Microsoft Warns Users against BlueKeep RDP Flaw; Immediate Update Advised, Again!






Microsoft has beseeched its users all over again to get their systems updated because as it turns out hackers already have exploits of the BlueKeep RDP flaw, already.


The patch has been fabricated for the “wormable” BlueKeep Remote Desktop Protocol (RDP) vulnerability; therwise the hackers could easily perform a “WannaCry” level attack.

The first warning was sent by Microsoft on May 14 when they’d released a patch for another serious Remote Code Execution vulnerability, CVE-2019-0708.

Successful exploitation of this vulnerability leads to the hacker executing an arbitrary code on the windows machine and installing programs.

 The term “Wormable” refers to the fact that any future malware exploits could contagiously spread from one system to another.

According to sources, this vulnerability is of pre-authentication type and needs no user interaction.

Any attacker who could easily exploit this vulnerability could install programs, edit, and view or delete data and even create new accounts with complete user rights.

Microsoft has a strong hunch that the cyber-cons already have fully developed plans for exploiting the aforementioned vulnerability.

More than a million PCs are susceptible to these wormable, BlueKeep RDP flaws.

A security researcher conducted RDP scan hunting for port 3389 used by Remote Desktop to find potentially and current vulnerable devices.

Major Anti-Virus brands such as Kaspersky, McAfee, Check Point and Malware Tech developed a Proof-of-Concept (PoC) that would use the CVE-2019-0708 to remotely execute the code on victim’s system.


So it happens, numerous corporate networks are under the threat and are still vulnerable more than individuals are as more systems are connected in a single network.

A single compromised system of a corporate network could put the entire organization and its systems in danger.

The compromised device could be used as a gateway and as it’s a “wormable” attack it could easily propagate across networks.

The most the users could do is keep their systems updated and their security as tight as possible as future malware could also try hacking back in.

Solutions
·      Update systems as soon as possible
·      Block Remote Desktop Services if they are not in use
·      Block TCP port 3389 at the Enterprise Perimeter Firewall
·      Apply the patch to the vulnerable systems and devices that have RDP enabled


A Micropatch Fix Issued For the Remote Desktop Services RCE Vulnerability Bluekeep in the Form of a 22 Instructions



BlueKeep, the Remote Desktop Service RCE vulnerability was recently issued a fix by the 0patch platform, as a 22 instructions micropatch which can be additionally used to ensure protection for always-on servers against many exploitation attempts.

After the vulnerability was unveiled, the critical software flaw known and tracked as as CVE-2019-0708 was at that point fixed by Microsoft on May 14. Be that as it may, 0patch's micropatch does not require rebooting and it focuses on a quite specific gathering of people, not at all like the Microsoft's security fix, enabling administrators to fix frameworks that either can't be restarted or don't consider for Microsoft security fixes to be installed for different reasons.

Mitja Kolsek, the co-founder of 0patch says that, “This is often due to always-on requirements, but another common reason is that restarting a fleet of remote machines (e.g., ATMs) brings a risk of having to physically visit all these machines in case something goes wrong (e.g., they don't wake up for some reason, or lose/corrupt in-memory data when they restart),"



The fix is known to fix the vulnerability influencing the 32-bit Windows XP SP3 only, yet the company is likewise said to port it to Server 2003 and different versions dependent on "user requests" to help legacy systems.

While the 0patch fixes are generally intended to be a substitute arrangement until Microsoft issues its very own official patches, for this situation, they will most likely be a lasting solution for servers that can't be restarted — except if their administrators figure out how to sidestep the issues keeping them from rebooting the machines.


Another conceivable arrangement would be to pursue Microsoft's recommendations and switch on Network Level Authentication (NLA) for Remote Desktop Services Connections on frameworks affected by the BlueKeep vulnerability.


Google restricts Huawei’s access to Android apps





Google restricts the access of its Android operating system and apps for Chinese tech giant Huawei after US’s President Donald Trump administration blacklisted the firm.

