Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Friday, March 20, 2020

Μένουμε σπίτι και απολαμβάνουμε τα ραδιόφωνα όλου του κόσμου δωρεάν, πατώντας σε μια πράσινη τελεία!

Search Results

Web result with site links



Μένουμε σπίτι και απολαμβάνουμε τα ραδιόφωνα όλου του κόσμου!!

Radio Garden – Explore live radio by rotating the globe






Radio Garden Lets You Tune Into 8,000 Stations From Around The World : Goats and Soda It's a new website with 8,000 radio stations from around the world. It's a way to travel to faraway places — and for immigrants to get a taste of home.

RemoteSec: achieving on-prem security levels with cloud-based remote teams

RemoteSec: achieving on-prem security levels with cloud-based remote teams

RemoteSec: achieving on-prem security levels with cloud-based remote teams

Posted: March 12, 2020 by Dan Macharia
Last updated: March 13, 2020


The world of work is changing—by the minute, it feels these days. With the onset of the global coronavirus pandemic, organizations around the world are scrambling to prepare their workforce, and their infrastructure, for a landslide of remote connections. This means that the security perimeter of businesses small and large has transformed practically overnight, requiring IT leaders to rethink the way they’re protecting their organizations.

Even before the spread of the virus, preparing business security protocols for a mixture of remote and on-premises work had become a forgone conclusion. With increasing globalization and connectedness, remote work is fast supplementing, if not outright replacing, traditional 9-5 office-based hours. Upwork Global predicts that by 2028, up to 78 percent of all departments will have remote workers.

This trend is affecting companies of all sizes. In fact, a study by Owl Labs indicates that smaller companies are twice as likely to hire full-time remote workers, and a State of Telecommuting study found that telecommuting grew by 115 percent over the last decade.

These numbers clearly show that remote work is here to stay, whether in quick response to dire crises or simply as a slow, societal shift. What companies are now grappling with is how to manage a ballooning remote workforce, and more so, the security challenges that come with that growth.

In the past, traditional work made it easy to create and enforce on-prem security policies. Simple controls like logical and physical access were handled through a centralized command and control hierarchy. As workforces become increasingly distributed, such security hierarchies are starting to underdeliver. Companies are now faced with novel security challenges posed by the diverse work conditions remote workers operate within.
The rise of RemoteSec

Remote Security, or RemoteSec, is a set of security tools, policies, and protocols that govern the IT infrastructure supporting remote teams. As most remote workers rely heavily on cloud tools and platforms, RemoteSec addresses security challenges that almost always fall under this category, though other tools, such as virtual private networks (VPNs) play a role, as they are often deployed to establish secure connections to the cloud.

For any business working with remote teams, understanding the role cloud security plays in securing remote teams is crucial to realizing overall remote security. However, one challenge that remains is how to replicate the success of on-prem security within a cloud environment.

Before we delve into the details of RemoteSec, it’s crucial to note the difference between RemoteSec and overall cybersecurity policy. While both deal with securing networked resources, RemoteSec focuses mostly on securing remote teams and the cloud resources they use. As such, organizations with cybersecurity policies may need to extend them to cover security issues that emerge when remote workers relying on cloud infrastructure are added to the workforce matrix.
Crucial RemoteSec considerations

Remote workers—which include freelancers, contractors, or in-house employees working from home, in coworking spaces, or at coffee shops—do their jobs under a diverse set of conditions. These unique and unpredictable conditions form the body of challenges RemoteSec addresses.

For example, 46 percent of staff members admit to moving files between work and personal computers while working from home. A further 13 percent admit to sending work emails via personal email addresses because they are unable to connect to an office network.

With these challenges in mind, here are some crucial RemoteSec considerations you should focus on to secure your remote teams.
Global location of employees

Remote workers that are spread across the globe face different security challenges. As each part of the world has its own unique IT infrastructure characteristics, it is essential to standardize remote work environments for your entire team. Using VPNs and virtual desktops can help provide a uniform and secure work environment for your remote team, despite their location in the world.
Remote data security policies

Data security is a significant challenge when working with remote teams. For example, remote workers may access public unsecured Wi-Fi hotspots, exposing company data to eavesdroppers or cybercriminals. Also, remote workers may use free data storage tools like Google Drive without knowing that such tools are vulnerable to ransomware attacks.

RemoteSec addresses these issues through comprehensive cloud data policies that cover remote data access, public hotspots, USB devices, password management, device management, network compliance, and others.
IT and network infrastructure

Endpoint security is another area that organizations must address when it comes to RemoteSec. Remote workers tend to use multiple endpoints (devices) to access company resources. However, in many instances, these devices may not be secure or may be connecting through unsecured network channels.

