

Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system. OpenSMTPD is present on many Unix-based systems, including FreeBSD, NetBSD, macOS, Linux (Alpine, Arch, Debian, Fedora, CentOS).

Bug present since late 2015

Tracked as CVE-2020-8794, the remote code execution bug is present in OpenSMTPD's default installation. Proof-of-concept (PoC) exploit code has been created and will be released tomorrow, February 26.
... ...

DoppelPaymer Ransomware Launches Site to Post Victim's Data

The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.

A new extortion method started by the Maze Ransomware is to steal files before encrypting them and then use them as leverage to get victims to pay the ransom.
If a ransom is not paid, then the ransomware operators release the stolen files on a public 'news' site to expose the victim to government fines, lawsuits, and the risk of the attack being classified as a data breach.

Soon after starting this tactic, other ransomware families including Sodinokibi, Nemty, and DoppelPaymer have stated that they would begin this practice as well.

DopplePaymer launches public leak site

Today, the operators of the DoppelPaymer Ransomware have followed in Maze's footsteps and launched a site called 'Dopple Leaks' that will be used to leak files and shame non-paying victims.
... ...

Study finds Brave to be the most private browser

Are you concerned about your web browser sending data back to the company that created it? A new study, Web Browser Privacy: What Do Browsers Say When They Phone Home?, looked at the six popular desktop web browsers Google Chrome, Mozilla Firefox, Microsoft Edge (Chromium-based), Apple Safari, Brave, and Yandex, to uncover what these browsers send back to the mothership.

If you just want the result, the study found that used out of the box, Brave "is by far the most private of the browsers studied" followed by Chrome, Firefox and Safari. Brave is the only web browser that did not use identifiers that allowed tracking of the IP address over time and did not share details of web pages visited to backend servers.

Chrome, Firefox and Safari used identifiers that are linked to the browser instance that persist over sessions and all three share web page details with backend servers via the browser's search autocomplete functionality.

The study found the Chromium-based Microsoft Edge web browser and Yandex to do worse than the other browsers of the test. Both send identifiers linked to the device hardware which means that the identifier persists even across installations. Edge sends the hardware UUID to Microsoft, and Yandex transmits a "hash of the hardware serial number and Mac address". Both also appear to send web page information to servers that "appear unrelated to search autocomplete".

The researcher logged all network connectivity on the devices the browsers ran on. Chrome connections using QUIC/UDP had to be blocked so that the browser would fall back to TCP. To inspect encrypted data, mitmdump was used and since leftovers can be an issue, extra care was used to delete all traces of previous installations from the systems.

The test design was repeated multiple times for each browser.
  1. Start the browser from a fresh install/new user profile.
  2. Paste a URL into the address bar, press Enter, and record the user activity.
  3. Close the browser and restart, record network activity.
  4. Start the browser from a fresh install/new user profile and monitor network activity for 24 hours.
  5. Start the browser from a fresh install/new user profile, type a URL and monitor traffic.
The conclusion
For Brave with its default settings we did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers. Chrome, Firefox and Safari all share details of web pages visited with backend servers. For all three this happens via the search autocomplete feature, which sends web addresses to backend servers in realtime as they are typed. In addition, Firefox includes identifiers in its telemetry transmissions that can potentially be used to link these over time. Telemetry can be disabled, but again is silently enabled by default. Firefox also maintains an open websocket for push notifications that is linked to a unique identifier and so potentially can also be used for tracking and which cannot be easily disabled. Safari defaults to a poor choice of start page that leaks information to multiple third parties and allows them to set cookies without any user consent. Safari otherwise made no extraneous network connections and transmitted no persistent identifiers, but allied iCloud processes did make connections containing identifiers.
From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied. Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.
Closing Words
The researcher analyzed the default state of the browsers and found that Brave had the most privacy friendly settings. At least some of the browsers may be configured to improve privacy by changing the default configuration, e.g. disabling autocomplete functionality.

Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data

Any cut-and-paste data temporarily stored to an iPhone or iPad’s memory can be accessed by all apps installed on the specific device – even malicious ones. That data can then reveal private information such as a user’s GPS coordinates, passwords, banking data or a spreadsheet copied into an email.

Shedding light onto the potential harm of this scenario is German software engineer, Tommy Mysk, who is trying to raise awareness around what he believes is an Apple vulnerability. To illustrate his concerns, Mysk created a rogue proof-of-concept (PoC) app called KlipboardSpy and an iOS widget named KlipSpyWidget.

Both are designed to illustrate how any app installed on an iOS device can act maliciously and access clipboard data and use it to spy or steal sensitive personal information. To highlight and demonstrate his concerns, Mysk told Threatpost he focused on photos taken by a device’s camera that contain time and GPS metadata that could be used to pinpoint a user.

“A user may unwittingly expose their precise location to apps by simply copying a photo taken by the built-in Camera app to the general pasteboard,” the developer wrote in a technical blog post outlining his research on Monday.

“Through the GPS coordinates contained in the embedded image properties, any app used by the user after copying such a photo to the pasteboard can read the location information stored in the image properties, and accurately infer a user’s precise location. This can happen completely transparently and without user consent,” he wrote.

Apple, in response to his research, said it didn’t consider its implementation of cut-and-paste as a vulnerability, rather a basic function of most operating systems and applications that run on them, Mysk told Threatpsot. Apple did not return Threatpost’s request for comment for this story.

R2020 is here and it lets you tidy your browsing


At Opera, we like to start each year with a Reborn release of our browser. The Reborn series allows us to keep challenging ourselves to do better. In Reborn 1, we introduced messengers in the sidebar, gave our browser more personality with dark and light themes, and implemented countless design updates. All of this was on top of our free, unlimited built-in browser VPN and ad blocker.

As part of the Reborn 2 premiere, we showcased My Flow, a new way of seamlessly connecting your browser to Opera Touch, our award-winning mobile browser. Reborn 3 was all about Web 3: Opera became the first browser to support Web 3 and include a built-in cryptocurrency wallet. It also included a faster VPN. All these releases and updates to our browser have put us way ahead of our competition when it comes to both features and reliability.

With today’s release we’ve modified the name to reflect the year of the release. R2020 will be a series of releases throughout the year with a focus on quality-of-life improvements. In the first release of the R2020 cycle we have improved one of the most used and important parts of the web browser – tabs.

Tab organization redefined

While tabs are a great concept, we also believe there is a lot of room for improvement. Many of us know the frustration associated with having a disorganized browser with simply too many tabs open. We might be neat freaks at home but we still often end up with numerous open tabs in various windows or even different browsers in an attempt to keep them organized.