The order not only impacted Google but the US chip-makers as well.  Intel Corp, Qualcomm Inc., Xilinx Inc., and Broadcom Inc. have all stopped doing business with the Chinese tech giant

"We are complying with the order and reviewing the implications," a Google spokesperson said on Monday. Huawei, the world's No. 2 smartphone seller, relies on a suite of Google services for its devices, including the Android system and the Google Play app store.

Huawei will now only be able to use the public version of Android and the new phones will not have Google play store, Gmail, and other services provided by Google.

The users who are now using the Huawei smartphones will not be affected by this order, but they won’t be able to update their phones. 

However, the Chinese tech company claim that for the last three years that have been working on their own operating system.

"Huawei has been building an alternative operating system just in case it is needed," said Huawei spokesperson Glenn Schloss. "We would like to be able to continue operating in the Microsoft and Google ecosystems," he added.

The company has bought Microsoft’s operating system license for its laptops and tablets. Meanwhile, Microsoft (MSFT) did not immediately respond to a request for comment.



Bug in Microsoft RDP allows hackers perform WannaCry level attack


A critical remote execution vulnerability in Microsoft remote desktop services enables let attackers compromise the vulnerable system with WannaCry level malware.

Microsoft recently fixed this RCE vulnerability in Remote Desktop Services – formerly known as Terminal Services, and it’s affected some of the old version of Windows.

A WannaCry attack was one of the notorious cyber attacks in this decade, and it shut down million of computer around the world by exploiting the vulnerability in the RDP protocol.

In this case, Remote Desktop Protocol (RDP) itself is not vulnerable, but attackers need to perform pre-authentication, and it doesn’t require user interaction.

This vulnerability didn’t have any exploit at this time, but in the future, an attacker will create a malware that exploits this vulnerability in a similar way of WannaCry attack.

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008 and also out of support versions Windows 2003 and Windows XP.

3 Million Endpoints are Vulnerable to This RCE Bug

Initially, an unauthenticated attacker will send the specially crafted malicious request to the vulnerable systems after they establish a connection through RDP.

According to Microsoft, This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An Independent researcher Kevin Beaumont said, based on the Shodan search engine, around 3 million RDP endpoints are directly exposed to the internet.

“There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered.” Microsoft said.

According to Simon Pope, Director of Incident Response, Microsoft Security Response Center (MSRC) “Customers running Windows 8 and Windows 10 are not affected by this vulnerability”.

Legitimate Apps That Could Be Exploited To Bypass The Windows Defender: Microsoft’s List



Microsoft recently, published a conspicuous list of application that are legitimate and yet could be exploited by hackers to bypass the Windows defender.


These hackers try to slide into the organizations’ networks and infect them via bypassing the security imparted by the defender.

The hackers usually make use of off-the-land attack tactics where they use the victim’s operating system features or authentic network administration tools to compromise the networks.

The major motive of this project was to comprehend the binaries that were being misused by the attacker.

·       LOLBins- Living Off The Land Binaries
·       LOLScripts- Living Off The Land Scripts
·       LOLLibs- Living Off The Land Libraries
·       GTFOBins- Unix Platform Binaries

The only point of fusing the legitimate app is to stay undetected in order to bypass the security measures of the network.

The LOTL tools are just a way to be as stealthy as possible as be as malignant as possible without even being easily caught.

The following applications are in the list that Microsoft published and recommend to do away with if not in use:
·       addinprocess.exe
·       addinprocess32.exe
·       addinutil.exe
·       bash.exe
·       bginfo.exe[1]
·       cdb.exe
·       csi.exe
·       dbghost.exe
·       dbgsvc.exe
·       dnx.exe
·       fsi.exe
·       fsiAnyCpu.exe
·       kd.exe
·       ntkd.exe
·       lxssmanager.dll
·       msbuild.exe[2]
·       mshta.exe
·       ntsd.exe
·       rcsi.exe
·       system.management.automation.dll
·       windbg.exe
·       wmic.exe

Along with the published list Microsoft has also highly recommended the users to download latest security updates.

In addition it has also provided the “deny file rules” for all apps.

Lateral movement and defense evasion happen to be the mostly used ways to exploit the authentic applications.


