Wednesday Newsbytes: Windows 7 & 8 Support Ends Soon, Critical Patch Tuesday Update, Wiper Malware is Everywhere, FBI Hacked…and more!
Every day we scan the tech world for interesting news in the world of technology and sometimes from outside the world of technology. Every Wednesday, we feature some news articles that grabbed our attention over the past week. We hope you find this week’s ‘Wednesday Newsbytes’ informative and interesting!
Support for Windows 7 and 8 fully ends in January, including Microsoft Edge
Even businesses that will pay for it won’t get new Windows 7 security updates.
Microsoft’s Chromium-based Edge browser was an improvement over the initial version of Edge in many ways, including its support for Windows 7 and Windows 8. But the end of the road is coming: Microsoft has announced that Edge will end support for Windows 7 and Windows 8 in mid-January of 2023, shortly after those operating systems stop getting regular security updates. Windows 7 and 8 support will also end for Microsoft Edge Webview2, which can use Edge’s rendering engine to embed webpages in non-Edge apps.
The end-of-support date for Edge coincides with the end of security update support for both Windows 7 and Windows 8 on January 10, and the end of Google Chrome support for Windows 7 and 8 in version 110. Because the underlying Chromium engine in both Chrome and Edge is open source, Microsoft could continue supporting Edge in older Windows versions if it wanted, but the company is using both end-of-support dates to justify a clean break for Edge…
Microsoft Patch Tuesday fixes six critical vulnerabilities
One moderate vulnerability that’s already exploited impacts the Windows SmartScreen Security Feature.
Microsoft on Tuesday disclosed 56 vulnerabilities, including six critical ones and one moderate vulnerability that has been exploited.
The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.
The one exploited CVE disclosed on Patch Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.
Also: Is Microsoft really going to cut off security updates for your ‘unsupported’ Windows 11 PC?
When you download a file from the internet, Windows adds the zone identifier, or MOTW, to the file. That MOTW prompts Windows SmartScreen to conduct a reputation check. However, this exploit results in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging…
Effective, fast, and unrecoverable: Wiper malware is popping up everywhere
Wiper malware from no fewer than 9 families has appeared this year. Now there are 2 more.
Over the past year, a flurry of destructive wiper malware from no fewer than nine families has appeared. In the past week, researchers cataloged at least two more, both exhibiting advanced codebases designed to inflict maximum damage.
On Monday, researchers from Check Point Research published details of Azov, a previously unseen piece of malware that the company described as an “effective, fast, and unfortunately unrecoverable data wiper.” Files are wiped in blocks of 666 bytes by overwriting them with random data, leaving an identically sized block intact, and so on. The malware uses the uninitialized local variable char buffer[666].
Script kiddies need not apply
After permanently destroying data on infected machines, Azov displays a note written in the style of a ransomware announcement. The note echoes Kremlin talking points regarding Russia’s war on Ukraine, including the threat of nuclear strikes. The note from one of two samples Check Point recovered falsely attributes the words to a well-known malware analyst from Poland…
FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.
The FBI’s InfraGard program is supposed to be a vetted Who’s Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation’s critical infrastructures — including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms…
Read more at Krebs On Security.
Social Media Is Entering Its Flop Era
Instagram is dying, Twitter’s imploding and TikTok is for a certain kind of person. Where does that leave us now?
I came across a tweet the other day that said something like, “Posting on the grid seems kind of cringe now.” They were speaking about Instagram – an app whose whole USP used to be “posting on the grid.” And I realised they were right. Posting on the grid does seem kind of cringe now, for some reason. Obviously none of this matters if you’re not a self-conscious teenager (to be cringe is to be free, etc). But the conversation itself speaks to a wider shift that’s happening. Which is: People don’t know how to use social media anymore. Because social media is flopping.
The idea that Instagram is dead has been marinating for quite some time now. Young people certainly don’t post like they used to, and an overtly “aesthetically pleasing” grid is something that belongs in the mid 2010s, back when people used to upload food pics and sunsets. This year also saw a mass exodus of Twitter after Elon Musk’s messy takeover of the platform. There was that week in which people panicked and posted their Mastodon usernames and hastily launched new Substacks. I’ve even seen returns to the OG writing platform Tumblr, who has welcomed the internet girlies back with open arms. It seems like those used to being chronically online are struggling to know where to go next…
Thanks for reading this week’s Wednesday Newbytes. We hope you found these articles informative, interesting, fun, and/or helpful. Merry Christmas! Darcy & TC