According to a survey we conducted, 66 percent of people in the US use the same browser for work and personal browsing, and 65 percent reported that they would like to keep their browser better-organized. We also found out that almost 60 percent would like to group tabs according to the contexts they need them for, e.g. work, shopping, free time activities. Moreover, half of those surveyed stated that a messy browser has a negative impact on their mood.

Our release today provides a whole array of solutions that help you stay better organized while you browse.

Workspaces lets you organize tabs according to the different contexts you use them in

Workspaces is a new tool which lets you organize your tabs according to the different life contexts you use them for. Right now, you can add up to 5 workspaces, name them, and designate their icons. This allows you to keep tabs for work, free-time activity or any other projects in separate tab groups, called workspaces.

Workspace icons are quickly accessible at the top of the sidebar, with your active workspace icon highlighted in blue, allowing you to easily spot it. And if you’d like to open a link in a different workspace, simply right-click it and send it to the workspace of your choice. You can also move tabs between workspaces using the tab context menu.

And how do you find a website you opened once and which has gone missing in a sea of tabs? Simply use the Ctrl+space shortcut and type in a keyword. You will find it in no time!

See the tabs you’ve opened twice and remove duplicates

Opera has also added a nice little tool that highlights duplicated tabs. When you hover your mouse pointer over a tab, those with the same address are highlighted. This allows you to remove redundancy, both simplifying and speeding up your browsing.

The new visual tab-cycler

We frequently switch between many open tabs throughout a day of browsing. With Opera, this has just become significantly easier as we’ve updated the Tab-cycler to be horizontal and more visually accessible.
You can bring up the Tab-cycler with the Ctrl+Tab shortcut (on Windows, MacOS and Linux) and use it to switch between tab thumbnails without lifting your hands from your keyboard.

Easily adjust the sidebar to your needs

Another R2020 addition to the Opera browser is the Sidebar setup panel. Clicking the three-dot menu at the bottom of your sidebar opens up this well-organized panel with a comfortable and intuitive visual interface for managing elements in your sidebar.

The Sidebar setup panel lets you edit or remove any of the sidebar elements individually, like messengers or features like My Flow or Crypto Wallet. It’s also where you can customize Workspaces by adding, removing, editing or hiding them.

Other elements in the Sidebar setup panel include Opera Tools – browser management areas like History, Bookmarks and Extensions – which can be opened as full-page menus by hovering over their label and clicking the link icon.

Access useful extensions in the sidebar

The sidebar extensions that you add to your browser are now readily available and visible from the same sidebar. With this update, we’ve decided to make extensions as accessible and easy to use as your messengers, bookmarks, history and downloads. With one click, you can access Twitter, Instagram, Google Translate, or any extension you wish.

When you install a sidebar extension, its icon will now appear at the bottom of your sidebar. Choose which extensions are visible by right-clicking your sidebar, or by selecting them in the Sidebar setup panel. While there, click the add more button to visit the Opera add-ons store.

Improved security with DNS over HTTPS

When someone types a website address, like, the browser has to translate (resolve) it to an IP address, such as This is done through a Domain Name System (DNS) resolver service, one of the oldest surviving parts of the Internet. By today’s standards, DNS is too trusting as the data exchanged between the browser and the DNS is not encrypted. DNS over HTTPS (DoH) is a way to make it more robust by increasing user privacy and security. In simpler terms: it prevents eavesdropping and the manipulation of DNS data from man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client (Opera browser) and the DoH-based DNS resolver.

Opera now allows you to enable the DoH feature and to choose your DoH server of choice from a preselected list, or to customize it to any DoH server by using the browser’s settings.

Improved Video pop-out (picture in picture)

Following up on popular requests, we have also enhanced the Video pop-out feature in the browser. When you watch an online video, Video pop-out lets you separate the video into its own floating window which stays on top of other windows. This popped-out video is easily resized and controlled, so you can keep it playing in the corner, for example, while you browse.

This feature now allows even further control over the video with an added video timer, a back-to-tab button, as well as a next-track button.

What we did in 2019

Throughout the last year we launched seven major versions in which we continued to innovate by bringing a range of improvements to our browser. We made our free, unlimited, no-log browser VPN and our built-in ad blocker even easier to use. With the addition of our tracker blocker, these are very powerful tools for improving your privacy. We also introduced Opera GX, the world’s first gaming browser, which quickly won the Red Dot Design Award.

We are also happy to let you know that our browser’s user base grew more than 10 percent between 2018 and 2019.

We hope that Opera 67 and the continuing R2020 series of improvements will help you enjoy the web content that interests you at any given moment, allowing you to focus on the things that matter.

Happy browsing!

And here is the full changelog.

Installation links:

Source: R2020 is here and it lets you tidy your browsing - Blog | Opera Desktop

Zyxel Fixes 0day in Network Storage Devices

Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground.

Based in Taiwan, Zyxel Communications Corp. (a.k.a “ZyXEL”) is a maker of networking devices, including Wi-Fi routers, NAS products and hardware firewalls. The company has roughly 1,500 employees and boasts some 100 million devices deployed worldwide. While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale.

KrebsOnSecurity first learned about the flaw on Feb. 12 from Alex Holden, founder of Milwaukee-based security firm Hold Security. Holden had obtained a copy of the exploit code, which allows an attacker to remotely compromise more than a dozen types of Zyxel NAS products remotely without any help from users.

UK's 5G Network Well Within Safety Limits

The first UK safety tests of 5G base stations has found radiation levels are at "tiny fractions" of safe limits.

The rollout of ultra-fast 5G mobile connectivity has sparked some fears the new transmission masts could be dangerous to humans. But Ofcom, the UK regulator, found no identifiable risks in its first tests since 5G technology was deployed. The highest result they found for the 5G band was 0.039% of the recommended exposure limit.

Those limits are set by the International Commission on Non-Ionizing Radiation Protection (ICNIRP) - non-ionizing meaning the type that does not damage DNA and cells. "The emissions at each site were a tiny fraction of the maximum levels set out in international guidelines," an Ofcom spokesman said. The tests covered 16 locations in 10 cities across the UK where 5G-enabled mobile base stations had been set up, and measured the strength of the electromagnetic field (EMF).
Public Health England acknowledges adding 5G to the existing technologies used could cause "a small increase in overall exposure to radio waves". "However, the overall exposure is expected to remain low relative to guidelines and, as such, there should be no consequences for public health," it says in its official guidance.

The World Health Organization, meanwhile, classified radio frequency radiation as a "possible carcinogenic". That puts it in the same category as pickled vegetables or talcum powder but not as dangerous as alcohol or processed meat.

How to make Applocker service to start automatically.

Yes...this is quite a surprise to me.

Based after some time wondering why my Applocker rules aren't enforced, i found out the culprit...the Applocker service (Application Identity) is set to Manual start by default...
and it is confirmed by MS:

silly Microsoft said:
Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service Startup type to Automatic by using the Sevices snap-in. Try either of these methods instead:
so why the hell a security function quite important like this is not set au auto-start if the user enable it in the first place....

