New Malware forces you to change your Wifi's default password

Ifwatch, a custom-built vigilant malware software changed the Wi-Fi passwords of  nearly 10000 routers to make it more secure.

According to researchers at the cyber security firm Symantec, the software is actually used to defend the machine from the hackers and provides solution for the other malware infections.

“We have not seen any malicious activity whatsoever,” said Symantec threat intelligence officer Val Saengphaibul. “However, in the legal sense, this is illegal activity. It’s accessing computers on a network without the owner’s permission.”

Ifwatch software infect the routers with a mysterious piece of “malware” through Telnet ports, which are often protected by default security credentials that could be easily for accessed for malicious attack, and then prompts the users to change their Telnet passwords.

The software is spreading quickly around the world but found mostly in China and Brazil. It was first discovered by an independent researcher in 2014.

“We have no idea who is behind this — or what their full intention is,” Saengphaibul said.

Vodafone 'hacking' of reporter's phone must be investigated, says Greens senator

A report published in The Guardian revealed that an Australian Greens senator Scott Ludlam has urged the Australian Federal Police and Australian Communications and Media Authority to investigate Vodafone over a serious privacy breach in which a journalist’s phone records were accessed.

According to the news report, Natalie O’Brien, Fairfax journalist, had her phone records leaked by a Vodafone employee in 2011, after she reported on a major data breach the company had suffered.
“The Office of the Australian Information Commissioner and Acma have both released statements acknowledging they have been made aware of the breach, but neither organisation has committed to an investigation,” the news report added.

As per the Telecommunications Act, no one either telecommunications provider or an employee, has authority to use or disclose information relating to the contents of phone records.

“It’s flat out a really interesting test of whether the laws that protect privacy in Australia are actually going to be upheld by the regulators,” Ludlam told Guardian Australia. There’s two issues. One will be whether the Acma’s directions were upheld. It’s not clear to me whether they were. Secondly, whether the federal police are intending to investigate the company for illegal access of phone records.

He said that while Vodafone was facing scrutiny for this particular breach, the case was an important illustration to put all companies on notice about their privacy obligations.

According to the news report, in December 2011, Acma gave formal directions to Vodafone that require it to take certain steps to improve its data practices. In the event the organisation were to investigate and find their directions had been breached, they could face heavy financial penalties.

In a statement released on Monday, acting information commissioner and privacy commissioner Timothy Pilgrim said the OAIC had been aware of “an allegation about inappropriate access to an individuals’ telephone records in May 2015.”

“The OAIC has been in contact with Vodafone to make inquiries about the allegation. The OAIC has also been liaising with the Australian Communications and Media Authority about these allegations, in accordance with the memorandum of understanding between the two agencies,” the statement read.
Acma released a statement and said it was aware of the allegations.

“The Acma has not previously investigated these allegations,” the spokesperson said.

Wassenaar Cybersecurity Rules – How India Must Respond

In December 2013, the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (“Wassenaar Arrangement”) extended its reach to the cyber world. The extension seemed to signal a broad attack on export of many categories of cyber security software including commercially available penetration testing and network monitoring products, zero days and other computer exploits. Interestingly, these changes have emerged after media reports of U.S. government purchases of zero day computer exploits or vulnerabilities, i.e., security vulnerabilities previously unknown, by the US National Security Agency (NSA) for use by its hacking team.

