Security flaw in Log4J – Urgent attention required

An Insecurity Inside A Common and widespread USED LOGGING LIBRARY has escalated into a full-fledged security breakdown, impacting digital communications all over the internet.

Hackers are already working to attack it, but even while solutions are developed, experts stress that the hole might have global ramifications.

The problem is with Log4J a popular open platform Apache logging framework used by programmers to keep tracking of all activities within an application.

Simultaneously, hackers are continually searching the internet for infected computers. Some have already created tools that aim to exploit the problem automatically, as well as worms that can transmit autonomously from one susceptible system to another under the correct conditions.

Log4J is a Java API, and while the computer language is becoming less popular among consumers, it is still widely used in business systems and online sites.

On Friday, researchers told WIRED that they expected many popular services to be impacted.

For example, Microsoft-owned Minecraft issued explicit instructions on Friday for how Java version gamers should fix their PCs. “This attack impacts several services, including Minecraft Java Edition,” according to the report.

CEO Matthew Prince Cloudflare said: This vulnerability raises the possibility that our machines may be get hacked. the problem was “that serious” that the internet infrastructure business will try to provide at least some security to consumers on its free tier of service.

the vulnerability allows an attacker to execute arbitrary Java code on a server, granting them control.

“It’s a catastrophic design failure,” says Free Wortley, CEO of the open-source data security platform LunaSec. On Thursday, the company’s researchers issued a warning and preliminary evaluation of the Log4j vulnerability.

Minecraft images circulating on forums purport to show people taking advantage of the Minecraft chat function’s vulnerability. Some Twitter users began altering their display names to code sequences that may trigger the attack on Friday. ‘Another person did the same thing by changing the name of his iPhone and reporting the discovery to Apple. According to the researchers, the strategy might also work with email.

The US Cybersecurity and Infrastructure Security Agency, as well as Australia’s CERT, issued a notice about the vulnerability on Friday.

According to an advisory from New Zealand’s government cybersecurity group, The vulnerability is apparently being aggressively exploited.

“It’s very awful,” Wortley admits. “There are so multiple individuals that are weak, and it’s so simple to take advantage of them.” These are some mitigating circumstances, and in the real world, there will be many firms trying to solve this issue.

Apache assesses the issue as “critical,” and fixes and mitigations were released on Friday. According to the firm, the vulnerability was discovered by Chen Zhaojun of the Ali[Censored] Cloud Security Team.

The issue highlights the difficulties of controlling risk within interconnected corporate software. Numerous firms, like Minecraft, may need to design their own fixes or will be impossible to patch instantly due to legacy software, such as earlier versions of Java.

Furthermore, patching Log4j into live services is not a casual thing to do since if something goes wrong, an organization’s logging capabilities might be jeopardized at a time when they need them the most to monitor for attempted exploitation.

Aside from installing updates for different web services as they become available, normal individuals won’t be able to do much; most of the effort will be done on the corporate side, as businesses and organizations hurry to adopt solutions.

“Security-mature firms will try to analyze their risk within hours of an exploit like this, but some will take a few weeks, and some will never look at it,” a security engineer from a prominent software company told WIRED.

The individual requested anonymity since they are collaborating with critical infrastructure response teams to resolve the risk. “The internet is on fire, and this garbage is all over the place.” And by “everywhere,” I mean “everywhere.”

While the SolarWinds breach and its aftermath showed how severely things can go wrong when attackers enter widely used software, the Log4j meltdown shows how widely the impacts of a single defect can be felt if it occurs in a core piece of code that is included in a lot of products.
“Library issues like this one create a very tough supply chain problem to tackle,” explains Katie Moussouris, founder of Luta Security and an experienced vulnerability researcher.

“Everything that makes use of the library must be tested with the updated version.” “Having previously coordinated library vulnerabilities, my heart goes out to those who are rushing right now.”

For the time being, the priority is to determine the extent of the problem. Unfortunately, security professionals and hackers alike are working around the clock to discover a solution.

Share it on Social Media:

Microsoft Teams now enables you to conceal your video during meetings

 One of the most inconvenient aspects of video meetings may soon be eradicated for Microsoft Teams customers, owing to a major upgrade to the video conferencing platform. 

The business communication platform has announced that it is developing a new function that will allow people to conceal their own video stream while on a call. 

This implies that Microsoft Teams users will no longer see their own face trying to pay more attention (or losing interest), but will instead be able to see other colleagues. 

