TrickBot proved that the hallowed Windows Defender Advanced Threat Protection defense system isn't quite foolproof last year, as the malware variant was able to disable Windows Defender by deploying some of its own tricks, such as the deletion of the WinDefend service.

The earlier havoc wreaked on Windows users by the disabling of Windows Defender, includes infecting nearly 250 million Google accounts, but this time it has resurfaced with the new capability of stealing Windows Active Directory credentials. This latest trait of the infamous Trojan makes it even more lethal as far as security is concerned.

TrickBot has a new module dubbed “ADll” which executes a set of commands to steal Windows Active Directory information, with the new module haven been discovered by Sandor Nemes, a security researcher from Virus Total.

How the Trojan Steals Windows Active Directory Credentials?

As Windows administrators use the command named ifm (install from media) to create a dump of Active Directory, this command also creates an installation media used for setting up Domain Controllers.

The Trojan's new ADll module is able to abuse the ifm command to create copy of the Windows Active Directory database, with the database dumped into the %Temp% folder, which the bot then forwards to the malware creator. And the data can be used to infect other computers in a network and also used by other malware that are looking out for such vulnerabilities.

The State of Windows Active Directory Credentials

The Active Directory database is created when the server acts as a domain controller and it's saved to the default C:\Windows\NTDS folder on the domain controller, with information like passwords, users, and groups of Windows Active Directory stored in a file called ntds.dit within this database.

But since this information is highly sensitive, Windows encrypts it using BootKey which it then stores in the System component of the Registry.

Normal file operations can't access the BootKey, administrators make use of a special tool called ntdsutil when performing database maintenance to access the ntds.dit database.

It is recommended that Windows 10 users should ensure that the “Tamper Protection” feature is enabled, even though the feature remains ‘On’ by default, as the malware is capable of disabling it and if it is enabled, Windows 10 users shouldn't be so much worried about the Trojan.

The Infamous Trojan, TrickBot can now steal Windows Active Directory credentials

Kaisen Linux is a dedicated system rescue operating system based on Debian GNU / Linux distribution, with tons of network and web testing tools for network administrators to cover the needs for diagnosing, and troubleshooting of the system installations.

While system administrator are saddled with lots of responsibilities, which duties include disaster recovery, hardware maintenance, system security management, and several others. And keeping the system running securely require several tools that may become overwhelmingly frustrating to install and configure; so Kaisen Linux was launched to solve the complexity problem.

Started by two Linux developers, Kevin Chevreuil and Eren Arslan, the development of Kaisen Linux has reached the stage of public beta, which is now released for testing and to help suggest flaws which will be fixed before the final release.

Some Major Features in Kaisen Linux Beta

The desktop view has many system variables displayed to give you live wallpaper feel and also allows you to directly monitor it. While the system variables, includes CPU status, temperatures, swap space, disk storage, processes, network interfaces, and battery status, which are all prominently displayed on the desktop using Conky, a free system monitor tool. The major features are as follows:

  • Multi-user graphic profile to the root session
  • Improved terminal and more intuitive
  • Integration and Support for UEFI with Secure Boot
  • Addition of the installer in expert and rescue mode
  • Live mode boot, including USB and encrypted persistence
  • Installed rtl and iwl firmware to support Realtek and Intel Wi-Fi drivers
  • Addition of Guymager tool

All the system variables are available via the themes, which also is what Conky uses to work. And Kaisen Linux use the Mate desktop environment by default with the two panels that include bars running along the top and bottom of the screen.

Where & How to download Kaisen Linux?

If you are a system administrator and wants to give Kaisen Linux a try, and test the integrated tools of this system rescue Linux distribution, you can download the Kaisen Linux ISO and if there is a problem with the installation of the GRUB on UEFI during system installation of the beta version, you can follow the procedure as listed on this page.

Kaisen Linux comprises over 100 integrated tools in several categories (including network tools, data recovery, disk cloning, and so forth), which tools can be used for various purposes such as the modification of the hard disks, to save the data or to repair the file system and recover data, and reactivation of the boot manager, among others.

