There is no way to avoid the reality: cybercrime, or cyber espionage will hit. Attackers are employing methods to deliver malware and steal credentials, from old vectors like malvertising, to new ones like appliances connected to the Internet of Things.

Companies try to improve their security measures, but many of them are not aware of the biggest dangers.

The reality is that cybercrime will definitely hit. The attackers’ methods focus on credentials steal, using old vectors like malvertising, or new ones like connection to the Internet of Things.

Every specialist in security sphere decides on his own which threats are the most dangerous and which are of a least concern. Continue reading →

Ransomware popularity increases – a real money making

The strategy is clear: a virus infects your PC and encrypts your data until you pay a ransom. The hackers create bit by bit instruction on how much to pay and even offer how to buy bitcoin if you are a new one in such issues. Usually, the sum comes to a few hundred dollars. Many users think that this is a better solution rather than giving up. Such systems are really profitable, none other but their designers know it.

Recently, WannaCry ransomware hit more than 150 countries. It has a rather particular origin: the basis of it is fragility of the National Security Agency, which one can use to disorder many versions of the Windows operating system. An unknown hacker knot called Shadow Brokers stole the NSA’s code (the security community considered these hackers to be the Russians) in 2014 and gave it to the world in April.

Microsoft fixed the weakness a month earlier after the NSA alert message that the information leak was inevitable. But older Windows versions were also infected, and unfortunately, there are a lot of users who do not care about their systems security. So, it is a great chance for WannaCry creators to infect computers and blackmail their users.

Good advice is to regularly update your system patches and REGULARLY backup your data.

Continue reading →

Specialists, who have created fingerprints capable of fooling the sensors, said that smartphone fingerprint scanners are not as secure as we used to believe.

They could unlock mobiles with fingerprint security by using fake ones, so it is a great way to log in and to make different payments.

The investigation results of New York and Michigan State Universities revealed the researchers’ ability to develop “master prints that could fool a scanner up to 65 per cent of the time”. So, that means a rapid improvement of the artificial physical fingerprints.

To unlock smartphones, fingerprint scanners are considered to be more secure than passcodes. The Apple company stated that ID scanner used on iPhone has the slightest chance to be coincident with a fingerprint of another person. Continue reading →

If you are fed to the teeth with people continuously asking about browsing safety, we are with you. Different warnings about internet security… But do not forget about antivirus program, little icon of which does its work.

Practically everyone believes he can light-heartedly click, specify and skim different type of information, and surf on the huge open space that is the internet.

Do not pay attention to those internet security fibs. The next perversions may be hard to perceive at first sight, but ultimately, it will be better for you to be aware of them. Continue reading →

Almost 72% of employees are ready to share confidential information of a company and little take company’s data with them after working hours.

The Dell End-User Security Survey provides with such troublous statistics, which reveals that many employees are not only willing to share sensitive information, but they do it without using special security protocols.

Data shows that for today the working strategy of employees is based on two principles: to be efficient and hard-working on the job and to hold company information in confidence. Companies focusing on highly skilled employees and security measures are necessary to maintain data security questions. Nevertheless, they are failing on a work: 76% of employees think that company sacrifice their working efficiency for security precautions.

Continue reading →

Petya ransomware creators attempt to accuse its predecessor of a crack into their system.

Investigators revealed one more Petya ransomware type last year. Besides, it contains improved crypto and ransomware patterns now.

The authentic Petya was hacked last April and the group behind PetrWrap developed a specific module that modifies the original ransomware version on-the-spot.

The on-the-spot change is intended to conceal the fact that Petya is containing the malicious element, and PetrWrap group uses its own crypto methods.

The encrypting uses OpenSSL library elements rather than the mbedtls library used by Petya. Continue reading →

Last week investigators faced with a deleterious Word file that cannot distinguish between two different OS platforms. The goal of this malicious document is to infect other Microsoft systems.

