Reminder! If You Haven’t yet, Turn Off Windows 10 Keylogger Now

This is an older article, but one you may have missed. Simple instructions on how to turn off the keylogger and why you should.

Do you know? Microsoft has the power to track every single word you type or say to its digital assistant Cortana while using its newest operating system, Windows 10.Last fall, we reported about a ‘keylogger’ that Microsoft openly put into its Windows 10 Technical Preview saying the company ‘may collect voice information’ as well as ‘typed characters.’It was thought that the company would include the keylogger only within the Technical Preview of Windows 10, just for testing purpose. But, the thought was Wrong!

 

Read the rest…

Source: Reminder! If You Haven’t yet, Turn Off Windows 10 Keylogger Now

SEO Is Not A Get-Rich-Quick Scheme For Their Website

Quote

It’s important everyone understands that SEO is not a get-rich-quick scheme for their website. Project managers who underestimate the demands of a top-to-bottom SEO game plan will find themselves overwhelmed.

WHERE DOES SEO STRATEGY FIT IN THE WEB DEVELOPMENT PROCESS? EVERYWHERE. Nathan Reimnitz | GoDaddy Garage, May 2, 2016

Beware of These Smartphone Scams, AARP Bulletin|Sid Kirchheimer

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

With new technology comes new opportunities to fleece people out of their hard-earned money. Here are the latest scams from AARP and, while this is geared for older people, the information given works for all ages so don’t be put off by a presupposition.

Beware of These Smartphone Scams,

Don’t expect the mobile mayhem to end anytime soon

AARP Bulletin|Sid Kirchheimer|March 2016

Be prepared: Scammers target smartphones every day via constantly evolving cons. — Eric Nyffler

En español | Love your smartphone? So do scammers. With more than 1.5 billion smartphones forecast to be sold worldwide in 2016, you can expect more mobile mayhem this year. The reigning ruses include the following:

Spam

Nearly 70 percent of smartphone texters say they receive unwanted spam messages, studies show. And people are three times more likely to respond to spam received by cellphone than when using a desktop or laptop computer. That’s particularly dangerous because more than a quarter of text-message spam—such as free gift cards, cheap medications and similar text-message come-ons—is intended to criminally defraud you, compared with only about 10 percent of spam arriving by email. These texts often lead you to shady websites that install malware on your phone or otherwise seek to steal sensitive details for identity theft.

What to know: Don’t click on links or follow instructions to text “stop” or “no” to prevent future texts. This only confirms to scammers that yours is a live, active number for future spam. Use and regularly update anti-malware software designed for smartphones; ask your phone’s manufacturer or service provider for recommendations. Forward suspicious texts to 7726 (“SPAM” on most keypads) to alert your carrier to those numbers, and then delete them.

In a longtime calling scam, crooks leave voice messages asking you to call back a specific number because you have won a sweepstakes or have an undeliverable package. Now they simply program calls to smartphones to ring only once or disconnect when you answer. Your curiosity over a missed-call alert results in you spending upwards of $30 to call back. The reason: Despite a seemingly American area code, the call is to an international phone number—often in the Caribbean—that charges a premium connection fee and per-minute rate, which is extended through long holds and frequent transfers.

You might also find charges crammed onto your bill with such innocuous language as “special services,” “Internet advertising” or “minimum monthly usage fee.”

What to know: Beware of any unfamiliar calls—one ring or otherwise—with area codes 268, 284, 473, 649, 664, 767, 809, 829, 849 or 876.

Bank messages

These text messages claim to be from your bank or credit card company and say there’s a problem with your account. You’re instructed to click an included link, which leads you to a look-alike, scammer-run website that seeks your name, account number and online log-in credentials.

See also: Billed for fake debt

What to know: If there’s really an account problem, you might get an email, but it will include your name and a portion of your account number. Or your bank or credit card company may telephone you with a fraud alert, but it won’t ask for any personal data.

Finally, keep in mind that smartphones are prime targets for old-fashioned theft. Don’t let yours reveal your secrets if it winds up in the wrong hands. Always protect it with a strong PIN. And don’t use it to store credit card and account log-in information—or anything else potentially compromising.

More on Scams

DNS HiJacking ( Introduction ) – Cybrary

An introduction to DNS HiJacking

What is DNS and how does hijacking work? What are the dangers of DNS hijacking? How can you prevent or recover from hijacking or being hijacked? Well, read on!

Hello Readers… DNS hijacking (sometimes referred to as DNS redirection) is a type of malicious attack that overrides a computer’s TCP/IP settings to point it at a rogue DNS server, thereby invalidating the default DNS settings. In other words, when an attacker takes control of a computer …

Source: DNS HiJacking ( Introduction ) – Cybrary

How does The Internet Work?

So, how does the internet work?

The internet is something nearly everyone uses on a daily basis. We’ve all come to rely on it and some of us make our living using it. So, how does it work? How do computers connect? How do messages pass between computers? Is it really a bunch of tubes? (hint, nope!) Who owns it?

