Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Průzkumník ve Windows 11 vytvoří archivy 7Z a TAR. Novinky přináší povinná servisní aktualizace

Zive.cz - bezpečnost - 1 hodina 1 min zpět
**Microsoft vydal 9. července večer servisní aktualizace pro Windows **Průzkumník ve Windows 11 podporuje tvorbu archivů 7Z a TAR **Vývojový tým opravil 139 slabých míst zabezpečení
Kategorie: Hacking & Security

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

The Hacker News - 6 hodin 15 min zpět
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

For July, Microsoft’s Patch Tuesday update fixes four zero-day flaws

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 21:00

Microsoft released 132 updates in its July Patch Tuesday update while addressing four zero-days (CVE-2024-35264CVE-2024-37985CVE-2024-38080 and CVE-2024-38112) affecting Windows desktop, Microsoft .NET and Visual Studio. This is a very significant patch cycle for Microsoft SQL Server, but there are no updates for Microsoft browsers and a low profile set of patches for Microsoft Office. No major revisions require attention, with testing focused squarely on SQL dependent applications. 

The team at Readiness has provided a useful infographic detailing the risks with each of the updates this cycle. 

Known issues 

Each month, Microsoft publishes a list of known issues included in its latest release, including two reported minor issues:

  • After you install KB5034203 (dated 01/23/2024) or later updates, some Windows devices that use the DHCP Option 235 to discover Microsoft Connected Cache (MCC) nodes in their network might be unable to use those nodes. Microsoft offered two options to mitigate the issue through setting the Cache Hostname or using group policies. Microsoft is still working on a resolution.
  • Context menus and dialog buttons in some Windows apps, or parts of the Windows OS user interface (UI), might display in English when English is not set as the display language. This might also affect font size.

We fully expect to see more issues relating to how the Windows UI presented over the coming months as Microsoft works through some of the core level issues with new ARM builds. This means that even non-ARM builds will be affected (see CVE-2024-37985). Look out for input method editor, language pack, and dialog box language issues for non-English builds.

Major revisions 

This Patch Tuesday saw Microsoft publishing the following major revisions to past  security and feature updates, including:

  • CVE-2024-30098 : Windows Cryptographic Services Security Feature Bypass. Microsoft has added a FAQ to explain how this vulnerability is being addressed and further actions customers must take to be protected from it. This is an informational change only; no further action is required.
Mitigations and workarounds

Microsoft published the following vulnerability-related mitigations for this month’s release cycle: 

Each month, the Readiness team analyses the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on assessing a large application portfolio and a detailed analysis of the patches and their potential impact on the Windows platforms and app installations.

For this cycle, we have grouped the critical updates and required testing efforts into different functional areas:

Microsoft Office
  • Test out your Teams logins (which shouldn’t take too long).
  • Because SharePoint was updated, third-party extensions or dependencies will require testing.
  • Due to the change in Outlook, Internet Calendars (ICS files) will require testing.
  • With the Visio update, large CAD drawings will require a basic import and load test.
Microsoft .NET and developer tools

Microsoft has updated the Microsoft .NET, MSI Installer and Visual Studio with the following testing guidance:

  • PowerShell updates will require a diagnostics test. Try the command, “import-module Microsoft.powershell.diagnostics – verbose” and validate that you are getting the correct results from your home directory.
  • Due to the change in the Windows core installation technology (MSI), please validate that User Account Control (UAC) still functions as expected.
Microsoft SQL Server

This month is a big update for both Microsoft SQL Server and the local, or workstation supporting elements of OLE. The primary focus for this kind of complex effort should be your line-of-business or core applications. These are the applications that have multiple data connections and rely on complex, multiple object/session requirements. Due to the changes this month, we can’t recommend specific Windows feature testing regimes, as we are most concerned that the business logic (and resulting data) of the application in question might be affected. Only you will know what looks good; we advise a comparative testing regime across unpatched and newly patched systems looking for data disparities.

Windows

Microsoft made another update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio. We also recommend that you test the following functional areas in the Windows platform:

  • File compression has been updated, so file and archive extraction scenarios will need to be exercised.
  • Due to the Microsoft codec updates, perform a system reboot and test that your audio and camera still work together.
  • Security updates will require the testing of the creation of new Windows certificates.
  • Networking changes will require a test of DNS and DHCP, specifically the DHCP R_DhcpAddSubnetElement API. As part of these changes, testing VPN authentication will be required. Try to include your Network Policy Server (NPS) as part of the connection creation and deletion effort.
  • This month’s update to Remote Desktop Services (RDS) will require the creation and revocation of license requests.
  • A significant update to the Network Driver Interface Specification (NDIS) will require testing of network traffic involving repeated bursts of large files. Try using Teams while this networking burst testing is in progress.
  • Backup and printing have been updated, so test your volumes and ensure that when you print out a test page, your OS does not crash (yes, really). Try printing out TIFF files. (Hey, you might like it.)

As part of the ongoing effort to support the new ARM architecture, Microsoft released the first patch for this new platform, CVE-2024-37985. This is an Intel assigned processor-level vulnerability that has been mitigated by a Microsoft OS level patch. The Readiness team has provided guidance on potential ARM-related compatibility and testing issues. 

Specifically, the Readiness team was concerned with Input Method Editors (IMEs). We suggest a full test cycle of Windows input related features such as keyboard, mouse, touch, pen, gesture and dictation. Some internet shortcuts might be affected as well as wallpapers.

Windows lifecycle update 

This section contains important changes to servicing (and most security updates) to Windows desktop and server platforms.