If you open such a document, the malicious Visual Basic for Applications will affect your system immediately. The macro continues to read a base64-encoded character string in the file, which is reliant on the operating system, and then puts in force a certain script. Continue reading →

Jeff Atwood, founder of the popular coding site Stack Overflow, has presented a provoking and rather interesting pompous speech about dire state of the password policy.

His post, entitled “Password rules are bullshit”, reveals that the present format of the password instructions, e.g. using particular combinations of characters, isn’t actually secure. What is more, he claimed that such instructions usually do have the reverse effect and do harm to those people who are using secure password generators.

The next high-priority issue is length of a password. Jeff underlined that majority of people should use over 10 characters’ password. In his opinion, developers failed to create really secure password strategy.

He insisted on the Unicode to increase passwords length in order to make the system more secure.

According to the data he has been analyzing, passwords of about 30 per cent of users would be in the list of top 10,000 passwords, which attackers by all means will use. As a result, there is a big number of consumers complaining about hackers’ attacks on their system.

As a partial solution, Heather Adkins, Google’s director of information security and privacy, recommends turning on two-factor authentication.

U.S. President Donald Trump worried about cybercrime defense and insisted on better state authorities’ protection of the networks. For this purpose, he adjourned sine die the government directions signing to give a stimulus for administration’s issue consideration.

Due to draft copy of the order, the Ministry of Defense and the Department of Homeland Security would have 60 days for the networks security improvement.
Trump had to sign this order on Tuesday but cancel a back order a short time before.

The cybersecurity must be focused on such infrastructures like Power station and power network, Trump announced. Power network security is a great problem that is in need of a speed solution.

During the briefing, the Democratic National Committee was taken into account in the first instance by Trump because of their hacker attack on the presidential election campaign.

“The Democratic National Committee Despite threw away a lot of money instead of attending to security measures,” Trump said. “The Republican National Committee was not hacked. Hackers failed to put in force their hacker attack that means that we have very strong protective safety system against it.”

Over recent years, Netgear had been trying to improve its routers derangement that increased to 30, among which 20 characterized by the embedded programme problems.

Trustwave security expert Simon Kenin identified the weak point that lies in the fact that Netgear routers firmware have some problems with the password reset mechanism.

The explorer practiced deceit with web based controller interface of Netgear WNR1000v3 routers in January 2014 for password disclosure. There were two scripts called unauth.cgi and passwordrecovered.cgi and none of them prompted for an identification action.

Nevertheless, Netgear is considered to be one of the best security producer that proved by the bug bounty program creation.

The intensification of the formidable DDoS botnets from deficient embedded targets like Mirai produced against routers problems. It is sad to say but software support of such devices are influenced by 90s-era assailabilities like command entry, buffer trashing and others. The main security functions of the software include auto refresh or sandboxing that used in very rare cases.

Dutch security expert Sijmen Ruwhof has scrutinized programme support of the Dutch election precinct and now makes a statement “the average iPad is more secure than the Dutch voting system.”

Taking into account SHA1 cryptography weakness of the Dutch voting system, local television station RTL wanted the expert to examine the inconsistency of its parts.

Since 2009, the Dutch election precinct does not use the electronic voting because of the ministers’ prohibition. As a result, the electronic voting systems during counting bulletins result are considered to be insecure. The voting electronic version is available for many devices such as Windows XP, non-current versions of web browser.

It is necessary to state that every computer mechanism should be as secure as an iPad to make ourselves safe from different adverse consequences.

Normally, people feel nostalgic about old school music, films, cars or video games. However, there are people who are so fond of outdated computer viruses that they even created a real museum of them. These two IT experts who initiated storage of old viruses on the Archive.org service are Mikko Hypponen, the chief research officer of Finnish security company F-Secure and Jason Scott, a historian and the software library manager of Internet Archive.

Hypponen has been collecting old viruses since he got started in the information security business 25 years ago. And after the emulator of an old MS-DOS application had been presented, the idea of such a project came to his mind.