Kaisen Linux: A Dedicated System Rescue Linux Distribution based on Debian 9

Opera Software has made an inroad into Africa with a plethora of mobile services, and just recently, it has expanded into loan apps to help in bringing extra revenue, but the extortionate interest rates and repayment threshold may have resulted a violation of Google’s Play Store policies.

Opera currently runs three loan apps in Africa, namely OKash, OPay, and OPesa, which are supposedly aimed at alleviating the deficit of lending culture in those climes, but the vast majority of the loans are disbursed via the Android apps, which line of business poses a risk of disappearing or being severely impacted if Google ultimately takes a punitive action.

The supposed violation of Google’s Play Store policies, according to Hindenburg Research, stems from the fact that Opera describes the loans’ interest rates as between 12 per cent and 33 percent maximum per annum, which the actual rate is about 365 to 438 percent. And these figures are worsened if repayments come late by even a single day, raising it to about 876 per cent.

As can be seen from the Opera OPay loan description above, the loans are offered over 91 to 365 days, while the actual duration range from just seven days to a maximum of 29 days, which is significantly lower than the 60-day minimum contained in Google's policies page for such apps on its Play store.

Opera’s loan apps exhibited the same misleading description that looks to be rather in compliance, but obviously in violation of Google’s Terms, with the claimed loan length on the Google Play Store versus the actual loan length for Opera’s lending apps.

Albeit, the company refuted the Hindenburg claims in the Opera Investor Relations official website, stating that the report contains "numerous unsubstantiated statements, and misleading conclusions." Opera says it is aware of and has carefully reviewed the report and believes that the report contains misleading interpretations regarding the business of and events relating to the Company.

Opera has recently scaled multiple new mobile-focused businesses and has continued to post financial growths, and intends to continue leveraging its large user base of over 350 million users for additional growth.

Why Opera's loan apps could be in violation of Google’s Play Store policies

Google has announced a highly monumental change to its Chrome browser, which over the course of next two years, it will phase out support for third-party cookies.

The hint on the crumbling of tracking cookie has definitely raised a lot of arguments among advertisers and publishers, as it will make a big mess for online marketing. While cookies are the little piece of codes used by advertisers to track what web users are doing online, so that they can serve targeted ads based on the sites they visit or what they've previously searched for on the web.

Google stressed that its goal for this initiative is to make the web more private and secure for all users. It had earlier launched an open source initiative known as Privacy Sandbox, which is a set of open standards to fundamentally enhance privacy on the web.

Albeit, the Privacy Sandbox will serve as an ad-supported web in a way that renders third-party cookies obsolete, the approach will help to address the needs of web users, publishers, and advertisers alike.

How Advertisers will be impacted by changes to Chrome third-party tracking?

The fact that Chrome browser is the most dominant of the lots, with statistics pointing to about two billion installation and one billion people using the browser each month, means that any changes to the ecosystem will drastically affect the digital advertising world.

And Google’s business model has heavily relied on data collection, given that the search giant is the dominant player in online advertising and it’s opt-in version of Enhanced Tracking Protection (ETP) may become the ultimate spun for cookies, which may will likely lead to some antitrust issues.

Since Apple (Safari) and Mozilla (Firefox) implemented the changes to their browsers, about 40% of third party cookies have already been wiped out. In that programmatic ecosystem, it means advertisers will be unable to personalize content or serve targeted ads for almost half of their audience.

Now, imagine the impact of large scale blocking of cookies that Chrome will unleash, and how it will undermine publisher’s most profitable revenue stream?

What are the Good News about the Crumbling of Cookies?

There are mostly good news, if you're a user because the end of third-party cookies is generally good for your privacy. Albeit perhaps, there is a caveat, in that it isn't entirely clear how Google intends to provide a privacy-protected browsing experience that also ensures that ads are targeted.