Issuing mobile device management (MDM) policies, using secure VPNs, deploying cloud-based endpoint security on all remote devices, and enforcing secure cloud network protocols can ensure remote workers do not circumvent network or endpoint security measures.
Remote IT support

Not all remote workers are tech-savvy. As more roles move to remote, non-technical remote workers may face challenges accessing IT support. If a remote worker halfway across the world experiences technical problems, they may turn to non-secure, outside IT support, exposing your company’s confidential resources. Using cloud tools to deliver IT support can help maintain seamless security across your technical and non-technical remote workforce.
On-prem security tools vs. cloud-based RemoteSec

Most companies extol the virtues of on-prem security and rightly so. On-prem security is the gold standard of information security. However, that standard falls apart when stood up against today’s hybrid workforce of remote teams and in-house professionals using a diverse range of endpoints—especially when that workforce is quickly ushered back into their homes for safety purposes. Why? Because on-prem security protocols are designed to contain information in an airtight box.

Cloud and remote teams not only open that box, but they also turn the organization into an open platform with multiple access points and endpoints. So, how can an organization achieve on-prem security levels with remote teams in the cloud? The answer lies in using the right security tools to migrate your organization from an on-prem mindset to one that considers remote security equally.

Cloud security tools include desktop infrastructure, file system snapshots, remote data and activity monitoring, and remote device encryption and data wipes. Such mechanisms not only safeguard company data, but give more control over IT resources used by remote workers.

In addition, deploying a single-sign on service with multi-factor authentication can better protect company data stored in the cloud, as well as assist in access management. VPNs, both desktop and mobile, can further provide authentication while also encrypting network traffic and obscuring private details, which may be necessary while connecting in public places.
A massive shift

Cloud services, at once the hero and villain of information security, will prove to be an ace up the sleeve for companies transitioning away from underperforming on-prem security standards. While remote work seems to have caught on—and is sometimes necessary—we are only at the beginning of a massive tectonic shift in how work is done.

RemoteSec, therefore, is an emerging security field in security, one that’s been discussed for years but never quite tested to this degree. As organizations gain more remote workers, the need to embrace RemoteSec at the forefront of cybersecurity policy will only escalate. Addressing the crucial areas outlined above can help organizations mitigate the emerging risks while embracing a remote workforce.

Thursday, March 19, 2020

Cybercriminals impersonate World Health Organization to distribute fake coronavirus e-book





SOCIAL ENGINEERING


Posted: March 18, 2020 by Threat Intelligence Team


The number of scams, threats, and malware campaigns taking advantage of public concern over the coronavirus is increasing each day. As a result, we’ve been actively monitoring emails within our spam honeypot to flag such threats and make sure our users are protected.

Yesterday, we observed a phishing campaign similar to malspam previously discovered by MalwareHunterTeam, which impersonates the World Health Organization (WHO) and promises the latest on “corona-virus.” Right off the bat, the incorrect use of a hyphen in “coronavirus” in the subject line could tip off users with a critical eye for grammar. However, since WHO are often touted as a trustworthy and authoritative resource, including by our own blog, many will be tempted to open the email.

In this particular campaign, threat actors use a fake e-book as a lure, claiming the “My Health E-book” includes complete research on the global pandemic, as well as guidance on how to protect children and businesses.

The criminals behind this scheme try to trick victims into opening the attachment, contained in a zip file, by offering teaser content within the body of the email, including:


Guidance to protect children and business centre;

This guidance provides critical considerations and practical checklists to keep Kids and business centre safe. It also advises national and local authorities on how to adapt and implement emergency plans for educational facilities.

Critical preparedness, readiness and response actions for COVID-19;

WHO has defined four transmission scenarios for COVID-19. My Health E-book describes the preparedness, readiness and response actions for each transmission scenario.

The email content goes on to tell readers that they can download and access the e-book from Windows computers only.

Instead, as soon as they execute the file inside the MyHealth-Ebook.zip archive, malware will be downloaded onto their computers. As seen in the previous wave of spam, the malicious code is for a downloader called GuLoader.

GuLoader is used to load the real payload, an information-stealing Trojan called FormBook, stored in encoded format on Google Drive. Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors.

While the threat actors are improving on the campaign’s sophistication by building reputable-sounding content within the body of the email, a closer examination reveals small grammatical errors, such as:


You are now receiving this email because your life count as everyone lives count.