Now for those who use it and need it to start automatically, there is the procedure:

1- open elevated cmd or powershell.
2- type:
sc.exe config appidsvc start= auto

I need a distro for an old notebook

Hello guys! Can you suggest a linux distro appropriate for an 8 year notebook (core i3, 4gb RAM, without SSD). I'm looking for something light, similar to windows and secure.


Zscaler for Ooma Devices

Hello everyone!

I have been exploring the idea of a security hub for my home, specifically the title of this thread. Since we all have a mesh of different devices, ranging from Android to Windows, I thought going this route would be more of a catch-all for non-Windows devices. Have you guys had positive experiences with Zscaler, even in a corporate environment?

Xperia 1 II released

As MWC was cancelled, due to coronavirus, in an online event Sony has unveiled a device with a controversial name.
The Xperia 1 II is a new flagship coming in 2 tastes: 6.5'' & 6''.

As always, SONY has focused exclusively on entertainment and mobile photography.

The 6.5'' model features 21:9 CinemaWide HDR display. 4K's made a return this year and it's coupled with the X1 processor known from Bravia TV's and pro-grade colour correction.
It's also powered by Dolby Atmos, when content supports.

For audiophiles (like me), SONY has added 360 Reality Audio, which is also offered independently with several models of headphones, including the WH1000 XM3, which I've got and I love.
DSEE Ultimate now uses AI to enhance audio and I can't wait to test it. For reasons unknown, they've kept the 3.5 jack as well.

Photographers might like the Zeiss optics combined with BIONZ X mobile engine, 1/1.7 image sensor, 3D iToF sensor and dual photodiode sensor.

It's no surprise that phone is powered by Qualcomm Snapdragon 865 platform that comes with 5G support, however it does not seem to support mmWave 5G.
We won't be going Gaga over battery life this year either, as the phone is powered by 4000 mah battery, which on paper does seem a bit mediocre for phone with these specs.

Phone is expected to hit the market in late spring and comes not too long after SONY officially took down and moved mobile division to the main website.

What are your thoughts on SONY's latest addition?

Scotlarock PC Config 2020

Huorong internet security v5 + hips tweak
WisevectorStopX 2.53
Keyscrambler professional
kerish doctor 2020
o&o degrag pro
malwarebytes anti-exploit

Windows 10 PRO
core i5 3570K
8 Go DDR3
GTX 1060 6G

New Mozart Malware Gets Commands, Hides Traffic Using DNS

A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems.

Typically when a malware phones home to receive commands that should be executed, it will do so over the HTTP/S protocols for ease of use and communication.

Using HTTP/S communication to communicate, though, has its drawbacks as security software normally monitors this traffic for malicious activity. If detected, the security software will block the connection and the malware that performed the HTTP/S request.

In the new Mozart backdoor discovered by MalwareHunterTeam, the malware uses DNS to receive instructions from attackers and to evade detection. [.....]

MISA expands with new members and new product additions

Another RSA Conference (RSAC) and another big year for the Microsoft Intelligent Security Association (MISA). MISA was launched at RSAC 2018 with 26 members and a year later we had doubled in size to 53 members. Today, I am excited to share that the association has again doubled in size to 102 members.

New members expand the portfolio of MISA integrations

Our new members include a number of ecosystem partners, like RSA, ServiceNow, and Net Motion, which have developed critical integrations that benefit our shared customers and we look forward to deepening our relationship through MISA engagement.

New MISA member RSA is now using Azure Active Directory’s risky user data and other Microsoft security signals to enrich their risk score engine. Additionally, RSA also leverages the Graph Security API to feed their SIEM solution, RSA NetWitness with alerts from the entire suite of Microsoft Security solutions.

“RSA is excited to showcase the RSA SecurID and RSA NetWitness integrations with Microsoft Security products. Our integrations with Microsoft Defender ATP, Microsoft Graph Security API, Azure AD, and Microsoft Azure Sentinel, help us to better secure access to our mutual customer’s applications, and detect threats and attacks. We’re excited to formalize the long-standing relationship through RSA Ready and MISA to better defend our customers against a world of increasing threats.”
—Anna Sarnek, Head of Strategic Business Development, Cloud and Identity for RSA
The ServiceNow Security Operations integration with Microsoft Graph Security API enables shared customers to automate incident management and response, leveraging the capabilities of the Now Platform’s single data model to dramatically improve their ability to prioritize and respond to threats generated by all Microsoft Security Solutions and custom alerts from Azure Sentinel.

“ServiceNow is pleased to join the Microsoft Intelligent Security Alliance to accelerate security incident response for our shared customers. The ServiceNow Security Operations integration with Azure Sentinel, via the graph security API, enables shared customers to automate incident management and response, leveraging the capabilities of the Now Platform’s single data model to dramatically improve their ability to prioritize and respond to threats.”
—Lou Fiorello, Head of Security Products for ServiceNow
Microsoft is pleased to welcome NetMotion, a connectivity and security solutions company for the world’s growing mobile workforce, into the security partner program. Using NetMotion’s class-leading VPN, customers not only gain uncompromised connectivity and feature parity, they benefit from a VPN that is compatible with Windows, MacOS, Android and iOS devices. For IT teams, NetMotion delivers visibility and control over the entire connection from endpoint to endpoint, over any network, through integration with Microsoft Endpoint Manager (Microsoft Intune).

“NetMotion is designed from the ground up to protect and enhance the user experience of any mobile device. By delivering plug-and-play integration with Microsoft Endpoint Manager, the mobile workforce can maximize productivity and impact without any disruption to their workflow from day one. For organizations already using or considering Microsoft, the addition of NetMotion’s VPN is an absolute no-brainer.”
—Christopher Kenessey, CEO of NetMotion Software
Expanded partner strategy for Microsoft Defender Advanced Threat Protection (ATP)

The Microsoft Defender ATP team worked with our ecosystem partners to take their rich and complete set of APIs a step further to extend the power of our combined platforms. This helps customers strengthen their network and endpoint security posture, add continuous security validation and attack simulation testing, orchestrate and automate incident correlation and remediation, and add threat intelligence and web content filtering capabilities. Read Extending Microsoft Defender ATP network of partners to learn more about their partner strategy expansion and their open framework philosophy.

New product teams join the association

In addition to growing our membership, MISA expanded to cover 12 of Microsoft’s security solutions, including our latest additions: Azure Security Center for IoT Security and Azure DDoS.

Azure Security Center for IoT Security announces five flagship integration partners

The simple onboarding flow for Azure Security Center for IoT enables you to protect your managed and unmanaged IoT devices, view all security alerts, reduce your attack surface with security posture recommendations, and run unified reports in a single pane of glass.

