E-mails: Spam, spam and oh! what a surprise spam again.

We wen’t over this already but I bring some good news related to spam emails. Up until now your Internet Service Providers where allowed to share or sell your information to third parties. Not only your ISP but other agencies like the Work Force. Anyway, this one is related to our ISPs.

New Privacy Rules require ISPs to must Ask you before Sharing your Sensitive Data

 

Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs).

 

Yes, it’s time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules.

 

On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy ruleson Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent. Read more…

 

It was always specified in the contract that “we can give to other third parties some of your personal information. See paragraph something on page X” at least if they said only with your permission but they know that no one would say “Yes! Please send me 100 emails per minute with offers that I’m not interested to so that I can’t find what I’m looking for.”

Anyway that’s fixed now and more and more people are becoming aware or at least annoyed by unwanted emails and similar  actions will be taken with other companies or agencies so that the number will decrease.

And now to end this post with something interesting.Did you know that the phrase “spam mail” was inspired by the Monty Python?

     Personally I don’t think that Spam mail will ever disappear, at least completely. Why? Because grandma will still love kittens and she will still send you emails with Gifs for you to like and share on facebook to show her that you care.

Choose wisely your Cloud. Not all of them are safe.

cloud-computing-626252_1920

This is something that got my attention in a particular way because most of the people today store their videos, photos in a cloud but there are others that store even important information like bank information.

CloudFanta Malware Steals Banking Information Via Cloud Storage Apps

Watch out, threat research labs Netskope spotted the CloudFanta Malware Stealing Banking Information Via Cloud Storage Apps.

Threat Research Labs, Netskope, published a detailed research on the malware “CloudFanta” campaign, suspect since July 2016 to steal more than 26,000 worth of email credentials. CloudFanta benefits from the ‘SugarSync’ – a cloud storage app – to distribute itself and steal user credentials and monitor online banking activities to extract sensitive information. Find out how…

This is no joking, I thought it was impossible and was quite shocked when I found out. But why it comes to me with such surprise? In this day and age all is possible. The cyber crooks come up with many inventive ways every day in order to steal our info and I’m not saying it in a good way.

pen-1751423_1920

This is one of the reasons why I’m a bit old fashioned when it comes to storing my sensible information. I still print or write my details and store them in a portfolio somewhere safe in my house. At least the most crucial information like my bank details.

Still I can’t negate the fact that MOST of my accounts are stored online.

 

Be sure to check the website for malware or viruses before you register, this applies to EVERY site not just the ones you consider that are important. It doesn’t take more than 10 seconds and eventually it will become a habit.

Also look if the app haves a website and it’s represented by a group of people, check the website, does it have a facebook page or other social media? How many people are engaged with that particular page or profile? Write the site or app name in Google and after it write “review”/”reviews” to see what other people have’s to say about it.

Don’t just simply download an app or register on a website the first time you see it. This check is what I use and it doesn’t take more than two minutes.

Can the Two Factor Authentication security measure be passed?

puzzle-1713170_1280So Two Factor Authentication is annoying but safe. Is an extra measure of protection that involves your phone. You simply receive a text with a code, type it in and you then mind your business as usual. It happens with Google, it happens with PayPal and usually when you try to log in from a different location other than your home.

You may think that it’s impossible to get pass it and since phone numbers cannot be stolen and you always have the phone with you you’re always safe. Well think again.

                  PayPal patches flaw that allowed 2FA bypass… again

PayPal released a patch for a vulnerability that a security researcher said allowed him to bypass the payments company’s two-factor authentication in less than five minutes.

Henry Hoggart, a mobile security consultant at MWR InfoSecurity, wrote e in a blog post that he recently needed to make a payment from a hotel, but was unable to receive the 2FA code on his mobile phone because had no service. So he simply used a proxy then replaced “securityQuestion0” with “securityQuestion1” in the post data sent by his browser….Read more…

I have good news and good news. The good news is that it’s fixed. The other good news is that we have smart people just like Henry Hoggart working in our favor. They bring awareness and help us avoid unpleasant situations. Alan Pearson was kind enough to name a few of them. You can even follow them on Twitter.

              87 Security Experts You Need to Be Following on Twitter

As computers become exponentially more involved in our everyday working lives, security is an increasing concern.