The official article on the Microsoft 365 roadmap states, “Presently, the user’s video is presented at the bottom right-hand corner of the meeting screen.” “Users can utilize this functionality to conceal their own video throughout a call. This can assist eliminate interruptions during the conversation while still allowing other attendees to view your video.” 

The function is now listed as “under progress” on Microsoft’s roadmap, however, the item does promise a January 2022 delivery date. When it is released, the functionality will be accessible to all Microsoft Teams users globally, spanning online and computer platforms. 

The upgrade is the latest in a series of innovations introduced by Microsoft famous for products like SharePoint in an effort to assist Teams users in increasing productivity and efficiency as the age of hybrid working continues. 

This explains the current statement that Teams would eventually enable users to silence messages when in a video conferencing call or otherwise not wanting to be bothered. 

This should imply that you will no longer get annoying messages or notifications while in the midst of an essential meeting. 

According to recent statistics gathered by a software firm, virtually all (97 percent) firms now consider platforms like Zoom, Webex, and Microsoft Teams to be crucial to their business. 

More than half (57%) of the 2,000 UK-based respondents said their organization could not function for much more than 60 minutes without access to its communication tools, while 27percent said they couldn’t operate for even 30 minutes. 

Share it on Social Media:

Using the Gmail mobile app on an iPhone will now be a lot simpler

Google has announced a slew of improvements and enhancements for Apple devices, particularly new capabilities for Google Meet and Gmail mobile app for iPhone and iPad. 

The new Google Workspace features provide a home screen widget for Gmail, allowing users to swiftly access, modify, and respond to emails while on the go. 

Being launched now Gmail version 6.0.211226, initially announced in November last year, now features a new “Email updates” widget that provides quick access to your emails without opening the complete mobile app – helpful if you’re rushing to a meeting or getting on a train. 

According to Google, the new widget will let users see the senders and subject lines of their latest emails immediately on their Home Screen. 

It will be added to the current “Quick email actions” home screen feature and will provide users the opportunity to create new emails instantaneously – and will also be accessible in dark mode. 

The iOS Gmail widget lacks the versatility of the Android Gmail widget. But, on the other hand, Apple may have some catching up to do when it comes to widgets.  

Apple presently does not allow app developers to incorporate any functionality into iOS widgets. So, eliminating that constraint may be the first step the Cupertino team might take to improve iOS widgets. 

Another notable innovation is Google Meet’s picture-in-picture mode, which allows users to have numerous applications open and visible while on a video conference session, which might be highly beneficial for business users. 

Users of the iPhone and iPad will be able to join into a meeting on their phone in the future, but they will also be capable of passing an email, sharing a document, or simply conducting some more research while the conversation is in progress. Navigating away from Google Meet will minimize the mobile app, which may be adjusted and moved about the Home Screen as desired. 

“If you are using Google apps to get work done on your iPhone or iPad, we’re introducing some enhancements to help you stay organized and productive,” said Luke Wroblewski, Google’s Director of iOS, in a blog article. 

Share it on Social Media:

Microsoft Teams transforms your smartphone into a walkie-talkie device

push-to-talk (PTT), or walkie-talkie, was functionality of Boost Mobile prepaid phones in the early 2000s that enabled you to send your voice over another Boost Mobile user’s mobile speaker with the press of a button. Microsoft Teams application now brings a similar capability to iOS and Android smartphones. Nevertheless, unlike Boost Mobile, Microsoft known for Office 365 is not utilizing rappers and sportsmen to make push-to-talk appear “popular.” Rather, a means of utilizing technology to assist front-line personnel  

Emma Williams, corporate vice president of modern work transformation at Microsoft, revealed in a blog article on Wednesday that the walkie-talkie feature in Microsoft Teams is now accessible “on all iOS smartphones, including iPhones and iPads, as well as to Android smartphones.” 

She also stated that the capability will be available on certain Zebra Technologies gadgets, such as rugged handsets and scanning equipment. Such items may even include a button that allows you to connect instantaneously, similar to actual walkie-talkies and Boost Mobile’s old push-to-talk devices. 

As per Williams, the number of frontline employees utilizing Microsoft Teams increased 400% between March and November 2021. Introducing Walkie Talkie for Microsoft Teams to smartphones aims to resolve the dilemmas that employees experience as a result of labor shortages and supply chain issues by supplying “technology that saves them time, allows them to interact quite smoothly, and maximizes their effectiveness when completing routine tasks,” according to Vice president Williams. 