This article explains some of the more general points about an indispensible system.

Nowadays, internet has became essential after food. There are many people who will not be agree with this statement but once they start using internet, they will be agree. You are reading this article so i hope you are already aware of ‘what internet is’. But, really?

You will say ‘Yes i know what is internet’ but it is enough ? Don’t you ever wonder how does the internet work? Maybe you already know how it works if you are an IT pro or teacher but i think everyone should know this because internet is common and it is for everyone. So the study of internet should not be only for IT students. So coming to the point, i wrote this article to let everyone aware about internet concepts and its working with the help of website Howstuffworks.com . I hope you have enough time to read it patiently.

Source: How does The Internet Work?

USB Thief — Self-projecting USB Trojan Is Here To Give You Nightmares

Rule of Thumb

Never, never, never use usb drives from an unknown source. This includes buying cheap usb drives from unknown sources on eBay! So many interesting things are being pre-loaded these days. Tell your uncle with the nude pics on the usb drive that you’ll pass. BTW, do we need to have a conversation about the objectification of women?…

Security researchers have identified a new malware named USB Thief that has the ability of stealing data from air-gapped computers without leaving its trace.

Source: USB Thief — Self-projecting USB Trojan Is Here To Give You Nightmares

How Just Opening an MS Word Doc Can Hijack Every File On Your System | The Hacker News

If you receive a mail masquerading as a company’s invoice and containing a Microsoft Word file, think twice before clicking on it.
Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed “Locky,” into their systems.

Read More: How Just Opening an MS Word Doc Can Hijack Every File On Your System | The Hacker News

Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car – fossBytes

Please note that he noticed the potential security risks inherent in the hospital’s system and medical equipment and got permission to run tests to expose the vulnerabilities.

When we visit a hospital, we put our complete trust in our doctor and the medical equipment that he/she uses. With advancement in technology, these equipment have become more complex and interconnected. Sadly, ensuring standard cybersecurity measures is not a top priority of the medical professionals. This fact was recently outlined by a Kaspersky security researcher who hacked a hospital while sitting in his car.

Source: Kaspersky Researcher Shows How He Hacked His Hospital While Sitting In His Car – fossBytes

36 Reasons Why Having a “Free Website” is a Bad Idea

This is a great article explaining exactly why you get what you pay for and nothing is ever “free.” The least of which is they can lock down your data, they can shut down your website, unprofessional web address (no credibility there), the company can disappear (with your stuff), you lose your site address, they can sell your information, notorious for distributing malware (do you really want to be a part of that?), and they are vulnerable to hacking attempts.

Is this the way you want potential clients/customers/members to see your organization? But wait, there’s more!…

Are you looking for a free website hosting service on the web? Take a look at these 36 reasons explaining why having a free website is a bad idea.

Source: 36 Reasons Why Having a “Free Website” is a Bad Idea

Hundreds of compromised WordPress sites serve TeslaCryptSecurity Affairs

If you are not keeping up on your updates, you may have a compromised site. It’s important to make sure you have the latest security patches to your WordPress site.

Emergency. Hundreds of compromised WordPress sites serve TeslaCrypt ransomware

Source: Hundreds of compromised WordPress sites serve TeslaCryptSecurity Affairs

HTTPS provides more than just privacy

So why do you need HTTPS for your site? You don’t sell stuff. You don’t ask users for any information. Here’s why you need a TLS Certificate (formerly SSL Certificate). There are two(?) types of TLS Certificates: EV (Extended Validation Certificate) and DV (Domain Validated Certificate). The typical website holder uses the DV certificate.

HTTPS can provide identity, SEO, access to HTML5 powerful features and even keep network carriers from messing with your site’s content. Read on for how.

Source: HTTPS provides more than just privacy

Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | By Peter Kafka

Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | By Peter Kafka

loser gif
If you’re still seeing ads in twitter apparently you’re a loser!

Twitter makes its money by showing ads to its users.

But not all of its users: For the past few months, the social media company has stopped displaying ads, or has dramatically reduced the number of ads it displays, to a small group of some of its most prominent and active users.

For those people, Twitter is an ad-free, or nearly ad-free, experience.

Sources say Twitter made the move in an attempt to get some of its VIP users to stay engaged with the service. That seems a little counterintuitive for a company that appears to be focused on getting new users, not pleasing its hardcore base. But CEO Jack Dorsey seems to endorse the notion: Twitter started playing around with the idea in September, when Dorsey was interim boss, and has kept at it since he took the title for good.

Twitter sources say the company doesn’t select the no-ad or low-ad group purely by star power, but by a variety of criteria, including the volume and reach of the tweets they generate.

Read More…

Source: Twitter Has Stopped Showing Ads to Some of Its Most Valuable Users | <re/code> By Peter Kafka

Uber tests out using smartphones to monitor driver behavior | Ars Technica

So, what could possibly go wrong? Is anyone else weirded out by this?