Following the above, Malware Museum was founded where you can now find about eighty malicious programs that were spread in 1980s and 1990s. The visitors can see with their eyes what happened with a PC infected with a bug and what messages its user received.
Among the exhibits of the Museum there are many viruses that stood at the origins of future malware trends. One of them is Frodo, one of the first stealth bugs. It was spread on diskettes and was activated exactly on the 22nd of September, on the birthday of Bilbo and Frodo, the characters from Tolkien’s “Lord of the Rings”. When being downloaded it displayed the phrase “Frodo Lives” on the screen of the infected PC.

Mikko Hypponen notes that nowadays most viruses are written by cyber criminals with the purpose of stealing or extorting money, while in 80s and 90s of the previous century it was a different era – malicious programs were created by the advanced young IT developers («happy hackers”) just for fun. For example, there used to be Casino bug, which made its victim play cards with all the data at stake. If the victim won, he got access to his data back; if not – the virus cleared the hard drive. What If a victim was not able to play the game? That’s his own problem – malware is malware.

New version of Elite Keylogger was tested by our testing team. The review is available by the link Elite Keylogger

ESET company is warning users about significant rise in malware Bayrob activity recently. Cyber criminals have been using it for stealing personal data including financial credentials.

Cyberthieves distribute Bayrob through bulk e-mail. The baiting incoming message is trying to impersonate Amazon, and its attachment contains a ZIP archive with executable file.

That’s a malicious file, and if we run it, an error message appears on the screen thus putting off our guard. At the same time, the trojan starts operating as a backdoor: cyber criminals obtain credit card information. The embedded keylogger enables them also to reach online banking credentials (logins and passwords).

With the purpose to get this data, the malware addresses the remote server, downloads other malicious programs, runs executable files and then sends the collected information to the attackers.

To contact the remote server, Bayrob can generate various URLs. One of them is registered by Amazon’s branch in Japan. Apparently, the attackers use the server that belongs to the Amazon Web infrastructure to control and send commands to the infected machines. This fact, though, does not necessarily mean that the whole Amazon platform has been compromised – the suspected server could be officially rented by third parties.

Since late 2015, Bayrob trojan has been extensively used for cyber attacks targeting users in Europe, South Africa, Australia and New Zealand.

Malicious software Babar is capable of eavesdropping on users’ talks and steal files from their computers, according to The Register.

This French-language malware was initially detected by Canadian researchers from CSEC (Communications Security Establishment Canada). At this time, however, security experts from GDATA and Cyphort Labs warned of its spreading and gave a detailed description of the dangerous application.

In fact, Babar has extensive spy functionality. Its features include typical ones like interception of keystrokes and information from the clipboard. Also, this malware is able to take screenshots.

But IT-specialists point out that Babar is also equipped with advanced features. In particular, the program can record audio chats from Skype and Yahoo. Among other things, the software is able to steal users’ files.

Such functionality resulted in use of Babar as a tool for cyber espionage. According to experts, the main targets for this malware were scientific and technological organizations in Iran, as well as the French-speaking media. Apparently, the application also has been aimed at European Financial Association and at organizations located in the countries that used to be French colonies.

Existence of such a spy tool was mentioned in the documents disclosed by Edward Snowden in his revelations. According to these data, secret service used this program to spy on francophone mass media in Canada.

By the way, attackers armed with Babar can spy on Skype users via webcam as well. Experts from the antivirus developer believe that such a method of cyber espionage as hacking webcams and interception of images it broadcasts is spreading. Through webcam, attackers can record everything the user is doing in the area the webcam covers. As a result, they may get credit card information and bank account details.

