Blog - Page 51 of 102 - Appunti dalla rete

LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

A threat actor associated with the LockBit 3.0 ransomware-as-a-service (RaaS) operation has been observed abusing the Windows Defender command-line tool to decrypt and load Cobalt Strike payloads.

According to a report published by SentinelOne last week, the incident occurred after obtaining initial access via the Log4Shell vulnerability against an unpatched VMware Horizon Server.

“Once initial access had been achieved, the threat actors performed a series of enumeration commands and attempted to run multiple post-exploitation tools, including Meterpreter, PowerShell Empire, and a new way to side-load Cobalt Strike,” researchers Julio Dantas, James Haughom, and Julien Reisdorffer said.

LockBit 3.0 (aka LockBit Black), which comes with the tagline “Make Ransomware Great Again!,” is the next iteration of the prolific LockBit RaaS family that emerged in June 2022 to iron out critical weaknesses discovered in its predecessor.

It’s notable for instituting what’s the first-ever bug bounty for a RaaS program. Besides featuring a revamped leak site to name-and-shame non-compliant targets and publish extracted data, it also includes a new search tool to make it easier to find specific victim data.

The use of living-off-the-land (LotL) techniques by cyber intruders, wherein legitimate software and functions available in the system are used for post-exploitation, is not new and is usually seen as an attempt to evade detection by security software.

Earlier this April, a LockBit affiliate was found to have leveraged a VMware command-line utility called VMwareXferlogs.exe to drop Cobalt Strike. What’s different this time around is the use of MpCmdRun.exe to achieve the same goal.

MpCmdRun.exe is a command-line tool for carrying out various functions in Microsoft Defender Antivirus, including scanning for malicious software, collecting diagnostic data, and restoring the service to a previous version, among others.

In the incident analyzed by SentinelOne, the initial access was followed by downloading a Cobalt Strike payload from a remote server, which was subsequently decrypted and loaded using the Windows Defender utility.

“Tools that should receive careful scrutiny are any that either the organization or the organization’s security software have made exceptions for,” the researchers said.

“Products like VMware and Windows Defender have a high prevalence in the enterprise and a high utility to threat actors if they are allowed to operate outside of the installed security controls.”

The findings come as initial access brokers (IABs) are actively selling access to company networks, including managed service providers (MSPs), to fellow threat actors for profit, in turn offering a way to compromise downstream customers.

In May 2022, cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. warned of attacks weaponizing vulnerable managed service providers (MSPs) as an “initial access vector to multiple victim networks, with globally cascading effects.”

“MSPs remain an attractive supply chain target for attackers, particularly IABs,” Huntress researcher Harlan Carvey said, urging companies to secure their networks and implement multi-factor authentication (MFA).

Source :
https://thehackernews.com/2022/08/lockbit-ransomware-abuses-windows.html

What is ransomware and how can you defend your business from it?

Ransomware is a kind of malware used by cybercriminals to stop users from accessing their systems or files; the cybercriminals then threaten to leak, destroy or withhold sensitive information unless a ransom is paid.

Ransomware attacks can target either the data held on computer systems (known as locker ransomware) or devices (crypto-ransomware). In both instances, once a ransom is paid, threat actors typically provide victims with a decryption key or tool to unlock their data or device, though this is not guaranteed.

Oliver Pinson-Roxburgh, CEO of Defense.com, the all-in-one cybersecurity platform, shares knowledge and advice in this article on how ransomware works, how damaging it can be, and how your business can mitigate ransomware attacks from occurring.

What does a ransomware attack comprise?

There are three key elements to a ransomware attack:

Access

In order to deploy malware to encrypt files and gain control, cybercriminals need to initially gain access to an organization’s systems.

Trigger

The attackers have control of the data as soon as the malicious software is activated. The data is encrypted and no longer accessible by the targeted organization.

Demand

The victims will receive an alert that their data is encrypted and cannot be accessed until a ransom is paid.

Big business for cybercriminals

The motives of cybercriminals deploying malware may vary but the end goal is typically that of financial gain.

What is the cost of being targeted by ransomware?

The average pay-out from ransomware attacks has risen from $312,000/£260,000 in 2020 to $570,000/£476,000 in 2021 – an increase of 83%. One report also showed that 66% of organisations surveyed were victims of ransomware attacks in 2021, nearly double that of 2020 (37%). This highlights the need for businesses to understand the risks and implement stronger defenses to combat the threats.

