The renown Kaspersky security solution has been reported to be flawed with how it runs remotely-hosted JavaScript file in the source code of every website a user visits in its processes of matching the site against the list of suspicious web addresses on its database.

Kaspersky Lab is a cybersecurity and antivirus provider headquartered in Russia, but operational as a multinational holding company, with extensive facilities in the United Kingdom.

The flaw marked as CVE-2019-8286 and credited to Ronald Eikenberg, an independent security researcher, stems from how the URL scanning module (Kaspersky URL Advisor) integrated into the antivirus program works. While the profiling is even active in private browsing mode (otherwise known as Incognito Mode in Chrome browser), with the flaw exposing a user by disclosing the UUID (Universally Unique Identifier) information associated with that user to every visited website.

The UUID can easily be traced to a particular individual and capturable by any website, or even third-party analytics services, since the file contains a string which is unique to the Kaspersky user.

Kaspersky, on the other hand, has acknowledged the flaw and issued a patch for it by assigning a general constant value mark (FD126C42-EBFA-4E12-B309-BB3FDD723AC1) for all Kaspersky users instead of the Universally Unique Identifier. But even with that, the Kaspersky URL Advisor still exposes users by allowing websites and third-party services to know if a visitor has the antivirus software installed on their system.

This particular issue has been classified as User Data disclosure, and could allow an attacker to prepare and deploy a more malicious script to track the perceived protected user with an implant on the web servers.

Though, users can disable this tracking altogether by manually disabling the URL Advisor on the software by going to Settings, click on Additional, then Network, and uncheck the traffic processing box.

How Kaspersky Antivirus URL Advisor flaw exposes users to advanced Web tracking



ClickDo is a UK based SEO agency, made up of SEO experts who are intensely result-oriented. As every online business need to stand out from the crowd, which is the only way to guarantee appearance in search engine results, they'll need to employ some techniques to boost their website's search engine optimization.

While local search engine optimization is focused on optimizing business website so that it will be available on the top search results whenever a user searches for a local keyword for its products or services. If you are searching for London's best SEO services and marketing consultancy agency, look no further than ClickDo.

Fernando Raymond, the CEO & Founder at ClickDo is a renown SEO expert with amazing track records that speak volume, and such assurance from the company as "Give us 100 days, we will double your traffic" - sums up the result-oriented nature of the coy.

Why hire a SEO Agency?



Nowadays, every information is available at our fingertips, and not only one-word answer or approach, but full encyclopedia that's present in just one single click. And these needs of web searchers are taken up by search engines like Google where they prefer sites with complete in and out details about the related topic all in a single source.



As such, search engines follow a pattern to only show those sites in its result that cover the topic in a holistic manner. That's where the job of a SEO expert comes in, SEO serves to help in increasing the traffic flow to your website, and the optimization work affords it the better chances to reach more people. Albeit, SEO works take time and resources to get the desired results.

Why CHOOSE ClickDo for YOUR SEO SERVICES?



ClickDo boasts of having the #1 SEO Consultant in London, in the person of Fernando Raymond onboard, who brings his wealth of knowledge in Local SEO in auditing your business website to make sure everything is in perfect shape.

However, you don't have to take our words for it, find below a sample of recent local SEO service project successfully delivered to its client, so that you'd know what to expect in your own business site's traffic.



The website formerly could not even come first page for its own keywords for years after a major penalty. But when Fernando Raymond was contacted by the client, ClickDo expertise helped in bringing back the website to rank #1 on Google UK for their most competitive keywords.

Also note that organic traffic is perhaps the best for high conversions and even though you get traffic from Google AdWords it won't quite measure up to it, as it comes at a higher cost.

ClickDo Review: Best SEO Agency In London (UK) for Local SEO Services

.

Microsoft had deferred the Windows 7 Extended Security Updates deadline beyond January 2020, given that Enterprises are still grappling to upgrade to the newer operating system, so that now the extended support will culminate to three years of the deadline.

The company in a bid to make the migration easier and smoother, has launched what it calls "FastTrack", which program comes free with the purchase of a minimum of 150 licenses for any of the eligible Enterprise subscription plans or services, including Office 365 as well as Microsoft 365 (M365), the pricier bundles Office and a plethora of other management and security tools.

While Windows 7 Extended Security Updates will continue through to January 2023, it will only be available for PCs running Windows 7 Professional/Enterprise edition, with those versions of Windows obtained through volume licensing deals.