  • Home and Pro editions of Windows 11, version 22H2 will reach end of service on Oct. 8, 2024. Until then, these editions will only receive security updates. They will no longer receive non-security, preview updates.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

  • Browsers (Microsoft IE and Edge);
  • Microsoft Windows (both desktop and server); 
  • Microsoft Office;
  • Microsoft Exchange Server ;
  • Microsoft Development platforms (ASP.NET Core, .NET Core and Chakra Core)
  • Adobe (if you get this far).
Browsers

Microsoft did not release any updates for its non-Chromium browsers. Following the stable channel release of Chrome (applicable until July 25, 2024) we have not seen any changes, deprecations or testing profile updates to this browser. No further action required.
 

Windows

Microsoft released four critical and 83 updates rated as important with two zero-day patches (CVE-2024-38080 and CVE-2024-38112) affecting the Microsoft Hyper-V and MSHTML feature groups, respectively. In addition to these critical updates, Microsoft patches for July affect the following Windows feature groups:

  • Windows NTLM, Kernel, GDI and Graphics;
  • Windows Backup;
  • Windows Codecs;
  • Microsoft Hyper-V;
  • Windows (Line) Print and Fax ;
  • Windows Remote Desktop and Gateway;
  • Windows Secure Boot and Enrolment Manager.

Add these Windows updates to your Patch Now release cycle.

Microsoft Office 

Microsoft returns to form with a critical update for Office this month (CVE-2024-38023) for the SharePoint platform. We have another update for Outlook related to spoofing (CVE-2024-38020), but this vulnerability is not wormable and requires user interaction. There are four more, lower rated updates; please add all of these updates to your standard release schedule.

Microsoft SQL (nee Exchange) Server 

There were no updates for Microsoft Exchange Server this month. However, we have seen the largest release of Microsoft SQL updates in the past few years. These SQL-related updates cover 37 separate reported vulnerabilities (CVEs) and the following main product features

  • SQL Server Native Client OLE DB Provider;
  • Microsoft OLE DB Driver for SQL.

We covered the testing requirements for this SQL update in our testing guidance section above. This month’s SQL updates will require some preparation and dedicated testing before adding to your standard release schedule.

Microsoft development platforms 

Microsoft released four, low-profile updates to the Microsoft .NET and Visual Studio platforms. We do not expect serious testing requirements for these vulnerabilities. However, CVE-2024-35264 has been reported as publicly disclosed by Microsoft. This makes this an unusually urgent patch for Microsoft Visual Studio attracting a “Patch Now” rating this month.

Adobe Reader (and other third-party updates) 

Very much as our Microsoft Exchange section has been “hijacked” by SQL Server updates this month, we’re using the Adobe section for third-party updates. (There are no updates to Adobe Reader.) 

  • CVE-2024-3596: NPS RADIUS Server. A vulnerability exists in the RADIUS protocol that potentially affects many products and implementations of the RFC 2865 in the UDP version of the RADIUS protocol. 
  • CVE-2024-38517 and CVE-2024-39684: GitHub Active Directory Management Rights. The  vulnerability assigned to this CVE is in the RapidJSON library which is consumed by the Microsoft Active Directory Rights Management Services Client, hence the inclusion of this CVE with this update.
  • CVE-2024-37985: This memory related update from Intel relates to its prefetcher technology. Affected: Core Windows OS memory related components — particularly the new ARM builds, which I find both confusing and ironic.
Kategorie: Hacking & Security

EU accuses X/Twitter of breaching the Digital Services Act

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 20:28

The European Commission has released the preliminary findings from an investigation launched last year into X (formerly Twitter), and said it believes the company is in breach of the Digital Services Act (DSA), which applies to marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms.

Non-compliance in three areas

In a statement, the Commission said X was found non-compliant in three areas: 

  • The “verified account” mechanism is designed and implemented in a way that deceives users and does not correspond to industry practice. “Since anyone can subscribe to obtain such a ‘verified’ status, it negatively affects users’ ability to make free and informed decisions about the authenticity of the accounts and the content they interact with,” the Commission said, adding there is “evidence of motivated malicious actors abusing the ‘verified account’ to deceive users.”
  • X does not comply with requirements around transparency in advertising. “In particular, the design does not allow for the required supervision and research into emerging risks brought about by the distribution of advertising online,” the Commission  argued.
  • X does not provide access to its public data to researchers, as specified by conditions in the DSA. Its terms of service prohibit researchers from independently accessing public data, and its process for granting researchers access via its application programming interfaces (APIs) “appears to dissuade researchers from carrying out their research projects or leave them with no other choice than to pay disproportionally high fees.”

X now has the right to examine the commission’s documentation and prepare a defense. 

If the preliminary findings are confirmed, the company faces a non-compliance decision that could result in fines of up to 6% of its global annual revenue, an order to address the issues detailed in the decision, and the potential for a period of enhanced supervision. The commission  can also impose periodic penalty payments.

The move could be seen as a warning shot to other companies.

“While the ruling may not have a direct impact on enterprise CIOs, it emphasizes learning from broader implications and the mistakes of others,” said Phil Brunkard, executive counselor at Info-Tech Research Group, UK. “It sets a precedent for public trust in online marketplaces or social media, highlighting the importance of integrity and transparency in data privacy. Regulation is not just about ticking the compliance box — it’s crucial for customer trust. CIOs must ensure strong governance to protect their brands and maintain customer trust, as trust is the foundation for successful organizations.”

