E-mails: Spam, spam and oh! what a surprise spam again.

We wen’t over this already but I bring some good news related to spam emails. Up until now your Internet Service Providers where allowed to share or sell your information to third parties. Not only your ISP but other agencies like the Work Force. Anyway, this one is related to our ISPs.

New Privacy Rules require ISPs to must Ask you before Sharing your Sensitive Data

 

Good News for privacy concerned people! Now, your online data will not be marketed for business; at least by your Internet Service Providers (ISPs).

 

Yes, it’s time for your ISPs to ask your permission in order to share your sensitive data for marketing or advertisement purposes, the FCC rules.

 

On Thursday, the United States Federal Communications Commission (FCC) has imposed new privacy ruleson Internet Service Providers (ISPs) that restrict them from sharing your online history with third parties without your consent. Read more…

 

It was always specified in the contract that “we can give to other third parties some of your personal information. See paragraph something on page X” at least if they said only with your permission but they know that no one would say “Yes! Please send me 100 emails per minute with offers that I’m not interested to so that I can’t find what I’m looking for.”

Anyway that’s fixed now and more and more people are becoming aware or at least annoyed by unwanted emails and similar  actions will be taken with other companies or agencies so that the number will decrease.

And now to end this post with something interesting.Did you know that the phrase “spam mail” was inspired by the Monty Python?

     Personally I don’t think that Spam mail will ever disappear, at least completely. Why? Because grandma will still love kittens and she will still send you emails with Gifs for you to like and share on facebook to show her that you care.

Can the Two Factor Authentication security measure be passed?

puzzle-1713170_1280So Two Factor Authentication is annoying but safe. Is an extra measure of protection that involves your phone. You simply receive a text with a code, type it in and you then mind your business as usual. It happens with Google, it happens with PayPal and usually when you try to log in from a different location other than your home.

You may think that it’s impossible to get pass it and since phone numbers cannot be stolen and you always have the phone with you you’re always safe. Well think again.

                  PayPal patches flaw that allowed 2FA bypass… again

PayPal released a patch for a vulnerability that a security researcher said allowed him to bypass the payments company’s two-factor authentication in less than five minutes.

Henry Hoggart, a mobile security consultant at MWR InfoSecurity, wrote e in a blog post that he recently needed to make a payment from a hotel, but was unable to receive the 2FA code on his mobile phone because had no service. So he simply used a proxy then replaced “securityQuestion0” with “securityQuestion1” in the post data sent by his browser….Read more…

I have good news and good news. The good news is that it’s fixed. The other good news is that we have smart people just like Henry Hoggart working in our favor. They bring awareness and help us avoid unpleasant situations. Alan Pearson was kind enough to name a few of them. You can even follow them on Twitter.

              87 Security Experts You Need to Be Following on Twitter

As computers become exponentially more involved in our everyday working lives, security is an increasing concern.

It’s therefore essential for security conscious individuals to keep up to date with the latest news and trends. Twitter has emerged as an excellent way of doing this. By following a subsection of the biggest influencers in security, you can stay on top of the industry and any pressing developments — which is why we’ve compiled this list. Next to each recommended account, we’ve given a brief bio and explained what it is they Tweet about.

detective-1299558_1280     You should check out their profiles, they have some interesting things to tell. I know for a fact that some companies hire them as consultants in the sens that “Hey, we will pay you X amount of money if you can breach our website” like some kind of “Wanted” post offer. Which is nice. Become a security expert and go out Reward hunting.

They are well pay’d professionals hired by big companies, some of them have their own business around that area and some of them are even ex cyber crooks that vowed to use their skills for the better good.

Regardless of what they where or weren’t, now you can see them as Internet Detectives that are making the Internet a better place.

Petya, a Ransomware or it’s cousin?

2016-10-28_1928

We know from the previous post that Ransomware encrypts your files and deletes them if you don’t pay X amount of money in bitcoin until the time goes off. With Petya there’s a different story, it still requires you to pay a ransom but this time instead of deleting your files it blocks your WHOLE computer and deletes everything  on your Hard-Drive.

