Monthly Archives: January 2017

Netflix Scam Delivers Ransomware

Netflix has a 93 million-strong subscriber base in more than 190 countries, so it’s unsurprising that cybercriminals want a piece of the pie. Among their modus operandi: stealing user credentials that can be monetized in the underground, exploiting vulnerabilities, and more recently infecting systems with Trojans capable of  pilfering the user’s financial and personal information.

What other purposes can stolen Netflix credential serve? Offer them up as bargaining chip to fellow cybercriminals, for instance. Or more nefariously, use them as lure to trick certain users into installing malware (and turn a profit in the process). If you’re planning to free ride your way into binge-watching your favorite shows on Netflix, think again. Your computer’s files may end up getting held hostage instead.

We came across a ransomware (detected by Trend Micro as RANSOM_ NETIX.A) luring Windows/PC users with a Netflix account via a login generator, one of the tools typically used in software and account membership piracy. These programs are usually found on suspicious websites sharing cracked applications and access to premium/paid web-based services.

Figure 1. Netflix ransomware’s ransom notes

Figure 1. The ransom note displayed as wallpaper in the affected system

Figure 2. Netflix ransomware’s ransom notes

Figure 2. One of the ransom notes with instructions to victims


Figure 3. Fake Netflix Login Generator


Figure 4. The prompt window after clicking “Generate Login”

Scamming the Scammer

The ransomware starts as an executable (Netflix Login Generator v1.1.exe) that drops another copy of itself (netprotocol.exe) and then executed afterwards. Clicking the “Generate Login” button leads to another prompt window that purportedly has the login information of a genuine Netflix account. RANSOM_NETIX.A uses these fake prompts/windows as distraction while it performs its encryption routine on 39 file types under the C:\Users directory:

.ai, .asp, .aspx, .avi, .bmp, .csv, .doc, .docx, .epub, .flp, .flv, .gif, .html, .itdb, .itl, .jpg, .m4a, .mdb, .mkv, .mp3, .mp4, .mpeg, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .py, .rar, .sql, .txt, .wma, .wmv, .xls, .xlsx, .xml, .zip

The ransomware employs AES-256 encryption algorithm and appends the encrypted files with the .se extension. The ransom notes demand $100 worth of Bitcoin (0.18 BTC) from its victims, which is relatively cheaper compared to other families. It connects to its command and control (C&C) servers to send and receive information (customizing the ID number, for instance) as well download the ransom notes, one of which is displayed as a wallpaper in the infected machine. Interestingly, the ransomware terminates itself if the system is not running Windows 7 or Windows 10.

Be Smarter

Malefactors are diversifying the personal accounts they target. Phished Netflix accounts, for instance, are an attractive commodity because one can be used simultaneously by different IP addresses. In turn, the victim doesn’t immediately notice the fraud—as long as it’s not topping the device limit. This highlights the significance for end users to keep their subscription accounts safe from crooks. Keep to your service provider’s security recommendations. More importantly, practice good security habits: beware of emails you receive pretending to be legitimate, regularly update your credentials, use two-factor authentication, and download only from official sources.

The scam is also a reminder of the risks involved in pirating content—may they be movies, music, software, or paid memberships. Does getting your important files encrypted worth the piracy? Netflix’s premium plan costs around $12 per month, and allows content to be streamed in four devices at the same time. Compare that with $100 you need to pay in order to get your files decrypted. Getting them back isn’t guaranteed either, as other ransomware families have shown.

Bad guys need only hack a modicum of weakness for which no patch is available—the human psyche. Social engineering is a vital component in this scam, so users should be smarter: don’t download or click ads promising the impossible. If the deal sounds too good to be true, it usually is.


via:  trendmicro

Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms

What’s the worst that could happen when a Ransomware hits a Hotel?

Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.

, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise.

Ransomware is one of them.

The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars.

Now, the Romantik Seehotel Jäegerwirt 4-Star Superior Hotel has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests from entering or leaving their rooms.

The luxury hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria, like several other hotels in the industry, has a modern IT system that includes key cards for its hotel doors, which could not be programmed.


According to the hotel management, the hotel has been hit multiple times by hackers, but this time they managed to take down the entire key system, preventing its guests to getting in or going out of their rooms, reported The Local.

Besides gaining control of the electronic key system, the hackers even gained control over the general computer system, shutting down all hotel computers, including the reservation system and the cash desk system.

Once the hotel made the payment, the system was completely restored that allowed the hotel staff to gain access to the network and hotel guests to enter and exit their rooms.

What’s interesting? Even after the hotel fulfilled the hackers demand, the hackers left a backdoor to the hotel system in an attempt to conduct another cyber attack later.

Fortunately, the security standards of the hotel had been improved by its IT department, and critical networks had been separated to thwart the attack, giving attackers no chance to harm the hotel again.

Furious hotel managers decided to go public with the incident to warn others about the dangers of cyber attack, with Managing Director Christoph Brandstaetter said:

“The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case.

The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found.

Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly.”

The Ransomware had stolen the nights of many businesses and organizations, as they would often be blamed to fight up to this nasty threat.

Ransomware criminals often demand the ransom in Bitcoin (BTC) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.