Uber announced today that it will monitor some of its drivers’ behavior for things like excessive speeding or distracted driving. Starting with a trial in Houston, the program will use Uber drivers’ own smartphones to provide data to the company.

The company will use a phone’s gyroscopes, accelerometers, and GPS to record whether drivers break speed limits or play with their phone while the vehicle is in motion. But in this trial, Uber will only access that data if a customer has a complaint about driving standards.

Always-on monitoring of driving standards may come later, according to Uber Chief Security Officer Joe Sullivan. For now, the initiative is about being able to fact-check complaints and keep the company’s rating system on the rails.

Distracted driving is a serious problem, and it’s responsible for much of the push toward self-driving cars in the US. As companies like Zendrive have shown, the sensors in smartphones today are very capable of assessing whether a phone is being used while traveling in a car.

Source: Uber tests out using smartphones to monitor driver behavior | Ars Technica

What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

According to Ghost Security Group, 2016 will be an eventful year in cybersecurity. Ransomware, ISIS, Bitcoin, hacks and breaches will likely paint the headlines as they did in 2015. 

“As was seen recently with the Ransom32 software earlier this year, ransomware is only getting better,”

Ghost Security Group activist Akenalus told Hacked. 

“At some point it may even begin scanning our computers, extracting credit card information and automatically paying its own ransom.” 

This isn’t likely to happen any time soon, but it will be coming in the next few years.

“We can most definitely expect ransomware to be more commonly used, maybe even being used to take over things like the Playstation network and hold either Sony or individual users hostage, extracting ransom that way,”

the hacktivist said. No matter how it is used, ransomware won’t disappear in the upcoming year. That’s clear by recent innovations in ransomware.

“And if Ransom32 was any kind of an example, we can expect it to get worse.”

As has already been shown in the last year, cyber warfare plays a huge role in modern war. Ghost Security Group has gained a name for itself in the online battle against ISIS. They feel this is the most effective way to undermine ISIS influence.

Read more…

Source: What to Expect from Cybersecurity in 2016, According to the Hacktivists Fighting ISIS | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Report: Cybercriminals Are Cooking up Malware in Record Numbers

A press release by the Spanish security company revealed the startling number to be nine million new samples more than the previous year – 2014. Essentially, that’s 230,000 new malware samples produced every single day on average throughout 2015.

2015 also saw another record notched up wherein 27 percent of all malware samples – ever recorded – were observed during the previous year.

The highlights revealed that:

  • Trojans proved to be the undisputed king of malware at 51.45% of all collected samples.
  • Viruses constituted for 22.79%
  • Worms came after at 13.22%.

Potentially unwanted programs or PUPs figured in next at 10.71% followed by cases of spyware at 1.83%.

The notorious Cryptolocker ransomware was the most destructive, far-reaching and widely-scaled cyberattack of them all, affecting hundreds of thousands, if not millions of computers around the world.

Read more…

Source: Report: Cybercriminals Are Cooking up Malware in Record Numbers | Hacked

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

path of apple servers to reading all of your messages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW!

In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products.

When it comes to Apple’s iMessage service, the company claims that it can’t read messages sent between its devices because they use end-to-end encryption, which apparently means that only you and the intended recipient can read it.

Moreover, in case, if the federal authorities ask Apple to hand over messages related to any of its users, there is nothing with Apple to offer them.

“If the government laid a subpoena to get iMessages, we can’t provide it,” Apple CEO Tim Cook told Charlie Rose back in 2014. “It is encrypted, and we do not have a key.”

But Wait!

There are still hundreds of Millions of Apple users whose data are stored on Apple’s servers in plain text even after Apple’s end-to-end encryption practice.

Read the rest of the article…

Source: Apple Can Still Read Your End-to-End Encrypted iMessages | The Hacker News

Hacking your head: How cyber criminals use social engineering | Malwarebytes/Wendy Zamora

Hacking your head: How cyber criminals use social engineering

Social engineering is nothing new. It’s a tool of psychological manipulation that’s been used since the dawn of man. Why? To influence people into taking action that might not be in their best interest.

Sometimes it’s fairly harmless, like a child sweet-talking his mom in order to get extra candy. (I’m a victim of this one.) Many times, however, social engineering is used for nefarious purposes.

There are classic examples of social engineering at play throughout human history. Confidence tricks were first used by charmers in the 19th century to con people into trusting others with their valuables. (They should not have trusted…the charmers made off with the goods.) Psychological manipulation, otherwise known as propaganda, influenced droves of people during World War II to go out and buy war bonds. And advertising subtly hints that you’re not pretty enough until you buy this product.

Social engineering taps into the human psyche by exploiting powerful emotions such as fear, urgency, curiosity, sympathy, or the strongest feels of them all: the desire for free stuff.

Which is why cyber criminals have caught on.

Cyber crooks use this dangerous weapon to get at the weakest link: us. They know that the easiest way to penetrate a system is to go after the user, not the computer. “Attacking the human element has always been a favorite,” says Jean-Phillip Taggart, Senior Security Researcher at Malwarebytes. “Why use some hard technical flaw to acquire a password when you can simply ask the user for it?”

Read More…

Source:  Hacking your head: How cyber criminals use social engineering | Malwarebytes/Wendy Zamora

Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

Facebook “Page Disabled” Phish Wants your Card Details — Targets Page Admins

Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of.

The scam begins with a message like this, courtesy of Twitter user Alukeonlife:

Warning!!!
Your page will be disabled.
Due to your page has been reported by other users.
Please re-confirm your page in order to avoid blocking. You violate our terms of service. If you are the original owner of this account, please re-confirm your account in order to avoid blocking.

If the multiple exclamation marks and generally terrible grammar didn’t give the game away, the following request certainly might:

To complete your pages account please confirm Http below:

https(dot)lnkd(dot)in/bNF9BUY?Facebook.Recovery.page

"Attention"

If you do not confirm, then our system will automatically block your account and you will not be able to use it again.
Thank you for the cooperation helping us improve our service.
The Facebook Team

Note that they use the Linkedin URL shortener, which is somewhat unusual – perhaps the scammers think people are growing suspicious of endless bit(dot)ly and goo(dot)gl URLs being sent their way, and are attempting to throw a business-centric sheen on their shenanigans. They won’t get away with it without a fight, however – Google Safe Browsing flags the final destination as a dubious website: and fires up a “Deceptive site ahead” warning:

Fake FaceBook Phishing Warning

As for the scam page itself, which is located at

report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm

it looks like this:

FaceBook Phishing Scam Page

Read More…

Source:  Facebook “Page Disabled” Phish Wants your Card Details | Malwarebytes UnPacked/Christopher Boyd

When URL Shorteners and Ransomware Collide

When URL Shorteners and Ransomware Collide

We are all very familiar with URL shortening services, which are regularly used in Tweets and other social media. It is no secret that cyber criminals also use URL shorteners to aid them in achieving their objectives. URL shorteners are often used by cyber criminals to obfuscate redirects to malicious destinations.

Recently, a URL shortening service was used to shrink a dubious link, obfuscating a malicious destination:

46(dot)30(dot)45(dot)39/Statement.jpg

which was actually a malicious script dowloader “Statement.js”, dropping Cryptowall from

46(dot)30(dot)45(dot)39/yyo.w

Cryptowall is Ransomware which encrypts files on your computer and demands that a ransom be paid in order to receive instructions (private key) for decrypting your files (in this case, RSA-2048 encryption was used).

<…>

There are precautions that can be taken to avoid clicking on a malicious shortened link, such as not clicking on a shortened link if you do not know who it is from. If you want to take additional measures, there are services that unshorten shortened URL’s such as

checkshorturl(dot)com

Furthermore, it is highly recommended that you use anti-virus and anti-malware in conjunction for the best possible protection. Malwarebytes Anti-Malware protects users from this attack, including blocking identified malicious IPs and domains associated with Ransomware.

Read More…

Source:  When URL Shorteners and Ransomware Collide | Malwarebytes Labs

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable

A new critical zero-day vulnerability has been discovered in the Linux kernel that could allow attackers to gain root level privileges by running a malicious Android or Linux application on an affected device.

The critical Linux kernel flaw (CVE-2016-0728) has been identified by a group of researchers at a startup named Perception Point.

The vulnerability was present in the code since 2012, and affects any operating system with Linux kernel 3.8 and higher, so there are probably tens of millions of computers, both 32-bit and 64-bit, exposed to this flaw.

However, the most bothersome part is that the problem affects Android versions KitKat and higher, which means about 66 percent of all Android devices are also exposed to the serious Linux kernel flaw.

Impact of the Zero-Day Vulnerability

An attacker would only require local access to exploit the flaw on a Linux server.

If successfully exploited, the vulnerability can allow attackers to get root access to the operating system, enabling them to delete files, view private information, and install malicious apps.

“It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine,” Yevgeny Pats, co-founder and CEO at security vendor Perception Point, said in a blog post published today.

“With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon the patch is out.”

Usually, flaws in Linux kernel are patched as soon as they are found; therefore, Linux-based operating systems are considered to be more secure than others. However, zero-day vulnerability recently discovered in the Linux kernel made its way for almost 3 years.

Read the rest of the article…

Source: Zero-Day Flaw Found In ‘Linux Kernel’ Leaves Millions Vulnerable | The Hacker News

Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper

Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper – The Hacker News

Apple Mac Computers are considered to be much safer than Windows computers at keeping out the viruses and malware, but the new Exploit discovered by researchers again proves it indeed quite false.
Last year, The Hacker News reported a deadly simple exploit that completely bypassed one of the core security features in Mac OS X known as Gatekeeper.

Apple released a patch in November, but now the same security researcher who discovered the original Gatekeeper bypass vulnerability said he found an equally obvious workaround.

Patrick Wardle, ex-NSA staffer and head of research at security intelligence firm Synack, said the security patch released by Apple was “incredibly weak” and that the update was “easy to bypass” in minutes.

Gatekeeper’s Failure Once Again

Introduced in July of 2012, Gatekeeper is Apple’s anti-malware feature designed to block untrusted, dodgy apps from running, keeping Mac OS X systems safe from malware.

Read More…

Source: Apple’s Mac OS X Still Open to Malware, Thanks Gatekeeper – The Hacker News

Password secrets: Your Passwords Aren’t As Secure As You Think

Password secrets: Your Passwords Aren’t As Secure As You Think – Technotification

There is one thing that make us so vulnerable is ignorance. Today, everything is going to be depended on the internet. Yes, and you know it better! and a concept that we use to secure our internet accounts and all is our passwords. but is it enough to set password and feel that we are secure? are you really aware about of how to use passwords?

Our lack of understanding about passwords is allowing crooks to spy on us, steal from us, and deceive us into thinking nothing ever happened. Despite the volumes of texts that have already been written about them, how many of us have ever read a single chapter paragraph about the nitty-gritty of passwords?

That’s why i have compiled the following three short lists which outline the most common misconceptions about passwords; the ways in which our passwords can be stolen; and the tools you need to make sure it doesn’t happen to you.

Each of these sections can be read in less than two minutes. But once you’re done, you will have acquired enough information to deal safely and confidently with your passwords.

Password Myths You Should Stop Believing

  1. A file, folder, computer, or account protected by a password is safe.
    Read the rest of the article and learn why that statement is no longer true.

Read More…

Source: Password secrets: Your Passwords Aren’t As Secure As You Think

From Today Onwards, Don’t You Even Dare To Use Microsoft Internet Explorer | The Hacker News

From Today Onwards, Don’t You Even Dare To Use Microsoft Internet Explorer

Are we prepared to play this out without setting any groundwork and without mitigating and reducing the consequences of an all-automated society?

Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser.
Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an “End of Life” notice, meaning Microsoft will no longer support the older versions.
So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser.

Source: From Today Onwards, Don’t You Even Dare To Use Microsoft Internet Explorer | The Hacker News

‘Ridiculous’ Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

‘Ridiculous’ Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords

If you have installed Trend Micro’s Antivirus on your Windows computer, then Beware.

Your computer can be remotely hijacked, or infected with any malware by even through a website – Thanks to a critical vulnerability in Trend Micro Security Software.

The Popular antivirus maker and security firm Trend Micro has released an emergency patch to fix critical flaws in its anti-virus product that allow hackers to execute arbitrary commands remotely as well as steal your saved password from Password Manager built into its AntiVirus program.

The password management tool that comes bundled with its main antivirus is used to store passwords by users and works exactly like any other password manager application.

Even Websites Can Hack Into Your Computer

Google’s Project Zero security researcher, Tavis Ormandy, discovered the remote code execution flaw in Trend Micro Antivirus Password Manager component, allowing hackers to steal users’ passwords.

In short, once compromised, all your accounts passwords are gone.

Read the entire article…

Source: ‘Ridiculous’ Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords | The Hacker News

Hackers Install Free SSL Certs from Let’s Encrypt On Malicious Web Sites

Criminals are abusing Let’s Encrypt Certificates

TLDR

How can You Prevent Yourself From Such Attacks?

Trend Micro has reached out to both the Let’s Encrypt project, and the legitimate domain’s owner to notify them about the malvertising campaign.
And Here’s your take:

  • Users should be aware that a ‘secure’ website is not always or necessarily a safe website, and the best defense against exploit kits is still an easy go, i.e.:
  • Always keep your software up-to-date to minimize the number of vulnerabilities that may be exploited by cyber criminals.
  • For online advertisement brokers, an approach would be to implement internal controls to stop malicious advertisements.

Source: Hackers Install Free SSL Certs from Let’s Encrypt On Malicious Web Sites | The Hacker News

Read the entire article

Pioneer In Internet Anonymity Hands FBI A Huge Gift In Building Dangerous Backdoored Encryption System | Techdirt

Rockin’ Encryption, Open Back Door…

Few doubt Chaum’s cryptography skills or pedigree. He was instrumental in the early days of computer cryptography and what anonymity we have online today owes a lot to Chaum. But his latest plan is… troubling:

At the Real World Crypto conference at Stanford University today, Chaum plans to present for the first time a new encryption scheme he calls PrivaTegrity. Like other tools Chaum has spent his long career developing, PrivaTegrity is designed to allow fully secret, anonymous communications that no eavesdropper can crack, whether a hacker or an intelligence agency.

That part sounds good, right? But then there’s this:

That ambitious privacy toolset aside, Chaum is also building into PrivaTegrity another feature that’s sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something “generally recognized as evil” to have their anonymity and privacy stripped altogether.

Whoever controls that backdoor within PrivaTegrity would have the power to decide who counts as “evil”—too much power, Chaum recognizes, for any single company or government. So he’s given the task to a sort of council system. When PrivaTegrity’s setup is complete, nine server administrators in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications. The result, Chaum argues, is a new approach that “breaks the crypto wars,” satisfying both the law enforcement agencies who argue that encryption offers a haven for criminals, and also those who argue that it’s necessary to hobble mass spying.

Unfortunately, Chaum is both totally missing the point and playing right into the FBI’s hands. The argument of basically every other cryptographer is that building any encryption system is incredibly difficult — and introducing any sort of backdoor opens up massive and dangerous vulnerabilities — whether the original creators recognize it or not. The second you introduce a backdoor — even using Chaum’s weird “nine people in nine countries” system — you have introduced a vulnerability. A vulnerability that can and will be abused by others. You are introducing a security flaw. And that’s a massive security problem.

Source: Pioneer In Internet Anonymity Hands FBI A Huge Gift In Building Dangerous Backdoored Encryption System | Techdirt

First Click: The quietest story of CES is also the biggest | The Verge

What happens to humans when all things move like information?

Are we prepared to play this out without setting any groundwork and without mitigating and reducing the consequences of an all-automated society?

So what happens when the robots reduce the cost and time of moving physical objects to not a lot and pretty fast? When a huge variety of autonomous vehicles in every shape and size from tiny drone to semi truck can be sent off to deliver things without having to slow down or take naps or feel inconvenienced? What does an already globalized culture look like when it’s not just information that can travel instantly, but actual things that can spread across the city and state and world faster and cheaper than ever?

We already know some answers: software-driven advances in logistics and warehousing are behind seemingly-simple things like Amazon’s ultrafast shipping, and services like Instacart and Uber have taught users to expect real-world results from pushing a smartphone button — even if they’re filling in the gaps with other humans for now. The goal is to automate everything, and the first step is teaching the machines to move around.

The machines are fast learners, it turns out. What happens when they have nothing left to learn?

Source: First Click: The quietest story of CES is also the biggest | The Verge

Credit Card Skimmers Found in Colorado, California Safeway Branches | Hacked

A banking chain in Colorado told Krebs on Security that it discovered a skimming operation while investigating several fraud cases against its clients. It discovered a common link in all the cards that were drained at local ATM machines: they had all been used at the same Safeway stores. It wasn’t just the stores, however, …

Source: Credit Card Skimmers Found in Colorado, California Safeway Branches | Hacked

FBI Chief Asks Tech Companies to Stop Offering End-to-End Encryption | Motherboard

Sure, we should just open all information to all governments, right? Who needs a warrant? Who needs due process? Because all of those politicians — with their hands in the pockets of special interests — only have the citizens best interests at heart, right? I mean when has our government ever been corrupt and/or morally bankrupt? Actually, today. When has law enforcement ever overreached? Oh, yeah. Every day this year…

Today, FBI Director James Comey thinks tech companies that offer encryption should “change their business model.”
Despite there still being no solid evidence the attackers benefited from or even used encryption (in at least one case, they coordinated via distinctly unencrypted text messages) law enforcement and national security hawks have used the tragedies to continue pressing tech companies to give the US government access to encrypted communications—even if that means rolling back security and changing the nature of their businesses.

Source: FBI Chief Asks Tech Companies to Stop Offering End-to-End Encryption | Motherboard

Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

Here’s a rundown of the cyber threat landscape for 2016 and beyond, courtesy of a report from Intel security.
Coming In 2016

The 2016 predictions covers threats from ransomware, infrastructure attacks, attacks on automobile systems and the sale and warehousing of stolen data.

• Hardware: Attacks on hardware and firmware will continue while the market for the tools that facilitate them will increase. System firmware toolkits could target virtual machines.

• Ransomware: Ransomware is a growing threat that could anonymize payment methods and networks. More inexperienced cybercriminals will use ransomware-as-a-service.

• Wearables: Most wearable devices store only small amounts of information, but cybercriminals could target them to undermine the smartphones that manage them. The industry will have to protect attack surfaces like networking and wi-fi software, operating system kernels, memory, user interfaces, storage systems and local files, web apps, virtual machines and security and access control software.

• Employee systems: Attackers are likely to target organizations through their employees, including their home security systems, to access corporate networks. Organizations will have to stay vigilant by implementing new security technologies, create effective policies and hire experienced people.

• Cloud services: Attackers could exploit vulnerable security policies that protect cloud services. These services could undermine business strategy, financials, portfolio strategies, next-generation innovations, employee data, acquisition and divestiture plans, and other data.