It’s therefore essential for security conscious individuals to keep up to date with the latest news and trends. Twitter has emerged as an excellent way of doing this. By following a subsection of the biggest influencers in security, you can stay on top of the industry and any pressing developments — which is why we’ve compiled this list. Next to each recommended account, we’ve given a brief bio and explained what it is they Tweet about.

detective-1299558_1280     You should check out their profiles, they have some interesting things to tell. I know for a fact that some companies hire them as consultants in the sens that “Hey, we will pay you X amount of money if you can breach our website” like some kind of “Wanted” post offer. Which is nice. Become a security expert and go out Reward hunting.

They are well pay’d professionals hired by big companies, some of them have their own business around that area and some of them are even ex cyber crooks that vowed to use their skills for the better good.

Regardless of what they where or weren’t, now you can see them as Internet Detectives that are making the Internet a better place.

Spam emails can buy Ferraris. Want to know how?

spam

So we know that spam emails are mostly used to promote a product or service in an annoying way, mostly. Sometimes the newsletters we willingly subscribe to end up spamming us. Thanks to the email service providers most of them get automatically sent to the spam folder and there they remain.

There are also some very dangerous emails that we really should avoid. They contain files or a link and the moment you click on them your money balance suffers. Going trough email as usual until you find a “winning” lottery ticket. The temptation is just to big and you click it. In the end you win nothing but a malware that steals your credit card information.

This is a known possibility. But have you wondered what happens on the other side? I mean sure, the crook might buy a new phone or…whatever. Is the risk of getting caught worth it in the end?

    Florida man ran $1.35m hack-and-spam racket with 50m-plus addresses

                                     The wages of sin include a Ferrari F430

The leader of a spamming gang that took over corporate servers and private email accounts to send out spam has pled guilty to charges of computer hacking and identity theft.

Timothy Livingston, 31, of Fort Lauderdale, Florida, worked with two other partners to run A Whole Lot of Nothing, LLC. The shell company pulled in hundreds of thousands of dollars between January 2012 and June 2015 with spamming campaigns for illicit drugs, and also targeted some legitimate companies.

Now we know why we get so much spam email. It’s hell to stay every morning sitting at your computer for an hour or so to go trough the email just to find one good email in a hundred. Actually this is quite enjoyable for me, I wake up turn on the computer and sit with a nice coup of tea unsubscribing and deleting emails while the nice warm sun’s light is passing trough the window. But in case you don’t like tea:

                                  How to Stop Spam

Spam has become a constant fixture in our online lives. While it’s easy to gloss over spam in your inbox, accidentally clicking a spam link can lead to virus infection and identity theft. Take the fight to the spammers by actively blocking the spam that you receive, as well as preventing future spam. Your inbox will thank you.

Unwanted emails that can buy Ferraris, pieces of code that kidnap computer files. Where are we heading towards?! Ha ha, just kidding. Stay informed and avoid suspicious files and links and you’ll be safe and Please! If you want to buy a Ferrari think of better legit method. Thanks!

Image source.

Petya, a Ransomware or it’s cousin?

2016-10-28_1928

We know from the previous post that Ransomware encrypts your files and deletes them if you don’t pay X amount of money in bitcoin until the time goes off. With Petya there’s a different story, it still requires you to pay a ransom but this time instead of deleting your files it blocks your WHOLE computer and deletes everything  on your Hard-Drive.

It’s still considered a Ransomware but it behaves more like a rootkit. The following is a video demonstration…

     And we thought that the Ransomware Jigsaw was scary. But there’s no need to panic! The Talos team from the Cisco systems have released a FREE filter that is open source and makes your computer immune to it.

You could almost say that it blocks the channels that Petya uses to infiltrate your Hard-Disk so literary when Petya launches, it will look like a “Hello!” message made by a 14 year’s old using notepad.

 

And that’s how you turn a bear into a mosquito. The result of brilliant minds and reverse engineering. Next you will find an article written by Mohit Kumar which tells more about the MBRFilter. He also provides a link to the official page where you will find a download link.


MBRFilter — Open Source Tool to Protect Against ‘Master Boot Record’ Malware


Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start.


An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR.


A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost impossible to detect, and thus takes unrestricted and unauthorized access to your entire computer.