Investigations continue


Investigations continue into X’s risk management around the dissemination of illegal content and the effectiveness of how it combats information manipulation.

To assist in its investigations, the Commission released a whistleblower tool that allows people to contact it anonymously with information contributing to compliance monitoring of X and other entities designated Very Large Online Platforms (VLOP) under the DSA.

X is not the only organization under scrutiny. The Commission has also initiated formal proceedings against TikTok, Meta (in separate proceedings launched in April and May 2024, respectively), and AliExpress.

Kategorie: Hacking & Security

Open AI has developed a scale to assess how close we are to AGI

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 17:22

Open AI, the company behind the popular AI ​​chatbot Chat GPT, has now developed an evaluation scale to assess how closely AI models can approach human levels of intelligence, according to a Bloomberg report.

The scale has a total of five levels. The higher the level, the closer the AI ​​model is judged to be to human intelligence. Today’s large-scale language models are currently judged to be at level one; that corresponds to basic intelligence, but not a more advanced problem-solving ability.

Level two means that the system has a basic problem-solving ability that should be comparable to a human with a PhD. Level three means the system can act as a representative for the user. Level four means that the system can create new innovations. Finally, level five involves the step to achieve artificial general intelligence (AGI), an AI system can perform the work of entire organizations.

Open AI has previously defined AGI as a highly automated system that can outperform humans on the majority of economically valuable tasks. Open AI’s evaluation scale is considered preliminary and could be adjusted in the future.

Kategorie: Hacking & Security

Now Microsoft Copilot can understand your handwriting

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 17:15

Microsoft will soon enable the company’s AI assistant Copilot to read and analyze handwritten notes, The Verge reports . The function was expected to begin as a beta test at the end of last month.

Onenote users can use the function to make handwritten notes with a stylus and then let Copilot, for example, sum them up, generate a to-do list, or ask questions about the notes.

The feature can also be used to turn handwritten notes into text that is easier to edit and share. Once live, the feature will only be available to Copilot for Microsoft 365 subscribers and Copilot Pro users.

Kategorie: Hacking & Security

Zoom adds workflow automation to save time on routine tasks

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 17:06

Zoom has added a workflow automation tool to its collaboration app designed to save users time spent on repetitive tasks, the company announced this week

Available in Zoom’s Workplace app, the Workflow Automation feature (currently in beta) lets users set up automations using a drag-and-drop, no-code interface. 

Having made its name selling videoconferencing software, Zoom has expanded its functionality in recent years to cater to a wider range of collaboration scenarios. This includes chat, whiteboardnote taking, and room-booking tools that make up its Workplace product. The workflow automation tool brings Zoom’s app further into line with rival collaboration software vendors, including Slack (Workflow Builder) and Microsoft (Teams/Power Automate). 

The initial focus is on the creation of workflows in Zoom’s text chat tool, though automations across the Workplace app will be enabled later, the company said.

A simple example might be a team leader scheduling a recurring project status check-in in Zoom chat. Here, a team leader can create workflow can be set up to automatically post a pre-written message at a certain time each day to request an update from team members. Automations could also be used to introduce new team members to a channel, or simplify processes around time-off requests, Zoom said.

“We built Workflow Automation to be easy for teams of all sizes and abilities to use,” Wei Li, head of Zoom Team Chat at Zoom, said in a blog post Wednesday. “We’re launching Workflow Automation with Team Chat first because it’s an opportunity to strengthen collaboration with team members and get work done asynchronously. Workflow Automation helps teams by taking the guesswork out of setting up workflows and helps cut down on tedious and repetitive tasks.” 

Users can create their own workflow automations or select from pre-built templates. It’s also possible to connect with third-party apps such as Google Drive, Microsoft Outlook, or Atlassian Jira. 

The workflow automation features are available at no cost to paid Zoom customers during the beta trial. Some limitations will be introduced at general availability launch, with charges for usage outside of allotted “premium” workflow runs. 

Kategorie: Hacking & Security

Download our Android smartphones enterprise buyer’s guide

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 17:00

From the editors of Computerworld, this enterprise buyer’s guide helps IT staff understand the various Android smartphone options for business use and how to choose the right solution for where you operate.

Kategorie: Hacking & Security

Will Apple stop at Messages via Satellite?

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 16:57

With Messages via Satellite, iOS 18 shows that Apple is going into space — and as more satellites are put in place, it will expand the capabilities of the services it provides.

Introduced at WWDC, Apple Intelligence gorged gargantuan quantities of media attention, but Apple’s plans for outers space are important, too.  Available in the US with iOS 18 on iPhone 14 or later, Messages via satellite allows users to send and receive texts, emoji, and Tap backs over iMessage and SMS when a cellular or Wi-Fi connection is not available.

Satellite and iPhone chips

Apple is basically broadening the feature set it introduced when it launched SOS by Satellite (now available in multiple countries) in 2022 to include any kind of message. The system works in the same way: “Messages via satellite automatically prompts users to connect to their nearest satellite right from the Messages app to send and receive texts, emoji, and Tap backs over iMessage and SMS,” Apple explained. “Because iMessage was built to protect user privacy, iMessages sent via satellite are end-to-end encrypted.”

How Messages via Satellite works

When you aren’t connected to a network, a prompt will appear on your iPhone inviting you to use satellite services. 

