News for admins
Tech News
Google Uses Machine Learning to Protect Android Users
Google is putting its machine learning prowess to work by using it to identify and weed out malicious apps from the Google Play Store.
Google has built Play Protect into every Android device that officially supports Google Play. Play Protect is always updated and automatically takes action to keep users protected.
"With more than 50 billion apps scanned every day, our machine learning systems are always on the lookout for new risks, identifying potentially harmful apps and keeping them off your device or removing them," wrote Edward Cunningham, Product Manager of Android Security, on a company blog.
Cunningham said that all Google Play apps go through a rigorous security analysis even before they're published on the Play Store – and Play Protect warns you about bad apps that are downloaded from other sources, too.
Protecting your device is not the only job of Play Protect, if you lose your device or if it falls into the wrong hands, it also comes in handy. Google has baked "Find My Device" into Google Play Protect, which not only helps find lost devices, it can also remotely wipe a device if a user feels it might have been compromised.
Free Tool to Decrypt WannaCry Ransomware
Adrien Guinet, a security researcher from Quarkslab, has created a tool to decrypt files locked by WannaCry ransomware.
Guinet is offering the tool free of cost and it works on Windows XP, Windows 7, Windows Vista, Windows Server 2003, and Windows Server 2008.
The tool has been published on GitHub, and according to the project description, this software allows you to recover the prime numbers of the RSA private key that are used by WannaCry.
"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext do not erase the prime numbers from memory before freeing the associated memory," said the GitHub page.
As promising as it may sound, please bear in mind that it's not a complete solution; you do need a stroke of luck for it to work in your case. "If you are lucky (that is, the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory," said Guinet on the project page.
The WannaCry ransomware attack has been the worst attack of its kind. The attack started on Friday May 12, 2017 and infected more than 230,000 computers across the globe. It brought down major services, including Britain's National Health Service (NHS), Spain's Telefónica, FedEx, and Deutsche Bahn. It also shows Europe's reliance on Microsoft technologies.
The WannaCry vulnerability was known to NSA, but instead of informing Microsoft to patch it, the agency used it to compromise target computers.
Microsoft Issues Emergency Security Update for Windows
Microsoft has released an emergency security update to patch a critical remote code execution vulnerability in Microsoft's Windows operating system.
In a security advisory, Microsoft wrote, "The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."
The bug was discovered by two Google Project Zero security researchers, Tavis Ormandy and Natalie Silvanovich. Announcing the bug, Ormandy wrote on Twitter that they have "discovered the worst Windows remote code exec in recent memory. This is crazy bad."
The vulnerability was discovered on May 5, and Microsoft has already released a patch, which shows the criticality of the bug. It's quite unusual for Microsoft to respond so fast; at times, the company failed to release a fix even after the 90-day grace period that Google gives to companies.
The details of the flaw have not been released yet, but researchers wrote that the flaw works on default Windows installations, and the attack is "wormable," which means it is self-propagating.
Microsoft Brings Linux Containers to Windows Server
During DockerCon 2017, Microsoft announced the availability of Linux containers on Windows Server 2016. John Gossman, Azure lead architect and Linux Foundation board member, made the announcement at the event followed by a live demo.
Until now, Windows containers ran on Windows systems, and Linux containers ran on Linux systems, which meant Microsoft's platform was deprived of thousands of containerized applications that are available on Docker Hub.
To bridge this gap, Microsoft added support for Hyper-V isolation to Linux containers running on Windows. Hyper-V isolation wraps a container in a very lightweight, optimized virtual machine designed to run nothing but containers. As a result, customers can run Linux containers natively on Windows Server.
"This will enable developers to build with Windows and IT administrators hosting Windows Server to run any container image regardless of their platform," Gossman wrote in a blog post.
During DockerCon, Gossman also highlighted the results of Microsoft and Docker collaboration for the last two to three years that also helped with two new Docker projects, LinuxKit and Moby Project, which were announced at the event.