New version of Spyrix Personal Monitor was tested by our testing team. The review is available by the link Spyrix Personal Monitor

Malware authors state that proof-of-concept versions have been created solely for educational purposes. Two anonymous developers have presented experimental versions of two malwares – rootkit Jellyfish and keylogger Demon. Their main innovative feature is the ability to use graphics processor (GPU). These malware programs exploit GPU rather than the CPU to operate in a stealthy way and increase computational abilities. Both programs work on CPU and exploit GPU functions to mint Bitcoins and other virtual currencies.

Jellyfish is a Lynux based rootkit proof of concept project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU).

This code currently supports AMD and NVIDIA graphics cards.

Demon keylogger has not been described in details by the developers. However, they have announced the key idea of this experimental project- to demonstrate the possibility of monitoring the system’s keyboard buffer directly from the GPU via DMA (direct memory access), without any hooks or modifications in the kernel’s code.

The authors insist that these experimental programs have been developed exclusively with educational goals, and the developers are not liable for further use of rootkit Jellyfish and keylogger Demon.

Are webcam takeovers a myth or a real danger? Many unexperienced PC users have thought about this problem. At times, people are so much nervous about webcam hacks that they prefer not to use this great technological advancement at all. Is it true that a voyeur can secretly watch you through your own computer? Regrettably yes, it is possible – there occurred a number of such infringements of privacy. For example, recently a hacker has been arrested and judged for that. He had placed surveillance programs on girls’ Pcs by sending e-mails. When the e-mail message was being opened, the PC became web-exploit, allowing this hacker to view his “victim”.

This case is far from being a single one. Any of us can find himself in the same situation.
The high-risk group include people who do not use antivirus protection. Their computers can be attacked by malwares and Trojan Horse software which enable hackers to control your webcam.
Operation system vulnerability is another source of computer breaking and gaining access to webcam. For instance, there is such a vulnerability in UAC Windows 7 – due to it a vicious malware can change UAC settings making a computer unprotected against hackers. How does this viral infection happen? A program virus file is created, and after it has been moved to someone’s computer (for example, masked off as an image enclosed in incoming email attachments) it gains access to computer’s system files including webcam’s one.

What needs to be done to guarantee that your private life is fully protected against uninvited visitors? Firstly, don’t freak out. Just because your webcam can be hacked doesn’t mean it’s likely to be hacked. Webcam hacking cases are not that frequent. There should be a serious goal for that, because hacking is quite time-consuming. The hacker of the described above crime used hacking for racketeering – demanding money from girls. Still, if you are eager to secure your privacy, you would better draw your attention to the following ideas:

If you wish to keep your webcam safe from any breaking, just tape a piece of paper over your webcam! An alternative would be to unplug it whenever you aren’t using it – there is no one hundred percent guarantee that you are not being chased at a certain point in time.

You can also keep track of your webcam’s indicator light – if it’s turned on, the recording is being done.
Noone would be able to hack you webcam if he knows just your IP address. It is assigned to your computer by your provider, but does not indicate the exact route to your system. IP address seems to be insufficient info for gaining access to your webcam.
For your more assurance that your computer and your webcam are secured against hacks, you should install high-quality and time-honored software. Compared with PC webcams, TV webcams are, normally, easier to get hacked, because their operational systems have not been modified and updated to the required level yet.

Everyone surfing the web should be cautious. There are some simple rules to follow. You needn’t open spam email attachments and messages from an unknown source – they might contain Trojan viruses which would help intruders gain access to your webcam. You should download and install drivers on your devices (including your webcam) only from official developer’s sites.
You should use fire wall, update applications in your system, and the system itself too.

If you take your PC to a repair shop, you must chose a reliable one with trustworthy staff. Unfortunately, they have a possibility to infect your PC with spy or Trojan viruses in such a repair center.
There are two things at the same time – ease and trouble. On the one hand, you should not worry too much about this problem, because common user’s webcams do not attract hackers that much. On the other – who know? In any case, forewarned is forearmed!

New version of REFOG Personal Monitor was tested by our testing team. The review is available by the link REFOG Personal Monitor