So, the best way to protect your computer against such bootkits is to restrict your MBR to rewrite or overwrite by an unauthorized software…Read more


We now know one thing for sure! Petya isn’t a threat anymore. And whatever follows next…It won’t last for long.

Image source

Recommended Resources:

Ransomware: What is it? Am I vulnerable?

 

     We all know those action packed movies from Hollywood with kidnappers waiting at the school entrance for a rich kid to finish classes and as soon as he exits they snatch him against his will, throw him in the van and part leaving only smoke behind.

     After a while at Mr Rich Dad’s mansion the land line phone rings and on the other end is a robotic voice saying “If you want to see him again you must send 10 million dollars to this account in 2 hours?”

Well, today it can happen to you. Not YOU per say but your computer. I introduce to you…The Ransomware

 

     Ransomware is a malware type, it was also called Cryptolocker when it was first introduced in 2013. Once you’re infected it encrypts your data, a message pops up on your screen with some text, a bitcoin address and a time limit in which you have to send the atacker “ransom” money in order to receive the deactivation key or else when the timer goes down…all your files are gone.

The following is a full video example…

     There are a couple of Ransomware types and every one of them have different behaviours. Steve Zurier mentions a few of them:


7 Scary Ransomware Families


As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever.


The FBI says that from Jan. 1, 2016 to June 30, 1,308 ransomware complaints have been reported, totaling $2,685,274 in losses. And it appears that the ransomware “business” will continue to…Read more

     Well that’s scary isn’t it? But don’t worry, thanks to the “good guys” the movie always ends well in the favor of the protagonist. Aside from giving the ransom money there are other solutions to rescue your data like periodicaly making backups on a external Hard-Disk.

Also changing your internet habbits: check received links before clicking on them; have some decent software instaled; avoid visiting shady websites and don’t download anything from emails that you don’t recognize. Ryan Olson the author of the next post I’m about to show did a great job in showing the conditions in which you may get infected and how to prevent it.


Black Hat Europe 2016: What’s Next For Ransomware & How To Prevent It


Ransomware has existed in various forms for decades, but in the last three years, cybercriminals have perfected its key components. Here’s what you need to know now. To execute a successful ransomware attack, an adversary must be able to do the following:


· Take control of a system or device


· Prevent the owner of the controlled device from accessing it, either partially or completely


· Alert the owner that the device has been held for ransom, indicating the method and amount to be paid


· Accept payment from the device owner.


· Return full access to the device owner after payment has been received.


·Read more


Let’s evaluate what we now know:

  • What is a Ransomware
  • Some different types
  • It’s purpose
  • Precautions techniques
  • How you could get infected
  • How to remain protected

In the end, regardless of what these cyber-crooks bring to the table and what intention they have there is always a solution. Always stay informed and remain cautious while surfing the internet.

Recommended Resources:

Computer worms and how to get rid of them

robot-707219_1280      A computer worm is a noxious self-replicating program. Compared to other infections, a worm does not have to enter a program to multiply and go from computer to computer.

     Worms are regularly used to make a secondary passage for a programmer to access the victims PC, for use in a botnet, to send spam mail, or to anonymize their own program history.

     Similarly as with all malware, a slow Internet connection without any reason is a certain indication of a worm assault. Receiving a lot of unwanted emails, more than just the regular spam we are all accustomed to is another sign of a possible infection. Strange browser behavior or warning signs from your anti-virus and firewall systems may also occur.

     If we have all reasons to suspect a computer infection we don't need to panic. Many viruses and other types of malware are designed simply to cause chaos and it may be the same case.

     Supposing that you have an anti-virus program installed

   Most probably a pop up message appears on your desktop from time to time or you have a shortcut on there. Simply open it and run a quick scan. Most of the time it takes from 10 to 20 minutes to finish depending on your computer's specs and how many files you have stored on your hard-disk.

     If nothing shows up after the scan is complete and your computer behaviour didn't improved you may want to make an indepth scan. But this usually takes from 2 to 3 hours or even more! So you will have to be ready to do this in the morning and move to other things. I advise against leaving the computer overnight.

     If the scan was completed, nothing was found and you still have all the reasons to beleive that your computer is infected you may want to change your anti-virus.