Ransomware continues to rank amongst the most common cyberattacks in 2022, due to its lucrative nature and fairly low level of effort required from the perpetrators. This debilitating attack causes an average downtime of 3 weeks and can have major repercussions for an organization, for its finances, operations and reputation.

Because there is no guarantee that cybercriminals will release data after a ransom is paid, it is crucial to protect your data and keep offline backups of your files. It’s also very important to proactively monitor and protect entry points that a hacker may exploit, to reduce the possibility of being targeted in the first place.

Who is at risk of being a target of ransomware?

In the past, cybercriminals have typically targeted high-profile organizations, large corporations and government agencies with ransomware. This is known as ‘big game hunting’ and works on the premise that these companies are far more likely to pay higher ransoms and avoid unwanted scrutiny from the media and public. Certain organizations, such as hospitals, are higher-value targets because they are far more likely to pay a ransom and to do so quickly because they need access to important data urgently.

However, ransomware groups are now shifting their focus to smaller businesses, in response to increased pressure from law enforcement who are cracking down on well-known ransomware groups such as REvil and Conti. Smaller companies are seen as easy targets that may lack effective cybersecurity defenses to prevent a ransomware attack, making it easier to penetrate and exploit them.

Ultimately, threat actors are opportunists and will consider most organizations as targets, regardless of their size. If a cybercriminal notices a vulnerability, the company is fair game.

How is ransomware deployed?

Phishing attacks

The most common delivery method of ransomware is via phishing attacks. Phishing is a form of social engineering and is an effective method of attack as it relies on deceit and creating a sense of urgency. Threat actors trick employees into opening suspicious attachments in emails and this is often achieved by imitating either senior-level employees or other trusted figures of authority.

Malvertising

Malicious advertising is another tactic used by cybercriminals to deploy ransomware, where ad space is purchased and infected with malware that is then displayed on trusted and legitimate websites. Once the ad is clicked, or even in some cases when a user accesses a website that’s hosting malware, that device is infected by malware that scans the device for vulnerabilities to exploit.

Exploiting vulnerable systems

Ransomware can also be deployed by exploiting unpatched and outdated systems, as was the case in 2017, when a security vulnerability in Microsoft Windows, EternalBlue (MS17-010), led to the global WannaCry ransomware attack that spread to over 150 countries.

It was the biggest cyberattack to hit the NHS: it cost £92m in damages plus the added costs of IT support restoring data and systems affected by the attack, and it directly impacted patient care through cancelled appointments.

Four key methods to defend your business against ransomware

It is crucial that businesses are aware of how a ransomware attack may affect their organization, and how they can prevent cybercriminals from breaching their systems and holding sensitive data to ransom. Up to 61% of organizations with security teams consisting of 11–25 employees are said to be most concerned about ransomware attacks.

The NHS could have avoided being impacted by the WannaCry ransomware attack in 2017 by heeding warnings and migrating away from outdated software, ensuring strategies were in place to strengthen their security posture.

It’s essential that your business takes a proactive approach to cybersecurity by implementing the correct tools to help monitor, detect, and mitigate suspicious activity across your network and infrastructure. This will reduce the number and impact of data breaches and cyberattacks.

Defense.com recommend these four fundamental tactics to help prevent ransomware attacks and stay one step ahead of the hackers:1 — Training

Cybersecurity awareness training is pivotal for businesses of all sizes as it helps employees to spot potentially malicious emails or activity.

Social engineering tactics, such as phishing and tailgating, are common and successful due to human error and employees not spotting the risks. It’s vital for employees to be vigilant around emails that contain suspicious links or contain unusual requests to share personal data, often sent by someone pretending to be a senior-level employee.

Security training also encourages employees to query visitors to your offices to prevent ransomware attacks via physical intrusion.

Implementing cybersecurity awareness training will help your business routinely educate and assess your employees on fundamental security practices, ultimately creating a security culture to reduce the risk of data breaches and security incidents.2 — Phishing simulators

These simulator tools support your security awareness training by delivering fake but realistic phishing emails to employees. Understanding how prone your staff are to falling for a real cybercriminal’s tactics allows you to fill gaps in their training.