Cyber security experts around the world and large companies like Google have raised a banner of revolt against the Wassennar changes and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS)’s proposals for the implementation of the Wassenaar changes. They have expressed serious concerns about the impact of these changes on discovery of new vulnerabilities that could pose a threat to the internet globally.
If anything, the general impression is that Wassenaar Changes and its implementation by the signatory countries would actually make the internet more dangerous to users around the world. Google has been quoted as saying that the rules “are dangerously broad and vague and would have a significant, negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users and make the Web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure."
The fierce criticism and loud, public protest has had a temporary impact. The US Department of Commerce has now committed to drafting new rules to replace/amend the earlier draft.
It would be pertinent to note here that in response to the Wassenaar changes, VUPEN, a well known zero-day exploit firm (and also a supplier of exploits to the NSA), announced its decision to restrict exploit sales only to approved government agencies in approved countries
So what does all this mean for India? While the Wassenaar Arrangement might have worked in the physical world, will it work in the borderless cyber world? Will a country like Russia, a leading global supplier of cyber security software and tools implement rules to accommodate the Wassenaar changes, especially at a time when it is facing economic headwinds and under sanctions from the US and the EU? It does not seem to be in Russia’s interest at all, given its enormous strengths in the cyber security area and huge market for such products.
But India cannot afford to speculate on which way the wind will blow. The ongoing transformation of India into a Digital Economy implies the need for strong cyber security defences. Imagine a situation where a commercial or defence software is found to have vulnerabilities, whether accidental or deliberate, and the country lacks the tools to test for and mitigate such vulnerabilities? What if such vulnerabilities are discovered in software used in sectors such as Critical Infrastructure, Public Utilities, Financial Services, Health Information Systems? What if vulnerabilities are found in SCADA (industrial automation control systems) used by major industries and the energy sector?
Clearly, India needs to build its own cyber security defences and do it fast. Some expertise is available in the country, and needs to be complemented with global talent. 
The Government, leading software companies, defence companies and major users need to invest liberally in funding and supporting talented cyber security professionals. The Government should support some aggression in sourcing relevant tools, technology and talent from wherever required in the world. Israel’s export of cyber security software now exceeds that of physical weapons systems, and there’s a lesson for India here in the form of a Military/Industrial/Cyber Security Professionals complex to meet India’s needs.
As is known, India has faced serious problems in the past with respect to imports of critical technologies in the areas of defence, space and the nuclear sector. In the context of cyber security, we now have advance warning about problems that are around the corner. It makes no sense to run into a wall all over again and as such, a proactive and immediate national response is called for.
Prasanna J, Founder of Cyber Security and Privacy Foundation.

Mozilla patches severe vulnerabilities in its Bugzilla bug tracking system

Mozilla confirmed on September 4 that an attacker, stole its security-sensitive vulnerability information from its Bugzilla bug tracking system and then he got accessed to information about unpatched zero-day bugs.

However, Mozilla has now patched all the flaws that allowed the attacker to get the accessed. Similarly, the company concerned said that it would take its own security more seriously than before.

It is also said that the attacker used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday.

“The attacker acquired the password of a privileged Bugzilla user, who had access to security­sensitive information. Information uncovered in our investigation suggests that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site,” Mozilla said in an FAQ on the breach.

The one bug that was exploited in the wild was used to collect private data from Firefox users who visited a Russian news site.

The attacker accessed approximately 185 bugs that were non-public. Among them, 53 were said to be severe vulnerabilities. Mozilla claims that 43 of the severe flaws had already been patched in the Firefox browser by the time the attacker accessed the bug information. That leaves 10 bugs that the attacker had access to before they were patched, and that's where the potential risk to Firefox users lies.

“The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013,” the company said.

The company said that during its investigation it found out that the user re­used their Bugzilla password with another website, and the password was revealed through a data breach at that site.
Firefox security lead Richard Barnes detailed what Mozilla is now doing to improve Bugzilla's security.

"We are updating Bugzilla's security practices to reduce the risk of future attacks of this type," Barnes wrote. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication."

Bug in the GitHub Extension for Visual Studio Makes Developer Lose $6,500

Carlo van Wyk, a South African web developer, said that he lost $6,500 (£4,250) in just a few hours because of a flaw in a tool for using Microsoft's Visual Studio IDE with code-sharing site GitHub inadvertently exposed his sensitive data.

He used the GitHub Extension for Visual Studio 2015 to commit one of his local Git code repositories to a private repository on GitHub. However, an unknown to him at the time the bug in the extension, developed and maintained by GitHub itself, caused his code to be committed to a public GitHub repository, rather than a private one as he intended.

Once he reported the bug, both of the concerned companies fixed it.

According to a report published in The Register, within around ten minutes after publishing his code, he received a notification from Amazon Web Services telling him his account had been compromised. He had included an AWS access key in the code that he had committed to GitHub.