According to Microsoft, FastTrack will also help in deploying a service or subscription, with Desktop App Assure, it will work with customers to ensure that the desktop application running under Windows 7 will continue to run on Windows 10 after the successful migration. Albeit, the tool is designed to assist only Enterprise or Professional customers migrating from Windows 7 or Windows 8.1 Enterprise or Professional, to Windows 10 Enterprise.

Microsoft, however did emphasize on Professional-to-Enterprise migration too, and will provide Windows 10 deployment guidance to help in the upgrade from Windows 7 and Windows 8.1 Professional to Windows 10 Enterprise. But, it should be noted that FastTrack does not involve Microsoft's sending of engineers to an organization to supervise the OS upgrade, instead representatives are made available for consultation to provide guidance.

Microsoft will continue to offer customers on Windows Server's Extended Security Updates patches for "Critical" or "Important" rated vulnerabilities, with the top two tiers in its four-step risks ranking system.

How Businesses can leverage on FastTrack Assistance Program to migrate to Windows 10 Enterprise



SeekaHost offers cutting edge Web hosting solutions at bottom prices, without compromising on the quality of service, and guarantees optimal hosting availability that is unbeatable anywhere.

While many so-called cheap hosting services are often caught in lackluster services, where claims to offer 100% unlimited hosting for an outrageous price is more or less a ploy to corner your hard earned bucks. And those getting newly on board the website creation scenario, are faced with the choice of seeking a host that will not actually compromise on quality nor bore a hole in their pocket.

That is exactly what we want to offer with this review - SeekAHost is a great hosting provider based in the United Kingdom, with servers scattered all over the world for optimal service delivery.

Why SeekaHost?





Nowadays, everybody is seeking for a web hosting service that is first affordable, then reliable and efficient at the same time. SeekaHost offers the cheapest hosting services that will be suitable for both personal and business web hosting requirements, haven deployed the latest technologies in web hosting, with modern servers and infrastructures that guarantees integrity in the systems, tested for more than a decade to ensure best performance.

And their services are backed by 24/7 professional customer service personnel with years of experience in the web hosting verticals; you just can't go wrong choosing SeekaHost as your preferred web hosting service provider.

3 levels of Web hosting Packages



Personal hosting packages: This web hosting package is for hosting your personal website, it gives your stories wing and make them live on the Internet at a pretty cheap rate. The package starts at $1.99/month with 1 Domain, 1GB Disk Space, 10GB Data Transfer Unlimited Email accounts and it guarantees optimal service delivery.

Business hosting packages: The business web hosting is geared to provide a gateway to your customers, with enough power to ensure the success of your business in the digital economy. The plan starts at $7.99/month and includes 5 Domains, 10GB Disk Space, 100GB Data Transfer and Unlimited Email accounts.

Shared/Dedicated IPs: The Shared/Dedicated IPs plan is tailored for upcoming bloggers and include 500MB Disk Space, 5GB Data Transfer, 1 Website, 2 MySQL Database, cPanel Access, Free SSL Certificate, Unlimited Email accounts and Unlimited Sub Domains, all at $0.95 /month. What more would a newbie blogger ask for?

The package also comes with options to get your personal or small business sites up and running with the one-click WordPress installation for anyone who is looking to host their personal blogs for a low cost.

SeekaHost have robust network of servers stationed in different data centers around the world to guarantee optimal service delivery, as having your host near to your audience is a huge SEO advantage, and helps to ensure that your content can be accessed as fast as possible.

In conclusion, we are recommending SeekaHost mainly because of their cheap prices and vast network of servers that lets you choose where your site will be hosted, and the rigorous selection processes they put in to ensure that all data centers comply with the highest standards.

SeekaHost Review: Unbeatable Web hosting services, including Shared/Dedicated IPs and VPS



Google had been working on TouchID and fingerprint capabilities to enable users on Chrome to login to account via Web Authentication, and developers to access biometric authenticators through the Credential Management API's PublicKeyCredential type.

Now, the feature dubbed, "Local user verification" is rolling out to users to allow them to log into both native/web applications by registering their fingerprint or any of the other available authentication method set up to unlock their device, such as pattern, pins or password.

While in the future, this three APIs: Face Detection API, Barcode Detection API and Text Detection API, will along with the Face Detection API allow users to return the location of faces and other facial attributes like nose and mouth for a more accurate result.

The feature relies on Web Authentication API and the Client to Authenticator Protocol (CTAP), which are designed to offer simpler and more secure authentication methods that websites can use for secure web-based logins, taking advantage of Android's inbuilt FIDO2 certified security key capability that was rolled out earlier to all devices running Android 7.0 Nougat and later.