Through partnering with members like Attivo Networks, CyberMDX, CyberX, Firedome, and SecuriThings, Microsoft is able to leverage their vast knowledge pool to help customers defend against a world of increasing IoT threats in enterprise. These solutions protect managed and unmanaged IoT devices in manufacturing, energy, building management systems, healthcare, transportation, smart cities, smart homes, and more. Read more about IoT security and how these five integration partners are changing IoT security in this blog.

Azure DDoS Protection available to partners to combat DDoS attacks

The first DDoS attack occurred way back on July 22, 1999, when a network of 114 computers infected with a malicious script called Trin00 attacked a computer at the University of Minnesota, according to MIT Technology Review. Even after 20 years DDoS continues to be an ever-growing problem, with the number of DDoS attacks doubling in the last year alone and the types of attacks getting increasingly sophisticated with the explosion of IoT devices.

Azure DDoS Protection provides countermeasures against the most sophisticated DDoS threats. The service provides enhanced DDoS mitigation capabilities for your application and resources deployed in your virtual networks. Technology partners can now protect their customers’ resources natively with Azure DDoS Protection Standard to address the availability and reliability concerns due to DDoS attacks.

“Extending Azure DDoS Protection capabilities to Microsoft Intelligent Security Association will help our shared customers to succeed by leveraging the global scale of Azure Networking to protect their workloads against DDoS attacks”
—Anupam Vij, Principal Product Manager, Azure Networking
Learn more

To see MISA members in action, visit the Microsoft booth at RSA where we have a number of our security partners presenting and demoing throughout the week. To learn more about the Microsoft Intelligent Security Association, visit our webpage or the video playlist of member integrations. For more information on Microsoft security solutions, visit our website.

The post MISA expands with new members and new product additions appeared first on Microsoft Security.

Opera 68.0.3609.0 developer update

Hi all,

Here’s an Opera developer update with yet another Video Pop-out improvement – volume control!

This build is based on chromium 81.0.4044.17 and contains plenty of macOS UI fixes.

For more details, see the full changelog.

Installation links:

Source: Opera 68.0.3609.0 developer update - Blog | Opera Desktop

Chrome for Android Update

Google Chrome 80.0.3987.122 Stable Channel Update for Desktop

Stable Channel Update for Desktop

Monday, February 24, 2020

The stable channel has been updated to 80.0.3987.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks.

Security Fixes and Rewards
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
This update includes 3 security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the Chrome Security Page for more information.
[$5000][1044570] High: Integer overflow in ICU. Reported by André Bargull on 2020-01-22
[N/A][1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27
This release also contains:
[N/A][1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18

Google is aware of reports that an exploit for CVE-2020-6418 exists in the wild.

We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel.

Many of our security bugs are detected using AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, or AFL.

Krishna Govind
Google Chrome

Answering your questions on Huawei devices and Google services.

.... ....
Play Protect certified devices go through a rigorous security review and compatibility testing process, performed by Google, to ensure user data and app information are kept safe. They also come from the factory with our Google Play Protect software, which provides protection against the device being compromised.

This has been our long-standing approach to user security and privacy and is applied consistently across all device manufacturers.

Because of the government restrictions described above, new Huawei device models made available to the public after May 16, 2019 have not been able to go through this security process nor will they have Play Protect preloaded. As a result, they are considered “uncertified,” and will not be able to utilize Google’s apps and services.

In addition, sideloaded Google apps will not work reliably because we do not allow these services to run on uncertified devices where security may be compromised. Sideloading Google’s apps also carries a high risk of installing an app that has been altered or tampered with in ways that can compromise user security.

To check if your device is certified, open the Google Play Store app on your Android phone, tap “Menu” and look for “Settings.” You will see if your device is certified under “Play Protect certification.” You can learn more on

Systweak pop-up ads!

Being old and rather foolish, unfortunately I have managed to get my Dell Inspiron laptop running windows 10 infected with Systweak pop-up ads.

I subsequently deleted any possible pieces of software, recently installed, which may have included this malware - nothing changed, the ads still keep coming. So I downloaded Malwarebytes and performed a scan - no threats found! I use Eset NOD32 antivirus so I ran a scan with that and again no threats were found! Then I downloaded Adwcleaner and ran that with a similar result.

So, according to all the software I have no malware but Systweak keeps displaying on a regular basis.

Any suggestions please (apart from throw away the laptop)


Best regards to all

WhatsApp, Telegram Group Invite Links Leaked in Public Searches

Invite links for WhatsApp and Telegram groups that may not be intended for public access are available through simple lookups on popular web search engines.

Both companies took some steps to protect the privacy of their users but more effort is necessary to make the links completely non-discoverable via public searches, thus allowing anyone to find them and join the group.

The issue was signaled on Friday by Jordan Wildon, multimedia journalist at Deutsche Welle, who warned that the lapse allowed the discovery of some unexpected, even groups for illegal activities.
Jane Wong, a mobile app reverse said that her Google search revealed around 470,000 results for WhatsApp invite links, allowing anyone to join the groups and access to members' phone numbers.

In all fairness, the privacy of these links is the responsibility of the admins generating them. By sharing them on the surface web - the internet that is indexed by conventional search engines - is a sure way to have them indexed by public search services.

Google's public search liaison Danny Sullivan explained that this is normal behavior, the same as when "a site allows URLs to be publicly listed."

Using special search parameters, several users discovered that Telegram channels were in the same situation. It is unclear whether the admins made the invite links discoverable knowingly or in error. Regardless, some very unsavory results are not difficult to find.

Confirmed Xbox Series X Features and New Specs released by Microsoft

A superior balance of power and speed

Compared to the previous generation, Xbox Series X represents a superior balance of power and speed in console design, advancing on all technological fronts to delivering amazing, dynamic, living worlds and minimize any aspects that can take you out of the experience. Our job at Team Xbox is to give teams the tools they need to achieve their ambitions and tap into the console’s power with efficiency, a few of which we’re detailing today. Raw power is just part of the story:

  • Next Generation Custom Processor: Xbox Series X is our most powerful console ever powered by our custom designed processor leveraging AMD’s latest Zen 2 and RDNA 2 architectures. Delivering four times the processing power of an Xbox One and enabling developers to leverage 12 TFLOPS of GPU (Graphics Processing Unit) performance – twice that of an Xbox One X and more than eight times the original Xbox One. Xbox Series X delivers a true generational leap in processing and graphics power with cutting edge techniques resulting in higher framerates, larger, more sophisticated game worlds, and an immersive experience unlike anything seen in console gaming.
  • Variable Rate Shading (VRS): Our patented form of VRS empowers developers to more efficiently utilize the full power of the Xbox Series X. Rather than spending GPU cycles uniformly to every single pixel on the screen, they can prioritize individual effects on specific game characters or important environmental objects. This technique results in more stable frame rates and higher resolution, with no impact on the final image quality.
  • Hardware-accelerated DirectX Raytracing: You can expect more dynamic and realistic environments powered by hardware-accelerated DirectX Raytracing – a first for console gaming. This means true-to-life lighting, accurate reflections and realistic acoustics in real time as you explore the game world.
Immersion in an instant

The next console generation will be defined by more playing and less waiting. And when play begins, we know many gamers demand ultra-low latency to be as immersed and precise as possible. To this end, the team analyzed every step between player and game, from controller to console to display, and asked how we could make it faster.