Although, he immediately changed his AWS root password, revoked all of his access keys, and created new ones, within hours the crooks had managed to sign him up for AWS's Elastic Compute 
Cluster and fire off more than 20 instances in each EC2 region.

After that his AWS account had racked up a bill of $6,484.99.

AWS was not available for the comment, as per The Register. However, GitHub has apologized for the error in its code, regarded it as "inexcusable."

WordPress 4.3 automatically generates secure password

The WordPress has announced the release of new version 4.3, dubbed “Billie” in honor of jazz singer Billie Holiday, is available for download, with some changes in the password security system.

The new system of managing a password reset sends a password reset link that has 24-hour expiry window, and users will also receive e-mail notification if e-mail or password is changed.

In a blog post, WordPress developer Brian Krogsgard said that, “This is a relatively minor change to WordPress that will significantly enhance default user behavior for a big security win.”

For the new users to WordPress,  they have add a feature which will automatically generate a secure password for the user. It means that the users will have a strong password by default.  A password strength meter will help users to gauge on the strength of their password.

“Although WordPress isn't stopping you from choosing terrible passwords, the default in 4.3 is that you get secure passwords, and making them less secure takes a bit of work,” noted Mark Jaquith, a lead WordPress core developer.

Creepy Voice that you heard from Your Baby Monitor is not of a Ghost

Beware of the cameras connected to the Internet or the security cameras and monitoring as these systems can be easily hacked by the hackers. It camera hacking has become a serious issue now as of the potential for unauthorized people to make video recordings.

Ontario Provincial Police (OPP) issued a warning on Wednesday reminding people that these systems can be susceptible to hackers because many have an option to be used remotely enabled by default after a family from southwestern Ontario witnessed on July 7 a baby monitor watching their young child when it suddenly began playing music and a voice said they were being watched.

According to Liz Melvin, the OPP Const, the child was about to sleep in the nursery when the camera was remotely activated.  

“The camera played some eerie music and a voice could be heard indicating the parent and child were being watched,” Melvin told National Post. “Obviously it’s going to be disturbing.”

She said the family’s Internet service provider confirmed the router had been hacked and the source of the hack could be from anywhere in the world.

Although, such kid monitor hacking cases have been reported every month, Melvin said no other incidences have been reported and she wasn’t aware of any past investigations into this type of camera hacking in the area.

She said there are no suspects in the case and the investigation is ongoing.

In a bid to protect, people should use passwords to protect access to the Internet connection and access to monitoring systems. Similarly, buy cameras from trusted sources and cover them cameras when not in use.

Avast announced the acquisition of Mobile Virtualization Company ‘Remotium”

Avast Software, maker of the most trusted mobile and PC security products in the world, on July 8 announced the acquisition of Remotium, a leader in virtual enterprise mobility which technology enables enterprises to extend access securely, simply, and cost-effectively to business-critical applications in a bring-your-own-device (BYOD) environment.

According to a press statement posted by the company, the acquisition of the Silicon-Valley-based start-up will allow Avast to expand its offering of mobile security applications to the enterprise space.

The entire Remotium team has joined the global organization of more than 600 Avast employees.

Like Avast, Remotium, which won "Most Innovative Company" at RSA Conference 2013, solves the challenges of delivering corporate applications to employees’ mobile devices by creating a smooth user experience, while assuring data security and compliance.

The company said that its product, Virtual Mobile Platform (VMP), which enables access to enterprise applications from any mobile or desktop device, allows users to work from anywhere in the office, remotely from their home office or while on business trips.

It is said that the users can connect to their VMP from any device they are using smartphones, tablets, and desktops in order to get access to their corporate tools, apps and data.

Vince Steckler, CEO at Avast, said that the Remotium‘s mobile solutions address the needs of modern enterprises.

"As more and more companies support BYOD policies, the question of how to implement these policies efficiently and securely is top of mind for everyone. With Remotium’s technology, 
companies have visibility and security needed to ensure data integrity and corporate compliance. At the same time, users enjoy increased privacy, as well as apps that look and feel consistent across mobile and desktop platforms. We are pleased to add the Remotium staff to our team together we will further accelerate Remotium’s growth and expand its capabilities across enterprise mobility platforms," he added.

