By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.

The Internet Crime Complaint Center (IC3), in collaboration with the Department of Homeland Security and the FBI, has issued a security alert regarding attacks being conducted through the Windows Remote Desktop Protocol.  While the most publicized attacks over RDP are related to ransomware, attackers also hack into exposed RDP services for corporate theft, installation of backdoors, or as a launching point for other attacks. "Remote administration tools, such as Remote Desktop Protocol (RDP), as an attack vector has been on the rise since mid-late 2016 with the rise of dark markets selling RDP Access," stated the alert from US-Cert. "Malicious cyber actors have developed methods of identifying and exploiting vulnerable RDP sessions over the Internet to compromise identities, steal login credentials, and ransom other sensitive information. The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) recommend businesses and private citizens review and understand what remote accesses their networks allow and take steps to reduce the likelihood of compromise, which may include disabling RDP if it is not needed." Because these attacks target entire networks, rather than an individual computer, and carry price tags of $3,000 - $5,000 USD to decrypt a single computer or upwards to $50,000 USD to decrypt an entire network, they tend to be highly publicized. More complete details available on OUR FORUM.

The release of Windows 10 October 2018 Update is imminent. The rumors confirmed that Microsoft’s next big release would become available for download on October 2 and it’s a free update for all current users. Windows 10 October 2018 Update should hit the compatible devices next week and it’s the perfect time to take a few minutes to prepare your PC. The PCs are usually ready for big releases but in some cases, you should make changes to your PC so it can be upgraded without any hiccups along the way. It’s important to know that Windows 10 October 2018 Update is not rolling out to the public at the moment but you can join the Insider program and jump into the Fast or Slow Ring to download the final RTM build. It’s always a good idea to back up your data before you install any big OS update. It’s more necessary if your PC is old and it had issues with the previous updates. You can upload your photos or important files to other hard disks, cloud service (OneDrive) or external drive. In some cases, the Windows Update initialization process would fail as the system does not check for space requirements before kicking off the process. If enough storage space is not available, the update may fail to install after downloading the necessary files required for the update. We have these tips posted on Our Forum.

Today Volkswagen and Microsoft announced a strategic partnership which would see Volkswagen build all in-car services for vehicles of the core Volkswagen brand as well as the Group-wide cloud-based platform on Microsoft technology. Together, the two companies will develop the technological basis for a comprehensive industrial automotive cloud. In the future, all in-car services for vehicles of the core Volkswagen brand as well as the Group-wide cloud-based platform (also known as One Digital Platform, ODP) will be built on Microsoft’s Azure cloud platform and services as well as Azure IoT Edge. From 2020 onwards, more than 5 million new Volkswagen brand vehicles per year will be fully connected and will be part of the Internet of Things (IoT) in the cloud. “The strategic partnership with Microsoft will turbocharge our digital transformation,” said Dr. Herbert Diess, CEO of Volkswagen AG. “Volkswagen, as one of the world’s largest automakers, and Microsoft, with its unique technological expertise, are outstandingly well-matched. Together, we will play a key role in shaping the future of auto-mobility.” By building the Volkswagen Automotive Cloud, Volkswagen will be able to leverage consistent mobility services across its entire portfolio and to provide new services and solutions such as in-car consumer experiences, telematics, and securely connect data between the car and the cloud. We have more posted on OUR FORUM.

Facebook has admitted having a “security issue” with nearly 50 million accounts which had their “access tokens” compromised. The social media giant has reset tokens for another 40 million accounts as a “precaution.” The issue affected nearly 50 million accounts, which would require users to re-enter their passwords. The security issue was discovered by the company’s engineers on Tuesday. Hackers have been apparently able to fetch the so-called “access tokens” – digital keys, which allow a user to stay logged into Facebook and to not re-enter their passwords each time they use the application. “Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook's code that impacted "View As", a feature that lets people see what their own profile looks like to someone else,” the tech giant said in a statement. The vulnerability has been already fixed, according to Facebook, and the “View As” feature has been temporarily disabled. “This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted "View As." The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens,” Facebook stated. Damage done by the attack is yet to be evaluated, it remains unclear whether the affected accounts “were misused or any information accessed.” Source of the attack and who was behind it also remain unidentified, according to Facebook.
Source rt.com

Microsoft Surface laptops are now eligible for “recommended” status in Consumer Reports’ ratings. Last year we removed that designation because of poor predicted reliability in comparison with laptops from other brands. Reliability evaluations are based on surveys of our members. We now have results from our latest survey. “Microsoft’s reliability is now on par with most other laptop brands,” allowing its products to be recommended, says Martin Lachter, a senior research associate at Consumer Reports. This is the first year that brand reliability is being factored into the Overall Scores for many products rated by Consumer Reports. Owner satisfaction, which is based on the same survey of our members, is also being incorporated into the Overall Score. The new reliability scores are ready just as we’ve completed our lab testing of the recently released Microsoft Surface Go. That 10-inch Surface Go, released in August, is meant to be a two-in-one laptop, though a keyboard must be purchased separately. The Surface Go isn’t receiving a CR recommendation, but that’s based on the results of lab testing, not member survey data. The Surface Go is the only Surface that isn’t getting a recommendation; the company’s other models, including the Surface Pro, Surface Laptop, and Surface Book 2, do score well enough to be recommended. (Based on feedback from Microsoft, we are testing and rating these devices as laptops; last year we considered some Surface products separately as laptops and as tablets.) Learn more by visiting OUR FORUM.

Cloudflare announces today support for encrypted Server Name Indication, a mechanism that makes it more difficult to track user's browsing. A web server can host multiple websites, with all of them sharing the same external IP address. This is possible through virtual hosting, a method that allows splitting the resources among available domain names. Server Name Indication (SNI) is a component of the TLS protocol that makes it possible for a server to present different TLS certificates that validate and secure the connection to websites behind the same IP address. An application with SNI support includes the hostname it is trying to reach the beginning of the handshake process with the server. This initial conversation in the TLS negotiation process happens in the clear, exposed to every node along the way, allowing an observer to track users or to influence (block, slow down) the connection to websites it does not sympathize. An encrypted SNI (ESNI) eliminates the risk of exposing the destination name. Learn more on OUR FORUM.