  • SSD Storage: With our next-generation SSD, nearly every aspect of playing games is improved. Game worlds are larger, more dynamic and load in a flash and fast travel is just that – fast.
  • Quick Resume: The new Quick Resume feature lets you continue multiple games from a suspended state almost instantly, returning you to where you were and what you were doing, without waiting through long loading screens.
  • Dynamic Latency Input (DLI): We’re optimizing latency in the player-to-console pipeline starting with our Xbox Wireless Controller, which leverages our high bandwidth, proprietary wireless communication protocol when connected to the console. With Dynamic Latency Input (DLI), a new feature which synchronizes input immediately with what is displayed, controls are even more precise and responsive.
  • HDMI 2.1 Innovation: We’ve partnered with the HDMI forum and TV manufacturers to enable the best gaming experience through features such as Auto Low Latency Mode (ALLM) and Variable Refresh Rate (VRR). ALLM allows Xbox One and Xbox Series X to automatically set the connected display to its lowest latency mode. VRR synchronizes the display’s refresh rate to the game’s frame rate, maintaining smooth visuals without tearing. Ensuring minimal lag and the most responsive gaming experience.
  • 120 fps Support: With support for up to 120 fps, Xbox Series X allows developers to exceed standard 60 fps output in favor of heightened realism or fast-paced action.
The next generation of game compatibility

The benefits of the next console generation extend in every direction, bringing greater visual fidelity and improved loading speeds to your existing gaming legacy, in addition to new games. We’re continuing our commitment to compatibility with Xbox Series X and investing in technology that makes game ownership easier across generations.

  • Four generations of gaming: Our commitment to compatibility means existing Xbox One games, including backward-compatible Xbox 360 and original Xbox games, look and play better than ever before. Your favorite games, including titles in Xbox Game Pass, benefit from steadier framerates, faster load times and improved resolution and visual fidelity – all with no developer work required. Your Xbox One gaming accessories also come forward with you.
  • Smart Delivery: This technology empowers you to buy a game once and know that – whether you are playing it on Xbox One or Xbox Series X – you are getting the right version of that game on whatever Xbox you’re playing on. We’re making the commitment to use Smart Delivery on all our exclusive Xbox Game Studios titles, including Halo Infinite, ensuring you only have to purchase a title once in order to play the best available version for whichever Xbox console they choose to play on. This technology is available for all developers and publishers, and they can choose to use it for titles that will be release on Xbox One first and come to the Xbox Series X later.
  • Xbox Game Pass: In addition to games from across four generations of consoles, our leading game subscription service, Xbox Game Pass, will continue to have our first party games, like Halo Infinite, included at their launch. We look forward to millions of you experiencing the Xbox Game Pass portfolio and immersing yourselves in a deep library of high-quality games, playing those you love now and also discovering your next great adventure.

That Samsung Find My Mobile notification last week? Yeah, it was a data breach.

Last week, some Samsung smartphone owners saw a strange “1/1” push notification on their phones. The notification came from an app called Find My Mobile, a proprietary tool that allows you to connect with your device should it get lost or stolen. Turns out, this notification was the result of a Samsung data breach.

This goes against what Samsung claimed shortly after news of the notification started making the rounds in the media. The company called the errant notification the result of “an internal test” and there would be “no effect on your device.” However, that doesn’t appear to be the case anymore.

According to a statement provided to The Register, the notification stemmed from a Samsung data breach that resulted in “a small number of users being able to access the details of another user.” Here’s the text provided by The Register:

O&O ShutUp10 v1.7.1408

Huawei unveils the Mate Xs and MatePad Pro 5G w/ no Play Store access

Huawei has officially unveiled its second-generation Mate Xs foldable and MatePad Pro 5G tablet at a closed-door launch event in Barcelona.

The event went ahead, even though MWC 2020 was cancelled due to concerns over the spread of coronavirus, with the duo given top billing during a live-streamed launch event.

Both devices will rely heavily on the Huawei AppGallery, which will be the default app store for everyone globally. This was expected ahead of time, as the US-trade bans remain very much in place for the foreseeable future.

The Huawei Mate Xs is a refresh of the folding Mate X unveiled at MWC last year. It comes with a Kirin 990 5G chipset, 8GB of RAM, 512GB of internal storage, and a 4,500mAh split battery. When unfolded, it retains the same 8-inch display as seen last year, but with some improvements made to the display structure that is said to be 80% stronger than the previous display. When folded, you get a 6.6-inch almost bezel-free front display and 6.38-inch rear display.

Huawei has also enhanced the Falcon Wing back-to-back folding design, which feels smoother and more stable than on the previous model. The upgraded Huawei Mate Xs will retail for €2,499 for the 8GB RAM, 512GB storage variant and will be available for purchase later this year.

matepad pro

The Chinese firm also announced the MatePad Pro 5G, which is one of the world’s first 5G-connected tablets. The 10.8-inch Android-powered tablet will also lack access to the Google Play Store. It too comes with the Kirin 990 5G chipset, either 6 or 8GB of RAM, 256GB of internal storage, and comes with a large 7,250mAh battery — which can be charged wirelessly.

There is also room for a dual-camera setup on the rear, with an upper left punch hole notch within the AMOLED display for video calls and selfie-taking. Huawei will also offer a number of optional accessories for the Huawei MatePad Pro 5G, including an M-Pencil stylus and detachable keyboard stand cover.

Both the Huawei Mate Xs and MatePad Pro 5G come with EMUI 10 atop Android 10 out of the box. For those wondering, the software is essentially the same as you would expect with a standard Google Play certified device, just without direct or official access to the Google Play Store.

With a very iPad Pro-like design, the MatePad Pro 5G will retail for €749 for the 8GB RAM, 256GB storage model and will be available to purchase from April 2020. A limited Wi-Fi only model will start at €549 for the 6GB RAM, 128GB storage option.

Microsoft Edge on iOS adds tracking prevention settings

Microsoft is rolling out a new update to its Edge browser on iOS, and it brings a couple of important features. First, users can now choose whether to sync their browsing data with Microsoft Edge Legacy (the UWP version) or the new Chromium-based version of the browser.