And the fact that some less-ethical advertisers will resort to other types of more nefarious tracking techniques, like the browser and device fingerprinting. These technologies evades the blockade by creating a profile of web users based on data sent by the browser about their device, operating system, location, and some other unique identifiers.

However, the latest Firefox browser has fingerprint blocking turned on by default. And Google is working on its own techniques to detect and mitigate covert tracking and workarounds by the use of new anti-fingerprinting measures to discourage these kinds of intrusive and deceptive techniques, scheduled to launch later this year.

What Google's hint on End of Cookies for Chrome means for Digital Advertising

Microsoft's use of open source tools to ensure high-quality software and services, led them to recognize the inherent risks in trusting such open source software. So they've created a free source code analyzer called Microsoft Application Inspector to help in identifying some interesting features and metadata, such as the use of cryptography, and whether it connects to any remote entity.

The tool will help developers by highlighting security issues on the deployment of open source components like libraries during the reuse of code, as they need to understand what exactly all the external software components does, before placing trust in each of the several contributors to the components.

While Microsoft Application Inspector differs from the more typical analytics in that it's not limited to detecting just poor programming practices, but also surfaces interesting characteristics in the codebase that would otherwise be difficult to identify through the manual introspection.

Different Use Cases for Microsoft Application Inspector

Microsoft Application Inspector covers hundreds of feature detection patterns involving many popular programming languages, with support for the following characteristics: Application frameworks, Cloud APIs, Cryptography, Data types, Operating system functions and Security features for authentication and authorization.

The Application Inspector is used to identify key changes to a given component’s feature set, from version to version, which can indicate such things as increase in attack surface to malicious backdoor. It can also be used to identify high-risk components and those with some rather suspicious features requiring additional scrutiny.

It's cross-platform compliant, meaning the command-line tool can produce output in multiple formats, including JSON and interactive HTML, as can be seen in the HTML report below.

The different icon in the report represents a feature that's identified in the source code, which feature report is further expanded on the right-hand side, and you are able to view the source code snippets by clicking on any of the links.

Getting started with Application Inspector

Microsoft Application Inspector is designed for use by an individual or at scale, and fully capable of analyzing millions of lines in source code from components built from different programming languages, which process is simply not feasible to attempt to do manually.

Using Application Inspector is fairly simple, since it is open source, cross-platform (.NET Core), and available for download on GitHub.

Microsoft Application Inspector: An Open-Source, Free Source Code Analysis tool

There is a growing emphasis on alternative security mechanisms to the regular Password, such as Titan keys, the phishing-resistant two-factor authentication devices that protect high-value customers from the most sophisticated cyber-attacks.

While the Titan keys is highly effective as a security mechanism, the downside remains that you'll need to carry the physical key, which in any situation it gets lost, you'll be locked out from your online activities. However, Google had provided backup with an extra key that can help you gain temporary access to your account, until the recovery which can take days or even weeks.

And just recently, Google also made it possible for Android users to turn their devices into physical security keys, which feature requires devices running Android OS version 7+ with Bluetooth and location services fully enabled. Now, this same capability has been extended to iPhone users, with Google’s Smart Lock app for iOS that allow iPhone users to use their device as a physical 2FA security key for logging into Google’s first-party services using Chrome browser.

How Smart Lock app for iOS works?

The Smart Lock app works with iPhone to enable Google’s Advanced Protection Program, which is perhaps the strongest protection against phishing or other cyber attacks. The program also supports physical security keys, like the Titan keys, while the iPhone functionality makes use of the device processor’s Secure Enclave, which is employed to securely store the device’s private keys.

The feature was first available starting with the iPhone 5S, and requires iOS 10 or later to function. For the new iPhone support, it appears to be limited to authenticating of Google logins from the Chrome browser, as other browsers create an extra step in the login process, requiring an alternative 2FA option.

How to use Your iPhone as a physical Security Key

Firstly, you’d need to download and set up Google’s Smart Lock app, then enable the Bluetooth on your iPhone and tap the button in Google’s app to authenticate before the login to your laptop is completed.