  • Tap that to access Messages, Find My, Emergency SOS and Roadside Assistance. If you select Messages, a prompt will appear giving you an option to connect by satellite.
  • Choose this and your iPhone will guide you to get to the best satellite connection.
  • When typing your message, you’ll see an alert appear in the text entry field to show you that you are connecting via satellite.
  • Feedback from the first reviewers to use the feature suggests it can take a little longer to send a message if the satellite connection is weak; at other times, it can feel as swift as normal messaging.
  • All Apple’s satellite services are free for now, but the company has said enough to suggest this might eventually change.
  • You do need an iPhone 14 or later to access these services.
  • See also How to use Emergency SOS via Satellite.

That’s Messages via Satellite. 

What about Apple in space?

The Apple partnership is important to its satellite company partner.  “We are the operator for certain satellite-enabled services offered by Apple,” says Globalstar’s most recent annual report, which informs us that wholesale capacity services (which includes the Apple business) accounted for around 48% of company revenue last year.

“Wholesale satellite capacity services include satellite network access and related services using our satellite spectrum and network of satellites and gateways,” the report said. Under the Apple deal (also discussed here, and here), Globalstar must allocate network capacity to support Apple’s services and enable Band 53/53n for cellular services

In return, Apple pays recurring service fees, certain operating expenses and capital expenditures, and bonuses. Apple also supports investments in new satellite capacity. Globalstar hopes to launch another 26 satellites by next year; a German report claimed it might have more than 3,000 of them in flight in the next few years. 

The network space race

“We are excited about the new satellites that we have under construction to enhance our constellation following their launch, which is expected in 2025: more satellites mean more power on orbit that we can use to create additional supply to meet the growing demand for LEO capacity,” Globalstar said in its recent report. 

It is reasonably easy to guess that part of this increase in capacity will be dedicated to making Apple’s existing satellite services global. Following that logic, this implies the company will soon have in place an international system that supports end-to-end encrypted messaging and relies on non-nation-state infrastructure. 

At least one space expert thinks Apple will choose to widen the network to become a full space communications service — broadly in line with predictions from Bloomberg in 2020. Though these are “unlikely” to be the primary network for most people because of limitations on capacity and performance — at least, so far — as space agencies explore the potential to put data centers in space, and as network capability and processor performance improves, at what point will such communications become feasible? There sure seems to be money going in that direction.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

The Hacker News - 12 Červenec, 2024 - 16:51
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Australian Defence Force Private and Husband Charged with Espionage for Russia

The Hacker News - 12 Červenec, 2024 - 14:24
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev, Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

The Hacker News - 12 Červenec, 2024 - 12:55
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

The Hacker News - 12 Červenec, 2024 - 12:51
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypassNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

What to do when Windows won’t boot

Computerworld.com [Hacking News] - 12 Červenec, 2024 - 12:00

When Windows won’t boot up, it can be a disturbing experience. But that moment passes quickly, and you must decide how to get past this (hopefully) temporary hiccup.

Fortunately, there are plenty of ways to tackle this. They do vary in the time and effort required to implement, and in the severity of their potential impact on your PC.

Let’s talk about them, then work through the options and activities involved, along with a strategy for approaching such repair. Throughout, there’s special emphasis on Startup Repair and Boot Recovery tools, facilities and commands available in Windows 10 and 11.

What do you see?

When Windows tries but fails to boot, there are several possible displays you might see. These include a “black screen,” which essentially means nothing is on display at all.

The dreaded “Windows black screen with cursor.”

Ed Tittel/IDG

If you see a black screen

Should you see a black screen, check your PC indicator lights to make sure the device is still powered on. Sometimes when Windows shuts down, it can automatically kill the power, too. In such circumstances, the best possible outcome is powering up, followed by a normal boot sequence all the way into the Windows desktop.

For a black screen with the power on, things in Windows get more interesting. Even so, it’s worth cycling the power and trying again before attempting other repairs. Often, things will return to normal on their own. If you wind up with a second black screen, see my companion story “How to fix a Windows 10 black screen” for more tips, which work as well for Windows 11 as they do for Windows 10.

If you see something else: NOT a black screen

As Windows starts up, it uses a special program called a boot loader to start the process of taking over a PC, before it hands over control to the operating system. If enough “smarts” are present when a problem occurs during boot-up, users might see what’s called a “stop error” or a “blue screen.” Though the color can vary in recent versions of Windows, blue was a constant backdrop for such errors from the earliest Windows versions through Windows 7 and became enshrined in Windows folklore as the “Blue Screen of Death,” a.k.a. BSOD, as shown in Figure 1.

Figure 1: BSOD example for INACCESSIBLE_BOOT_DEVICE.

Ed Tittel / IDG

Figure 1 shows a BSOD for what might be called a basic no-boot scenario: it’s associated with Stop Code 7B (a hexadecimal number) otherwise labeled INACCESSIBLE_BOOT_DEVICE. In other words, it shows up when the boot loader recognizes that it cannot access the storage device from which it would normally load the Windows OS. What more basic cause for boot failure could there be? None!

On the other hand, if the Windows boot loader can’t load the OS but it can find a bootable Windows Recovery Environment partition, it should load a warning message like the one shown in Figure 2.

Figure 2: I forced this error, which would normally read “Windows didn’t start correctly.”

Ed Tittel / IDG

Try WinRE Startup Repair

Select See advanced repair options at lower center right in Figure 2. This displays the root-level Windows Recovery Environment (a.k.a. WinRE), as shown in Figure 3.

Figure 3: This is the root-level menu for the Windows Recovery Environment. We’ll move on to the Troubleshoot selection.

