Tag: search | Page 4

New Windows Search zero-day added to Microsoft protocol nightmare

June 1, 2022/in Computer Security

A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document.

The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows applications and HTML links to launch customized searches on a device.

While most Windows searches will look on the local device’s index, it is also possible to force Windows Search to query file shares on remote hosts and use a custom title for the search window.

For example, the popular Sysinternals toolset allows you to remotely mount live.sysinternals.com as a network share to launch their utilities. To search this remote share and list only files matching a particular name, you could use the following ‘search-ms’ URI:

search-ms:query=proc&crumb=location:%5C%5Clive.sysinternals.com&displayname=Searching%20Sysinternals

As you can see from the command above, the search-ms ‘crumb’ variable specifies the location to search, and the ‘displayname’ variable specifies the search title.

A customized search window will appear when this command is executed from a Run dialog or web browser address bar on Windows 7, Windows 10, and Windows 11, as shown below.

**Windows Search on a remote file share**
*Source: BleepingComputer*

Notice how the window title is set to the ‘Searching Sysinternals’ display name we specified in the search-ms URI.

Threat actors could use this same approach for malicious attacks, where phishing emails are sent pretending to be security updates or patches that need to be installed.

They can then set up a remote Windows share that can be used to host malware disguised as security updates and then include the search-ms URI in their phishing attachments or emails.

However, it would not be easy to get a user to click on a URL like this, especially when it displays a warning, as shown below.

**Browser warning when launching URI protocol handlers**
*Source: BleepingComputer*

But Hacker House co-founder and security researcher Matthew Hickey found a way by combining a newly discovered Microsoft Office OLEObject flaw with the search-ms protocol handler to open a remote search window simply by…

Source…

DuckDuckGo browser allows Microsoft trackers due to search agreement

May 25, 2022/in Computer Security

The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies.

DuckDuckGo is a search engine that prides itself on its privacy by not tracking your searches or your behavior while performing searches. Furthermore, instead of building user profiles to display interest-based advertisements, DuckDuckGo will use contextual advertisements from partners, like Ads by Microsoft.

While DuckDuckGo does not store any personal identifiers with your search queries, Microsoft advertising may track your IP address and other information when clicking on an ad link for “accounting purposes” but it is not associated with a user advertising profile.

DuckDuckGo also offers a privacy-centric web browser for iOS and Android that promotes many privacy features, including HTTPS-always encryption, third-party cookie blocking, and tracker blocking.

“Tracker Radar automatically blocks hidden third-party trackers we can find lurking on websites you visit in DuckDuckGo, which stops the companies behind those trackers from collecting and selling your data,” explains the Apple App Store page for the DuckDuckGo Privacy Browser.

DuckDuckGo browser allows Microsoft trackers

However, while performing a security audit of the DuckDuckGo Privacy Browser, security researcher Zach Edwards discovered that while the browser blocks Google and Facebook trackers, it allowed Microsoft trackers to continue running.

Further tests showed that DuckDuckGo allowed trackers related to the bing.com and linkedin.com domains while blocking all other trackers.

In response to Edwards’ long thread on the subject, DuckDuckGo CEO and Founder Gabriel Weinberg confirmed that their browser intentionally allows Microsoft trackers third-party sites due to a search syndication agreement with Redmond.

For non-search tracker blocking (eg in our browser), we block most third-party trackers. Unfortunately our Microsoft search syndication agreement prevents us from doing more to Microsoft-owned properties. However, we have been continually pushing and expect to be doing more soon.

— Gabriel Weinberg (@yegg) May 23,…

Source…

How to delete the last 15 minutes of your Google search history on Android

March 28, 2022/in Mobile Security

If you’ve been looking for a way to quickly delete the last 15 minutes of your Google search history on Android, your time has finally come. Jack Wallen shows you how to take care of this task.

Your privacy should be at the top of your mind any time you pick up your mobile device. So much of what you do on your phone is retained, shared, used, and (in some cases) abused. And at any moment, someone could pick up your Android phone and view anything you’ve searched for.

SEE: Mobile Device Security Policy (TechRepublic Premium)

Imagine you could very easily delete the last 15 minutes from your Google search history. Say, for instance, you were searching for a new job just before talking to your boss who happened to get a glance (for whatever reason) of your search history.

Faux. Pas.

Fortunately, Android makes it fairly easy to erase those last 15 minutes from your search history. This is a feature that’s been available on iOS for some time. Good news, Android users. Google has started rolling out that feature to its own mobile platform, so all you have to do is tap a button to clear that search history.

And I’m going to show you how it’s done.

What you’ll need

In order to enjoy this feature, you’ll need an updated version of Android. This feature shouldn’t be limited only to Pixel devices or Android 12, but (as we all know) Google can be a bit hit-and-miss about releasing features. I’m demonstrating on a Pixel 6 Pro with Android 12. If you find your device doesn’t include the feature, wait until the next update hits and check back.

How to delete the last 15 minutes of your search history

With a supported device, all you have to do is open the Google app (tap Google from the App Drawer—Figure A).

Figure A

The Google app is found within the App Drawer.

When you first open that app after the feature has been added, you’ll see a popup alert indicating you can clear the last 15 minutes of Search history with one tap (Figure B).

Figure B

The Google app running on a Pixel 6 Pro.

Tap your profile pic at the top right of the window and a new pop-up will appear (Figure C).

Figure C

The Google app pop-up menu is where you can delete your last 15 minutes of search history. — The Google app…

Source…

SEO wizardry abused to push malware into Google search rankings

August 10, 2021/in Computer Security

Cybercriminals are deploying search engine optimization (SEO) tricks to push malicious domains up the Google search rankings, security researchers have discovered.

According to a report from the security team at AT&T, in addition to distributing malware via email campaigns, the operators behind the infamous Sodinokini ransomware are targeting keyphrases commonly punched into Google.

In the scenario analyzed in the report, a client ended up downloading a rigged JavaScript file from a malicious domain. The website had appeared on the first page of Google, in eighth position, for the search term “Missouri and Kansas tax reciprocity”.

“There’s a saying that nothing can be certain, except death and taxes; in today’s cyber threat landscape, we can add ransomware to that shortlist,” wrote Ken Ng, a researcher at AT&T. “In this incident, one of [our] customers almost had an incident at the crossroads of taxes and ransomware.”

SEO for cybercriminals

Although the attack was mitigated automatically by the security protections in place, AT&T believed the incident warranted further investigation, as it was not immediately clear how the individual had ended up with the infection.

“Once we had an idea of what the JavaScript led to, we could attempt to find how the user potentially got the file,” AT&T explained. “Leveraging the information from the file name, plus some context with the one PDF the user was able to get from a legitimate site, we were able to emulate the user’s actions.”

When researchers eventually tracked down the offending domain, they found it stood out because it used HTTP, not HTTPS (a more secure protocol), and because the URL itself had nothing to do with the headline of the page, which had been crafted with SEO in mind.

The page itself was reportedly “extremely suspicious and sparse”, containing a link to download the answer to the original search query: “does Missouri have a reciprocal agreement with Kansas?”.

The specificity of this level of targeting is alarming (after all, a comparatively small number of people are likely to be making this particular query) and begs the question: how many other key terms are Sodinokibi and other…

Source…

Tag Archive for: search

DuckDuckGo browser allows Microsoft trackers

What you’ll need

How to delete the last 15 minutes of your search history