CC BY 3.0

CC BY 3.0

News for admins

Tech News

Article from ADMIN 39/2017
News for system administrators around the world.

Google Uses Machine Learning to Protect Android Users

Google is putting its machine learning prowess to work by using it to identify and weed out malicious apps from the Google Play Store.

Google has built Play Protect into every Android device that officially supports Google Play. Play Protect is always updated and automatically takes action to keep users protected.

"With more than 50 billion apps scanned every day, our machine learning systems are always on the lookout for new risks, identifying potentially harmful apps and keeping them off your device or removing them," wrote Edward Cunningham, Product Manager of Android Security, on a company blog.

Cunningham said that all Google Play apps go through a rigorous security analysis even before they're published on the Play Store – and Play Protect warns you about bad apps that are downloaded from other sources, too.

Protecting your device is not the only job of Play Protect, if you lose your device or if it falls into the wrong hands, it also comes in handy. Google has baked "Find My Device" into Google Play Protect, which not only helps find lost devices, it can also remotely wipe a device if a user feels it might have been compromised.

Free Tool to Decrypt WannaCry Ransomware

Adrien Guinet, a security researcher from Quarkslab, has created a tool to decrypt files locked by WannaCry ransomware.

Guinet is offering the tool free of cost and it works on Windows XP, Windows 7, Windows Vista, Windows Server 2003, and Windows Server 2008.

The tool has been published on GitHub, and according to the project description, this software allows you to recover the prime numbers of the RSA private key that are used by WannaCry.

"It does so by searching for them in the wcry.exe process. This is the process that generates the RSA private key. The main issue is that the CryptDestroyKey and CryptReleaseContext do not erase the prime numbers from memory before freeing the associated memory," said the GitHub page.

As promising as it may sound, please bear in mind that it's not a complete solution; you do need a stroke of luck for it to work in your case. "If you are lucky (that is, the associated memory hasn't been reallocated and erased), these prime numbers might still be in memory," said Guinet on the project page.

The WannaCry ransomware attack has been the worst attack of its kind. The attack started on Friday May 12, 2017 and infected more than 230,000 computers across the globe. It brought down major services, including Britain's National Health Service (NHS), Spain's Telefónica, FedEx, and Deutsche Bahn. It also shows Europe's reliance on Microsoft technologies.

The WannaCry vulnerability was known to NSA, but instead of informing Microsoft to patch it, the agency used it to compromise target computers.

Microsoft Issues Emergency Security Update for Windows

Microsoft has released an emergency security update to patch a critical remote code execution vulnerability in Microsoft's Windows operating system.

In a security advisory, Microsoft wrote, "The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."

The bug was discovered by two Google Project Zero security researchers, Tavis Ormandy and Natalie Silvanovich. Announcing the bug, Ormandy wrote on Twitter that they have "discovered the worst Windows remote code exec in recent memory. This is crazy bad."

The vulnerability was discovered on May 5, and Microsoft has already released a patch, which shows the criticality of the bug. It's quite unusual for Microsoft to respond so fast; at times, the company failed to release a fix even after the 90-day grace period that Google gives to companies.

The details of the flaw have not been released yet, but researchers wrote that the flaw works on default Windows installations, and the attack is "wormable," which means it is self-propagating.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=