Ed Tittel / IDG

Boot repairs may be handled under the Troubleshoot option in Figure 3. (If you’ve prepared a bootable USB drive with repair tools, you could instead elect to boot to that by selecting Use a device.) When you click Troubleshoot, you’ll see the screen shown in Figure 4.

Figure 4: Advanced options appear when you select the Troubleshoot option in Figure 3. Note that the first item reads Startup Repair.

Ed Tittel / IDG

Click the Startup Repair button at upper left. Your PC immediately reboots. Against a black screen, the spinning balls appear over a legend that reads “Diagnosing your PC.” In the background, WinRE is running an automated set of startup checks and (where applicable) making repairs.

You’ll either wind up with a bootable desktop, or the UI will pop up a message that reads “Startup Repair couldn’t repair your PC,” as shown in Figure 5.

Figure 5: When Startup Repair fails (and it often does), it reports accordingly.

Ed Tittel / IDG

Failure happens more often than most of us would like. Indeed, I have occasionally seen WinRE’s automated Startup Repair work, but perhaps in only one out of three or four attempts.

Not to fear: there are several more repair strategies to try when Windows won’t boot. I’ll go over those in a moment — but first, it’s useful to understand Windows boot mechanisms and its boot configuration data (aka BCD).

Windows boot and BCD explained

Windows 11 creates at least two boot structures on any media (usually SSD or hard disk) from which Windows will boot. By convention, the disk where two special programs reside, known as the Windows Boot Manager and the Windows Boot Loader, is called a “boot disk.” If a runnable version of Windows also resides on that same drive, it’s called a “boot/system disk.”

The boot loader resides in a disk partition allocated for the Basic Input-Output System (BIOS) or Unified Extensible Firmware Interface (UEFI), the software that kicks off system start-up, to use when the system is initially booting itself up. After it goes through hardware and security checks, including device enumeration, the BIOS or UEFI hands over control to the boot loader, which starts the process of reading OS boot information from the Boot partition on the disk.

It then hands over control to the Windows Boot Manager, which takes over the process of starting up Windows and making it ready to run for user login and application support. The Windows Boot Manager is also responsible for handling what’s called Boot Configuration Data (BCD), on the system’s behalf.

When Windows 10 or 11 gets installed, it also creates a separate Recovery Partition at the tail end of the disk, where it keeps a bootable version of the Windows Recovery Environment (a.k.a. WinRE) that can take over if the Windows system/boot partition becomes inaccessible. This is depicted in the layout of the C: drive from a test PC in Figure 6, where EFI, system/boot, and recovery partitions follow one another from left to right.

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

Figure 6: From left to right: EFI, system/boot, and recovery partitions for C: (from DiskMgmt.msc).

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

If you look at the defaults for boot configuration data in Windows 10 or 11, you’ll see information about the Windows Boot Manager and the Windows Boot Loader appear (from the BCDedit command, discussed in the later section “Rebuilding Windows BCD”). Figure 7 shows the results of running the bcdedit command by itself, which displays active boot information currently known to the boot manager.

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

class="close-button" data-wp-on--click="actions.core.image.hideLightbox">

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

Figure 7: Run by itself (top left), BCDedit shows all active boot partitions, boot loader, boot manager, and recovery info.

Ed Tittel / IDG

aria-hidden="true">

Ed Tittel / IDG

For the purposes of our discussion in this story, it’s enough to understand that boot configuration data describes where the system should look to find the programs it needs to boot the system. Hopefully, it’s also obvious that this data is essential to starting up Windows. Thus, corruption, damage, and invalid entries in this data can (and does) result in an unbootable Windows installation. Fixing that is what we’re about here.

Repair strategies when Windows won’t boot

While you can sometimes use WinRE to repair Windows boot problems, that may not be the fastest or easiest way to fix things. In my experience, I’ve had better luck doing any or all of the following when Startup Repair didn’t fix boot issues:

  • Restoring a known, good, working OS image (e.g., using Macrium Reflect or a similar disk image tool restore operation).
  • Using a third-party boot repair tool (e.g., Macrium Rescue Media “Fix Windows boot problems” or similar boot repair tool).
  • Rebuilding the Windows Boot Configuration Data (BCD) from the command line in WinRE.

Please note: I present these options in their recommended order for the techniques covered. That’s because of the time, effort, and complexity they involve or entail. This is almost the reverse of what readers may expect. That’s because it starts from a non-boot-related approach, then goes on to explain third-party boot repair tools, and only then concludes with built-in Microsoft commands.

All this assumes you’ve tried the Startup Repair option from Figure 4 without fixing your Windows 11 boot issue, whatever it may be.

1. Restoring a known, good working image

If you’ve got a recent image backup for the non-booting PC, you can boot to its restore tool. Then you can restore that backup to the target disk. Such a restore replaces the entire disk image, including boot configuration data, disk layout, and all contents. As long as the drive itself is working, this is the fastest, safest, and surest way to resolve boot problems I know. You can read all about how to create and restore a Windows image backup in my story “How to make a Windows 10 or 11 image backup.”

Each of the image backup packages covered in that story can create its own bootable media, able to restore backups from some other drive (and often includes boot repair tools as well, as you’ll see in the next section). Those tools, including links to tutorials on creating them, are:

If you’ve been using the Windows Backup facility in Windows 11 (see my story “A new Windows 11 backup and recovery paradigm?” for info on how to use this), you will be able to access copies of files from key folders (and more) that have changed since your most recent image backup. This provides the best of both worlds when it comes to restoration, because an image backup provides immediate access to all your installed apps and applications, while Windows Backup provides access to key recent files via OneDrive.