• Automobiles: Connected automobile systems that lack security capabilities will be potential scenarios for exploitation. Automakers and IT vendors will partner to provide standards and solutions to protect attack surfaces like engine and transmission engine control units (ECUs), remote key systems, advanced driver assistance system ECUs, passive keyless entry, USBs, OBD IIs, V2X receiver, smartphone access and remote link type apps.

• Warehouses of stolen data: The dark market for stolen, personally-identifiable information and user names and passwords will increase in 2016. Big data warehouses that link together stolen, personally-identifiable information sets make combined records more valuable to attackers.

• Integrity attacks: Selective compromises to systems and data mark one of the most significant new attack vectors. Such attacks seize and modify transactions or data to favor perpetrators. An attacker can change direct deposit settings for a victim’s paychecks and direct the deposit to a different account. Cyber thieves could steal millions of dollars in an integrity attack in the financial sector in 2016, McAfee Labs predicts.

• Sharing threat intelligence: Enterprises and security vendors will increasingly share intelligence. Legislative action could allow governments and companies to share threat intelligence. Best practices in this area will increase, allowing success metrics to emerge and quantify protection improvement. Threat intelligence cooperatives among vendors will grow.

Source: Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

🎄Google Santa Tracker

Google’s Santa Tracker is Back!

On a lighter, seasonal note, the Google Santa Tracker is back! Every day during December something new is revealed to play, watch, learn, or otherwise interact with. And of course once Christmas rolls around, the site will track Santa as he travels around the world. There’s also a Google Play app that you can follow along with.

Use Google Santa Tracker to follow Santa Claus on Google Maps as he makes his journey around the world.

Source: 🎄Google Santa Tracker

FBI admits it uses stingrays, zero-day exploits | Ars Technica

FBI admits it uses stingrays, zero-day exploits

Yeah, these are the guys that want to put an end to encryption because: criminals. But without the ability to protect oneself, everyone is subject to these invasions. As a note, others have gone to jail (almost forever) for doing what the FBI is doing. How is their bending of the law any different than those in prison?

stingrays generally intercept all cell phone communications in a given area, not just those of a drug or kidnapping suspect. Paying large sums of money to buy zero-days, meanwhile, creates powerful incentives for governments to keep the underlying vulnerabilities secret

Source: FBI admits it uses stingrays, zero-day exploits | Ars Technica

CNN investigates: How Corporate America keeps huge hacks secret – Nov. 30, 2015

The US Energy Grid was Hacked 79 Times This Year

and we have learned nothing to protect ourselves better

There’s a reason you never hear about major hacks of power plants, manufacturers and banks. Federal law keeps them secret.

Source: CNN investigates: How Corporate America keeps huge hacks secret – Nov. 30, 2015

New Drive-By Allows Exploit to Plug Dreaded Ransomware Cryptowall 4.0 | Hacked

New Drive-By Allows Exploit to Plug Dreaded Ransomware Cryptowall 4.0 | Hacked

To immunize your Windows PC from the malware strain, here are a few pointers:

  • Always keep your system updated. Always.
  • Do frequent backups of important data and your OS,  as a general practice.
  • Stay away from untrustworthy websites One of the most effective method of spreading malware is via emails. Avoid all spam emails and ignore suspicious emails from unknown senders.
  • Most important of all, be doubly sure of the compressed file or the executive file you’re opening.

Source: New Drive-By Allows Exploit to Plug Dreaded Ransomware Cryptowall 4.0 | Hacked

Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

As you will see in the document, we believe the security in the Internet of Things is perhaps the most most significant challenge and we believe ensuring security in IoT must be a fundamental priority. Poorly secured IoT devices and services can serve as potential entry points for cyber attack and expose user data to theft by leaving data streams inadequately protected. A proliferation of poorly secured devices also has the potential to impact the security and resilience of the Internet globally. In order for IoT to be successful, users will need to trust that devices and related data services are secure from vulnerabilities, especially as this technology become more pervasive and integrated into our daily lives.

Source: Internet Society Releases Internet of Things (IoT) Overview Whitepaper: Understanding the Issues and Challenges of a More Connected World | Internet Society

Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas – The Hacker News

Pro PoS Stealthy Point-of-Sale Malware Could Steal Your Credit Card during Christmas Shopping

Source: Pro PoS — This Stealthy Point-of-Sale Malware Could Steal Your Christmas – The Hacker News

“InfoArmor warned that cyber crooks were actively using the current version of Pro PoS Solution in an effort to target PoS systems used by large retailers and SMBs in the United States and Canada specifically.”

Adobe to Kill ‘FLASH’, but by Just Renaming it as ‘Adobe Animate CC’ – The Hacker News

Adobe to Kill ‘FLASH’ by Just Renaming it as ‘Adobe Animate CC’

“What it won’t bring is:

Fix for the number of security issues that have plagued Adobe Flash for years

The platform has a new name, but the development tool lives on.