When you combine phishing simulators with security training, your organization can lessen the chance of falling victim to a ransomware attack. The combination of training and testing puts you in a better position to prevent the cunning attempts of cybercriminals to infiltrate your IT systems and plant malware.3 — Threat monitoring

You can make your business less of a target for cybercriminals by actively monitoring potential threats. Threat Intelligence is a threat monitoring tool that collates data from various sources, such as penetration tests and vulnerability scans, and uses this information to help you defend against potential malware and ransomware attacks. This overview of your threat landscape shows which areas are most at risk of a cyberattack or a data breach.

Being proactive ensures you stay one step ahead of hackers and by introducing threat monitoring tools to your organization, you ensure any suspicious behaviour is detected early for remediation.4 — Endpoint protection

Endpoint protection is key to understanding which of your assets are vulnerable, to help protect them and repel malware attacks like ransomware. More than just your typical antivirus software, endpoint protection offers advanced security features that protect your network, and the devices on it, against threats such as malware and phishing campaigns.

Anti-ransomware capabilities should be included in endpoint protection so it can effectively prevent attacks by monitoring suspicious behaviour such as file changes and file encryption. The ability to isolate or quarantine any affected devices can also be a very useful feature for stopping the spread of malware.

In summary

With ransomware groups continually looking for vulnerabilities to exploit, it’s important that businesses develop robust strategies to prevent ransomware threats: ensure your staff takes regular security awareness training, set up threat monitoring tools to detect and alert you of vulnerabilities, and implement endpoint protection to protect your devices across your network.

Following the above guidelines will increase your chances of safeguarding your business against ransomware attacks that could cost your organization a substantial amount of money and reputational damage.

Defense.com believes world-class cyber protection should be accessible to all companies, regardless of size. For more information, visit Defense.com.

Source :
https://thehackernews.com/2022/08/what-is-ransomware-how-to-defend-your.html

Apple Releases Security Patches for all Devices Fixing Dozens of New Vulnerabilities

Apple on Wednesday rolled out software fixes for iOS, iPadOS, macOS, tvOS, and watchOS to address a number of security flaws affecting its platforms.

This includes at least 37 flaws spanning different components in iOS and macOS that range from privilege escalation to arbitrary code execution and from information disclosure to denial-of-service (DoS).

Chief among them is CVE-2022-2294, a memory corruption flaw in the WebRTC component that Google disclosed earlier this month as having been exploited in real-world attacks aimed at users of the Chrome browser. There is, however, no evidence of in-the-wild zero-day exploitation of the flaw targeting iOS, macOS, and Safari.

Besides CVE-2022-2294, the updates also address several arbitrary code execution flaws impacting Apple Neural Engine (CVE-2022-32810, CVE-2022-32829, and CVE-2022-32840), Audio (CVE-2022-32820), GPU Drivers (CVE-2022-32821), ImageIO (CVE-2022-32802), IOMobileFrameBuffer (CVE-2022-26768), Kernel (CVE-2022-32813 and CVE-2022-32815), and WebKit (CVE-2022-32792).

Also patched is a Pointer Authentication bypass affecting the Kernel (CVE-2022-32844), a DoS bug in the ImageIO component (CVE-2022-32785), and two privilege escalation flaws in AppleMobileFileIntegrity and File System Events (CVE-2022-32819 and CVE-2022-32826).

What’s more, the latest version of macOS resolves five security vulnerabilities in the SMB module that could be potentially exploited by a malicious app to gain elevated privileges, leak sensitive information, and execute arbitrary code with kernel privileges.

Users of Apple devices are recommended to update to iOS 15.6, iPadOS 15.6, macOS Monterey 12.5 (Big Sur 11.6.8 or 2022-005 Catalina for older generation Macs), tvOS 15.6, and watchOS 8.7 to obtain the latest security protections.

Source :
https://thehackernews.com/2022/07/apple-releases-security-patches-for-all.html

DNS-over-HTTP/3 in Android

Posted by Matthew Maurer and Mike Yu, Android team

To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.

Most network connections begin with a DNS lookup. While transport security may be applied to the connection itself, that DNS lookup has traditionally not been private by default: the base DNS protocol is raw UDP with no encryption. While the internet has migrated to TLS over time, DNS has a bootstrapping problem. Certificate verification relies on the domain of the other party, which requires either DNS itself, or moves the problem to DHCP (which may be maliciously controlled). This issue is mitigated by central resolvers like Google, Cloudflare, OpenDNS and Quad9, which allow devices to configure a single DNS resolver locally for every network, overriding what is offered through DHCP.

