Security Alerts & News
by Tymoteusz A. Góral

#852 Microsoft removes 260-character path length limit in Windows 10 Redstone
Windows 10 build 14352, a preview version of the upcoming Anniversary Update (also known as Redstone), comes with an eagerly awaited change that Microsoft hasn’t yet announced publicly.

The 260-character path length limit in Windows can be removed with the help of a new policy, thus allowing you to run operations with files regardless of their path or file name. While this new rule is not enabled by default, admins can turn it on by following these instructions.

Launch the Registry Editor by clicking the Start menu and typing “regedit.exe,” and then navigate to the following path:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{48981759-12F2-42A6-A048-028B3973495F}Machine\System\CurrentControlSet\Policies

Look for an entry called “LongPathsEnabled,” and if it does not exist, simply right-click Policies, select New DWORD (32-bit), name it “LongPathsEnabled” (without the quotes), enter value 1, and you’re good to go.
#851 Alert: Microsoft warns of ZCryptor ransomware with self-propagation features
Microsoft has released an alert today warning about a new ransomware variant called ZCryptor, which comes with the ability to self-propagate via removable and network drives.

A security researcher named Jack, behind the MalwareForMe blog, first discovered and wrote about this threat on May 24. Three days later, Microsoft 's security team also took note of the new wave of infections.

“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft's Malware Protection Center alert reads. “This ransom leverages removable and network drives to propagate itself and affect more users.”
#850 Homeland Security warns thousands of industrial energy systems can be remotely hacked
Homeland Security has said that an internet-connected industrial monitoring device -- typically used in US industrial power plants and energy facilities -- is vulnerable to a string of serious security vulnerabilities.

The US government department's Computer Emergency Readiness Team (CERT) posted an advisory, saying that the ESC 8832 data controller, which allows a plant worker to see exactly how an industrial unit is working at a glance, could be trivially exploited by a "low skilled" attacker.

"The device supports different accounts with distribution of system privileges. An attacker can gain access to functions, which are not displayed in the menu for the user by means of brute force of a parameter," said the advisory.
#849 Small users in a big network
Children use the Internet for schoolwork, socializing, watching films and cartoons, playing games and much more. But, as we all know, browsing the web can be an unsafe business. In order to control their children’s online activity many parents use specialized software – so-called parental control.

This software is usually capable of controlling the amount of time a child spends online or using the computer, which apps can be launched and what personal data can be disclosed. One of the most important features of a parental control product, however, is the ability to restrict access to web resources containing undesirable content.

This article examines the statistics of visits by children to websites with specific categories of content. For this we will use Kaspersky Security Network (KSN) statistics based on notifications by the Parental Control module in Kaspersky Lab products. These statistics will allow us to estimate which categories of undesirable websites children visit most often.
#848 Altair co-founder: Affordable LTE chips to make IoT real by 2018
The move toward an Internet of Things (IoT) world is already happening and it will be simplified, streamlined, and most importantly, cost-effective by the year 2018 thanks to the lowered cost of LTE chipsets and bandwidths, says Altair Semiconductor co-founder Eran Eshed.
#847 Bangladesh Bank officials perhaps played a part in $81m heist
Officials of Bangladesh Bank may have been involved in the calculated theft of $81 million from its account with the New York Federal Reserve Bank, the head of a government-appointed panel investigating the cyber heist has told reporters.

After learning how the organisation worked, the group of cyber attackers broke into the computer systems of the Bangladesh central bank in February and issued instructions through the SWIFT network to transfer $951 million of its deposits held at the New York Federal Reserve Bank to accounts in the Philippines and Sri Lanka.

The group had installed malware in systems at the bank's Dhaka headquarters, which allowed them to spend several weeks spying upon the bank's systems and processes.
#846 Samsung launches 1g-weighing 512GB SSD
Samsung has begun mass production of solid-state drive (SSD) that weights only 1 gram but can pack up to 512GB memory for PCs, the company announced.

The world's largest memory chip maker launched the PM971-NVMe series, the first non-volatile memory express (NVMe) SSDs in a single ball grid array (BGA) package.

The BGA NVMe SSD weighs only 1 gram and measures 20mm x 16mm x 1.5mm, but packs all SSD components in it such as 16 48-layer 256-Gb V-NAND flash chips, one 20-nanometer 4Gb LPDDR4 mobile DRAM, and a high-performance controller.
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12