Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Thursday, April 30, 2015

Anti-Botnet Advisory Centre: Inform

Anti-Botnet Advisory Centre: Inform  



To prevent the re-infection of your computer please note these important rules:


  • 1
    Check your computer for infection. Please use our EU-Cleaner to remove all
    malware.

  • 2
    Install current Service Packs and Security Updates for your system. Activate automatic updates. Microsoft Instructions: Protect.

  • 3
    Check your Internet browser and the
    embedded plugins (e.g. Java, Flash, Shockwave, Quicktime) regularly to
    make sure they are up to date. Browser- and Plugincheck

  • 4
    Install a virus scanner, e.g. one that is mentioned here and update it
    regularly.

  • 5
    Use a firewall e.g. built-in Windows firewall or a router. More Information
    about Firewalls.
    .

hfiref0x/UACME · GitHub

hfiref0x/UACME · GitHub



UACMe

Wednesday, April 29, 2015

Blaze's Security Blog: Thoughts on Absolute Computrace

Blaze's Security Blog: Thoughts on Absolute Computrace: Introduction Not too long ago my friend and colleague from Sweden, Jimmy, contacted me in regards to a strange issue. In the firewall, he...

TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News

TorrentLocker changes it's name to Crypt0L0cker and bypasses U.S. computers - News   



A new ransomware called Crypt0L0cker (the OHs have been replaced with
ZEROs) has been released that appears to be a new version of TorrentLocker.
This ransomware was first sighted at the end of April in European and
Asian countries and in Australia. Unlike TorrentLocker, for some reason
this variant is Geo-Locked so that it will not install on US based
computers. This ransomware is currently being distributed through emails
that pretend to be traffic violations or other government notices. At
this point it is unknown what encryption method is used and if its
possible to recover encrypted files. The ransom amount is currently set
for 2.2 Bitcoins.

Monday, April 27, 2015

Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro

Without a Trace: Fileless Malware Spotted in the Wild | Security Intelligence Blog | Trend Micro  



With additional analysis from David Agni


Improvements in security file scanners are causing malware authors to
deviate from the traditional malware installation routine. It’s no
longer enough for malware to rely on dropping copies of themselves to a
location specified in the malware code and using persistence tactics
like setting up an autostart feature to ensure that they continue to
run. Security file scanners can easily block and detect these threats.




A tactic we have spotted would be using fileless malware. Unlike most
malware, fileless malware hides itself in locations that are difficult
to scan or detect. Fileless malware exists only in memory and is written
directly to RAM instead of being installed in target computer’s hard
drive. POWELIKS
is an example of fileless malware that is able to hide its malicious
code in the Windows Registry. These use a conventional malware file to
add the entries with its malicious code in the registry.

Simple and easy ways to keep your computer safe and secure on the Internet

Simple and easy ways to keep your computer safe and secure on the Internet  



This tutorial was created to provide tips and techniques for smart and
safe computing. When using these techniques you will not only protect
yourself and your data from hackers and viruses, but also keep your
computer running more smoothly and reliably. The advice in this tutorial
applies to all computer users and all operating systems, but we have
tried to point out specific steps for various operating systems as it
becomes necessary.   By

Threat Spotlight: TeslaCrypt – Decrypt It Yourself

Threat Spotlight: TeslaCrypt – Decrypt It Yourself 



This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau




After the takedown of Cryptolocker, we have seen the rise of
Cryptowall. Cryptowall 2 introduced “features” such as advanced
anti-debugging techniques, only to have many of those features removed
in Cryptowall 3. Ransomware is becoming an extremely lucrative business,
leading to many variants and campaigns targeting even localized regions
in their own specific languages. Although it is possible that these
multiple variants are sponsored by the same threat actor, the most
likely conclusion is that multiple threat actors are jumping in to claim
a portion of an ever increasing ransomware market. One of the latest
variants is called TeslaCrypt and appears to be a derivative of the
original Cryptolocker ransomware. Although it claims to be using
asymmetric RSA-2048 to encrypt files, it is making use of symmetric AES
instead. Talos was able to develop a tool which decrypts the files
encrypted by the TeslaCrypt ransomware...