If you attempt to log in to Google services, say, via a laptop, it will generate a push notification for your iPhone.

The process is quite similar to the Google security prompt functionality, but the difference is that the Smart Lock app works via Bluetooth, instead of connecting through the internet. As such, the device will need to be in close proximity to your laptop for authentication to take place, which is another layer of security for your online accounts.

How to use Your iPhone as physical Security Key for online transactions

The deadline for support is January 14, 2020, as such Windows 7 reached its end of life (EOL) yesterday. So going forward, it will no longer receive security updates, which leaves the aged operating system open to malware and susceptible to attacks.

While Windows 7 was released back in 2009, making it exactly 10 years since it debuted to replace the much criticized Windows Vista, which was rather too slow as a result of "software bloat" adding so several features to its programs that the code becomes huge and unwieldy.

Windows 7, no doubt, has been the daily driver for many people who are yet to go for Windows 8/8.1/10, with over 400 million of such PCs across the globe still stuck to the aged operating system.

What is the fate of users still stuck to Windows 7?

Microsoft figuratively told Window 7 not to let the door hit it on the way out, which perhaps should have been directed to the users instead. As support for Windows 7 comes to an end, it is recommended that users should transition to the newer options right away.

Though, it may seem the situation can be manageable in the real world, but it leaves such users vulnerable to attacks, with all security updates halted for PCs running the OS; albeit business customers running Windows 7 Pro and Enterprise editions, have Extended Security Updates (ESU) for up to 3 years if they are willing to pay an annual fee.

For regular users, there is still the free Windows 7 to Windows 10 upgrade offer available, allowing those with Windows 7 license key to upgrade to 10 at no extra cost. And the good news, almost 99% of Windows 7 apps are compatible with Windows 10, so users don’t have to worry about incompatibility issue.

How to Backup Your Data for Free before the Migration

During or after such software upgrades, most people tend to encounter problems which will force them to go back to the previous version. And many Windows users don’t know how to go back to previous versions from Windows 10, considering all the technicalities.

If perhaps, you encounter any problem while upgrading to Windows 10, either it messes up your PC settings; EaseUS System GoBack will help you to go back to a previous version of Windows and reset your system easily as it has all your data backed up.

What To Do Now that Windows 7 Is Officially Dead? How to Backup Your Data

Microsoft in a bid to attract the Firstline Workforce to use its Teams collaboration software has introduced a walkie-talkie feature, which offers push-to-talk (PTT) option to be integrated with Samsung’s new Galaxy XCover Pro handset.

While the Samsung's Galaxy XCover Pro is a rugged handset that is supposedly made for frontline workers across a variety of industries, which completely re-imagines what the enterprise-ready smartphone should be like, delivering rugged, but still stylish device for both field and customer-facing settings.

The strategy to hook businesses on the Teams service also follows Microsoft's move to establish a repository for documentations that any worker needs to work on the platform, with the addition of about 140 business apps, and the availability of 2GB per user file limit means ample storage for each user.

Why the Galaxy XCover Pro makes a perfect fit for Teams?

The Galaxy XCover Pro builds on Samsung's premium legacy features which includes immersive display, long-lasting battery and security by Samsung Knox platform.

It challenges the status quo with optimization for a broad range of industries including healthcare, retail, manufacturing and logistics. With its modern-styled light form factor, the Galaxy XCover Pro offers more than a traditional enterprise-ready device; it is the sleekest rugged all-in-one mobile device currently available in the market.

The smartphone is also IP68 water and dust resistant, meaning it is capable of withstanding water drops of up to 1.5m, even without a case, and MIL-STD 810G certified for protection against extreme humidity, altitude, and other hash environmental conditions. And the Pogo pin charging support and compatibility with other third-party charging docks will ensure that the phone is amply powered as soon as the workday begins, coupled with a 4,050mAh battery that promises to last all day. For times when more power is required, there is room for battery replacement – simply pop in a spare to keep going.

And the fact that the device is enhanced with unique partner-enabled mobility solutions for use in a wide range of business scenarios, including the ability to integrate the walkie talkie capability in Microsoft Teams.