Stephanie Fohn, CEO at Remotium, said, "The Remotium team and I are very excited about joining Avast Software. Avast has a long history in creating innovative, best-in-class security for personal and commercial use. We look forward to extending our technology leadership position and continuing to deliver groundbreaking enterprise mobility solutions to meet the needs of the enterprise.” 

Malwarebytes offers pirates a free one year license

Software companies have been serving the general public for years. But in this process, starts the raging war between the companies and the so-called "crackers" who try to counterfeit genuine products in order to promote piracy.

This creates a loophole in the distribution part of the products. This battle has seen some technical advancement in preventing counterfeiting of the services.

While Microsoft has implemented a product activation procedure for the Windows Operating system and its Office suite, some of the premiere gaming company have a registration process into their servers in order to activate the game, declining which the game becomes unavailable for playing. Yet, there is a continuous struggle amongst the "cracking " society to crack the softwares for free access and piracy.

While this struggle has accelerated with time, a company has finally decided to allow the vicious pirates to gain legit access to their product. Malwarebytes, a premium security firm has initiated Amnesty, a program to enable the users who have procured the serial key from piracy dealers or have downloaded it from the internet, to reissue their security key for free. This reissued key will provide the user with premium access to Malwarebytes Anti-Malware for a period of 12-months.

The company states that the internet has good pioneers as well as bad pirates. While the pioneers work hard day and night in order to provide users with state of the art services, pirates try to dupe people into buying pirated versions of Malwarebytes Anti-Malware.

"Amnesty program has initiated providing free replacement keys to the premium customers who have been facing inconvenience because of pirated keys or software abuse for Malwarebytes Anti-Malware".

To ease it up, you can start by downloading the latest version of Anti-Malware Premium(direct link to download). Once you are done with the installation, the activation setup is initiated, where you have to enter your illegal activation key and proceed. This redirects you to the dialog box which gives you the option to select "I’m not sure where I got my key, or I downloaded it from the Internet". The company then issues you with a new key along with a 12-months free premium membership.

This has been started by Malwarebytes, who are providing one of the best security suites and anti virus tools in the market.

Researchers claim hack of Israeli military network

Blue Coat Systems Inc, a network solution provider based in California, has claimed that they have detected a hack in Israel's military network.

According to them, the hack seems to be a four month job and is an espionage campaign that skillfully packages existing attack software with trick emails.

The hack seems to be a job of Arabic-speakimg hackers as researchers at Blue Coat have found that programming tools used to hack the network had a default Arabic setting. They suspect the hackers might be working on a small budget as most of their code has been sourced from previous existing versions of hacking software.

Israeli defense minstry spokerperson said that Military officials were "not aware of hacking on IDF operational networks."

"Not all targeted attackers need advanced tools," Blue Coat wrote in a draft paper shared with Reuters. "As regional conflicts continue, cyber threats from groups of various skill levels will also accompany the conventional armed conflicts."

International operation mounted to counter Beebone Botnet

A multinational task-force comprising of European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), the FBI and led by Dutch National High Tech Crime Unit was recently set up to target the Beebone (AAEH) botnet, a downloader virus that cripples a computers defenses by downloading various malwares on a PC.

Private players Intel Security, Kaspersky and Shadowserver were also present to consult on destroying the polymorphic downloader that according to sources, has affected 12000 computers till date.

The operation 'sinkholed' the botnet by recognizing the domain names and addresses of the affected parties and then rerouting traffic.

Emergency teams around the world have been put into motion to get into touch with the victims of the botnet. The number of affected parties is less in this case, but the botnet has been deemed to be very sophisticated.

The operation was successfully carried out after which Europol’s Deputy Director of Operations, Wil van Gemert, said "This successful operation shows the importance of international law enforcement working together with private industry to fight the global threat of cybercrime."

"We will continue our efforts to take down botnets and disrupt the core infrastructures used by cybercriminals to carry out a variety of crimes. Together with the EU Member States and partners around the globe, our aim is to protect people worldwide against these criminal activities."

Passwords stolen for Windows users of Puush

Over this weekend, the screenshot sharing app, Puush server was hacked and a malware infected program was placed as an update for Windows users.

