The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday January 22, 2020

Hey Windows users: Are you still using Internet Explorer? Stop it! There's yet another zero-day exploit that will give hackers the ability to remotely take over your computer.

Microsoft sent out an advisory on Friday detailing an under-attack zero-day vulnerability for Internet Explorer.

The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage.

While this particular flaw can be mitigated by restricting access to the JavaScript component JScript.dll, there is no patch available to actually fix the vulnerability.

Even if Microsoft is swift to create a patch, they plan to release it on an upcoming "patch Tuesday." Since we know that's the second Tuesday of each month, they're leaving this takeover exploit active in the wild for a good 4 weeks or so, at least.

These kinds of horrendous security practices are another reminder of why we shouldn't be trusting Microsoft to provide our Antivirus, too.

There's no practical reason to be running Internet Explorer these days. If you must use Microsoft Windows, download Chrome, Firefox, or better yet, get the Brave private browser from cat5.tv/brave to automatically block ads while you surf the web.

Source: www.theregister.co.uk

Sent to us by: Roy W. Nash

Pine64's $200 pro-grade Linux laptop is now available with a US keyboard, and customers who pre-ordered theirs are receiving the first shipment now.

Pine64's $200 pro-grade Linux laptop is now available with a US keyboard, and customers who pre-ordered theirs are receiving the first shipment now.

The Pinebook Pro ships with a customized version of Debian preinstalled. That's right: This is a true Linux laptop.

It also has a few other tricks up its sleeve, like a bootable MicroSD card slot so you can easily run other operating systems off a cheap memory card whenever you feel like it.

Just about all laptop computers use Intel processors these days. Only a very small percentage of Windows laptops have started using Qualcomm ARM processors. The Pinebook Pro actually uses a 64-bit ARM processor called the Rockchip RK3399 with a Mali T860 MP4 GPU, which is made by the same company that makes the Pinebook Pro; PINE Microsystems Inc.

PINE also makes other computing hardware such as compute modules and single board computers that you can build into other projects, and as Robbie mentioned last week, they're even bring a cheap privacy-focused smartphone to market that runs Linux natively.

The Pinebook Pro includes 4GB of RAM, which is the maximum supported by the Rockchip, so it’s not upgradable. By default, it also includes a 64GB eMMC storage module, which you can upgrade if you want.

But, as westerners, the biggest problem we had with the original Pinebook and even the first run of Pinebook Pro, was the keyboard. There's just no way to get reviewers or end users in Canada or the US to truly love an ISO keyboard, which is a layout more familiar to users in the UK. But now, as of last week, users are who preordered are receiving their ANSI keyboard Pinebook Pros. ANSI is more commonly called the US Keyboard Layout.

So for $200, Linux fans can get a solid, professional and super sleek laptop that has keys where they expect them.

So how can Pine64 sell such a fine piece of kit for just $200? Because they love you, that's why.

Actually, that's not even sarcasm. The Pinebook Pro is being sold at cost, as a gift to the open source-loving community... so it’s not technically meant for regular users. If you believe in freedom and like to tinker and learn about technology, the Pinebook Pro is meant for you.

Source: pocketnow.com

Sent to us by: Robbie Ferguson

A security shocker out of Microsoft as it has been revealed that 250 million customer records have been exposed online.

A security shocker out of Microsoft as it has been revealed that 250 million customer records have been exposed online.

We really don't intend for the news to be all about Microsoft. But this week has been a doozie. There's the Internet Explorer zero-day vulnerability that is being actively exploited, yet Microsoft hasn't issued a patch for. That revelation came just days after the U.S. Government issued a critical alert to Windows users concerning the "extraordinarily serious" curveball crypto vulnerability.

And now this: 250 million Microsoft customer records, spanning an incredible 14 years in all, have been exposed online in a database with no password protection.

The data was accessible to anyone with a web browser who stumbled across the databases. According to the report, issued by the security research team at Comparitech, no authentication at all was required to access them.

The nature of the data appears to be that much of the personally identifiable information was redacted. However, the researchers say that many contained plain text data including customer email addresses, IP addresses, geographical locations, descriptions of the customer service and support claims and cases, Microsoft support agent emails, case numbers and resolutions, and internal notes that had been marked as confidential.