In Android 9.0, we announced the Private DNS feature, which uses DNS-over-TLS (DoT) to protect DNS queries when enabled and supported by the server. Unfortunately, DoT incurs overhead for every DNS request. An alternative encrypted DNS protocol, DNS-over-HTTPS (DoH), is rapidly gaining traction within the industry as DoH has already been deployed by most public DNS operators, including the Cloudflare Resolver and Google Public DNS. While using HTTPS alone will not reduce the overhead significantly, HTTP/3 uses QUIC, a transport that efficiently multiplexes multiple streams over UDP using a single TLS session with session resumption. All of these features are crucial to efficient operation on mobile devices.

DNS-over-HTTP/3 (DoH3) support was released as part of a Google Play system update, so by the time you’re reading this, Android devices from Android 11 onwards¹ will use DoH3 instead of DoT for well-known² DNS servers which support it. Which DNS service you are using is unaffected by this change; only the transport will be upgraded. In the future, we aim to support DDR which will allow us to dynamically select the correct configuration for any server. This feature should decrease the performance impact of encrypted DNS.

Performance

DNS-over-HTTP/3 avoids several problems that can occur with DNS-over-TLS operation:

As DoT operates on a single stream of requests and responses, many server implementations suffer from head-of-line blocking³. This means that if the request at the front of the line takes a while to resolve (possibly because a recursive resolution is necessary), responses for subsequent requests that would have otherwise been resolved quickly are blocked waiting on that first request. DoH3 by comparison runs each request over a separate logical stream, which means implementations will resolve requests out-of-order by default.
Mobile devices change networks frequently as the user moves around. With DoT, these events require a full renegotiation of the connection. By contrast, the QUIC transport HTTP/3 is based on can resume a suspended connection in a single RTT.
DoT intends for many queries to use the same connection to amortize the cost of TCP and TLS handshakes at the start. Unfortunately, in practice several factors (such as network disconnects or server TCP connection management) make these connections less long-lived than we might like. Once a connection is closed, establishing the connection again requires at least 1 RTT.In unreliable networks, DoH3 may even outperform traditional DNS. While unintuitive, this is because the flow control mechanisms in QUIC can alert either party that packets weren’t received. In traditional DNS, the timeout for a query needs to be based on expected time for the entire query, not just for the resolver to receive the packet.

Field measurements during the initial limited rollout of this feature show that DoH3 significantly improves on DoT’s performance. For successful queries, our studies showed that replacing DoT with DoH3 reduces median query time by 24%, and 95th percentile query time by 44%. While it might seem suspect that the reported data is conditioned on successful queries, both DoT and DoH3 resolve 97% of queries successfully, so their metrics are directly comparable. UDP resolves only 83% of queries successfully. As a result, UDP latency is not directly comparable to TLS/HTTP3 latency because non-connection-oriented protocols have a different notion of what a “query” is. We have still included it for rough comparison.

Memory Safety

The DNS resolver processes input that could potentially be controlled by an attacker, both from the network and from apps on the device. To reduce the risk of security vulnerabilities, we chose to use a memory safe language for the implementation.

Fortunately, we’ve been adding Rust support to the Android platform. This effort is intended exactly for cases like this — system level features which need to be performant or low level (both in this case) and which would carry risk to implement in C++. While we’ve previously launched Keystore 2.0, this represents our first foray into Rust in Mainline Modules. Cloudflare maintains an HTTP/3 library called quiche, which fits our use case well, as it has a memory-safe implementation, few dependencies, and a small code size. Quiche also supports use directly from C++. We considered this, but even the request dispatching service had sufficient complexity that we chose to implement that portion in Rust as well.

We built the query engine using the Tokio async framework to simultaneously handle new requests, incoming packet events, control signals, and timers. In C++, this would likely have required multiple threads or a carefully crafted event loop. By leveraging asynchronous in Rust, this occurs on a single thread with minimal locking⁴. The DoH3 implementation is 1,640 lines and uses a single runtime thread. By comparison, DoT takes 1,680 lines while managing less and using up to 4 threads per DoT server in use.

Safety and Performance — Together at Last

With the introduction of Rust, we are able to improve both security and the performance at the same time. Likewise, QUIC allows us to improve network performance and privacy simultaneously. Finally, Mainline ensures that such improvements are able to make their way to more Android users sooner.

Acknowledgements

Special thanks to Luke Huang who greatly contributed to the development of this feature, and Lorenzo Colitti for his in-depth review of the technical aspects of this post.