The walkie-talkie functionality is one method for the Tech Giant to distinguish Teams in a workforce crowded with competitive applications like Slack and Zoom by emphasizing quick and on-the-go voice communication. Slack is mostly a text-based chat app, but its Huddle function helps to communicate with peers in real-time. Alternatively, Zoom’s concept of push-to-talk is to allow you to easily unmute yourself. 

Several other current mobile gadgets also include walkie-talkie capabilities.  Apple released an app with these capabilities for the Apple Watch in the year 2018. 

Although Microsoft, widely renowned for SharePoint, promotes the Walkie Talkie for Teams as a working tool, there’s nothing keeping you from using it to ask a friend, “Where are you?” 

Share it on Social Media:

Microsoft suddenly Dumps faulty Windows Server Updates

Microsoft known for Office 365 has withdrawn the Windows Server upgrades released on Patch Tuesday after administrators discovered significant flaws that broke 3 things: They cause Windows servers acting as domain controllers to enter into spontaneous boot loops, causing Hyper-V to fail, and ReFS volume systems to become inaccessible. 

the news about Windows breaking was initially reported on Tuesday, the same day Microsoft issued a mega-dump of ninety-seven security upgrades in its January 2022 Patch Tuesday upgrade. 

January’s batch contained the Windows Server 2012 R2 KB5009624 upgrade, Windows Server 2019 KB5009557 upgrade, and Windows Server 2022 KB5009555 upgrade, each of which appears to be bugged. 

“Admins of Windows Domain Controllers should exercise caution while applying the January 2022 security upgrades,” according to IT consultants. 

There have been multiple complaints that Windows systems operating as domain controllers will no longer boot. Lsass.exe (or wininit.exe) causes a blue screen with the error code 0xc0000005. As per our assessment, it can affect all Windows Server versions that act as domain controllers. 

Domain controllers are servers responsible for handling verification requests inside a Windows domain. Microsoft’s Hyper-V, the other component of Windows that has been disrupted by the Windows Server upgrades, is a local hypervisor that can build virtual machines on x86-64 Windows computers. 

According to the company, the third object that has been shattered by the changes is the Resilient File System (ReFS), which is a file system meant to boost accessibility, scale quickly to big data sets throughout varied workloads, and guarantee data integrity with resistance to distortion. 

We noted a slew of user feedback concluding that the problem impacts all available Windows Server versions. 

Several Reddit users verified the issues. According to one user, “KB5009557 (2019) and KB5009555 (2022) appear to be leading things to collapse on domain controllers, which subsequently continue rebooting after every several minutes.” 

Some other Reddit users reported on Tuesday that they had recently restarted Windows 10 PCs with the KB5009543 and KB5008876 patches loaded and discovered that they were also disabling L2TP VPN connections. 

“Now their L2TP VPNs to various websites (All SonicWall’s) are not functioning,” the Redditor explained, quoting an error message that interprets: “The L2TP connection request was denied because the security layer detected a processing issue during early talks with the other computer.” 

After the server upgrade saga, it was reported yesterday that Microsoft has withdrawn the January Windows Server continuous upgrades, that are no longer available through Windows Update. Nevertheless, as of yesterday’s afternoon, the firm has not removed the Windows 10 and Windows 11 continuous upgrades that were causing L2TP VPN connections to fail. 

Share it on Social Media:

5 of the Most Serious Windows 11 Problems That Microsoft Must Address

Microsoft Windows 11 offers a slew of additional features and enhancements over its predecessor, Windows 10. There are several causes to upgrade to the new Operating system, ranging from the redesigned UI to the support for Android Mobile apps. But, before you do, there are several things you should be careful of. 

Let’s take a look at the most serious flaws that are now hurting Windows 11. 

  • Inconsistencies in Windows 11’s User Interface 

Microsoft known for Office 365 has aimed to wipe out the traditional UI features of Windows since Windows 8 in Favour of a more contemporary approach. Even with Microsoft’s weight behind it, the legacy User interface has persisted to this very day. 

the company upgraded several features in Windows 10. With Windows 11, the corporation pushed things to the next level.  As a consequence, Windows 11 seems to be smoother and more aesthetically beautiful than Windows 10. Nevertheless, there is still so much work to be done. 

