Latest threats, vulnerabilities, exploits to be aware of

Paid, yes it did.

I'd have to say it's "too good" at finding stuff.... it even sees things as disabling UAC or System Restore as potential problems, or even cracks for games... I have quite a large collection of cracks for physical disc copies of old pc games and it went ham on those.

You can create a white list for locations it shouldn't look, and also mark things it sees as problems as things you don't want it doing anything about.

 

Oh no!
Do you mean it recognises the fact that the pirated games are not legit copies?
Or do you mean that malware is rightly detected?

 

They aren't the games themselves, those are on disc... it's the cracks for the games which are zipped and kept for if I ever want to install whatever game... so I don't need the games in the disc drive, something these days isn't a problem.. but for physical old games it is.

It's not "matware", it's a software hack I guess is the term, but yeah Loaris Trojan Remover is quite good.

 

They're called "NoCD cracks"

 

All EU citizens will have a hard time when this goes live:
https://www.heise.de/news/EU-erteil...uenden-gemeinsame-Werbeplattform-7492868.html
(Sorry, German link)

TL;DR:
EU agreed to an EU-wide ad platform.
Well nothing "security related" so far ..

But "user tracking" is part of the process and done by ISPs with a user token they send with your uplink's traffic to identify you through whole Europe.

They say you only will receive this after you opt-in to that and intentionally agree with this option.

Well ... they have to "track" if you agreed or not (requirement by GDPR), so welcome to the club anyways.

So good bye privacy! It was a nice time when you were around. Hope to see you again ...

Edit: seems to be related:
https://techcrunch.com/2023/01/09/trustpid-joint-venture/

 

At first it's opt-in, then it will become opt-out, then it will become really hard to opt-out, and finally it will be mandatory

 

I’m keen to read. Please send an English link.Thanks

 

This seems to be what was planned. It's live already.

https://www.trustpid.com/

This site got blocked by my Adblock, you'll have to disable it to view it. 'Nuff said.

Edit: well they say currently it's just on mobile plans, at least in Germany.

 

Thanks!
Selecting “pause for this site” will generally ensure the No adblocker test passes

 

https://kb.cert.org/vuls/id/782720

Vulnerability in TPM 2.0

 

UEFI bootkit malware that defeats secure boot on Windows 11/10

ESET security researchers have discovered an UEFI bootkit malware that defeats secure boot on Windows 11 and Windows 10 devices. Named BlackLotus, it is considered the first UEFI bootkit malware that has been detected in the wild...

https://www.ghacks.net/2023/03/02/w...-blacklotus-uefi-bootkit-defeats-secure-boot/

and...

Malware dev claims to sell new BlackLotus Windows UEFI bootkit

A threat actor is selling on hacking forums what they claim to be a new UEFI bootkit named BlackLotus, a malicious tool with capabilities usually linked to state-backed threat groups...

https://www.bleepingcomputer.com/ne...-to-sell-new-blacklotus-windows-uefi-bootkit/

 

its concerning that these folks want to try to tell us that this is the first.......

 

Oh little do they know ...
I once built one back thrn in 2014 or '15. Was "phun" to play with, but seriously concerning. But bypassing Secure Boot is new.

 

Latest "threat": biometric access control (fingerprints)

A criminal locked his mobile phone by fingerprint. Later he got caught and the police locked him away. They asked him to unlock his phone and he denied.

Cops then were very creative and said "Well, OK then, no issue." and went over to the standard procedure of "identification", which includes .... *drum roll* ... taking the suspect's full name, address and other stuff ... including fingerprints!!
(In Germany you must go through this ID process if required by the police or you could be sent to jail until you cooperate.)

So they took the fingerprints from identification process and were able to unlock the suspect's phone with it.

 

they asked, or they had a warrant for it? no warrant, illegal search, not admissable in court.

 

They can just say the owner of the phone granted them permission. Makes no difference.

 

no, they can't.

 

The proof acquired through searching the mobile phone was accepted by the judge and the criminal was charged for drug trafficking.

Taking finger prints is allowed in general (by law, to get your ID) if you are part of an investigation of some kind.
The law explicitely says the prints then "may be processed further by a digital system". Because it is described this loosely, police can take them and feed them into ANY "digital device", like a criminal database or like in this case entered into the "digital system" of the mobile phone.

Germany, YES, we can't.

Edit: sources (German, use Google translate):
https://www.lawblog.de/archives/2023/03/10/ihren-fingerabdruck-bitte/

https://www.burhoff.de/asp_weitere_beschluesse/inhalte/7646.htm

 

Easy way around it is to not to use your index finder. Problem solved.

 

In Germany they take prints of all five fingers of both hands. Every finger is "rolled" from one side to the other to give detailled prints.