Unprotected database exposes data of 80 million US households




Security researchers have uncovered a security breach that exposes the data of more than half of United States households. 

Experts working with a firm named vpnMentor, that expertises in analyzing virtual private network services, discovered a database containing details of about 80 million American households. 

The database was hosted on a Microsoft cloud server, that includes some sensitive information like names, addresses, locations, gender, age, income, home type and marital status, among other data. 

However, social security numbers and credit card details were not enlisted there. 

Researchers Ran Locar and Noam Rotem said it's unclear who owns the 24-gigabyte database.  

'Unlike previous leaks we've discovered, this time, we have no idea who this database belongs to,' the researchers said. 

'It's hosted on a cloud server, which means the IP address associated with it is not necessarily connected to its owner.'  

Meanwhile, the database is still available online, and is not protected by password. 

'This isn’t the first time a huge database has been breached,' the researchers explained. 

'However, we believe that it is the first time a breach of this size has included peoples' names, addresses, and income. 

'This open database is a goldmine for identity thieves and other attackers,' they added.  







Microsoft’s email services hacked




Microsoft has confirmed a data breach by unknown hackers who might have been successful in accessing a ‘’limited’’ number of Microsoft customer’s Email.

According to the company, hackers breached the Microsoft network between January 1 and March 28 and compromised the Microsoft support agent’s credentials.

Microsoft sent an email notification to all their customer via stating, “This unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account (such as your e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses you communicate with), but not the content of any e-mails or attachments”

The company has confirmed the incident to TechCrunch that account of users of services like @msn.com and @hotmail.com had been compromised in the recent breach, but the exact number of victims is not known. 

“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access,” said a Microsoft spokesperson in an email.

Microsoft is urging all its affected users to change their passwords immediately. 





99 Iranian websites used for hacking were seized by Microsoft

                    




According to a report by Associated Press, Microsoft has seized 99 Iranian websites that were supposedly stealing information and launching cyber attacks. The report also said that it had been tracking the group of hackers since 2013.

The hackers were targeting people in the middle east to steal sensitive information by using the malicious websites that were disguised as Microsoft, Linkedin, Outlook and Windows products. Microsoft confirmed in a court filing that this group was stealing information about reporters, activists, political people including “ protesting oppressive regimes”.

The hackers are from Iran but the Tehran government has denied any hacking activity from their end. In the past also Iran government has denied any hacking attempts from their end.

Allison Wikoff, a security researcher at Atlanta-based SecureWorks told Associated Press that according to her observation it is one of the “more active Iranian threat groups”. She further added that Microsoft analyze fake domains through analyzing traffics to protect against fake domains and the practice is popularly called as “sinkholing”.In the past also, Microsoft has used “sinkholing” to seize fake domains made by Russian hackers back in 2016.








US Court Authorizes Microsoft to be in Charge of 99 Hacking Sites


Microsoft has been legally given the control of 99 websites which were being operated in association with an Iranian hacking group, Phosphorus. 

In order to prevent the sites from being employed for the execution of cyber attacks, a US court authorized Microsoft's Digital Crimes Unit to be in charge of these websites related to the aforementioned hacking group which is also known as Charming Kitten, Ajax Security Team and APT 35.

The malicious group, Phosphorus is configured to employ spear-phishing to sneak into private accounts of individuals. Cybercriminals at Phosphorus resort to social engineering in order to lure individuals to click on the links, at times sent via fake accounts that appear to be of familiar contacts. The link carries infectious software which allows Phosphorus to sneak into the computer systems.

Basically, it performs malicious activity to acquire access to sensitive data stored onto the computer systems of government agencies and businesses.

Putting the same into context in a blog post, Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft, said, "Its targets also include activists and journalists - especially those involved in advocacy and reporting on issues related to the Middle East,"

"Microsoft's Digital Crimes Unit (DCU) and the Microsoft Threat Intelligence Center (MSTIC) have been tracking Phosphorus since 2013,"

"Phosphorus also uses a technique, whereby it sends people an email that makes it seem as if there's a security risk to their accounts, prompting them to enter their credentials into a web form that enables the group to capture their passwords and gain access to their systems," Burt told in his blog post.


Commenting on the matter, Microsoft said, "The action we executed last week enabled us to take control of 99 websites and redirect traffic from infected devices to our Digital Crime Unit's sinkhole."

Phishing Attacks on Microsoft and Outlook; By Way of Microsoft’s Azure Blob Storage




Two major phishing campaigns have been discovered by the researchers which uses Microsoft’s Azure blob to steal details from Outlook and Microsoft accounts.


Both the campaigns employ real-looking landing pages which make use of SSL certificates and the windows.net domain to seem authentic.

The first phishing email goes around asking the receivers to log into their office 365 account to update the information.

The emails happened to have “Action Required: (email address) information is outdated-Re-validate now!!” in their subject boxes.

The moment a user clicks on the link provided in the mail, they will be directed to a landing page which fake-acts as the organization’s Outlook Web App.

This landing page is what does the main task of stealing the credentials from the user.

The second one works on stealing users’ Microsoft account details and credentials.

The process to lure in the user starts from Facebook’s workplace service and ends up taking the user to a Microsoft’s landing page.

This could either be s single-sign-on approach or a mixed up campaign for luring victims in.

The Microsoft account the users are brought to, is fairly legit looking as it uses the same form and the same background for that matter.

Both the landing pages make use of Azure Blog Storage to make them look convincing and as far as possible, legitimate.

All Microsoft Azure does is that is adds legitimacy to the landing pages used by the phishing-cons to target the Microsoft services.

The Azure Blob storage URLs use the windows.net domain making the landings look fairly legitimate.

One of the phishing links which is not in use anymore had the URL-  https://1drive6e1lj8tcmteh5m.z6.web.core.windows.net/ and the domain name seemed to do the trick.

Also, every URL on Azure Blob Storage happens to be using a wildcard SSL certificate from Microsoft, making every landing page get a “lock symbol”.

This would exhibit a Microsoft certificate every time a user would try to click on the certificate to check who signed, making the entire sham all the more believable.

To steer clear of such phishing attack one thing need to be kept in mind that the original login forms from Outlook and Microsoft could indubitably have outlook.com, live.com, and Microsoft.com as their domain names.


Amazon, Microsoft calls for Regulation on Face Recognition




Amazon is batting in favor of regulating and legislating the use of facial recognition technology and has written a  long, detailed blog post detailing its stand on the issue.

In the blog post written by the Vice-President of Global Public Policy at Amazon Web Services (AWS),  Michael Punke, the company revealed its "proposed guidelines" for the use of the technology by the companies, so that it cannot be used to discriminate. 

Punke wrote that the company “supports the creation of a national legislative framework covering facial recognition through video and photographic monitoring on public or commercial premises.”

Amazon has faced criticism after tests by civil rights groups and ACLU found out that Amazon's face Rekognition functions are less accurate for black people. In January, two researchers reported an Amazon Web  Services that determine the gender of the people in photos is also less accurate in the case of black women. 

However, Amazon refuted the claims of the studies saying that the Rekognition was “not used properly"  by the researchers.
Amazon wants legislation “that protects individual civil rights and ensures that governments are transparent in their use of facial recognition technology,” Punke wrote. 
The blog post is seen as the move to counter the facial recognition backlash.

Microsoft Advises Its Users to Stop Using Its Legacy Internet Explorer Web Browser


Microsoft's cyber security expert Chris Jackson advises users to quit utilizing the 'legacy' internet browser, which Microsoft formally ended in 2015 encouraging them to move to a much more 'modern browser' that is fully informed regarding current web guidelines as well as standards.

In a blog entry post the 'Perils of using Internet Explorer as your Default Browser ' Jackson clarified with explanation with several reasons as to why the users should switch.

“Internet Explorer is a compatibility solution, we're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers.”


'...As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web,' he adds later.

While he includes further that it's commonly fine for users to utilize Internet Explorer in an undertaking situation, yet they would secure themselves better on the off chance if they change to a more up to date browser.



Artificial Intelligence Is What’s Protecting Your Microsoft, Google And Similar Accounts





Artificially intelligent systems are quite on the run these days. The new generation believes a lot in the security system which evolves with the hackers’ trickery.

Microsoft, Google, Amazon, and numerous other organizations keep the faith in artificially intelligent security systems.

Technology based on rules and designed to avert only certain and particular kinds of attacks has gotten pretty old school.

There is a raging need for a system which comprehends previous behavior of hacking or any sort of cyber attacks and acts accordingly.

According to researchers, the dynamic nature of machines, especially AI makes it super flexible and all the more efficient in terms of handling security issues.

The automatic and constant retaining process certainly gives AI an edge over all the other forms.

But, de facto, hackers are quite adaptable too. They also usually work on the mechanical tendencies of the AI.

The basic way they go around is corrupting the algorithms and invading the company’s data which is usually the cloud space.

Amazon’s Chief Information Security Officer mentioned that via the aforementioned technology seriously aids in identifying threats at an early stage, hence reducing the severity and instantly restoring systems.

He also cited that despite the absolute aversion of intrusions being impossible, the company’s working hard towards making hacking a difficult job.

Initially, the older systems used to block entry in case they found anything suspicious happening or in case of someone logging in from an unprecedented location.

But, due to the very bluntness of the security system, real and actual users get to bear the inconvenience.

Approximately, 3% of the times, Microsoft had gotten false positives in case of fake logins, which in a great deal because the company has over billions of logins.

Microsoft, hence, mostly calculates and analyzes the technology through the data of other companies using it too.
The results borne are astonishing. The false positive rate has gotten down to 0.001%.

Ram Shankar Siva Kumar, who’s Microsoft’s “Data Cowboy”, is the guy behind training all these algorithms. He handles a 18-engineer team and works the development of the speed of the system.

The systems work efficiently with systems of other companies who use Microsoft’s cloud provisions and services.

The major reason behind, why there is an increasing need to employ AI is that the number of logins is increasing by the day and it’s practically impossible for humans to write algorithms for such vast data.

There is a lot of work involved in keeping the customers and users safe at all times. Google is up and about checking for breachers, even post log in.

Google keeps an eye on several different aspects of a user’s behavior throughout the session because an illegitimate user would act suspiciously for sure, some time or the other.

Microsoft and Amazon in addition to using the aforementioned services are also providing them to the customers.

Amazon has GuardDuty and Macie which it employs to look for sensitive data of the customer especially on Netflix etc. These services also sometimes monitor the employees’ working.

Machine learning security could not always be counted on, especially when there isn’t enough data to train them. Besides, there is always a worry-some feeling about their being exploited.

Mimicking users’ activity to degrade algorithms is something that could easily fool such a technique. Next in line could be tampering with the data for ulterior purposes.

With such technologies in use it gets imperative for organizations to keep their algorithms and formulae a never-ending mystery.

The silver lining though, is that such threats have more of an existence on paper than in reality. But with increasingly active technological innovation, this scenario could change at any time.




Microsoft, Netflix and PayPal Emerge As the Top Targets for Phishing Attacks



Email security provider Vade Secure released another phishing report following the 25 most 'spoofed' brands in North America that are imitated in phishing attacks. Amongst them the top three are Microsoft, Netflix and PayPal.

Out of all the 86 brands that were tracked, 96% of them all were done so by the company as per their Q3 2018 report.

Bank of America and Wells Fargo are not so far behind Microsoft and the other top 2 targets in this case as there has been an increase in these phishing attacks by approximately 20.4% as reported by Vade Secure. As the attackers attempt to access Office 365, One Drive, and Azure credentials their focus has been towards cloud based services as well as financial companies.



Vade Secure's report states - "The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials. With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, One Drive, Skype, Excel, CRM, etc. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization."

The attackers, through a feeling of urgency endeavor to show that the recipient's account has been suspended or so thus inciting them to login in order to determine the issue, this happens in the case of Office 365 phishing emails. By doing this though they expect for the victims to be less wary when entering their credentials.

Exceptionally compelling is that attackers have a tendency to pursue a pattern with respect to what days they send the most volume of phishing mails. As per the report, most business related attacks tend to happen amid the week with Tuesday and Thursday being the most popular days. For Netflix though, the most focused on days are Sunday because that is the time when users' are taking a backseat and indulge in some quality television.

As these attacks become more targeted Vade Secure’s report further states – "What should be more concerning to security professionals is that phishing attacks are becoming more targeted. When we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools."

For the users' however , it is advised to dependably examine a site before entering any login details and if there are any occurrences of the URL seeming abnormal or even something as minor as a language blunders then they should report the issue directly to either the administrator or the company itself.



Shares Of The Microsoft Corp. Closed At A Record High; Expanding Its Secure Score Service


Microsoft in its Ignite Conference in Orlando, revealed that it was applying its Authenticator application across Azure to get rid of login passwords and growing the Secure Score benefits and services over its cloud to give users feedback options to prevent any breaches.

As the shares of the Microsoft Corp. closed at a record high the tech giant has now taken into consideration the expansion on its profile as a secure cloud vendor on Monday, utilizing its yearly IT conference to make public a few security activities and initiatives intended to target few enterprises to its Azure public cloud platform and far from rivals such as Amazon.com Inc.  and Alphabet Inc.

As far back as the announcement by Chief Executive Satya Nadella in November 2015 is concerned it was decided that Microsoft would invest $1 billion a year in the security research and development, the stock's price has indeed billowed about 116%, making it the best performing tech stock on the Dow over that period, with Apple Inc. AAPL, - 0.45% up 91% and Cisco Systems Inc. CSCO, +0.33% up 81%.

While Amazon.com Inc. AMZN, +0.41% are as yet the predominant public cloud player by far with the Amazon Web Services, Microsoft's Azure has relentlessly been wearing down AWS as one of the fastest-growing public cloud providers. In its last earnings increase.

Microsoft shares finishes 0.4% at $114.67, a record close for a third session in succession, while the Dow Jones Industrial Average DJIA, - 0.68% declined 0.7%, the S&P 500 index SPX, - 0.35% slipped 0.4%, and the tech-heavy Nasdaq Composite Index COMP, +0.08% completed under 0.1%.

These announcements though come about a week after Microsoft launched a shot targeting the opponents in another region, exhibiting an AI variant of its Dynamics 365 customer relationship management

Address Bar Spoofing Attacks by Safari Browser





Security researcher Rafay Baloch as of late discovered vulnerability in the Safari browser that purportedly enabled the attackers to take control of the content shown on the address bar. The method enables the 'bad actor' to perform phishing attacks that are extremely troublesome for the user to recognize. The program bug is said to be a race condition which is enabling the JavaScript to change the address bar before even the website pages are loaded completely.

In order to exploit the vulnerability, with tracking id CVE-2018-8383 the attackers were required to trap the victims onto a specially designed site which could be accomplished quite easily and Apple, despite the fact that Baloch had instantly informed both Apple and Microsoft about the bug, deferred this fix even after its three-month grace period prior to public exposure lapsed seven days back.
While Microsoft reacted with the fix on Edge on August 14th as a major aspect of their one of the security updates. The deferral by Apple is what may have left the Safari browser defenseless thusly enabling the attackers to impersonate any site as the victim sees the legit domain name in the address bar with complete confirmation and authentication marks.

At the point when the bug was tested with Proof-Of-Concept (P.O.C) Code, the page could stack content from Gmail while it was hosted on sh3ifu.com and worked perfectly fine in spite of the fact that there are a few components that continued loading even as the page loaded completely, demonstrating that it is an inadequate  and incomplete procedure.

The main trouble on Safari though, Baloch clarified, is that user can't type in the fields while the page is as yet loading, nevertheless he and his group overcame this issue by including a fake keyboard on the screen, something that banking Trojans did for years for improving the situation and are still discovering new and inventive approaches to dispose of the issue at the earliest opportunity.