So, Flash isn’t actually dead; it’s just renamed.

“Adobe’s strategy is to make money regardless of what happens in the market,” says Jeffrey Hammonds, principal analyst at Forrester Research. “They understand that there is a slow transition to HTML5 going on.”

“At some point you have to embrace the change,” Hammond adds. “The rebranding is the visible sign of that, but the internal focus on supporting the technologies like HTML5 has been going on a while.”

So, hiding Flash behind a different name doesn’t solve the stability and security issues. In fact, a recently uncovered flaw in the software was so nasty that the only way to get rid of it was to completely uninstall Flash Player.”

Dell’s Laptops are Infected with ‘Superfish-Like’ pre-installed Malware

From The Hacker News:

Dell’s Laptops are Infected with ‘Superfish-Like’ pre-installed Malware

Similar to the Superfish malware that surrounded Lenovo laptops in February, another big computer manufacturer Dell spotted selling PCs and laptops pre-installed with a rogue SSL certificate that could allow attackers:
  • To impersonate as any HTTPS-protected website and spy on when banking or shopping online.
The rogue certificate, dubbed eDellRoot, was first discovered over the weekend by a software programmer named Joe Nord. The certificate is so creepy that it automatically re-installs itself even when removed from the Windows operating system.

Superfish 2.0: Unkillable Zombie

The self-signed transport layer security (TLS) credential came pre-installed as a root certificate on Dell PCs and laptops that are signed with the same private cryptographic key, which is stored locally.

Read More…

Tips to Protect Yourself from Cyber Scams

According to the Fraud Watch Network from AARP, if you’re using wifi you are probably oversharing.

“If you’re using Wi-Fi, you may be oversharing.

On a free public network or even at home, using Wi-Fi could mean you’re sharing your credit card numbers, passwords and other personal information with the entire world. Con artists are taking advantage of our oversharing, stealing billions from Americans last year alone.

Here are 4 things to never do on public Wi-Fi.

1. Don’t fall for a fake: Con artists often set up unsecure networks with similar names to a coffee shop, hotel, or other free Wi-Fi network.

2. Mind your business: Don’t access your email, online bank or credit card accounts using public Wi-Fi.

3. Watch your settings: Don’t let your mobile device automatically connect to nearby Wi-Fi.

4. Stick to your cell: Don’t surf using an unknown public network if the website requires sensitive information – like online shopping. Your cell phone network is safer.”

 

What’s the difference between antivirus and anti-malware?

Quote

“No one tool can catch everything, which is why security experts recommend a layered approach. It’s better to have more than one set of eyes looking at threats from different angles. “I’m sure you’ve heard the old saying ‘jack of all trades, master of none,'” says Samuel Lindsey, Malwarebytes user advocate. “That’s how I see all-in-one security suites; they just can’t detect everything on any given day.”

Your best bet is to use an antivirus program to catch the classic threats and an anti-malware program, like Malwarebytes Anti-Malware Premium, for the newer, more advanced dangers. And you needn’t worry about the impact of running two real-time scanners at the same time on your machine’s performance—most anti-malware software is lightweight, easy-to-run, and designed to work alongside antivirus.”

 

Source: What’s the difference between antivirus and anti-malware?

Quantum Defense – The Race to Military Applications of Fundamental Science

The first superpower to harnesses quantum science will achieve military super-powers, Defense One reports: unbreakable communication security, and quantum supercomputers much more powerful than today’s machines. As usual, the race is between the US and China. Defense Undersecretary Frank Kendall said: Much like autonomy, quantum sciences is an area that could yield fundamental changes in military capabilities. A Billion-Fold Increase in Defense Computing Power Quantum computers are “as different from regular computers as humans are from jellyfish.” While traditional computers encode information in classical bits that are in well-defined states – on or off, zero or one – quantum computers …

Source: Quantum Defense – The Race to Military Applications of Fundamental Science

Google to ‘pause’ Flash-based adverts – BBC News

Google’s Chrome browser will start blocking some internet adverts that use Adobe’s Flash technology, from Tuesday.

Source: Google to ‘pause’ Flash-based adverts – BBC News

We all know that Flash has had a very hard time in the near past, what with hackers using it to spread mahem.  And still I find that many of the online schools are still using Flash for their videos.  Boggles the mind. Well, soon they won’t have a choice but to move to another technology. Of course, Adobe could shore up and bulletproof Flash, but given their track record, I seriously doubt that will happen.

How To Change Cortana’s Bing Search to Google in Windows 10 Using Bing2Google

With Bing2Google, you can change this Bing search engine from your Cortana desktop search.

Source: How To Change Cortana’s Bing Search to Google in Windows 10 Using Bing2Google

Bing’s search function is intricately integrated into the Cortana desktop, so changing your desktop search engine default is extremely difficult. This Chrome extension does it in a much simpler way.