It’s still considered a Ransomware but it behaves more like a rootkit. The following is a video demonstration…

     And we thought that the Ransomware Jigsaw was scary. But there’s no need to panic! The Talos team from the Cisco systems have released a FREE filter that is open source and makes your computer immune to it.

You could almost say that it blocks the channels that Petya uses to infiltrate your Hard-Disk so literary when Petya launches, it will look like a “Hello!” message made by a 14 year’s old using notepad.

 

And that’s how you turn a bear into a mosquito. The result of brilliant minds and reverse engineering. Next you will find an article written by Mohit Kumar which tells more about the MBRFilter. He also provides a link to the official page where you will find a download link.


MBRFilter — Open Source Tool to Protect Against ‘Master Boot Record’ Malware


Technically, Bootloader is first code that gets executed after system BIOS that tells your computer what to do when it start.


An advanced malware program, such as rootkit and bootkit, leverages this process to infect computers by modifying the MBR.


A boot malware or bootkits has the ability to install ransomware or other malicious software into your Windows kernel, which is almost impossible to detect, and thus takes unrestricted and unauthorized access to your entire computer.


So, the best way to protect your computer against such bootkits is to restrict your MBR to rewrite or overwrite by an unauthorized software…Read more


We now know one thing for sure! Petya isn’t a threat anymore. And whatever follows next…It won’t last for long.

Image source

Recommended Resources:

Ransomware: What is it? Am I vulnerable?

 

     We all know those action packed movies from Hollywood with kidnappers waiting at the school entrance for a rich kid to finish classes and as soon as he exits they snatch him against his will, throw him in the van and part leaving only smoke behind.

     After a while at Mr Rich Dad’s mansion the land line phone rings and on the other end is a robotic voice saying “If you want to see him again you must send 10 million dollars to this account in 2 hours?”

Well, today it can happen to you. Not YOU per say but your computer. I introduce to you…The Ransomware

 

     Ransomware is a malware type, it was also called Cryptolocker when it was first introduced in 2013. Once you’re infected it encrypts your data, a message pops up on your screen with some text, a bitcoin address and a time limit in which you have to send the atacker “ransom” money in order to receive the deactivation key or else when the timer goes down…all your files are gone.

The following is a full video example…

     There are a couple of Ransomware types and every one of them have different behaviours. Steve Zurier mentions a few of them:


7 Scary Ransomware Families


As the season of evil witches, ghosts, goblins, and ghouls approaches, it’s time to be on guard. But security managers face scary prospects year-round, especially as new strains of ransomware escalate. And ransomware variants are getting more pervasive – and creepier – than ever.


The FBI says that from Jan. 1, 2016 to June 30, 1,308 ransomware complaints have been reported, totaling $2,685,274 in losses. And it appears that the ransomware “business” will continue to…Read more

     Well that’s scary isn’t it? But don’t worry, thanks to the “good guys” the movie always ends well in the favor of the protagonist. Aside from giving the ransom money there are other solutions to rescue your data like periodicaly making backups on a external Hard-Disk.

Also changing your internet habbits: check received links before clicking on them; have some decent software instaled; avoid visiting shady websites and don’t download anything from emails that you don’t recognize. Ryan Olson the author of the next post I’m about to show did a great job in showing the conditions in which you may get infected and how to prevent it.


Black Hat Europe 2016: What’s Next For Ransomware & How To Prevent It


Ransomware has existed in various forms for decades, but in the last three years, cybercriminals have perfected its key components. Here’s what you need to know now. To execute a successful ransomware attack, an adversary must be able to do the following:


· Take control of a system or device


· Prevent the owner of the controlled device from accessing it, either partially or completely


· Alert the owner that the device has been held for ransom, indicating the method and amount to be paid


· Accept payment from the device owner.


· Return full access to the device owner after payment has been received.


·Read more


Let’s evaluate what we now know:

  • What is a Ransomware
  • Some different types
  • It’s purpose
  • Precautions techniques
  • How you could get infected
  • How to remain protected

In the end, regardless of what these cyber-crooks bring to the table and what intention they have there is always a solution. Always stay informed and remain cautious while surfing the internet.

Recommended Resources:

Malware, Spyware, and Adware? What’s the difference?

hand-1248053_1920

     They allow other people to track your Internet patterns and record your credit card and any other personal information without your permission. Show unwanted ads on your computer. Modify, copy or delete your files. And if it weren't enough they slow down your computer and Internet connection.

     You have to be very knoledgeble when it comes to anti-virus software and firewalls because not all of them work, are good and some of them are even infected with the pests you are tring to get rid of. (Usually the free ones, only if they don't come from reputable companies like kaspersky, northon, nod32 etc.)

     It it weren't enough just as it is they are keeping on advancing into new tricky and undermining types of web assaults, that's way anti-viruses have almost daily updates and why it's best to have a subscription for one once you find what is the best type of program based on your usage habits.

     The most terifing thing is that when they infect a fille you can rarelly save it and even the best anti-virus out there will completely delete your file. From the user who use the computer once a week to store pictures and recordings to the more advanced one whose work is based on the usage of a computer this is a real problem.

     It's best to form good internet habits or start changing them. Know what a threat is, where you can get it, how it manifests, what to do and NOT do in the case of an inffection (most viruses will follow you and enter the filles you acces, if you access the contaminated folder then move to another one, that one will ALSO become infected) but most important, how to avoid a nasty situation and enjoy a safe and fast computer and internet connection.

high-security-1740431_1920     Buckle your belt and be ready to make some changes. It's beter to have an umblera with you if you know that it may rain today. Especially if you have important filles on your PC. I know that I have and I guess that you have too.

Introduction: Spybot, Spyware, Trojans, Adware, Worms…

     One thing that has always been of the utmost importance is how to prevent individual piracy, from a simple virus to Spybot Trojans and malicious programming code to the latest Spyware. All have been meant to do one thing, record your movements, and reveal them to others so that they may use these actions against you.

     Whether by simply displaying ads or diverting your browser’s setting to a particular search engine, to a non family friendly website hosting spybot malware or displaying casino pop up ads and tracking your IP with spybot cookies and revealing it to absolutely anyone anywhere on command.

 

binary-1536650_1920

     Spybot Spyware aps are basically programs that are hidden from view and work in the background in order to collect your personal information and use them against you in various forms.

     Spybot malware and spyware in many ways, acts much like a virus which remains undetected from your eyes and destroys your data, but on the other hand a spybot is more dangerous in the sense that it remains undetected on your system and reports and reveals your personal information to the big advertising guns and evil third party hackers who develop these small spybot snippets for their own petty interests.

     Hidden Spyware, Spybot malware & Trojans keep logs of websites that you visit, softwares you use, configurations of your computer and the data that you submit while signing up with any online forms. This information compiled by backdoor trojan spybot malware and spyware adware applications, is then used to direct conveniently relevant advertisements to you.

binary-1414315_1920

     You must have noticed that when you try to use some freeware and shareware softwares, endless streams of pop up windows appear from every side, asking you to click here or there, your PC slows down because of the dozens of spybot spyware programs and pop up windows sharing the same resources in the background.

     The main emphasis of these spyware & spybot programs is to give you pertinent ads at your end.. but they inadvertently make your internet experience a frustrating, ad bombarding and hellish one. You must also have had experienced many times that you clicked some link on your favorite website but the browser landed on another page and the more you tried to get rid of them, the more they remained hanging in and around you in the form of small pop up windows, error messages or other warning messages asking you whether you want to install a software, set up your homepage to a particular website and so on.

     All these are signs that you have a malicious spybot spyware in your system that is monitoring your actions and movements and sending your online habits to people who value such information.

     These people then track you down for a variety of purposes like sending pop up ads and installing some pesky applications so that hackers can hack your financial data and passwords. These are the most common unlawful purposes for which spyware are used.

     You can avoid the intrusion of attacks of spybot spyware and stop them from spying on your systems by using an anti spybot spyware utility that is available online, some of them are very basic, others are professional, well designed and impeccably programmed to ensure that spybot malware & spyware is removed from your machine and absolutely nothing else.

     Also using a firewall can help reduce the error attacks at a considerable rate. If you treasure your privacy, then installing these tools are essential; because even if you locate them you can’t manually delete them. Much like virus pests, spyware also is very hard to remove, so you have to use special anti spyware tools.