How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog

How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security - Hanno's blog 



Lately a lot of attention has been payed to software like Superfish and Privdog
that intercepts TLS connections to be able to manipulate HTTPS traffic.
These programs had severe (technically different) vulnerabilities that
allowed attacks on HTTPS connections.



What these tools do is a widespread method. They install a root
certificate into the user's browser and then they perform a so-called
Man in the Middle attack. They present the user a certificate generated
on the fly and manage the connection to HTTPS servers themselves.
Superfish and Privdog did this in an obviously wrong way, Superfish by
using the same root certificate on all installations and Privdog by just
accepting every invalid certificate from web pages. What about other
software that also does MitM interception of HTTPS traffic?



Antivirus software intercepts your HTTPS traffic



Many Antivirus applications and other security products use similar
techniques to intercept HTTPS traffic. I had a closer look at three of
them: Avast, Kaspersky and ESET. Avast enables TLS interception by
default. By default Kaspersky intercepts connections to certain web
pages (e. g. banking), there is an option to enable interception by default. In ESET TLS interception is generally disabled by default and can be enabled with an option.

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute  



I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.

Saturday, April 25, 2015

Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint

Security Flaw in Samsung Galaxy S5 Allows Hackers to Steal Your Fingerprint 



Security flaw in Android
version 5.0 and below makes it possible for hackers to take fingerprint
copies and unlock Samsung Galaxy S5. This could lead to obtaining and
exploitation of victim’s personal data.



FireEye experts Yulong Zhang and Tao Wei have exposed a critical Android flaw, which makes Samsung Galaxy S5 smartphone highly vulnerable to attacks.


Experts revealed that hackers can easily obtain fingerprint data and steal personal info, thanks to the flaw and use personal data for malicious purposes.

GoodDeals Advertisements Removal Guide

GoodDeals Advertisements Removal Guide 



GoodDeals is an adware program that displays deals,
offers, or coupons when browsing certain online shopping sites. When
browsing sites such as BestBuy or Target, the GoodDeals adware will
display a rectangular banner at the bottom of the web page that provides
offers or deals based on the particular site you are visiting.
Unfortunately, these advertisements are done so in an intrusive manner
that overlay the content you are trying to read.

Hackers can potentially hack WIFI systems on aircrafts to commandeer the plane | Emsisoft Blog

Hackers can potentially hack WIFI systems on aircrafts to commandeer the plane | Emsisoft Blog 



Flying thousands of feet in the air can be a scary event for most
people; but, now it seems that airway travel may be more dangerous than
it has ever been. Potential flaws have been discovered in several new
model airplanes that could allow hackers to commandeer the plane by
hacking into a single WIFI system using their laptop computer. It is a
scary thought to think that a hacker may be sitting next to you on a
plane.




According to news Giant CNN,
hundreds of the planes flying commercially today could potentially be
vulnerable to having their on-board computers hacked and taken over by a
plane passenger or even someone on the ground. One of the authors of
the report told CNN that the Boeing 787 Dreamliner, the Airbus A350, and
the A380 aircraft’s all have cockpits that are wired into the same WIFI
system that passengers use.

Ransomware: Should you pay the cybercriminals?

Ransomware: Should you pay the cybercriminals? 



Ransomware is a type of malware, or malicious software, which has exploded in notoriety in recent years.
The malware is often installed on your machine
via a phishing email or a drive-by-download on a compromised website,
and a short time later a pop-up message will appear on screen telling
the user to pay a ransom (in some cases as much as $300) in order to ‘unlock’ their stolen documents.

EasySync Solutions

EasySync Solutions 

Only EasySync Solutions Directly Combats Ransomware Criminals are taking notice at the amount of money to be made by Ransomware, so whether you have been infected before or have never been infected, now is the time to get proper protection. The simple fact is, most of the time a Anti-Virus, Firewall, or even group policies is not enough to stop Ransomware like CryptoWall, TorrentLocker, and CryptoLocker. Without the proper software you may come home to find that all of your personal files have been encrypted and are being held hostage until a payment is made. Sometimes Ransomware can even delete your files if you do not pay, or may corrupt them making payment useless. With EasySync Solutions you will find software that will help you stay protected from every type of Ransomware. You will always have a plan A, B, and C if you do get infected. From prevention measures to recovery measures, you can be sure that if you are running our software and you find yourself being attacked by Ransomware, you will always have options.