The other notable addition is a new tracking prevention setting, which has already been present in the desktop version of the browser for a while. Tracking prevention prevents websites and companies form following users' activities throughout the web, which is a common method used to deliver targeted advertising. Edge offers three settings - Basic, Balanced, and Strict, which offer varying degrees of protection. The Strict setting can cause some websites to break, though.

The mobile versions of Edge do include some built-in extensions, including AdBlock Plus, so this tracking prevention setting isn't necessary if you want to stop ads from showing up. It could be, however, a more native way to do it, and give you some control over the aggressiveness of your tracking prevention settings.

The feature doesn't seem to be available on the Android version of the browser yet, but it would make sense for it to make its way there eventually. If you haven't yet, you can get Edge for iOS from the App Store.

Source: Microsoft Edge on iOS adds tracking prevention settings

Racoon Malware Steals Your Data From Nearly 60 Apps

An infostealing malware that is relatively new on cybercriminal forums can extract sensitive data from about 60 applications on a targeted computer.
All the popular browsers (Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Opera, Vivaldi, Waterfox, SeaMonkey, UC Browser) are on the list of targets along with more than 20 other solutions, which are robbed of cookies, history, and autofill information.

Hot cryptocurrency apps like Electrum, Ethereum, Exodus, Jaxx, and Monero, are of interest, searching for their wallet files in the default locations. However, Raccoon also can scan the system to grab wallet.dat files regardless of where they are stored.

From the email client software category, Raccoon looks for data from at least Thunderbird, Outlook, and Foxmail.

In a report today CyberArk researchers say that this infostealer relies on the same procedure to steal the data: locate and copy the file with the sensitive info, apply extraction and decryption routines, and placing the info in a text file ready for exfiltration.

Additional capabilities in the malware include collecting system details (OS version and architecture, language, hardware info, enumerate installed apps).

Attackers can also customize Raccoon's configuration file to snap pictures of the infected systems' screens. Additionally, the malware can act as a dropper for other malicious files, essentially turning it into a stage-one attack tool.

This type of malware is not necessarily used for immediate benefits as it is useful for increasing permissions on the system or for moving to other computers on the network.

"After fulfilling all his stealing capabilities, it gathers all the files that it wrote to temp folder into one zip file named Now all it has to do is send the zip file back to the C&C server and delete its trace" - CyberArk

Huawei Mate X2 - I wish I can own one

Huawei Mate X2 Concept Introduction ,Specifications,Price & Launch Date Every thing you Need to Know

8 inch AMOLED Display
HiSlicon Kirin 1000
8/12/16GB Ram
128,256,512GB Internal memory
40+12+40+5MP Quad camera
30+16MP Dual secondary camera
6000mAh battery
65W Fast charging

Watch the video

Another 16GB RAM phone.

This time round HW will adopt the inward folding design, for sure with 5G, which is much better than the outward folding design. Expect this phone to be announced somewhere 3rd quarter of 2020

Given the Mate Xs (available next month) pricing in my country as US$2712 the Mate X2 pricing can easily hit US$2864 or more given the newer processor, more RAM, bigger battery, stylus etc



I'm a cyber security freelancer, and exploring the first steps in Forensics.

Have 15yrs of experience in Cyber Security, firewall projects, web app firewalls, secure architecture, endpoint sec, ...

Hoping to get some info and learning from samples.

Next step is setting up Cuckoo, and learn form it.


Azure Sphere—Microsoft’s answer to escalating IoT threats—reaches general availability

Today Azure Sphere—Microsoft’s integrated security solution for IoT devices and equipment—is widely available for the development and deployment of secure, connected devices. Azure Sphere’s general availability milestone couldn’t be timelier. From consumer device hacking and botnets to nation state driven cyberterrorism, the complexity of the landscape is accelerating. And as we expand our reliance on IoT devices at home, in our businesses and even in the infrastructure that supports transit and utilities, cybersecurity threats are increasingly real to individuals, businesses and society at large.

From its inception in Microsoft Research to general availability today, Azure Sphere is Microsoft’s answer to these escalating IoT threats. Azure Sphere delivers quick and cost-effective device security for OEMs and organizations to protect the products they sell and the critical equipment that they rely on to drive new business value.

To mark today’s general availability milestone, I sat down with Galen Hunt, distinguished engineer and product leader of Azure Sphere to discuss the world of cybersecurity, the threat landscape that businesses and governments are operating in, and how Microsoft and Azure Sphere are helping organizations confidently and securely take advantage of the opportunities enabled by IoT.

Let me start by asking about a comment I once heard you make, where you refer to the internet as “a cauldron of evil.” Can you give us a little insight into what you mean?

GALEN HUNT: Well, I actually quote James Mickens. James is a former colleague at Microsoft Research, and he’s now a professor at Harvard. Those are his words, the idea of the internet being a cauldron of evil. But I love it, because what it really captures is what the internet really is.

The internet is a place of limitless potential, but when you connect a device to the internet, you’re also creating a two-way street; anybody can come in off the internet and try to attack you.

Everything from nation states to petty criminals to organized crime is out there, operating on the internet. As we think about IoT—which is my favorite topic—being aware of the dangers is the first step to being prepared to address them.

ANN JOHNSON: When you’re thinking about folks that are in charge of security organizations, or even folks who have to secure the environment for themselves, what do you view as the biggest threats, and also the biggest opportunities for companies like Microsoft to address those threats?

GALEN HUNT: I think the biggest threat is—and I’m coming at this from the IoT side of things—as we’re able to connect every single device in an enterprise or every single device in a home to the internet, there’s real risk. By compromising those devices, someone can invade our privacy, they can have access to our data, they can manipulate our environment. Those are real risks.

In the traditional internet, the non-Internet-of-Things internet, the damage that could be done was purely digital. But in a connected IoT environment, remote actors are able to affect or monitor not just the digital environment but also the actual physical environment. So that creates all sorts of risks that need to be addressed.

In response, the power that a company like Microsoft can bring is our deep experience in internet security. We’ve been doing it for years. We can help other organizations leverage that experience. That’s a tremendous opportunity we have to help.

ANN JOHNSON: So, with that, walk us through what Azure Sphere is—how do you see our customers and our partners leveraging the technology?

GALEN HUNT: There are four components to Azure Sphere: three of them are powered by technology and one of them is powered by people. Those components combine to form an end-to-end solution that allows any organization that’s building or connecting devices to have the very best of what we know about making internet-connected devices secure.

Let’s talk about the four components.

The first of the three technical components is the certified chips that are built by our silicon partners, they have the hardware root of trust that Microsoft created. These are chips that provide a foundation of security, starting in the silicon itself, and provide connectivity and compute power for these devices.