2. Using a third-party boot repair tool

Most image backup tools mentioned in the previous section include boot repair facilities (MiniTool relies on its free Partition Wizard for repairing Windows boot errors instead). Other notable tools include those covered in the April 2024 Lifewire story “10 Best Free Disk Partition Software Tools,” many of which include boot repair facilities as part and parcel of their partition management capabilities á la MiniTool Partition Wizard (MTPW).

Personally, I’ve used the “Fix Windows Boot Problems” item from the Macrium Rescue Media on many occasions to tackle Windows boot problems. As long as the underlying drive was still working (it can’t fix failing hardware, alas), it has always been able to restore a working Windows boot environment when asked to do so.

I’ve also used the MTPW tool on multiple occasions, and it, too, has shown itself effective. Online reports and forum threads for the other tools mentioned here and in the preceding section indicate that they also enjoy positive ratings from their users.

If you don’t have a current backup to restore, or can’t restore such a backup for some reason, try one or more of these boot repair tools before you move to the Command Prompt in WinRE, as described in the next section. They will often fix whatever ails your Windows boot environment.

3. Rebuilding Windows BCD in WinRE

In the Windows environment, Boot Configuration Data (BCD) identifies programs used to boot the OS, and related settings (configuration) data. When Windows is running, the command line tool of choice for such information is BCDedit. But when you’re running inside the Windows Recovery Environment, having booted from bootable Windows install media (or some equivalent, such as the Microsoft Diagnostics and Repair Toolkit, a.k.a. DaRT), the tool of choice is bootrec.exe because it works on BCD data for the broken Windows image (that is, the one on your system/boot disk that isn’t currently working).

To run this command, select the Command Prompt option shown in Figure 4, then type the bootrec.exe command at the command line, using one of the options described in the next paragraph.

Interestingly, Microsoft’s Bootrec.exe support files haven’t been updated since the days of Windows 7. Even so, they’re still reasonably accurate for Windows 10 and 11. The following options still work in both:

  • /FixMBR: Writes a new BCD store to the system partition, without overwriting existing partition table data. This option can address boot corruption issues, especially when the boot loader can’t read or interpret available BCD info.
  • /FixBoot: Writes a new boot sector to the system partition using a boot sector compatible with the OS in use. This option helps address improper or invalid BCD changes, boot sector damage or corruption, or changes imposed when installing an older OS after a newer one was installed.
  • /ScanOS: Scans all disks for installations compatible with the current OS. Displays all boot sector entries it finds, including those not currently residing in the BCD store. This option is intended to pick up installations not showing in the Boot Manager menu.
  • /RebuildBcd: Scans all disks for installations compatible with current OS. Allows users to select an installation to add to the BCD store. Also rebuilds the BCD store from scratch.

The most common bootrec invocation is to instruct it to rebuild the BCD store — namely:

Bootrec.exe /RebuildBCD

(Note: the .exe is optional.)

If this technique does not result in a bootable Windows, follow the instructions at the end of the Microsoft support page to export and delete the BCD store, then rebuild that store anew. This usually works.

The makers of Ventoy, a terrific bootable ISO management tool, offer a tutorial called “How to Rebuild BCD in Windows Easily.” It even includes detailed bootrec instructions, especially Section 2, “Using the Command Prompt.” It walks through an illustrated version of the same instructions found at the tail end of the aforementioned support page.

You can learn a lot about the way that bootrec.exe actually works by digging into Microsoft’s detailed (and better documented) BCDedit command reference info (see also BCDedit Command-Line Options). Hopefully, you’ll have an image backup of your problem drive handy so you can always restore same should command-line repairs go off the rails.

Getting past the finish line

Ultimately, you’ll find yourself in one of two places. First and best, you’ll restore Windows to working order, including a proper boot. Second and less favorably, you’ll be stuck going nowhere with no boot in sight.

Should this happen, you’ll have to decide whether or not you want to scrub the existing Windows installation and start over. (In the most dire circumstances, this could mean replacing the boot/system drive that simply won’t boot despite all efforts to fix it.) On the other hand, it may be time to consider taking the PC into the shop to get on a professional bench for repair or replacement as their findings dictate.

In my 30-plus years of working with Windows, drive failure has come up twice. In both cases, the drive that wouldn’t boot wasn’t working and needed replacement. If this is a task you can comfortably handle (it’s something I routinely take care of for my fleet of 12-20 PCs), it’s neither terribly difficult nor time-consuming.

And again: if you have a recent backup, you can usually restore that to a new drive the same way you would work with the existing one. Remember: where there’s a will, there’s a way. Good luck!

Kategorie: Hacking & Security

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

The Hacker News - 12 Červenec, 2024 - 10:30
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

What is UEM? Unified endpoint management explained

Computerworld.com [Hacking News] - 11 Červenec, 2024 - 20:56

Unified endpoint management (UEM) describes a set of technologies used to secure and manage a wide range of employee devices and operating systems — all from a single console.

Seen as the next generation of mobility software, UEM tools incorporate several existing enterprise mobility management (EMM) technologies — including mobile device management (MDM) and mobile application management (MAM) — with some of the tools used to secure desktop PCs and laptops.

[ Download our editors’ PDF unified endpoint management (UEM) enterprise buyer’s guide today! And download our handy PDF UEM vendors comparison chart.]

“UEM in theory ties this all together and gives you that proverbial one pane of glass, so you can see the state of all of your endpoints,” said Phil Hochmuth, program vice president at IDC. “It gives you visibility into what people are doing with corporate data, corporate apps, on any conceivable type of device.”