Some Android 10 devices which adopted Google Play system updates early will also receive this feature. ↩
Google DNS and Cloudflare DNS at launch, others may be added in the future. ↩
DoT can be implemented in a way that avoids this problem, as the client must accept server responses out of order. However, in practice most servers do not implement this reordering. ↩
There is a lock used for the SSL context which is accessed once per DNS server, and another on the FFI when issuing a request. The FFI lock could be removed with changes to the C++ side, but has remained because it is low contention. ↩

Source :
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html

Microsoft starts blocking Office macros by default, once again

Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.

The change comes after the company improved its user and admin support documentation to make it easier to understand the available options when a macro is blocked.

“Based on our review of customer feedback, we’ve made updates to both our end user and our admin documentation to make clearer what options you have for different scenarios,” Microsoft explained in a new update in the Microsoft 365 message center.

“For example, what to do if your users have files on SharePoint or files on a network share.”

End users can find more information on the next steps after macros are blocked in a downloaded Office document on the A potentially dangerous macro has been blocked support page. IT admins can find dedicated documentation on the Macros from the Internet will be blocked by default in Office page.

“If you ever enabled or disabled the Block macros from running in Office files from the Internet policy, your organization will not be affected by this change,” Microsoft added.

Microsoft Office users who want automatic Office macro auto-blocking enabled and don’t want to wait for the rollout to reach their systems can read our easy-to-follow tutorial on how to auto-block macros in Microsoft Office docs from the Internet using group policies.

*Mockup of new Office macros security alert (BleepingComputer)*

Rolled back due to negative user feedback

This announcement comes after Redmond backtracked on a decision made earlier this year to make it harder to enable Office VBA macros in docs downloaded from the Internet in several Microsoft Office apps (Access, Excel, PowerPoint, Visio, and Word) for customers in the Current Channel (Preview).

The new feature meant that a popular distribution method for malware would effectively be killed since VBA macros embedded in malicious Office documents have been, for a very long time, one of the easiest methods for threat actors to push various malware families in phishing attacks.

The company announced in February 2022 that Microsoft Office would automatically block VBA macros in all downloaded documents after a rollout stage between April and June.

However, as BleepingComputer first reported in early July, soon after the new feature went live for customers last month, Microsoft suddenly and without any real explanation said that this change would be rolled back.

While Microsoft revealed alerted admins in an M365 message center update, it didn’t make a public announcement and updated the original notification several days later to say it was just a temporary rollback.

Redmond pinned this rollback on negative user feedback. Although Microsoft didn’t share more info, users have reported they didn’t know how to re-enable macros after they were automatically blocked because they couldn’t find the Unblock button. In contrast, others found it burdensome to unblock each downloaded Office document multiple times daily.

Source :
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-blocking-office-macros-by-default-once-again/

Microsoft Teams outage also takes down Microsoft 365 services

What initially started like a minor Microsoft Teams outage has also taken down multiple Microsoft 365 services with Teams integration, including Exchange Online, Windows 365, and Office Online.

“We’ve received reports of users being unable to access Microsoft Teams or leverage any features,” the company revealed on its official Microsoft 365 Status Twitter account more than 8 hours ago.

Two hours later, Redmond said the issue causing the connection problems was a recent deployment that featured a broken connection to an internal storage service.

However, Teams was not the only product impacted by the outage since users also began reporting failures to connect to various Microsoft 365 services.

Microsoft confirmed the issues saying that the subsequent Microsoft 365 outage only affected services that came with Teams integration.

“We’ve identified downstream impact to multiple Microsoft 365 services with Teams integration, such as Microsoft Word, Office Online and SharePoint Online,” Microsoft explained.

As the company further detailed on its Microsoft 365 Service health status page, affected customers experienced issues with one or more of the following services:

Microsoft Teams (Access, chat, and meetings)
Exchange Online (Delays sending mail)
Microsoft 365 Admin center (Inability to access)
Microsoft Word within multiple services (Inability to load)
Microsoft Forms (Inability to use via Teams)
Microsoft Graph API (Any service relying on this API may be affected)
Office Online (Microsoft Word access issues)
SharePoint Online (Microsoft Word access issues)
Project Online (Inability to access)
PowerPlatform and PowerAutomate (Inability to create an environment with a database)
Autopatches within Microsoft Managed Desktop
Yammer (Impact to Yammer experiments)
Windows 365 (Unable to provision Cloud PCs)

After redirecting traffic to a healthy service to mitigate the impact, Redmond said its telemetry indicates that Microsoft Teams functionality started to recover.

“Service availability has mostly recovered with only a few service features still requiring attention,” Microsoft added on the service health status page and on Twitter two hours ago, at 4 AM EST.

“We’ll continue to monitor the service as new regions enter business hours to ensure the service health does not fluctuate while the remaining actions are completed.”

Source :
https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-outage-also-takes-down-microsoft-365-services/

Windows 11 now blocks RDP brute-force attacks by default

Recent Windows 11 builds come with the Account Lockout Policy policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes.

The account brute forcing process commonly requires guessing the passwords using automated tools. This tactic is now blocked by default on the latest Windows 11 builds (Insider Preview 22528.1000 and newer) after failing to enter the correct password 10 times in a row.

“Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors,” David Weston, Microsoft’s VP for Enterprise and OS Security, tweeted Thursday.

“This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome!”

As Weston also said, brute forcing credentials is a popular tactic among threat actors to breach Windows systems via Remote Desktop Protocol (RDP) when they don’t know the account passwords.

The use of Windows Remote Desktop Services to breach enterprise networks is so prevalent among cybercriminals that the FBI said RDP is responsible for roughly 70-80% of all network breaches leading to ransomware attacks.

*Windows 11 Account Lockout Policy (David Weston)*

Slowly blocking the most popular attack vectors

Coupled with other security-focused changes Microsoft has recently announced, including auto-blocking Office macros in downloaded documents and enforcing multi-factor authentication (MFA) in Azure AD, the company is slowly closing all entry vectors used by ransomware operators to breach Windows networks and systems.

The Account Lockout Policy is also available on Windows 10 systems. However, unfortunately, it’s not enabled by default, allowing attackers to brute force their way into Windows systems with exposed Remote Desktop Protocol (RDP) services.

Admins can configure this policy on Windows 10 in the Group Policy Management Console from Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy.

This is a crucial security improvement since many RDP servers, especially those used to help teleworkers access corporate assets, are directly exposed to the Internet, exposing the organizations’ network to attacks when poorly configured.

To put things in perspective, attacks targeting RDP services have seen a sharp increase since at least mid-late 2016, starting with the rise in popularity of dark web marketplaces that sell RDP access to compromised networks, per an FBI IC3 report from 2018.

One notable mention is UAS, the largest hacker marketplace for stolen RDP credentials at one point, which leaked login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers.

Source :
https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/

How to set up proxy server on Windows 11

On Windows 11, you can set up a proxy server quite easily. A proxy server is a service that works as a man-in-the-middle between the computer and the internet. When using this feature, the requests you make to websites and other services will be handled by the proxy instead.

Usually, you’d see a proxy configuration in organizations and schools, but anyone can set up a proxy server because of its benefits. Using a proxy helps save data usage and reduce bandwidth use because web requests are cached in the server and then served again when the user requests the same content.

It can increase your privacy by hiding the IP address of the client making an internet request. It can improve security by blocking malicious traffic and logging users’ activities. It can also block sites, by using rules, a company can stop users from accessing social networks and other websites, and much more.

In this guide, you will learn three ways to set up a proxy server on your Windows 11 device without the need for third-party tools. (Just to be clear, in this guide, we’re setting proxy settings to connect to a server, not to set up the actual proxy server.)

Configure proxy server on Windows 11

The following instructions will apply to Ethernet and Wi-Fi network connections, but these settings won’t work during a VPN session.

To enable automatic configuration for proxy server on Windows 11, use these steps:

Open Settings on Windows 11.
Click on Network & Internet.
Click the Proxy tab.
Turn on the Automatically detect settings toggle switch to set up a proxy server on Windows 11.

Once you complete the steps, Windows 11 will automatically detect the settings using the Web Proxy Auto-Discovery Protocol (WPAD). Organizations and schools typically use this option to automatically configure or change the proxy settings to computers connected to their networks.

If you do not want the computer to detect settings automatically, or you are trying to set up a proxy server manually, you need to turn off the Automatically detect settings toggle switch.

Configure proxy through script on Windows 11

It is also possible to configure a proxy server automatically using the setup script option on Windows 11.

To configure a proxy server using a script, use these steps:

Open Settings.
Click on Network & Internet.
Click the Proxy tab.
Under the “Automatic proxy setup” section, click the “Set up” button for the “Use setup script” setting.
Turn on the Use setup script toggle switch.
Confirm the address of the script (or .pac file).
Click the Save button.

After you complete the steps, Windows 11 will load the proxy configuration from the specified file.

Configure automatic proxy with manual configuration on Windows 11

To set up proxy server settings manually on Windows 11, use these steps:

Open Settings.
Click on Network & Internet.
Click the Proxy tab.
Under the “Manual proxy setup” section, click the “Set up” button for the “Use a proxy server” setting.
Turn on the “Use a proxy server” toggle switch.
In the “Proxy IP address” setting, confirm the address that connects to the proxy server.
In the “Port” setting, confirm the port number required for the proxy to work.
Check the “Don’t use the proxy server for local (intranet) addresses” option.
(Optional) Confirm the addresses that will bypass the proxy in the available section.Quick note: You need to specify these addresses using a semicolon (;) to separate each entry. You can use an asterisk as a wildcard if you have multiple addresses from the same domain. For example, *.website.com will match all the addresses in the asterisk part, including forums.website.com, docs.website.com, etc.
Click the Save button.

Once you complete the steps, the proxy will be configured and the network traffic will automatically pass through the proxy server. However, it is also possible to specify a list of addresses that will not use the proxy.

Source :
https://pureinfotech.com/setup-proxy-server-windows-11/

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize control of affected systems.

The most critical of the flaws affect Junos Space and Contrail Networking, with the tech company urging customers to release versions 22.1R1 and 21.4.0, respectively.

Chief among them is a collection of 31 bugs in the Junos Space network management software, including CVE-2021-23017 (CVSS score: 9.4) that could result in a crash of vulnerable devices or even achieve arbitrary code execution.

“A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact,” the company said.

The same security vulnerability has also been remediated in Northstar Controller in versions 5.1.0 Service Pack 6 and 6.2.2.

Additionally, the networking equipment maker cautioned of multiple known issues exist in CentOS 6.8 that’s shipped with Junos Space Policy Enforcer before version 22.1R1. As mitigations, the version of CentOS packed with the Policy Enforcer component has been upgraded to 7.9.

Also listed are 166 security vulnerabilities impacting its Contrail Networking product that impact all versions prior to 21.4.0 and have been collectively given the maximum CVSS score of 10.0.

“Multiple vulnerabilities in third party software used in Juniper Networks Contrail Networking have been resolved in release 21.4.0 by upgrading the Open Container Initiative (OCI)-compliant Red Hat Universal Base Image (UBI) container image from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8,” it noted in an advisory.

Source :
https://thehackernews.com/2022/07/juniper-releases-patches-for-critical.html

Install updates manually on Windows 11 in six different ways

On Windows 11, a cumulative update (or quality update) is a service patch that Microsoft rolls out proactively to fix bugs, enhance security, and improve system performance. Although updates download automatically through Windows Update, sometimes it may still be necessary to install a specific patch manually.

For instance, after a new installation of Windows 11 or if the computer hasn’t been connected to the internet for some time. If Windows Update isn’t working, it might be necessary to install an update manually to fix the problem. A specific driver needs an update, or you want to upgrade to a newer version of Windows.

Regardless of the reason, Windows 11 has at least four ways to update the system using the Windows Update settings, manual download, Command Prompt, and PowerShell.

Microsoft offers three main types of updates (quality, optional, and feature updates). “Quality updates” are available every month with security and non-security fixes, improvements, and features (occasionally). “Optional updates” are not critical but necessary, and they include drivers and product updates. Finally, “feature updates” are meant to upgrade the device to a newer version (for example, Windows 11 22H2).

In this guide, you will learn six ways to install updates on Windows 11.

Install updates on Windows 11 with Windows Update

To install Windows 11 updates manually with Windows Update, use these steps:

Open Settings on Windows 11.
Click on Windows Update.
Click the Check for updates button.
(Optional) Click the Download and install option to apply a preview of an upcoming update of Windows 11.Quick note: Optional updates usually include non-security changes that Microsoft plans to release in the next Patch Tuesday rollout.
Click the Restart now button.

Once you complete the steps, if an update is available, it will download and install automatically on Windows 11.