The second technical component of Azure Sphere is the Azure Sphere operating system. This runs on the chips and creates a secure software environment.

The third technical component is the cloud-based Azure Sphere security service. The security service connects with every single Azure Sphere chip, with every single Azure Sphere operating system, and works with the operating system and the chip to keep the device secured throughout its lifetime.

ANN JOHNSON: So, you’ve got hardware, software, and the cloud, all working together. What about the human component?

GALEN HUNT: The fourth component of Azure Sphere is our people and all their security expertise. Our team provides ongoing security monitoring of Azure Sphere devices and, actually, of the full ecosystem. As we identify new types of attacks and new emerging security vulnerabilities, we will upgrade our operating system and the cloud services to mitigate against those new kinds of attacks. Then we will deploy updates to every Azure Sphere-based device, globally. So, we’re providing ongoing support, and ongoing security improvements for those devices.

ANN JOHNSON: I want to make this real for folks. Walk me through a use case; where would somebody actually implement and use Azure Sphere? How does their infrastructure or architecture fit in?

GALEN HUNT: Okay, let’s start with a device manufacturer. They say, okay we’re going to create a new device, and we want to have that device be an IoT device. We want it to connect to the internet, so it can be integrated into an organization’s digital feedback loop. And so, they will buy a chip, an Azure Sphere-based microcontroller or SoC, which will serve as the primary processing component, and they build that into their device. The Azure Sphere chip provides the compute power and secured connectivity.

Now, of course not everybody is building a brand-new device from scratch. There are a lot of existing devices out there that are very valuable. Sometimes they’re too valuable to take on the risk of connecting them and exposing them to the internet. One of the things we’ve developed during the Azure Sphere preview period is a new class of device that we call a “guardian module.” The guardian module is a very small device—no larger than the size of a deck of cards—built around an Azure Sphere chip. An organization interested in connecting existing devices can connect through the guardian module and pull data from that existing device and securely connect it to the cloud. The guardian modules, powered by Azure Sphere, are a way to add highly secure connectivity—even to existing devices—that’s protected by Microsoft.

ANN JOHNSON: Interesting, it solves a pretty big problem with device security, especially as we continue to see a massive proliferation of devices in our environment, most of which are unmanaged. What do you think is slowing the broad adoption of security related to connected devices?

GALEN HUNT: Well, there are a couple of things. I think the biggest barrier, up until now, has been the lack of an end-to-end solution. For companies that have had aspirations to build or to buy highly secured devices, each device has been a one-off. Customers have had to completely build a unique solution for each device, and that just takes an incredible amount of expertise and hard work.

The other obstacle I’ve found is that organizations realize that they need secure devices, but they just don’t know where to begin. They don’t know what they should be looking for, from a device security perspective. There’s a bit of a temptation to look for a security feature checklist instead of really understanding what’s required to have a device that’s highly secured.

ANN JOHNSON: I know you’ve given this a lot of consideration and your background gives you a deeper view into what it takes to secure devices. You wrote a paper on the seven properties of highly secure devices, based on a lot of research you’ve done on the topic. How did you coalesce on the seven properties and how customers can implement them securely?

GALEN HUNT: Yes, I’m a computer scientist, and for over 15 years I ran operating systems research in Microsoft Research. About five years ago, someone walked into my office with a schematic, or a floor map, of a brand new—actually, still under development—microcontroller. This was actually the very first of a new class of a microcontroller.

A microcontroller, for anybody who is not familiar, is a single-chip computer that has processer, and storage, memory, and IoT capabilities. Microcontrollers are used in everything from toys, to appliances, even industrial equipment. Well, this was the first time I had seen a microcontroller, a programmable microcontroller, with the physical capabilities required to be able to connect to the internet—built in—and at a price point that was just a couple of dollars.

When I looked at this thing, I realized that for the price of a cup of coffee, anything on the planet that had electricity could be turned into an internet device. I realized I was looking at the fifth generation of computing, and that was a terribly exciting thought. But the person who had come into my office was asking, what kind of code should we run on this so that it would be secure if we did want to build internet-connected devices with it?

And what I realized, really quickly, was that even though it had some great security features, it lacked much of what was required to build a secure device from a software perspective, and that set me off on journey. I imagined this dystopian future where there are nine billion new insecure devices being added to the world’s population, every year.

ANN JOHNSON: Sure, the physical risks of device hacking make nine billion insecure IoT devices a daunting thought.

GALEN HUNT: Well for me, that was a really scary thought. And as a scientist, I said, well we know that Microsoft and our peer companies have built devices that have been out on the internet. They’ve been connected for at least a five-year period and have withstood relentless attacks from hackers and other ne’er-do-wells. The driving question of our next phase of work was: why are some devices highly secure, and what is it that separates them?

And we did a very scientific study of finding these secure devices and trying to figure out the qualities and the properties that they had in common, and this led to our list of these seven properties. We published that paper, which then led to more experiments.

Now, the devices we found that had these seven properties were devices that had hundreds of dollars in electronics in them, and, you know, that’s not going to scale to every device on the planet. You’re not going to be able to add hundreds of dollars of electronics to every device on the planet, like a light bulb, in order to get security.

Then we wondered if we could build a very, very small and a very, very economical solution that contained all seven properties. And that’s what ultimately led us to Azure Sphere. It’s a solution that, really, for just a few dollars, any company can build a device that is highly secured.

ANN JOHNSON: So, the device itself is highly secured; it has all these built-in capabilities, but one of the biggest problems our customers face is fundamentally a talent shortage, right? Is there something that we’re inherently doing here, with Azure Sphere, that could make it easier for customers?

GALEN HUNT: Yes. Fundamentally what we’re trying to do is create a scalable solution, and it is Microsoft talent that helps these companies create these highly secure devices. There’s something like a million-plus openings in the field of security professionals. Globally there’s a huge talent shortage.

With Azure Sphere we allow a company that doesn’t have really deep security expertise to draft off of our security talent. There are a few areas of expertise that one has to have in order to build a highly-secure device with similar capabilities to Azure Sphere.

Sometimes I’ll use the words technology, talent, and tactics. You have to have the technical expertise to actually build a device that has a high degree of security in it. Not just a device with a checklist of features, but with true integration across all components for gap-free security. Then, once the device is built and deployed out into the wild, you need the talent to fight the ongoing security battle. That talent is watching for and detecting emerging security threats and coding up mitigations to address them. And finally, you’ll have to scale out those updates to every device. That’s a really deep set of expertise, talent, and tactics and, for the most part, it’s very much outside of what many companies know how to do.

When building on top of Azure Sphere, instead of staffing or developing all of this expertise outside of their core business, organizations can instead outsource that to Microsoft.