The ability to manage various device types in one place is increasingly important as businesses face a growing cybersecurity threat, said Tom Cipolla, senior director analyst at Gartner. “We need to patch faster; everybody acknowledges that,” he said. “UEM gives people a consolidated view into their environment and a consolidated patching and configuration management approach.”

The evolution of mobile management: MDM, MAM, and more

At its core, UEM consists of several device management technologies that emerged to help businesses control employee mobile devices. The first iteration of such tools was MDM, which arrived about a decade ago.

Introduced in response to the initial wave of smartphones used in the workplace, MDM was designed to help IT centrally provision, configure, and manage mobile devices that had access to corporate systems and data. Common MDM features included security configuration and policy enforcement, data encryption, remote device wipe and lock, and location tracking.

However, as employee bring-your-own-device (BYOD) schemes became more prevalent in the office — driven first by the iPhone’s popularity, later by the growth of Android — vendors began to offer more targeted management of apps and data. MAM capabilities delivered more granular controls, focusing on software rather than the device itself; features include app wrapping and containerization, and the ability to block copy/paste or restrict which apps can open certain files.

MAM features were soon packaged with MDM and other tools, such as mobile identity management and mobile information management, and sold as comprehensive enterprise mobility management (EMM) product suites. Those suites led to the next stage in the evolution of device management: UEM.

What is UEM?

UEM merges the various facets of EMM suites with functionality typically found in client management tools (CMT) used to manage desktop PCs and laptops on a corporate network. One example is Microsoft’s Intune, which combined its MDM/MAM platform with Configuration Manager (formerly System Center Configuration Manager) in 2019.

UEM platforms tend to have comprehensive operating system support, including mobile (Android, iOS) and desktop OSes (Windows 11, macOS, ChromeOS, and, in some cases, Linux). Some UEM products support more esoteric categories too, including IoT devices, AR/VR headsets, and smartwatches.

Unlike traditional CMT products, UEM tends to be available as a software-as-a-service, cloud-based tool, allowing management and updates of devices such as desktop PCs without connection to a corporate network. 

The emergence of UEM has been partly driven by the inclusion of API-based configuration and management protocols within Windows and macOS, enabling the same level of device management that was already possible with iOS and Android devices.

It speaks to a wider development, too, of the convergence of mobile and traditional computing devices, with high-end tablets often on par with laptops in terms of processing power. “You have a real blurring of the lines between what is mobile computing and what is traditional endpoint computing,” said Hochmuth.

Why invest in UEM tools?

All of these devices — mobile, desktop, Windows, Mac, in the office and remote — require a unified approach to end user device management, an approach that can provide a variety of benefits, say analysts.

Among these is the opportunity for simplified and centralized management. In short, it’s more efficient for one team to provision and manage all devices from a single tool, rather than have separate support teams and tools that were traditionally divided between mobile and Windows or macOS computers. 

“If you have a separate software product or management platform for four different operating systems, that can be cumbersome and expensive,” said IDC’s Hochmuth. “Converging down to one or two is a goal for a lot of organizations.”

UEM products can reduce manual work for IT, with the ability to create a single policy — such as requiring device encryption — that can be deployed to many devices and operating systems. The same goes for patching.  

By ensuring consistent policies across apps, devices and data, UEM tools can reduce risk, with less complexity and fewer opportunities to misconfigure policies. 

There are cost benefits in replacing separate PC and mobile management applications too. “Getting rid of one software platform and all the licensing associated with that is a cost saving. That’s not the primary driver, but it’s definitely a reason to explore UEM,” said Hochmuth. 

The UEM vendor market

The global market for unified endpoint management software is forecast to grow from $5.9 billion in 2023 to $8.9 billion in 2028, according to IDC data. The rate of yearly growth is set to slow, however, from around 16% to 6% during this period. 

There are a variety of vendors, from big-name firms to smaller, more targeted companies. Microsoft (Intune) and VMware/Broadcom (Workspace One) are often considered the UEM market leaders with the broadest offerings and largest market share by revenue. BlackBerry UEM, Citrix Meraki Systems Manager, IBM MaaS360, ManageEngine, Cisco, and Ivanti UEM are also popular products.

“All these companies have roles or verticals or use cases that they address specifically,” said Hochmuth. For instance, BlackBerry is often viewed as strong in regulated markets, such as finance or healthcare, due its focus on encryption, while Microsoft has a more of a “horizontal” product with general business use cases.  

Among the vendors that have taken a more specialized approach is Jamf, which is focused purely on Apple devices running everything from macOS to tvOS, and SOTI, whose products are tailored to certain industries, such as warehouse workers with ruggedized mobile devices.

UEM reaches mainstream adoption

Gartner defines UEM as being “a late-stage maturity market,” meaning “widespread adoption has already occurred,” said Cipolla. 

IDC data indicates that around two-thirds of US businesses have now deployed a UEM tool. That doesn’t mean most organizations will use a single UEM platform, however. 

Among those that have deployed UEM, around 70% have two or more  management products in place, said Hochmuth.   For example, an organization might have one tool to manage certain Windows devices, another for both mobile and macOS devices, and then a legacy PC management tool still in use for another set of Windows devices. “The norm is more the mixed type of organizations that have different tools and multiple UEMs,” said Hochmuth, though the trend in recent years has been towards consolidation of these tools.

