Theme: Blue and Green Theme: Blue and Green Theme: Red Theme: Green
Background: 1 Background: 2 Background: 3 

Last Update: 21 Jan 2018
Version 8.0.3


State Services Modernisation Unit (SSMU)

Chief Minister's Department,
Level 4, Wisma Bapa Malaysia,
93502 Petra Jaya, Kuching. 

Tel: +6082-449005
Fax: +6082-449002

Picture LOCATION MAP

No Record
26 Dec 2017 - Windows 10 WARNING - PCs vulnerable to hack after shock security risk discovered

 

Windows 10 users have been warned about a new security risk which could open PCs up to an attack.
Microsoft’s flagship operating system can be hacked into via the Windows Hello facial authentication system, cybersecurity experts have warned.
Windows Hello lets users unlock their device simply with their face or with a fingerprint.
But security researchers from German firm SYSS managed to defeat the face scanning feature with a printed picture.
The cybersecurity experts were able to defeat Windows Hello on Windows 10 systems that have not yet received the Fall Creators Update.
SYSS said on these systems a ”simple spoofing attack using a modified printed photo of an authorised person" can crack open Windows Hello.
The researchers claim this attack works against multiple versions of Windows 10 and on different hardware, ZDNet reported.
SYSS tested the spoofing attack against a Dell Latitude with an LilBit USB camera and against a Microsoft Surface Pro 4.
These devices were running various versions of Windows 10, including one of the first releases, version 1511.
The researchers said the attack was also successful on version 1607, which is the Anniversary Update that was rolled out during summer 2016.
The attack was successful on this version even when Microsoft’s enhanced anti-spoofing was enabled.
However, the attack only worked on the two Creators Update released this year when anti-spoofing was disabled.
These updates fixed the exploit, however security researchers said users may still be vulnerable if Windows Hello was set up on an older version of Windows 10.
If that’s the case, then SYSS said Windows 10 users with Windows Hello enabled would have to go into the settings and set it up all over again.
To carry out the spoofing exploit, an attacker would need a printed picture of the authenticated user that was taken with an infrared camera.
In a post on Full Disclosure, SYSS wrote: "According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a paper printout if the ‘enhanced anti-spoofing’ feature is used with respective compatible hardware.
"Thus, concerning the use of Windows Hello face authentication, SYSS recommend updating the Windows 10 operating system to the latest revision of branch 1709, enabling the ‘enhanced anti-spoofing’ feature, and reconfiguring Windows Hello face authentication afterwards."
The news comes after Windows 10 users were put on alert after a security flaw was discovered that could see your passwords stolen by cyber criminals.
The warning revolves around a password manager that recently has been bundled in with some versions of Microsoft’s flagship OS.
Google Project Zero researcher Tavis Ormandy discovered the security risk after installing Windows 10 using a fresh image from Microsoft.
He found that, as a result of the fresh Windows 10 install, Keeper Password Manager was pre-installed on his PC.
When he tested the app, he found a browser plugin the app prompted him to enable resulted in the terrifying bug.
In a blog post he said the security flaw represented "a complete compromise of Keeper security, allowing any website to steal any password."
Ormandy installed Windows 10 using an image from Microsoft Developer Network (MSDN), meaning that it is meant for developers.
However, Reddit users also claimed to have received the vulnerable copy of Keeper after clean reinstalls and even on a brand new laptop.

 

Windows 10 users have been warned about a new security risk which could open PCs up to an attack.

Microsoft’s flagship operating system can be hacked into via the Windows Hello facial authentication system, cybersecurity experts have warned.

Windows Hello lets users unlock their device simply with their face or with a fingerprint.

But security researchers from German firm SYSS managed to defeat the face scanning feature with a printed picture.

The cybersecurity experts were able to defeat Windows Hello on Windows 10 systems that have not yet received the Fall Creators Update.

SYSS said on these systems a ”simple spoofing attack using a modified printed photo of an authorised person" can crack open Windows Hello.

The researchers claim this attack works against multiple versions of Windows 10 and on different hardware, ZDNet reported.

SYSS tested the spoofing attack against a Dell Latitude with a LilBit USB camera and against a Microsoft Surface Pro 4.

These devices were running various versions of Windows 10, including one of the first releases, version 1511.

The researchers said the attack was also successful on version 1607, which is the Anniversary Update that was rolled out in summer 2016.

The attack was successful in this version even when Microsoft’s enhanced anti-spoofing was enabled.

However, the attack only worked on the two Creators Update released this year when anti-spoofing was disabled.

These updates fixed the exploit, however security researchers said users may still be vulnerable if Windows Hello was set up on an older version of Windows 10.

If that’s the case, then SYSS said Windows 10 users with Windows Hello enabled would have to go into the settings and set it up all over again.

To carry out the spoofing exploit, an attacker would need a printed picture of the authenticated user that was taken with an infrared camera.