Google has also added the functionality to its web based password manage: passwords.google.com, which provides an online platform where users can view and edit their saved passwords.

The new authentication feature will be more useful for people with extreme security practices, who often create strong and unique passwords for every website and thereby faced with the trouble of having to remember each for every transaction. Google plans to expand this functionality to more Google services, including Google Cloud in the near future.

Google rolls out Fingerprint Authentication for both Native Applications and Web services



If you are an Apple fan, you'd be familiar with the impressive continuity or convergence between their various devices. Take for instance, if you are watching a movie on Mac wearing earphones and got a call on your iPhone, you'll be presented the option of receiving the call right on your computer without resorting to your phone.

But unfortunately, same can’t be said about Google products, with such convergence features lacking on Android, it has been a huge turn down, especially for those who are switching to Android phone from iPhone.

Even Chromebooks running Google's Chrome OS can't boost of the level of convergence in Apple products with Android, albeit as a larger ploy to tie Chromebooks and Android devices closer together, Google had earlier outlined authentication by a secondary device plan, which is to allow you bypass your phone or tablet’s lock screen (though, optional).

The limitation, however remains that you can only open your Chromebook with your Android device in your pocket, with the laptop automatically getting unlocked and signing you into your Google account, without requiring a password.

And still, the area where Android is found wanting is whenever you want to receive your call on desktop, it really can't beat Apple, no not yet — in the continuity or convergence capabilities, though you’ll be able to receive notifications about incoming calls and see your text messages right on desktop, but you just can't pick up from it.

When such limits exists in Google's own ecosystem, what then is to be expected from cross-platform compliance with Windows, given the general adoption of Android smartphone, Google should be thinking in the line of incorporating more convergence features into Microsoft systems.

Microsoft, on the other hand, have been trying hard to take charge of what’s running on Android, with additions like "Your Phone" app that Microsoft released in 2018. Since then, the company has also added other useful features such as SMS Organiser to help Android users achieve better cross-device compatibility with Windows 10.

For now, we can only make-do with the Your Phone app which lets you sync Android notifications to Windows 10, and also send/receive SMS on your PC. It also allows you to sync recent photos and videos, with support for both Android and iOS.

How Google has been found wanting in Android/desktop Cross-platform compliance



The Chinese technology giant, Huawei has announced its long rumored operating system, Harmony OS (Hongmeng OS in Chinese) as a supposed Android alternative based on a micro-kernel modular created by the company.

While Huawei maintains that HarmonyOS is quite different from Android and iOS with more scalability across different kinds of devices, like wearables, smart televisions, IoT devices, refrigerators, and cars, among others. The company touts its modular design as a “decoupled” OS from hardware, meaning that developers will adapt to the software with just one attempt, and it's also much faster than Android.

The first device to run the new OS, is the new Honor Vision TV launched by Huawei's subsidiary company, with the new TV also featuring a smartphone-style pop-up camera, albeit, Huawei did not project the new Harmony OS as a direct competitor to Android, rather it will serve as a sort of plan B should the US authorities go ahead with sanctions to withdraw their Android license.

Harmony OS has been in development since 2012, with the initial target to cater for IoT products such as wearables, smart displays, smart speakers and so forth, but the unforeseen US trade issue with China has forced the company to rethink its future, thereby mandating the transformation of the OS to support multiple platforms.

At the moment, the OS doesn’t support Android apps out of the box, but developers only need a single coding to recompile their Android apps to work in Harmony.

However, the huge challenge for the company will be on how to woo developers to join in Harmony and build up the much needed app ecosystem that could measure up to Android. Even though Harmony OS is an open-source operating system, Huawei will have to offer lots of incentives to increase developers interest in the new platform.

And perhaps, the modularized Harmony OS can be harnessed to adapt more with flexibility to any device to create a seamless cross-device experience, with the distributed capability kit leading to a shared developer ecosystem.

Harmony OS: Does Huawei's new open source Operating System stand a chance?



The Web browser has become an ubiquitous hub for both work and play, often storing our most confidential information, including banking and other personal data than any other programs.

While most browsers offer to save your login details or personal data: which may include bank card details for online stores, and billing address, which convenience is to help you autofill such requirements on any website than filling out the forms all over again, so as to worry less about forgotten passwords or not having your card information beforehand.

But, with the convenience of the autofill data, cybercriminals can now scoop up data from your computer by getting it infected by a stealer malware — which is crafted to steal information from browsers.