What’s on the horizon for UEM? AI and autonomous endpoint management 

An ongoing trend related to UEM is the rise of digital employee experience (DEX) software. DEX tools can provide IT with data and insights into how employees interact with devices and applications, with the ability to measure usage and highlight performance problems. “That’s a growth area that all the UEM vendors are pushing into,” said Hochmuth.

Also coming to UEM tools: the integration of artificial intelligence (AI). “This space in particular, is incredibly ripe for help from an AI product,” said Hochmuth. 

AI could help manage a longtime challenge for endpoint management — scale. That’s because the wide range of devices, vulnerabilities, and configurations that have to be managed.

“The pure amount of data given off by thousands of devices running different operating systems, it’s super chaotic,” said Hochmuth. “That’s a perfect use case for an AI tool that could sift through data, help you find information you need, or even more importantly, automate a lot of the manual patching, updating, configuration – the reactionary type things that people in IT ops do. Anticipating when someone might need a fix before something breaks: AI could really help with that.”

Gartner’s Cipolla points to the emergence of autonomous endpoint management (AEM), a term that describes the combination of UEM and DEX, with additional automation and AI-assistance capabilities. “The idea is to take the human out of the middle doing the research and the leg work, and put them in control of the automation,” said Cipolla.

Several UEM vendors have already begun to incorporate AEM-like functionality into their software, said Cipolla. But it’s still early for the technology, meaning it will likely be at least a couple of years before AEM tools become more fully developed and more widely used by organizations. “It’s not a product yet, it’s a future idea, it’s a concept. As the vendors work on their ideas, it becomes a market,” he said. 

Kategorie: Hacking & Security

Apple agrees to open up Apple Pay in Europe

Computerworld.com [Hacking News] - 11 Červenec, 2024 - 17:51

As Apple faces continued waves of regulation, Apple Pay is about to open up in Europe, allowing rival payment services to gain access to the NFC chips inside iPhones to enable one-click payments.

The motivation behind forcing Apple to open up is to stimulate competition in the mobile payments space. It should enable rival services to offer mobile payments and settles a long-running dispute between Apple and the European Commission. 

What this means to Apple Pay

Under the arrangements, Apple will allow third-party wallet providers access to the NFC chip inside iOS devices without requiring them to use Apple Pay or Apple Wallet. It means rivals can now compete directly with the Apple service, and in theory means customers can choose a payment system they prefer. This relies on an extensive number of commitments, captured in a 36-page document published today.

What Europe says

“From now on, competitors will be able to effectively compete with Apple Pay for mobile payments with the iPhone in shops,” Margrethe Vestager, executive vice president in charge of competition policy, said in a statement. “So, consumers will have a wider range of safe and innovative mobile wallets to choose from.”

EC authorities have put some steel around the agreements. They will by law remain in force for 10 years and apply throughout the EEA. “Their implementation will be monitored by a monitoring trustee appointed by Apple who will report to the Commission for the same time period,” the European Commission said.

In the event Apple fails to keep its commitments, it faces a fine of up to 10% of its total annual turnover without having to find an infringement of EU antitrust rules, or a “periodic penalty” payment of 5% per day of its daily turnover for every day of non-compliance.

How will it work?

A look at the 36-page agreement suggests how the new system will work. First, developers of payment systems will need to obtain entitlements to access a series of APIs Apple will make available to support rival payment systems, but only those operating in the European Economic Area. 

The company will also work to support evolving standards; developers will be subject to developer fees, but no fees related to the use of the NFC system. That sounds like Apple will not receive a cut of payments made.

For consumers, it will be possible to choose a preferred payment system (including Apple Pay) with a new section in Settings. The iPhone will also maintain a register of installed payment apps that want NFC access, and you’ll be able to select which one to use, rather like rifling through payment cards in your real wallet.

You’ll also be able to use Apple Pay on Apple Watch and choose another system for your phone.

What about disputes?

If a developer/payment provider thinks they aren’t getting fair treatment from Apple, they will be able to submit a written complaint to the monitoring trustee. Appointed and reimbursed by Apple and approved by the European Commission, the trustee will be an independent party who monitors the company’s compliance to the agreement.

The trustee may recruit a support team of up to three advisors, and there are strict controls in place to prevent trustees running off to work for Apple or its competitors within a certain time frame. There will also be an Appeal Board to adjudicate in the event a dispute requires independent oversight. 

What about the DMA?

Apple’s decision to reach a constructive settlement concerning Apple Pay in Europe could yet turn out to be a harbinger of similar future détente regarding Europe’s Digital Markets Act. While recent statements from Vestager suggest she has little empathy for Apple’s arguments, the company has already revised some of the arrangements it proposed to bring its business practises into line with the DMA or similar rules looming in other nations.

There’s no reason to think it won’t continue to reach a constructive, if unenthusiastic, dialogue. It does remain open to question whether the agreements will go far enough for Europe or for some of the company’s loudest critics. 

But for the next decade, at least, you’ll be able to use whatever payment system you like across the European bloc as easily as you may already use Apple Pay.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Kategorie: Hacking & Security

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

The Hacker News - 11 Červenec, 2024 - 17:19
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

The Hacker News - 11 Červenec, 2024 - 17:06
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Introducing NethSecurity 8.1: Open-Source Firewall Spearheads Improved Linux Network Protection

LinuxSecurity.com - 11 Červenec, 2024 - 14:40
NethSecurity is a Linux firewall that has been gaining traction in the open-source Linux space. Its proactive approach to network management and security has set it apart.
Kategorie: Hacking & Security
Syndikovat obsah