ANN JOHNSON: That’s a really great way to put it. It also gives you that end-to-end security integration, right? Because I would imagine Azure Sphere is going to integrate with all of Microsoft’s infrastructure and services?

GALEN HUNT: In building Azure Sphere, we leveraged pretty deeply a lot of expertise and a lot of talent that we have at Microsoft. Take, for example, the infrastructure that we use to scale out the deployment of new updates. We leveraged the infrastructure that Microsoft created for the Windows update service—and, our operating system is much, much smaller than Windows. So now we have the capability to update billions of devices, globally, per hour. We also have a place where we can tie Azure Sphere into the Azure Security Center for IoT.

We also really drew on all of the expertise around Visual Studios for very scalable software development. We brought that power even to the smaller microcontroller class devices.

And the hardware root of trust that we put inside of every single Azure Sphere chip. That hardware root of trust is not something that we just created, just woke up one day and said, hey, let’s build a hardware root of trust from scratch. We actually built it based on our learning from the Xbox console.

The Xbox console, over 15 years has made three huge generational leaps. Those consoles can live in hostile environments—from a digital security perspective and a physical security perspective. So, we’ve taken everything we’ve learned about how to make those devices highly secured and applied it to building the hardware root of trust inside Azure Sphere. These are some of the ways that we’re really leveraging a lot of Microsoft’s deep expertise.

ANN JOHNSON: Today, marks the general availability of Azure Sphere—which I’m super excited about, by the way! But I know you’ve been thinking for a long time about how we solve some of these bigger problems, particularly the explosion of IoT, and how customers are going to have to think about that within the next two, to three, to five, to ten years from now. What are the challenges you see ahead for us, and what are the benefits our customers will be able to realize?

GALEN HUNT: We’re excited as well—it’s a huge milestone for the team. Even at this point, at GA, we’re only at the beginning of our real journey with our customers. One of our immediate next steps is scaling out the silicon ecosystem. MediaTek is our first silicon partner. Their MT3620 chip is available in volume today, and it’s the perfect chip, especially for guardian modules and adding secure connectivity to many, many devices.

With microcontrollers, there are many, many verticals. They range in everything from toys to home appliances, to big industrial equipment. And no single chip scales across that entire ecosystem effectively, so we’ve engaged other silicon partners. In June, NXP, the world’s number one microcontroller manufacturer, announced their timeline for their very first Azure Sphere chip. And that chip will add much larger compute capabilities. For example, they’ll do AI, and vision, and graphics, and more sophisticated user interfaces. And then in October, Qualcomm announced that they’ll build the very first cellular native Azure Sphere chip.

The other place we see ourselves growing is in adding more enterprise readiness features. As we’ve engaged with some of our early partners, for example, Starbucks, and have helped them deploy Azure Sphere across their stores in North America, we’ve realized that there’s a lot we can do to really help integrate Azure Sphere better with existing enterprise systems to make that very, very smooth.

ANN JOHNSON: There’s a lot of noise about tech regulations, certainly about IoT and different device manufacturing procedures. How are we thinking about innovation in the context of balancing it with regulation?

GALEN HUNT: So, let’s talk about innovation and regulation. There are times when you want to step out of the way and just let people innovate as much as possible. And then there are times as an industry, or as a society we want to make sure we establish a baseline.

Take food safety, for example. The science of food safety is very well established. Having regulations makes sure that no one cuts corners on safety for the sake of economic expediency. Most countries have embraced some kind of regulations around food safety.

IoT is another industry where it’s in everybody’s favor that all devices be secure. If consumers and enterprises can know that every device has a strong foundation of security and trustworthiness, then they’ll be more likely to buy devices, and build devices, and deploy devices.

And so I really see it as an opportunity whereby collectively and, with governments encouraging baseline levels of security, agreeing on a strong foundation of security we’ll all feel confident in our environment, and that’s really a positive thing for everybody.

ANN JOHNSON: That’s really a great perspective, and I think that we’ve always been that way at Microsoft, right? We view regulation in a positive way and thinking that it needs to be the right regulation across a wide variety of things that we’re doing, whether it be AI, just making sure that it’s being used for ethical use cases.

Which brings me to that last-wrap question, what’s next, what are your next big plans, what’s your next big security disruption?

GALEN HUNT: We recently announced new chips from NXP and Qualcomm, we’ll continue our focus on expanding our silicon and hardware ecosystem to deliver more choice for our customers. And then beyond that, our next big plan is to take Azure Sphere everywhere. We’ve demonstrated it’s possible, but I think we’re just starting to scratch the surface of secured IoT. There’s so much ability for innovation, and the devices that people are building, and the way that we’re using devices. When we’re really able to close this digital feedback loop and really interact between the digital world and the physical world, it’s just a tremendous opportunity, and so that’s where I’m going.

ANN JOHNSON: Excellent, well, I really appreciate the conversation. Azure Sphere is a great example of the notion that while cybersecurity is complex, it does not have to be complicated. Azure Sphere helps our customers overcome today’s complicated IoT security challenges. Thank you, Galen, for some great insights into the current IoT security landscape and how Microsoft and Azure Sphere are advancing IoT device security with the broad availability of Azure Sphere today.

If you are interested in learning more about how Azure Sphere can help you securely fast track your next IoT innovation.

About Ann Johnson and Galen Hunt

Ann Johnson is the Corporate Vice President of the Cybersecurity Solutions Group at Microsoft where she oversees the go-to-market strategies of cybersecurity solutions. As part of this charter, she leads and drives the evolution and implementation of Microsoft’s short- and long-term security, compliance, and identity solutions roadmap with alignment across the marketing, engineering, and product teams.

Prior to joining Microsoft, her executive leadership roles included Chief Executive Officer of Boundless Spatial, President and Chief Operating Officer of vulnerability management pioneer Qualys, Inc., and Vice President of World Wide Identity and Fraud Sales at RSA Security, a subsidiary of EMC Corporation.

Dr. Galen Hunt founded and leads the Microsoft team responsible for Azure Sphere. His team’s mission is to ensure that every IoT device on the planet is secure and trustworthy. Previously, Dr. Hunt pioneered technologies ranging from confidential cloud computing to light-weight container virtualization, type-safe operating systems, and video streaming. Dr. Hunt was a member of Microsoft’s founding cloud computing team.

Dr. Hunt holds over 100 patents, a B.S. degree in Physics from University of Utah and Ph.D. and M.S. degrees in Computer Science from the University of Rochester.

The post Azure Sphere—Microsoft’s answer to escalating IoT threats—reaches general availability appeared first on Microsoft Security.

WPP Desktop Security Config 2020


Hello all!

Thanks for accepting me in Malware Tips!

I hope I can be useful with my expertise and learn something new.

Are there any other members from London?
Let's go for a drink...

What do you think?