In a post on Full Disclosure, SYSS wrote: "According to our test results, the newer Windows 10 branches 1703 and 1709 are not vulnerable to the described spoofing attack by using a paper printout if the ‘enhanced anti-spoofing’ feature is used with respective compatible hardware.

"Thus, concerning the use of Windows Hello face authentication, SYSS recommend updating the Windows 10 operating system to the latest revision of branch 1709, enabling the ‘enhanced anti-spoofing’ feature, and reconfiguring Windows Hello face authentication afterwards."

The news comes after Windows 10 users were put on alert after a security flaw was discovered that could see your passwords stolen by cybercriminals.

The warning revolves around a password manager that recently has been bundled in with some versions of Microsoft’s flagship OS.

Google Project Zero researcher Tavis Ormandy discovered the security risk after installing Windows 10 using a fresh image from Microsoft.

He found that, as a result of the fresh Windows 10 install, Keeper Password Manager was pre-installed on his PC.

When he tested the app, he found a browser plugin the app prompted him to enable resulted in the terrifying bug.

In a blog post, he said the security flaw represented "a complete compromise of Keeper security, allowing any website to steal any password."

Ormandy installed Windows 10 using an image from Microsoft Developer Network (MSDN), meaning that it is meant for developers.

However, Reddit users also claimed to have received the vulnerable copy of Keeper after clean reinstalls and even on a brand new laptop.

22 Dec 2017 - North Korea Denies Role in WannaCry Ransomware Attack

 

North Korea on Thursday denied US accusations it was behind the WannaCry global ransomware cyberattack, saying Washington was demonising it.
WannaCry infected some 300,000 computers in 150 nations in May, encrypting user files and demanding hundreds of dollars from their owners for the keys to get them back. 
The White House this week blamed Pyongyang for it, adding its voice to several other countries that had already done so.
A spokesman for Pyongyang's foreign ministry said the US allegations were "absurd", adding: "As we have clearly stated on several occasions, we have nothing to do with cyber-attacks."
Washington had "ulterior" motives, the spokesman added according to the North's KCNA news agency.
"This move is a grave political provocation by the US aimed at inducing the international society into a confrontation against the DPRK by tarnishing the image of the dignified country and demonising it," he said.
North Korea is subject to multiple United Nations sanctions over its banned nuclear and ballistic missile programs, and tested its third ICBM last month.
Leader Kim Jong-Un declared his country had achieved full nuclear statehood, in a challenge to US President Donald Trump who responded with promises of "major sanctions".
According to experts North Korea's cyberwarfare targets have expanded from the political --  it was accused of hacking into Sony Pictures Entertainment in 2014 to take revenge for "The Interview", a satirical film that mocked Kim -- to the financial, as it seeks new sources of funding.
A South Korean cryptocurrency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking -- its second cyberattack this year, with the North accused of involvement in the first.
Investigators are probing the possibility that Pyongyang was also behind Tuesday's incident, the Wall Street Journal and Bloomberg News reported.
The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan's Far Eastern International Bank in October.
Pyongyang has angrily denied the accusations -- which it described as a "slander" against the authorities -- but analysts say the digital footprints left behind suggest otherwise.

 

North Korea on Thursday denied US accusations it was behind the WannaCry global ransomware cyberattack, saying Washington was demonising it.

WannaCry infected some 300,000 computers in 150 nations in May, encrypting user files and demanding hundreds of dollars from their owners for the keys to getting them back. 

The White House this week blamed Pyongyang for it, adding its voice to several other countries that had already done so.

A spokesman for Pyongyang's foreign ministry said the US allegations were "absurd", adding: "As we have clearly stated on several occasions, we have nothing to do with cyber-attacks."

Washington had "ulterior" motives, the spokesman added according to the North's KCNA news agency.

"This move is a grave political provocation by the US aimed at inducing the international society into a confrontation against the DPRK by tarnishing the image of the dignified country and demonising it," he said.

North Korea is subject to multiple United Nations sanctions over its banned nuclear and ballistic missile programs and tested its third ICBM last month.

Leader Kim Jong-Un declared his country had achieved full nuclear statehood, in a challenge to US President Donald Trump who responded with promises of "major sanctions".

According to experts, North Korea's cyber warfare targets have expanded from the political --  it was accused of hacking into Sony Pictures Entertainment in 2014 to take revenge for "The Interview", a satirical film that mocked Kim -- to the financial, as it seeks new sources of funding.

A South Korean cryptocurrency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking -- its second cyberattack this year, with the North accused of involvement in the first.

Investigators are probing the possibility that Pyongyang was also behind Tuesday's incident, the Wall Street Journal and Bloomberg News reported.

The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan's Far Eastern International Bank in October.

Pyongyang has angrily denied the accusations -- which it described as a "slander" against the authorities -- but analysts say the digital footprints left behind suggest otherwise.

No content at the moment

Download statistics report here

<<January, 2018>>
SMTWTFS
 123456
78910111213
14151617181920
21222324252627
28293031 


No event at the moment
online visitor Online Visitors 50
total visitor Total Visitors 527,927