Lack of consistency in the user interface is a major issue with Windows 11. On the one side, there’s the elegant Settings application. But on the other hand, there’s always the Control Panel. Likewise, traces of Windows Vista’s Aero design language may be found, such as conversation box icons. Even Windows XP is represented in the user interface here. 

To summarize, after decades of UIs that feel like a jumble instead of a cohesive whole, Microsoft must make Windows 11’s UI consistent. 

  • The Taskbar’s Restrictions 

To put it lightly, the taskbar in Windows 11 is divisive. To a few, it is the long-awaited update of the taskbar. Some see it as a shambles with lacking fundamental capabilities. Although we can’t dispute that the current version of Windows’ taskbar appears trendy, we must bemoan the absence of numerous basic taskbar functionality. 

To begin with, you cannot resize or move the taskbar. In Windows 10, you may relocate the taskbar around the screen to whatever direction you like. It may also be made wider. None of these are possible in Windows 11. The absence of this essential taskbar functionality is perplexing. 

Secondly, you can’t reduce the size of the taskbar icons. This one was, yet again, an option in Windows 10. Why would Microsoft get rid of it? We have no idea. 

The same holds true when seeing the date and time on several displays. On Windows 10, you can view the date and time on the second monitor. Microsoft also eliminated this function for no apparent cause. 

The context menu that appears when you right-click on the taskbar is pretty much the same. The context menu in Windows 10 has a plethora of customization options, such as displaying and hiding buttons. With Windows 11, the context menu only has a single option: “Taskbar settings.” 

Clearly said, Microsoft has to repair the taskbar and make it as useful, if not even more, than the one in Windows 10. As it is, the taskbar in Windows 11 feels hurried and unfinished. 

  • The Start Menu’s Restrictions in Windows 11 

With Windows 11, the Tech Giant completely redesigned the Start Menu. It is in the middle. There are no Live Tiles either. In addition, the big list of all the programs from Windows 10 is no longer available. You may pin applications to the Start Menu and check which applications are suggested or most often used. 

The new Start Menu includes a slew of flaws. When you eliminate the suggested programs, for example, there is a huge empty area at the end of the Start Menu. This is simply poor design. 

Another contentious choice is the elimination of Live Tiles without giving a replacement. True, not everyone was a fan of Live Tiles. However, when used correctly, they supplied important information. We no longer have access to this at-a-glance information thanks to the new Start Menu. 

Furthermore, there really is no method to organize programs as in Windows 10. You can only pin applications. 

In general, the company has modified or deleted several functions from the new Start Menu without providing consumers with the choice to opt-out of these modifications. If Microsoft wants Windows 11 to be the finest Windows experience ever, it must allow users to customize the Start Menu. 

  • Bloatware in Windows 11 

It appears that every time someone discusses Windows, they must also discuss the bloatware that accompanies it. Windows 10 was filled with games and applications that no one utilized. And, as things currently are, bloatware is still a problem with Windows 11. 

the company must either cease packing in unwanted programs or provide customers with an easy method to uninstall all bloatware from Windows 11. This will not only boost speed by using a lightweight operating system, but it will also enhance the customer experience. 

  • several problems and inconsistencies 

According to us, Windows 7 was the last time Microsoft produced an operating system that was free of serious problems and inconsistencies. All three versions of Windows Vista, 8, and 10 were plagued with faults. Sadly, Windows 11 is yet another stumbling block for the company. 

A few of the long-standing printer difficulties that have afflicted Windows 10 for a long period of time, for example, are still present in Windows 11. 

The PrintNightmare bug is among the most serious printer-related problems in Windows 11. It was a problem with Windows 10, and the corporation claimed to have fixed it after releasing numerous updates. However, according to reports, those fixes did not resolve the problem, and PrintNightmare is still wreaking havoc. 

To cut a long tale short, if you frequent Windows subreddits, you’ll almost certainly run into folks talking about issues with Windows 11. Simply put, the company must work out big flaws with Windows 11. If the organization wishes to persuade people to migrate to the new Operating system, it must first address old concerns. 

Windows 11 is off to a bumpy start, but it has a lot of promise. 

the Tech giant looks to have pushed the release of Windows 11. Many functionalities are either half-baked or completely lacking. There’s also the problem of bloatware. Then there are the bugs. 

As a result, Microsoft has a great deal of work to do. However, putting these concerns behind for a moment, it’s clear that Windows 11 has a lot of promise. Let’s hope the company lives up to its promise. 

Share it on Social Media: