If you see a warning message on your screen with the title “Your Connection is Not Private”, it means your browser isn’t able to verify the safety of the site. Visiting an unsafe or unsecure website could expose your personal information to potential risks. Each time you open a site, the browser checks the security certificate to ensure the site will protect your privacy. While the certificate is not valid, expired or absent, that’s a potential source of a threat to your privacy.

Why does “Connection Not Private, Google” appear?

Websites protect your data with SSL/TLS encryption. Certificates act as the insurance that the site really encrypts the data and uses proper technology for this purpose. If a user’s browser doesn’t recognize the certificate, the error “Google, Your connection is not private” appears. This error occurs because many websites that use SSL require security over HTTP (HTTPS).

There are numerous reasons why a website’s SSL certificate can’t be verified. One possibility is that it has been tampered with and isn’t functioning as intended. Alternatively, the certificate might have expired or be missing altogether. In any case, the webmaster must correct any error on their site in order to verify it. Even though the steps for each browser are similar, sometimes your device or browser settings might be malfunctioning and unable to connect to the website you’re trying to access. You can usually fix this yourself by following the same process for all browsers.

What the “Your connection is not private” message looks like in any browser other than Chrome.

Each browser displays the “Your connection is not private” message differently. Some even tweak the warning to read, “Your connection is not secure.” Others provide error codes to help you troubleshoot. Most throw up literal warning signs. Here’s what you might see.

Google Chrome

When Google Chrome is having trouble recognizing a certificate, it will display a large red question mark and inform you.

Common Error Codes:

• ERR_SSL_VERSION_OR_CIPHER_MISMATCH
• NET::ERR_CERT_AUTHORITY_INVALID
• ERR_CERT_SYMANTEC_LEGACY
• NET::ERR_CERT_COMMON_NAME_INVALID
• NTE::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED The certificate is invalid.

Mozilla Firefox

If Mozilla Firefox fails to recognize the certificate, it will display a lock with a red slash over it as well as the message.

Common error codes:

• ERROR_SELF_SIGNED_CERT
• MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED
• SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
• MOZILLA_PKIX_ERROR_MITM_DETECTED
• SEC_ERROR_OCSP_INVALID_SIGNING_CERT
• SSL_ERROR_BAD_CERT_DOMAIN

Safari

Other browsers, such as Safari, don’t immediately provide you with error codes. Instead, it’ll return a red lock that has been crossed out and the message:

• “This connection is not private, Chrome”.
• “Website may appear to be impersonating domain.com in order to obtain personal or financial information. You should return to the previous page.”

I too might provide a link to the certificate via a "show details" button, this would allow you to understand the potential risks associated with visiting the website.

Microsoft Edge

Microsoft Edge mimics the Google Chrome error message “your connection is not private,” including the red exclamation mark.

Common Error Codes:

• DLG_FLAGS_INVALID_CA
• DLG_FLAGS_SEC_CERT_CN_INVALID
• Error Code: 0
• NET::ERR_CERT_COMMON_NAME_INVALID

How to correct “Your Connection to This Site is Not Private” Error

1. Reboot the Page

This may seem obvious, but one of the simplest and most effective things you can attempt to resolve the issue by closing and reopening your browser and attempt to load the page again. It’s possible that the website’s owner is currently reissuing their SSL certificate or there was a problem with your browser.

2. Check the Time and Date

While your computer’s date and time are out of sync with those displayed on your browser, this privacy error will appear. Additionally, it may display the SSL certificate of a website as having expired, which would also cause the error. Go into your computer’s settings and adjust the time and date when itф necessary. After that you’ve refreshed the page, reload it.

3. Update your Operating System

Google recommends upgrading your device’s operating system if you get this “the connection is not private” error. An outdated computer may lack the capability or willingness to recognize or utilize updated websites or SSL certificates. To update the operating system on macOS, go to System Preferences > Software Update. After all, check for updates and set them up.

On a Windows computer, enter the Сontrol Panel > Search for update > Check for updates and set up them.

4. Check the Antivirus Software

Follow the instructions below if you encounter “Your connection is not secure, Chrome. Antivirus and privacy programs can block some secure server certificates or even cripple network connections. They can be protective to the point of preventing your connection from being private. To test this, temporarily disable the software and try browsing.

5. Clear Browsing Data

Computer cookies help make each online session more personalized based on past activity. They can also help increase convenience when purchasing products or logging into websites by remembering personal information and payment methods. However, not having a private connection can cause security concerns as well. Each browser clears cookies differently. Clearing your browsing history removes all private data from your device, but also prevents you from truly enjoying a secure browsing experience.

To delete the history, cache, and other browser data from Google Chrome browser:

• First of all, enter Settings → Show advanced settings → Clear browsing data under Privacy options.

However if deleting browsing history doesn’t help, you can also reset the browser’s settings to the default.

To reset your Chrome browser settings:

• Firstly, click on the Chrome menu → Settings → Show advanced settings → Reset settings → Reset.

Deleting the chrome cache and removing unwanted Google Chrome extensions also has a significant impact in this situation.

For data removal in from Mozilla Firefox browser:

• Tap the menu button and choose Settings.
• Choose the Privacy & Security panel and enter the Cookies and Site Data section.
• Click the Clear Data… button. The Clear Data dialog will appear.



• You should also select the following options: Cookies and Site Data (to remove login status and site preferences) and Cached Web Content (to remove stored images, scripts and other cached content).
• Clear the screen.

To delete the cache, history, and other browser data from Safari browser:

• In order to your history and cookies, go to Settings > Safari, and select Clear History and Website Data. Deleting your history, cookies, and browsing data from Safari will not alter your AutoFill information.



• Going to remove your cookies and preserve your history, go to Settings > Safari > Advanced > Website Data, then select Remove All Website Data.
• If you want to avoid leaving a digital footprint, turn Private Browsing on.

To delete the cache, history, and other browser data from Microsoft Edge browser:

• Choose Settings and more > Settings > Privacy, search, and services.
• After that under Clear browsing data > Clear browsing data now, choose Choose what to clear.
• Under Time range, select a time range from the drop-down menu.
• Select the ways of browsing data you want to clean (see the table for descriptions).
• For example, you may want to delete cooking and browsing history but keep passwords and form fill data.
• Select Clear now.

Contact your system administrator

In some situations, you may have no access to the browser settings. That depends on the policies set by your system administrator. If you face connection issues, but cannot open the Settings, ask it for help. Such restrictions usually see usage to prevent any malware-related alterations, but sometimes that can end up with problems with some daily needs.

Stay Safe and Secure While Browsing Online

The error “Your connection is not private, Google” is one of the most beneficial messages you can receive because it protects your personal information. Simply encountering this error isn’t cause for concern, there are numerous innocuous reasons why your connection may not be safe. By attempting the methods listed above, you can efficiently identify and address the cause of the error. If none of the accordingly steps decide the issue, simply leave the website and find another option.

The post “Your Connection is Not Private” Error — Fix Guide appeared first on Gridinsoft Blog.

Internet Explorer is over. What happened?

Microsoft will end support for IE11 on a list of Windows versions. The company means versions of Windows 10 shipped through the semi-annual channel on systems running Windows and Windows 10 IoT client SKUs. Internet Explorer is also not available on Windows 11, which defaults to Chromium-based Microsoft Edge. However, IE will be available on some versions of Windows after June 15, 2022:

According to Microsoft, Internet Explorer 11 for operating systems that Microsoft support at the moment will receive lifetime security updates and technical support. In addition, the Edge browser will be able to select IE11 mode, which maintains backward compatibility with the original browser. This mode will be maintained until 2029.

Internet Explorer history. Why didn’t they discontinue it earlier?

Internet Explorer was one of the first web browsers available for the broad market. Appeared in 1995¹, it was competing with Netscape Navigator – the predecessor of Mozilla Firefox. Their confrontation is known as the First Browser War – and IE emerged victorious from this fight. By 2003, the default Windows browser had the absolute dominance of the browser market, accounting for about 95% of all users. His hegemony began crushing with the release of Mozilla Firefox – released by the defeated team of developers.

Still, the high market share does not mean that the product is ideal. In the late ‘90s, when there were no alternatives, Explorer was OK with its functionality and speed. However, the appearance of a broadband connection uncovered a ridiculous slowness of the IE. The JavaScript handling approaches were aimed at data saving, suitable for dialup connections – but inappropriate for high-speed Internet. The appearance of Firefox showed how browsers must actually look and work. That apparently was very contrast to what Internet explorer was offering. Slow, buggy, and vulnerable to malware injection, Explorer began losing the market share extremely quickly. But Microsoft did not pay any attention to the problem – the IE 7 that was intended to fix some of the problems was released in 2006, together with Windows Vista.

Slowness, huge amounts of bugs, delayed implementation of new features and compatibility issues created a halo of ill fame around Microsoft’s brainchild. Even the release of Internet Explorer 9, which had a lot of new features and finally got rid of the fabulous slowness, was not able to break the stereotypes. The tech giant from Redmond failed at that stage of the browser war – but that did not mean they stopped their attempts. Internet Explorer got its niche, and the complete discontinuation of its support was not advantageous for both Microsoft and its users. A decade after the Mozilla release, the market share of Internet Explorer was around 10% of the whole market. Meanwhile, Chrome had about 45% – an absolute monopoly in the browser market.

Why did Microsoft keep supporting Explorer?

Besides the disadvantages that made IE so unfavourable, Microsoft kept supporting it even after releasing the MS Edge browser together with Windows 10. The newbie is based on Chromium core, and practically has the same list of functions as was offered by the regular Chrome. Folks were sceptical about it, but then the public opinion on it changed. Microsoft did a great job on mistakes – and created a well-done browser, not amazing, but with its own unique features. For example, in Windows 11, it received extended web security abilities – thanks to its deep integration with the operating system and Windows Defender. But the latter is the other sad story of Microsoft software products.

Explorer had its niche, and it was generally infrastructure elements. Cash machines, information stands, interactive menus in restaurants – all of them were running the Explorer. The reason was the ability to ask Microsoft to create some specific functionality for them – an impossible thing for the broad-market browsers like the aforementioned Chrome. Internet Explorer runs on the proprietary MSHTML/Chakra engine, which can be adjusted only by Microsoft. Enterprise technologies always try to rely on other enterprise technologies, and that is the example.

Disabling it at the moment of the Edge release (that would be sudden) was inappropriate for both sides of this symbiosis. Therefore, MS decided just to stop the development of the IE – by keeping the support available. In July 2016, a year after the MS Edge release, the market share of IE shed to 5.4%. By 2021, the share of IE decreased to about 0.5% of the market – with Edge having a 3.5% share. That is miserable compared to Microsoft’s market share in the desktop OS market – over 80%.

The post Internet Explorer shutdown. The Epithaf appeared first on Gridinsoft Blog.

Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft has fixed 16 bugs in Microsoft Edge for a total of 83 bugs.

Interestingly, according to ZDI data, the latest set of fixes increased the total number of bugs fixed in 2021 to 887, which is almost 30% less than in 2020.

One of the major fixes this month is the patch for CVE-2021-43890 (7.1 CVSS). This vulnerability in the Windows AppX Installer is reportedly already under attack. Microsoft says the bug can be exploited remotely by low-privilege attackers without user interaction. In particular, the problem is already being used to distribute various malicious programs, including the Emotet, TrickBot and BazarLoader malware.

Bleeping and Computer reports that Emotet malware has recently spread using malicious Windows App Installer packages disguised as Adobe PDF. While Microsoft does not directly link CVE-2021-4389 to this campaign, the details the experts have shared with the community are completely consistent with the tactics used in the recent Emotet attacks.

Five other zero-day vulnerabilities that were patched in December were not seen in hacker attacks:

• CVE-2021-43240 (CVSS: 7.8) – privilege escalation in NTFS Set Short Name;
• CVE-2021-43883 (CVSS: 7.8) – Windows Installer privilege escalation;
• CVE-2021-41333 (CVSS: 7.8) – Windows Print Spooler privilege escalation;
• CVE-2021-43893 (CVSS: 7.5) – privilege escalation in Windows Encrypting File System (EFS);
• CVE-2021-43880 (CVSS: 5.5) – Windows Mobile Device Management privilege escalation.

Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons.

The post Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware appeared first on Gridinsoft Blog.

Of the four 0-day vulnerabilities under attack, there was already a privilege escalation issue related to the operation of the Win32k kernel driver. The problem was identified as CVE-2021-40449 (7.8 on the CVSS scale) and was discovered by Kaspersky Lab specialists.

In a detailed report, the experts said that the vulnerability belongs to the use-after-free class and was found in the NtGdiResetDC function of the Win32k driver. It leaks the addresses of kernel modules in the computer’s memory, and as a result, attackers use it to elevate the privileges of another malicious process.

The bug was reportedly abused by Chinese hackers who downloaded and launched RAT MysterySnail with it. It is reported that MysterySnail is most often used in espionage operations against IT companies, diplomatic organizations and companies working for the defense industry.

The experts managed to find a number of similarities in the code and functions of MysterySnail and the malware used by the well-known IronHusky group. Also, some C&C addresses were already used in 2012 in attacks by an APT group using the Chinese language.

The exploit for CVE-2021-40449 supports a number of operating systems of the Microsoft Windows family: Vista, 7, 8, 8.1, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Windows 10 (build 14393), Server 2016 (build 14393 ), 10 (build 17763), and Server 2019 (build 17763). But, according to experts, it was written specifically to elevate privileges on server versions of the OS.

Also, as mentioned above, this month Microsoft fixed three other publicly disclosed vulnerabilities, which, however, were not used in hacker attacks:

• CVE-2021-40469 (CVSS 7,2) – vulnerability in Windows DNS Server, leading to remote code execution;
• CVE-2021-41335 (CVSS 7.8) – Windows kernel privilege escalation vulnerability;
• CVE-2021-41338 (CVSS 5.5) – A bypass vulnerability in the Windows AppContainer Firewall rules.

Let me remind you that I also reported that New feature in Exchange Server will apply fixes automatically.

The post Microsoft fixes 81 bugs, including vulnerability under attacks appeared first on Gridinsoft Blog.

The whole process will be carried out in stages: from November 30, 2020, support for IE 11 will be discontinued in the Microsoft Teams service, after March 9, 2021, Microsoft will stop delivering updates for Edge (including security updates), and from August 17, 2021, many services such like OneDrive, Outlook and others will completely stop working with IE 11.

Support will be discontinued also for Office 365.

“This means that after the above dates, customers will have a degraded experience or will be unable to connect to Microsoft 365 apps and services on IE 11. For degraded experiences, new Microsoft 365 features will not be available or certain features may cease to work when accessing the app or service via IE11”, — say Microsoft specialists.

However, the company will not completely abandon Internet Explorer 11, as the browser is a component of the Windows operating system and will only end after expiration of OS version, on which it is installed.

The company noted that users will still be able to access sites specifically designed for Internet Explorer until the tech giant stops supporting the browser in Windows 10.

Microsoft launched an updated version of Edge based on the Chromium engine in January, which was prompted to be downloaded manually from the website. In June, the company began distributing Edge through Windows Software Updates to Windows 10 users (Builds 1803, 1809, 1903, and 1909). With the release of Windows 10 20H2, scheduled for fall, Edge will be included in Windows 10. It is noted that the browser will support IE11 via Internet Explorer mode.

“With the new Microsoft Edge and Internet Explorer mode, customers don’t need an awkward workaround of one browser for some apps and another for other apps. They can standardize on one browser and seamlessly experience the best of the modern web in one tab while accessing a business-critical legacy IE 11 app in another tab – all housed within the new Microsoft Edge”, — explained the developers.

Microsoft also touted the Edge browser in every possible way and was glad that the company’s customers would test it.

End of support schedule for Edge and IE 11:

Let me remind you that the company has been burning Windows 7 for a long time, and appeared a critical vulnerability for IE, Windows 7 clients, as expected, did not receive a patch from it. That time it turned out that these clients were not so few. The Free Software Foundation suggested a way out and asked Microsoft to open the source code for Windows 7, but the company did not respond to these requests.

The post Microsoft developers will stop supporting classic Edge and IE 11 appeared first on Gridinsoft Blog.