According to Kaspersky Lab, browsers based on the Chromium engine (such as Chrome, Opera and Yandex.Browser) store user data in same place, making it easy for the stealer malware to find the stored data, albeit the data are stored in encrypted form, but as the malware already have access to the system, it acts as the request is coming from the computer users.

So the malware puts in a request to the browser’s data encryption tool to decrypt the information stored on the computer, which requests are seemingly from the user and considered safe by default, the stealer in turn will now get all the passwords and credit card details saved on the browser.

However, Firefox browser appears to function a bit differently, given that it hides the password databases from strangers, and creates a random profile name for it, so that the malware cannot decode where to look out for the stored information. Though, the file name with the saved data doesn't change, there is no protection to stop the stealer from sifting through all the profiles and identifying the required file, as the folders containing the data are stored in one place.

As for the precise method and type of storage for Microsoft Internet Explorer and Edge depends on the application version, but still the reliability also leaves much on the table. Again the malware can easily retrieve passwords and banking card details direct from storage, by requesting it seemingly on behalf of the computer user.

Afterwards, the malware will simply request the relevant browser to decrypt the files, and it usually succeeds, as the decryption of data request appears to come from the user, because it is supposedly acting on behalf of the users and the malware now sends the data back to the cybercriminals.

It is therefore recommended for security reasons that users do not entrust their important information like banking card details to browsers for storage, rather them should manually enter it each time there is need — even though it may take longer time, but this is safer. Otherwise, you can also make use of a trusted password manager.

Why you should not Store your Personal Information with Autofill on the Web browsers



The Russian hacking group also known by aliases such as Pawn Storm, Sofacy Group, APT28, and Sednit, with the name "Fancy Bear" which was derived from a coding system used to identify them by the security researcher, Dmitri Alperovitch, are back in the news.

While Microsoft have long engaged in a silent war against the group, as they had mostly targeted Windows with their malware, and have chosen domain names heavily related to Microsoft products, which gave Microsoft a ground to carry out several lawsuit against them for reserving domain names that violate its trademarks.

The hacking group is believed to have links to Russia’s GRU military intelligence, which was responsible for IoT-based attack on some unnamed Microsoft product customers, with hundreds of thousands of business networking and storage devices have been compromised and loaded with so-called “VPN Filter” malware.

Microsoft Threat Intelligence Center researchers also discovered infrastructure communicating to several external servers, with attempts by the hackers to compromise popular IoT devices (including VOIP phone, office printer, and video decoder) across different locations.

According to the researchers, after gaining access to IoT devices, the hackers ran tcpdump to sniff network traffic on local subnets, and by enumerating administrative groups attempt, furthered the exploitation. The hackers were able to drop a simple shell script which enabled them to establish persistence on the network allowing extended access for exploitation.

The analysis of network traffic showed that the actors used stealthy means to gain initial access to corporate networks, albeit lack of full awareness by enterprises of the devices running on their networks could be blamed for the vulnerabilities.

Microsoft, however have shared the information with the manufacturers of the specific devices involved and have continued to explore new protections for their own products.

Microsoft traces the exploitation of IoT devices to the Russian hacking group, STRONTIUM



The Incognito mode is a browsing mode within the Chrome browser which allow web users to surf the net without the recording of their browsing history, and thus serve as a blockade to low-level tracking techniques.

While Incognito Mode can't be classified as an anonymity tool, it does offer a new window that's more like a newly installed browser in which there are no cookies, no bookmarks, no saved history and pre-filled forms.

But there is a loophole in Chrome that allow some websites to shut down users trying to slip past count meters via Incognito Mode, whereby they monitor an API that's automatically disabled in Incognito Mode; Google has followed suit to shut down the ability of sites to sniff out Incognito Mode through the API.

Since the FileSystem API leave traces of activity on someone’s device, websites can check for the availability of the FileSystem API to determine if a private session is occurring, now Chrome’s FileSystem API have been disabled in Incognito Mode to avoid leaving any traces of activity.

Another Chrome update in the Progressive Web Apps (PWA) support which mimics the experience of traditional apps, through the caching of a version on the device for offline use, that even if you don’t have an internet connection, you can still be able to use the web service, as locally-installed software with the flexibility of online services.

Google will simplify the installation of PWA with Chrome 76, that when the distributing website meets the PWA install criteria, the browser will display a small icon at the right edge of the address bar; and on clicking the icon initiates the PWA installation process.

The bringing of PWA to the forefront, means that Google will be raising more awareness of the standard, and as the line between traditional apps and web pages continue to get blurred, PWA will be fully supported on more modern browsers for better user experience.

Google closes loophole in Chrome Incognito Mode and simplifies PWA installation