While this may seem like no big deal considering the number of breaches, many of which affecting even more users, the thing to consider here is that Microsoft support scams are already rampant. It doesn't take a genius to work out how valuable actual customer information could be to the fraudsters carrying out such attacks, and it puts users at a severe disadvantage and risk of being exploited by someone pretending to be the very company they trust.

Microsoft Security Response Center posted a response dated January 22, 2020. In the post, they confirmed that the exposure of the database started on December 5, 2019, as a result of misconfigured security rules, and was fixed on December 31.

It's not known at this point if the databases were accessed, but it seems very, very likely. Since white hat security researchers picked up on the issue and even replicated its data to their own servers, it's very likely bad actors also got their hands on it.

Source: www.forbes.com

Sent to us by: Chey Cobb

Following a personal (yet very public) invitation from Patrick Stewart, Whoopi Goldberg will be returning to the character of Guinan in Star Trek: Picard.

Patrick Stewart appeared on The View this week, and personally invited host Whoopi Goldberg to appear in the second season of Star Trek: Picard.

While promoting the premiere of the Picard series, Stewart surprised Goldberg, saying, "I’m here with a formal invitation… it’s for you, Whoopi. Alex Kurtzman, who is the senior executive producer of Star Trek: Picard, and all of his colleagues — of which I am one — want to invite you into the second season."

Stewart’s invitation was met with a big smile from Whoopi, who played the beloved and timeless Guinan character in Star Trek: The Next Generation.

Once the applause from the studio audience subsided, and following a warm hug between the two actors, Whoopi responded enthusiastically, saying, "YES".

Season 2 of Star Trek: Picard was already confirmed a month before the first season even began airing.

Other confirmed TNG alumni are Jonathan Frakes as William Riker, Marina Sirtis as Deanna Troi, Brent Spiner as Data (B4), and Jonathan Del Arco as Hugh of Borg. Also along for the show is Star Trek: Voyager‘s Jeri Ryan as 7 of 9.

Star Trek: Picard is available as of January 23 in Canada and the US, and the very next day worldwide.

Source: www.treknews.net

Sent to us by: Robbie Ferguson

Not to create false hope, but this is too huge not to mention: Scientists at Cardiff University have discovered a part of our immune system that can kill prostate, breast, lung and other cancers in lab tests.

Not to create false hope, but this is too huge not to mention: Scientists at Cardiff University have discovered a part of our immune system that can kill prostate, breast, lung and other cancers in lab tests.

The findings, published in Nature Immunology, have not been tested in patients, but the researchers say they have "enormous potential".

Experts are saying that although the work was still at an early stage, it is very exciting.

Our immune system is our body's natural defence against infection, but it also attacks cancerous cells.

The scientists were looking for "unconventional" and previously undiscovered ways the immune system naturally attacks tumours.

What they found was a T-cell inside people's blood. This is an immune cell that can scan the body to assess whether there is a threat that needs to be eliminated.

The difference is that the one in particular that they discovered can seemingly attack a wide range of cancers.

Researcher, Professor Andrew Sewell says "There's a chance here to treat every patient. Previously nobody believed this could be possible. It raises the prospect of a 'one-size-fits-all' cancer treatment, a single type of T-cell that could be capable of destroying many different types of cancers across the population."

The discovered T-Cell was able to kill a wide range of cancerous cells in the lab including lung, skin, blood, colon, breast, bone, prostate, ovarian, kidney and cervical cancer cells.

Crucially, it left normal tissues untouched.

Exactly how it does this is still being explored.

The idea is that a blood sample would be taken from a cancer patient.

Their T-cells in the sample would be extracted and genetically modified so they were reprogrammed to make the cancer-finding receptor.

The upgraded cells would be grown in vast quantities in the laboratory and then put back into the patient.

Daniel Davis, a professor of immunology at the University of Manchester, said: "At the moment, this is very basic research and not close to actual medicines for patients. There is no question that it's a very exciting discovery, both for advancing our basic knowledge about the immune system and for the possibility of future new medicines."

More safety checks will be needed before human trials can begin.

Source: www.bbc.com

Sent to us by: Roy W. Nash

• Tags