This combined with other minor formatting and grammar mistakes, as well as a mix-and-match selection of fonts make this clever phishing scheme, upon closer examination, a dud. Still, many have fallen for far more obvious ploys.

With a huge swatch of the population now confined to their homes but working remotely, the risk of infecting a highly-distributed network is increasing. That’s why it’s more important than ever to use a discerning eye when opening work or personal emails, as employee negligence is one of the top indicators for successful cyberattack/data breach.

Malwarebytes home and business customers were already protected against this malspam campaign and its associated payloads.
Indicators of compromise

GuLoaderde1b53282ea75d2d3ec517da813e70bb56362ffb27e4862379903c38a346384d


FormBook URLdrive.google[.]com/uc?export=download&id=1vljQdfYJV76IqjLYwk74NUvaJpYBamtE

Η Microsoft κυκλοφόρησε το Windows Terminal Preview v0.10

Η Microsoft κυκλοφόρησε το Windows
Terminal Preview v0.10


18 Μαρτίου, 2020, 12:24 μμ by Absenta Mia

Η Microsoft κυκλοφόρησε το Windows Terminal Preview v0.10 με νέες δυνατότητες και βελτιώσεις. Αν θέλετε να εγκαταστήσετε το Windοws Terminal, μπορείτε να επισκεφτείτε το Microsoft Store ή να κάνετε λήψη του πακέτου από τη σχετική σελίδα του GitHub.

Πάμε να δούμε τι νέο υπάρχει:

Υποστήριξη χρήσης ποντικιού

Το Windows Terminal υποστηρίζει τώρα την είσοδο του ποντικιού σε εφαρμογές Windows Subsystem για Linux (WSL) καθώς και σε εφαρμογές Windows που χρησιμοποιούν virtual terminal (VT) input. Αυτό σημαίνει ότι εφαρμογές, όπως το tmux και το Midnight Commander θα αναγνωρίζουν τις εντολές, όταν κάνετε κλικ με το ποντίκι σε στοιχεία στο παράθυρο του Terminal!



Ρυθμίσεις

Duplicate Pane


Με τη νέα έκδοση του Windows Terminal, μπορείτε να ανοίξετε ένα νέο παράθυρο (pane) με διπλό προφίλ. Αυτό μπορεί να γίνει με την προσθήκη των εντολών “splitMode“: “duplicate” στη λίστα εντολών του “splitPane” στα key bindings. Αυτό το key binding θα εμφανίσει ένα διπλό προφίλ, αλλά μπορείτε να προσθέσετε και άλλες επιλογές, όπως “commandline”, “index”, “startingDirectory”, and “tabTitle”.

Εάν θέλετε να μάθετε περισσότερες λεπτομέρειες σχετικά με τις επιλογές του key binding, μπορείτε να δείτε αυτό το blog post.

{“keys”: [“ctrl+shift+d”], “command”: {“action”: “splitPane”, “split”: “auto”, “splitMode”: “duplicate”}}



Διορθώσεις σφαλμάτων
Η εμφάνιση του κειμένου είναι σημαντικά καλύτερη, όταν αλλάζει το μέγεθος του παραθύρου!
Τα πλαίσια, όταν χρησιμοποιείτε dark theme, δεν είναι πλέον λευκά!
Η γραμμή εργασιών (που είναι auto-hidden) θα εμφανίζεται τώρα, όταν το ποντίκι βρίσκεται στο κάτω μέρος της οθόνης.
Το Azure Cloud Shell μπορεί τώρα να τρέξει PowerShell, να υποστηρίζει εντολές μέσω ποντικιού και να ακολουθήσει το επιθυμητό shell της επιλογής σας.

Όλα τα παραπάνω μπορείτε να τα βρείτε στο Windows Terminal Preview v0.10.

Η Microsoft δήλωσε ότι οι προγραμματιστές της ασχολούνται με τη διόρθωση κάποιων σφαλμάτων για να προετοιμαστούν για την κυκλοφορία του v1. Το Windows Terminal v1 θα κυκλοφορήσει τον Μάιο.

Η ESET προειδοποιεί για scams που εκμεταλλεύονται το κλίμα ανησυχίας για τον κορωνοϊό



ΚΕΙΜΕΝΟ: FORTUNEGREECE.COM
16/03/2020 18:00






Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.