The software version r94 downloads malware, which  grab passwords from infected systems. The update has been taken offline, and the latest update r100  is available as download, which will tell you if you were infected or not, this update will clean the malware.

The company noted that the Windows version of the app was affected, the iOS and OS X versions apps are safe.

According to statement released by company, "The malware may be collecting locally stored passwords, but we are yet to confirm these have been transmitted back to a remote location. We have been running the malware in sandboxed environments and have not been able to reproduce any such behaviour. Even so, we recommend you change any important passwords which were stored on your PC (unless they were in a secure password manager). This includes chrome/firefox saved passwords."

The company made removal and cleanup tool available for users, who may have been put off using Puush.

“We have created a cleaner for people who do not wish to continue using puush. It is stand-alone and will tell you if you were infected (assuming you have not already updated to r100).”

 You can obtain this here:

Google intrduces new review process for apps, age based rating system for all apps on Play Store soon

Google has decided to make change to its app submission process by adding human approval as a new step. Starting a couple of months back, a team of reviewers at Google started reviewing all applications before they were allowed to go live on the Play Store.

“We started reviewing all apps and games before they’re published – it’s rolled out 100%, and developers haven’t noticed the change.” said Purnima Kochikar, Director of Business Development for Google Play. After implementing the new review system, Google has still maintained its superiority in speed over rivals, Apple. Developers are able to get their apps live within a few hours of its submission on the Play Store, unlike Apple which has lengthy review process.

The reason Google has been so successful at this is its autmoated software that can detect only malware, but also sexual content and infringement of copyrights. Kochikar was not very coclusive about what all Google can detect through its automated detection softwares.

She said, “We’re constantly trying to figure out how machines can learn more,” explains Kochikar. “So whatever the machines can catch today, the machines do. And whatever we need humans to weigh in on, humans do.”

Google also lauched a new age based rating system for the Play Store that is supposed to come into effect in May. The system will be based on the scales provided by a given region’s official rating authourity. App developers will be required to fill in a questionnaire about the objectionable content in their app before submission and return the most appropriate rating for the app.

Googel has said that it will keep an eye on the ratings being given out by the new questionnaire system to make sure that the developers are truthful while filling out the questionnaire. Their will be a grace period for applications which are currently their on the Play Store, but soon, new submissions and updates to the Play Store will require developers to fill out the questionnaire.

Uber files John Doe lawsuit in response to nine month-old data breach

Uber has filed a John Doe lawsuit in the district court of Northern California as part of its investigation regarding a data breach of one its driver’s database.

Last year in on September 17th, Uber discovered that one of its databases had been accessed using a login key that was posted on a post on Github.  The key was used to access Uber's internal database which houses information about 50,000 drivers.

Uber has begun reaching out to drivers whose information was stored in the breached database. The company has also provided a one year free membership of Experian’s ProtectMyID Alert to drivers whose information has been stolen.

Uber has also subpoenaed Github to share the IP addresses of anyone who visited a particular gist post (the login key used to access the database was posted there) between March and September 2014.

Uber shared the information about the breach through a post on its blog, on which it mentioned that the breach of data had occurred sometime around 12th May, last year. The files that were stolen from the database contained names and driving license numbers of its drivers, past and present. According to Uber, no case of misuse of any stolen data has been reported.

Questions have risen after the post was published on Uber's blog as to why the company did not come forward with the information earlier, and why were driver partners whose information was stolen and put at risk, not informed about the incident earlier?

Apple releases Bash update addressing ShellShock vulnerability

Over the last few days we have seen headlines about the critical security bug in Bash shell that affects Unix, Linux and even Mac computers.

Apple previously noted that only few Mac users who runs the advanced Unix Services were actually affected by the shell shock vulnerability.  Others are not at risk to this bug.

Apple said they are working to quickly provide update to patch this problem.

As promoised, it has released OS X bash update for OS X Lion, Mountain Lion and Mavericks.

You can download the update from their support page:

Cyber Security & Privacy Foundation certifies Security Products

Cyber Security and Privacy Foundation(CSPF) has certified a few security products after extensive testing.

CSPF has selected Avast Antivirus and ESET Nod32 as best anti virus products which is suitable for Indian environment.

"DiskCryptor" in disk encryption category, "React OS" in operating system category, 'Zemana' and 'Keyscrambler' in Anti keylogger category, "IronWASP" in Web Application pentesting tool category have all been certified by the CSPF.

We asked the founder of CSPF  Mr. J. Prasanna if CSPF will certify any other products in the future and on what basis these tools were chosen for testing? He said "We will only certify tools after they have been extensively tested for the Indian market, we do not take any funding or sponsorships from companies that own these products."

"We were recently approached by some other companies to test their products, but we discovered that many of them do not even pass the eligibility criteria."
We at EHN hope that CSPF will test many such products in the future and thus enable the public make better decisions about the softwares they run in their computers.

CSPF introduces Free online Ethical Hacking Course

Cyber Security and Privacy Foundation is happy to announce the first free online Ethical Hacking & Cyber Defence Course.

Within first 10 days after the course is launched, we have seen alreay 240 students registered for the online course.  The students registered range from Age group of 20 to 60.

Mr. Gemini Ramamurthy, chairman of CSPF, says we are very happy with overwhelming response from across the Globe for this course.  CSPF will continue to offer more such courses to the Online academy.

White Hat Hacking Course:

Cyber Defence Course:

Security Vulnerability in Android allows any app to make phone calls

An application normally needs permission and should alert user that it needs permission to make phone call, when it is being installed.

Researchers at Security firm CureSec has discovered a security flaw in the Android system that allows malicious applications to initiate unauthorized phone calls. 

By exploiting this vulnerability, malicious apps can make phone calls to premium-rated numbers and terminate any outgoing calls.  It is also capable of sending Unstructured Supplementary Service Data (USSD) codes that can be used for enabling call forwarding, blocking your sim cards and so on.

The security bug appears to be introduced in Android Jelly bean 4.1.1  and it exits in all latest versions through Android Kitkat 4.4.2.

CureSec has also released a source code and proof-of-concept application to demonstrate the existence of vulnerability.

The bug has been fixed in the latest version of android (v4.4.4).

Schools Kids hacked BMO ATM using Operators manual found online

A couple of school kids from Winnipeg has managed to hack into a Bank of Montreal's (BMO) ATM operating system during their lunch break.

Matthew Hewlett and Caleb Turon, the grade 9 students, used an ATM operators manual they found online to get into the machine's operator mode, according to Toronto Sun.

The operator mode asked them to enter password.  However, the kids were successfully able to guess the six-digit password on the first try.   The machine has used a common default password.

The kids reported about the issue to a nearby BMO Branch.  However, Bank staff didn't believe them.  So, the kids asked the staff "Is it alright for us to get proof".

They headed back to the ATM to get a proof and come back with the printout of how much money the ATM is currently having.  They even changed the ATM's Greeting Message to "Go away. This ATM has been hacked."

This time, staff took them seriously and the Branch Manager to contacted Head security to take steps to fix the issue.

Ralph Marranca, Spokesperson for BMO said no customer information and accounts and the contents of the ATM were never at risk and are secure.

"Using TrueCrypt is not secure" , End of TrueCrypt Development

Today, security enthusiasts woke up with a shocking news that TrueCrypt has ended its development and warns users that the tool used for encrypting drive is not safe to use.

Users who try to access the official TrueCrypt website are being redirected to the official sourceforge page of Truecrypt(  The page displays the following message:

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

The message continued "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information)."

The page suggests users to migrate any data encrypted by TrueCrypt to encrypted disks supported on their platform.  It also has provided steps for migrating to an encrypted BitLocker drive.

Many, including me, are not able to believe our own eyes.  It is uncertain whether it is official announcement from the development team or some one has hacked the Truecrypt website.

Matthew Green, who teaches cryptography at Johns Hopkins, researcher involved with the TrueCrypt audit, tweeted that he thinks the news is legitimate.

A new binary (Truecrypt v7.2) has been uploaded to sourceforge page in the last 24 hours.  Upon opening this binary, the following error message is being displayed:

The binary is not allowing users to "create new volume".  It only allows you to mount the volumes.  Users are advised not to download this latest version, as it may contain malicious code.