Malware, Spyware, and Adware? What’s the difference?

hand-1248053_1920

     They allow other people to track your Internet patterns and record your credit card and any other personal information without your permission. Show unwanted ads on your computer. Modify, copy or delete your files. And if it weren't enough they slow down your computer and Internet connection.

     You have to be very knoledgeble when it comes to anti-virus software and firewalls because not all of them work, are good and some of them are even infected with the pests you are tring to get rid of. (Usually the free ones, only if they don't come from reputable companies like kaspersky, northon, nod32 etc.)

     It it weren't enough just as it is they are keeping on advancing into new tricky and undermining types of web assaults, that's way anti-viruses have almost daily updates and why it's best to have a subscription for one once you find what is the best type of program based on your usage habits.

     The most terifing thing is that when they infect a fille you can rarelly save it and even the best anti-virus out there will completely delete your file. From the user who use the computer once a week to store pictures and recordings to the more advanced one whose work is based on the usage of a computer this is a real problem.

     It's best to form good internet habits or start changing them. Know what a threat is, where you can get it, how it manifests, what to do and NOT do in the case of an inffection (most viruses will follow you and enter the filles you acces, if you access the contaminated folder then move to another one, that one will ALSO become infected) but most important, how to avoid a nasty situation and enjoy a safe and fast computer and internet connection.

high-security-1740431_1920     Buckle your belt and be ready to make some changes. It's beter to have an umblera with you if you know that it may rain today. Especially if you have important filles on your PC. I know that I have and I guess that you have too.

Introduction: Spybot, Spyware, Trojans, Adware, Worms…

     One thing that has always been of the utmost importance is how to prevent individual piracy, from a simple virus to Spybot Trojans and malicious programming code to the latest Spyware. All have been meant to do one thing, record your movements, and reveal them to others so that they may use these actions against you.

     Whether by simply displaying ads or diverting your browser’s setting to a particular search engine, to a non family friendly website hosting spybot malware or displaying casino pop up ads and tracking your IP with spybot cookies and revealing it to absolutely anyone anywhere on command.

 

binary-1536650_1920

     Spybot Spyware aps are basically programs that are hidden from view and work in the background in order to collect your personal information and use them against you in various forms.

     Spybot malware and spyware in many ways, acts much like a virus which remains undetected from your eyes and destroys your data, but on the other hand a spybot is more dangerous in the sense that it remains undetected on your system and reports and reveals your personal information to the big advertising guns and evil third party hackers who develop these small spybot snippets for their own petty interests.

     Hidden Spyware, Spybot malware & Trojans keep logs of websites that you visit, softwares you use, configurations of your computer and the data that you submit while signing up with any online forms. This information compiled by backdoor trojan spybot malware and spyware adware applications, is then used to direct conveniently relevant advertisements to you.

binary-1414315_1920

     You must have noticed that when you try to use some freeware and shareware softwares, endless streams of pop up windows appear from every side, asking you to click here or there, your PC slows down because of the dozens of spybot spyware programs and pop up windows sharing the same resources in the background.

     The main emphasis of these spyware & spybot programs is to give you pertinent ads at your end.. but they inadvertently make your internet experience a frustrating, ad bombarding and hellish one. You must also have had experienced many times that you clicked some link on your favorite website but the browser landed on another page and the more you tried to get rid of them, the more they remained hanging in and around you in the form of small pop up windows, error messages or other warning messages asking you whether you want to install a software, set up your homepage to a particular website and so on.

     All these are signs that you have a malicious spybot spyware in your system that is monitoring your actions and movements and sending your online habits to people who value such information.

     These people then track you down for a variety of purposes like sending pop up ads and installing some pesky applications so that hackers can hack your financial data and passwords. These are the most common unlawful purposes for which spyware are used.

     You can avoid the intrusion of attacks of spybot spyware and stop them from spying on your systems by using an anti spybot spyware utility that is available online, some of them are very basic, others are professional, well designed and impeccably programmed to ensure that spybot malware & spyware is removed from your machine and absolutely nothing else.

     Also using a firewall can help reduce the error attacks at a considerable rate. If you treasure your privacy, then installing these tools are essential; because even if you locate them you can’t manually delete them. Much like virus pests, spyware also is very hard to remove, so you have to use special anti spyware tools.