Τις ιδιαίτερες συνθήκες που έχει προκαλέσει σε όλον τον πλανήτη η πανδημία του κοροναϊού εκμεταλλεύονται οι κυβερνοεγκληματίες, όπως προειδοποιεί σχετικά η ESET. Η παγκόσμια ανησυχία, οι ευπαθείς ομάδες που διατρέχουν τον υψηλότερο κίνδυνο, η υπερβολική ζήτηση για αγαθά που δεν είναι πλέον σε απόθεμα και η παραπληροφόρηση στα μέσα κοινωνικής δικτύωσης – όλα αυτά ισοδυναμούν με μια τεράστια ευκαιρία για τους απατεώνες του διαδικτύου. Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.

Κακόβουλα νέα

Οι απατεώνες προσποιούνται ότι στέλνουν σημαντικές πληροφορίες από έγκυρους φορείς, όπως τον Π.Ο.Υ. (Εικ.1) ή από αξιόπιστους δημοσιογραφικούς οργανισμούς, όπως τη Wall Street Journal (Εικ.2), με στόχο να ξεγελάσουν τα πιθανά θύματα να κάνουν κλικ σε κακόβουλα link. Συνήθως, τέτοιοι σύνδεσμοι μπορούν να εγκαταστήσουν κακόβουλο λογισμικό, να κλέψουν προσωπικές πληροφορίες ή να επιχειρήσουν να αποσπάσουν διαπιστευτήρια σύνδεσης και κωδικούς πρόσβασης.

Εκμετάλλευση της φιλανθρωπίας


Σε αυτή τη μορφή scam, οι κυβερνοεγκληματίες προσπαθούν να πείσουν το θύμα να βοηθήσει στη χρηματοδότηση εμβολίου για τα παιδιά στην Κίνα. Καθώς αυτή τη στιγμή εμβόλιο δεν υπάρχει, οι χρήστες τελικά καταλήγουν να στέλνουν bitcoin στα πορτοφόλια των απατεώνων. Η τεχνική είναι αποτελεσματική μόνο σε ένα πολύ μικρό ποσοστό χρηστών, αποκτά όμως σεβαστό μέγεθος αν αναλογιστεί κανείς ότι γίνεται σε παγκόσμια κλίμακα.

Μάσκες

Σε έναν άλλο τύπο απάτης, οι κυβερνοεγκληματίες στέλνουν spam email (Εικ.3) θέλοντας να ξεγελάσουν τα θύματα ότι μπορούν να παραγγείλουν μάσκες που θα τους κρατήσουν ασφαλείς από τον κοροναϊό. Στην πραγματικότητα, τα θύματα καταλήγουν να αποκαλύπτουν, χωρίς να το θέλουν, ευαίσθητα προσωπικά και οικονομικά δεδομένα. 
Σύμφωνα με το Sky News, οι απατεώνες πωλητές μασκών απέσπασαν 800.000 λίρες Αγγλίας (1 εκατομμύριο δολάρια) από χρήστες στο Ηνωμένο Βασίλειο, μόνο τον Φεβρουάριο.

Η ESET συμβουλεύει τους χρήστες να έχουν το νου τους σχετικά με αυτές και αντίστοιχες απάτες και να είναι ιδιαίτερα προσεκτικοί, εφαρμόζοντας τις παρακάτω οδηγίες:

Αποφύγετε να κάνετε κλικ σε συνδέσμους ή να κάνετε λήψη συνημμένων σε ανεπιθύμητα μηνύματα/κείμενα από άγνωστες πηγές ή ακόμα και από αξιόπιστες πηγές, παρά μόνο αν είστε απολύτως βέβαιοι ότι το μήνυμα είναι αυθεντικό.
Αγνοήστε τις επικοινωνίες που ζητούν τα προσωπικά σας στοιχεία. Αν κρίνετε ότι είναι απαραίτητο να τα δώσετε, φροντίστε πρώτα να ελέγξετε την αυθεντικότητα του αποστολέα, χρησιμοποιώντας ένα διαφορετικό μέσο από το ίδιο το email (π.χ. αναζήτηση στο διαδίκτυο).
Προσέξτε ιδιαίτερα τα email που έχουν σήμανση «επείγον» ή «προσοχή» και σας παροτρύνουν να λάβετε άμεσα μέτρα ή προσφέρουν εμβόλια ή θεραπείες για τον COVID-19.
Προσέξτε για φιλανθρωπικές καμπάνιες ή εκστρατείες crowdfunding που μπορεί να είναι απάτες.
Χρησιμοποιήστε αξιόπιστο λογισμικό με πολλαπλά επίπεδα ασφάλειας, που διαθέτει προστασία από το ηλεκτρονικό «ψάρεμα» (phising)