Install updates on Windows 11 with Microsoft Update Catalog

To download and install an update manually on Windows 11, use these steps:

Open Microsoft Update Catalog website.
Search for the knowledge base number of the update – for example, KB5015814.Quick tip: If you do not know the latest update reference number, you can check the update history tracker.
Click the Download button for the update to install on Windows 11.Quick note: The page usually lists two versions, including ARM64 and x64. Unless you have an ARM-based device, you need to download the x64 version of the cumulative update.
Click the link to download the .msu package to your computer.
Click the Close button.
Double-click the .msu file to launch the installer.
Click the Yes button to install the update on Windows 11.
Click the Restart now button.

After you complete the steps, the cumulative update will apply to Windows 11.

Install updates on Windows 11 with Command Prompt

Windows 11 doesn’t have a Command Prompt tool to check and download updates. However, you can use commands to install update packages manually.

To install Windows 11 updates with Command Prompt, use these steps:

Open Microsoft Update Catalog website.
Search for the knowledge base number of the update – for example, KB5015814.
Click the Download button for the cumulative update you want to install.
Click the link to download the .msu package.
Click the Close button.
Open Start.
Search for Command Prompt, right-click the top result, and select the Run as administrator option.
Type the following command to install a new update on Windows 11 and press Enter:wusa c:\PATH\TO\UPDATE.msu /quiet /norestartIn the command, update the path with the location and name of the .msu update package. This example installs the KB5015814 update:wusa c:\Users\USERACCOUNT\Downloads\windows10.0-kb5015814-x64.msu /quiet /norestart
Type the following command to confirm the update was installed correctly and press Enter:wmic qfe list brief /format:table
Type the following command to restart the device and press Enter:shutdown /r /t 00

After you complete the steps, the quality update will install quietly, and the computer will restart to finish applying the changes on Windows 11.

Install updates on Windows 11 with PowerShell

Alternatively, you can also install a PowerShell module to download and install updates on Windows 11.

To install Windows 11 updates with PowerShell, use these steps:

Open Start.
Search for PowerShell, right-click the top result, and select the Run as administrator option.
Type the following command to install the PowerShell module to update Windows 11 and press Enter:Install-Module PSWindowsUpdate
Type Y to accept and press Enter.
Type A to accept and install the module and press Enter.
Type the following command to allow scripts to run on PowerShell and press Enter:Set-ExecutionPolicy RemoteSigned
Type the following command to import the installed module and press Enter:Import-Module PSWindowsUpdate
Type the following command to check for Windows 11 updates with PowerShell and press Enter:Get-WindowsUpdate
Type the following command to select, download, and install a specific update and press Enter:Install-WindowsUpdate -KBArticleID KBNUMBERIn the command, make sure to replace KBNUMBER with the update number you want to install. This example downloads and applies the KB5015814 update for Microsoft Defender:Install-WindowsUpdate -KBArticleID KB5015814
Type A to confirm the installation and press Enter.
(Optional) Type the following command to download and install all available updates and press Enter:Install-WindowsUpdateQuick note: When using this command, you will be applying system updates as well as optional updates that may include driver updates.
Type A to confirm the installation and press Enter.
Type Y to confirm the restart and press Enter (if applicable).
(Optional) Type the following command to view a list of previously installed updates and press Enter:Get-WUHistory

Once you complete the steps, the Windows 11 updates will download and install on your device.

Install optional updates on Windows 11

On Windows 11, optional updates are not critical, but they may be necessary for other functionalities. Typically, these updates are available for Microsoft and other products, feature updates, and third-party drivers (such as printers, cameras, network adapters, graphics cards, and Bluetooth peripherals).

To install optional updates on Windows 11, use these steps:

Open Settings.
Click on Windows Update.
Click the Advanced options tab.
Under the “Additional options” section, click the Optional updates setting.
Click the category to see the optional updates – for example, Driver updates.
Check the optional updates to install on Windows 11.
Click the Download and install button.

After you complete the steps, Windows Update will install the packages on your computer.

Install feature updates on Windows 11

Feature updates refer to new versions of Windows 11 that bring new changes and features. These updates are optional, and you must install them manually unless the current release of Windows 11 is reaching the end of service, in which case the feature update will install automatically.

To install a feature update on Windows 11, use these steps:

Open Settings.
Click on Windows Update.
Click on Check for updates button (if applicable).
Click the Download and Install now button.
Click the Restart now button.

In addition to Windows Update, you can also install feature updates using the Installation Assistant or the official ISO file to perform an in-place upgrade.

Source :
https://pureinfotech.com/install-updates-manually-windows-11/