Microsoft is working on mitigating an entire Windows bug class

Microsoft is working on developing comprehensive mitigation for a class of Windows bugs that have plagued the operating system for more than two decades.

Israeli security researcher Gil Dabah told ZDNet that a fix is currently in the works.

Earlier today, Dabah published proof-of-concept code and a report detailing 25 bugs, all exploiting variations on the same type of vulnerability.

Bug class impacts the old Win32k component

Dabah’s work expands on an attack surface in the Windows operating system that’s been known since the mid-90s. The vulnerability class impacts Win32k, a Windows component that manages the user interface on Windows 32-bit architectures, and the interactions between UI elements, drivers, and the Windows OS/kernel.

Today, the Win32k component still ships with Windows, even on 64-bit versions, where it acts as a legacy layer, allowing older apps to run on modern systems.

But the problem comes from how this component evolved. In

Read More

Use of fintech apps in Europe accelerates

Fintech apps have seen a surge in take-up in Europe over the past week, as people adapt their lifestyles to cope with limitations on mobility amid the Covid-19 pandemic.

As people are told to stay at home, digital banking apps are being increasingly used, along with other digital services.

According to a study by financial advisory deVere Group, the use of fintech apps in Europe surged 72% in the past week. Meanwhile, the use of cash in the UK dropped by 50% in the days following the UK government announcing limits on people’s movements, known as lockdown, according to the UK ATM network Link. The exchanging of cash can spread the virus and some retailers stopped accepting it early in the lockdown.

“The world has changed in the past few weeks,” said James Green, divisional manager Europe at deVere Group. “The measures we’re now all taking to help the fightback

Read More

There’s now COVID-19 malware that will wipe your PC and rewrite your MBR

With the coronavirus (COVID-19) pandemic raging all over the globe, some malware authors have developed malware that destroys infected systems, either by wiping files or rewriting a computer’s master boot record (MBR).

With help from the infosec community, ZDNet has identified at least five malware strains, some distributed in the wild, while others appear to have been created only as tests or jokes.

The common theme among all four samples is that they use a coronavirus-theme and they’re geared towards destruction, rather than financial gain.

MBR-rewriting malware

Of the four malware samples found by security researchers this past month, the most advanced were the two samples that rewrote MBR sectors.

Some advanced technical knowledge was needed to create these strains as tinkering with a master boot record is no easy feat and could easily result in systems that didn’t boot at all.

The first of the MBR-rewriters was

Read More

Security, network services top enterprise challenges for deploying UCaaS, CCaaS

With distributed working taking place on unprecedented levels, unified-communications-as-a-service (UCaaS) and contact-centre-as-a-service (CCaaS) solutions have never been so important, but businesses are still finding their implementation a challenge.

According to a market trends report based on research by software-defined network and cloud platform provider Masergy, security and network services are the top challenges for enterprises deploying or considering UCaaS and CCaaS technologies, and decision-makers prefer bundled solutions that add security features, a software-defined network and 24/7 performance monitoring.

Conducted in partnership with IDG Research, the study analysed responses from IT decision-makers at global enterprises that are evaluating, planning to implement, or have implemented UCaaS or CCaaS. Findings revealed that data security and network performance were the top two areas that IT focuses on to ensure their UCaaS and CCaaS solutions are successfully delivering on business goals.

As regards security, 70% said it was an issue with regards to

Read More