More About Teams walkie-talkie feature

Unlike traditional walkie-talkies, the feature is a no risk for cross-talk or eavesdropping, and it relies on Wi-Fi or cellular data, which can be used across different geographic locations, as well. It will be available in preview “in the first half of the year,” is designed to help in reducing the number of devices carried by workers and perhaps, cut IT costs.

And the combination of Microsoft Teams and Galaxy XCover Pro will provide firstline workers everywhere with the technology they really need to be more productive, with effective collaboration and security at hand.

Microsoft Teams walkie-talkie function for Samsung's Galaxy XCover Pro handset

Amazon has launched a new toolkit for automated machine learning, AutoGluon, as an open source project designed to make it easier for developers to incorporate deep learning models into their applications.

AutoGluon will serve as an easy-to-use and easy-to-extend auto machine learning (AutoML) with focus on deep learning and real-world applications including text, image, or tabular data. And it is intended for both beginners and experts in machine learning, as it allows quick prototype to deep learning solutions for data with few lines of code.

It leverages on automatic hyper-parameter tuning, model selection / architecture search, and data processing, while automatically utilizing the state-of-the-art deep learning techniques without requiring expert knowledge.

Amazon claims the deployment of deep learning models with state-of-the-art inference, means accuracy will typically require no extensive expertise. As such developers that have had to invest a considerable effort into training deep learning models, now can be rest assured of a ready-made toolset for their application development.

Despite advancements with the Keras library, more easily specifying parameters and layers in deep learning models, developers still have to grapple with complex issues like data pre-processing and hyper-parameter tuning. AutoGluon is intended to fully democratize deep learning and make machine learning more easily available to all developers.

AutoGluon will leverage on available compute resources to locate the strongest model within the allotted runtime. While Python 3.6 or Python 3.7 is required, AutoGluon support is limited to Linux, with MacOS and Windows support still in the works.

It is currently available for tinkering from the project website or GitHub, for developers who want to deep their feet in the waters, even as it guarantees to enable them to produce high-performance neural networking model with as little as three lines of code.

Amazon’s new toolkit, AutoGluon to automate machine learning for developers

Everyone knows how strongly guarded Apple’s garden is, with the new image format for iOS 11, HEIC or HEIF (High-Efficiency Image Compression or Image File) not supported on Windows or Android devices, which is a tremendous loss for users on these devices.

And to further compound the woes of users on both Windows and Android, there are currently no native converter for HEIC Files, which may perhaps take many more years, if ever there will be a native support for it; but at present, there are some few options available for users of the unsupported devices.

While there are numerous software tools that can convert HEIC files into the regular .jpg and .png formats, HEIC File Converter for Windows is one software that is completely free and that enable users to convert HEIC photos to jpg/png/pdf in just 3 steps.

Unique Features of HEIC File Converter for Windows

  • Drag & Drop options
  • Easy-to-use Interface
  • Easily Convert HEIC to JPG/PNG/PDF
  • Retention of EXIF Metadata
  • Supports Color profiles & Wide-gamut
  • 100% Free

Steps to Convert HEIC Files to JPEG on Windows

To use this app, simply download and install it on your Windows PC, which should not take more than 20MB of your PC's storage space, and there's even a portable online version available on the official website.

Step 1: Upload your Image to HEIC File Converter.

Step 2: Configure the File by Setting the format and target folder.

Step 3: Click the "Convert" button to process the Image.

The software has an easy and self-explanatory interface, with designated section for dragging & dropping of the images, as well as an options menu whereby users can choose to convert the HEIC file to either PNG, JPG, or PDF. And the process takes only a few seconds and requires no Internet connection.

The app is absolutely free with no strings attached, and supports all versions of Windows including XP/7/8/10, which conversion uses powerful AI algorithms to ensure quality image processing, which is perhaps another good reason to go for the software.

HEIC File Converter Review: Best Free HEIC to JPG Converter for Windows