The frequent payment to Ransomware encourages criminals to stash the cash and develop a more enticing framework for the next target. So, instead of paying or encouraging this scheme, keep your software and systems updated and avoid clicking suspicious links.


via:  thehackernews

Security Reminder: Your Mother’s Maiden Name Is Not a Secret

Your mother’s maiden name is probably not a secret. Neither, necessarily, is your high school mascot or the size of your car payment. But some banks and brokerages still pretend this is information only you would know, and that could be putting your money at risk.

So-called security questions long ago outlived their usefulness, since they can be hard for the right people to remember and easy for the wrong people to guess or steal.

“Relying on questions and answers is absolutely brain-dead, but a lot of banks do it because they’re not equipped to implement anything else and regulators aren’t mandating alternatives,” says security expert Avivah Litan, vice president and analyst at Gartner Inc.

Financial institutions disagree, saying “knowledge-based authentication” — especially questions based on less readily available information, such as data in your credit report — can be an effective way to identify customers.

“No security measure is perfect, but knowledge-based authentication is certainly more granular and more effective than shared secrets, such as your mother’s maiden name,” says Doug Johnson, senior vice president for payments and cyber security at the American Bankers Association.

Yet repeated database breaches mean that tons of once-private information is now in criminal hands. Security questions and answers were among the data stolen from 1 billion Yahoo accounts in 2013, for example, and criminals answered questions drawn in part from credit report data to access more than 700,000 taxpayers’ transcripts at the IRS.

You don’t have to be a hacker or even very persistent to find the answers to some security questions. Many people post information such as birth dates and pets’ names on Facebook. They may link to family members, including their mothers. (If you can’t find a maiden name that way, try genealogy sites such as Data brokers legally hawk addresses, phone numbers, birth dates and property records, among other information, for as little as $1 per person.

Some financial institutions that use security questions say they’re only one facet of a multilayered approach. Discount broker Charles Schwab, for example, says it uses additional “tools, controls and technologies” — kept secret to foil attackers — to verify identity. Schwab also offers customers the option to add a verbal password and activate voice-recognition technology for added security in telephone transactions, says Sarah Bulgatz, director of corporate public relations for Schwab.

Financial institutions may take extra measures to determine identity when they spot unusual transactions or attempts to log in from unfamiliar devices or networks, Johnson says.

Still, it’s hard to know as a customer what’s being done behind the scenes to protect you. And while federal regulations typically require financial institutions to restore money lost due to fraud, some banks, including Chase, say customers will be on the hook if they share their credentials with third-party sites such as Mint. Even if stolen money is eventually restored, customers could be without funds for days or weeks while their cases are investigated.

Toughen Up Your Data

Given this landscape, we need to take extra steps to protect our money. There’s no way to make your accounts hacker-proof, since criminals have found ways around everything from facial recognition software to fingerprint authentication. Your goal should be to make your accounts tougher to compromise so the bad guys move on to easier targets. Here’s how to do that:

–Use unique, strong passwords. Password managers such as 1Password and LastPass can help create and track this information as well as answers to security questions. Your router at home should be password-protected as well.

–Stick to your home network. Criminals can snatch your login credentials when you use public Wi-Fi for financial transactions. Plus, your institution may pay more attention to bad guys’ login attempts if you have a consistent pattern of using only your home network.

–Turn on two-factor authentication. Many banks and brokerages offer this option, which typically requires you to input a code texted to your cell phone or created by a smartphone app. (Here are institutions that offer two-factor authentication.

–Ask what else companies are doing to protect you. Financial institutions post security policies on their websites, but ask specifically how your bank or brokerage handles sensitive transactions, such as attempts to change your phone number (to thwart two-factor authentication, for example).

What if you don’t like what you hear? Then it may be time to move your money to a financial institution that wants to help you keep it.


Via:  enterprise-security-today

Apple Watch will soon let you talk to Siri to use your apps

The next version of Apple Watch’s software will let you talk to Siri via your smartwatch in order to interact with third-party applications, according to new developer documentation from Apple released on Tuesday. This will let you do things like order an Uber, send a message through a chat application, make a payment, and more.

The feature is one of a handful of enhancements expected to arrive in the upcoming operating system, watchOS 3.2, which will also introduce a “Theater Mode” option.

This lets you mute the sound on your watch and will disable the watch’s ability to wake the screen when you raise your wrist. In other words, it’s a way to not annoy others when watching a movie, play or other performance in a darkened room when you’re asked to silence your devices.

But more interesting is the addition of SiriKit for third-party apps.

Being able to use your apps via a wrist just by speaking will be a big step forward in terms of voice-based computing, and something that could even make Apple Watch seem more appealing to those who haven’t yet seen the need for smart wristwear. Consumer apathy has led to declining smartwatch sales, and an industry that’s left taking stock of the true market potential for wearables now that the hype has worn off.

So far, third-party Apple Watch apps have largely failed to impress. Limited by the small screen, there’s not much they can offer in the first place. And if someone wants to really use an app, after all, their iPhone is usually nearby.

apple watch app view

Instead, the Apple Watch has excelled at being an “alerts” device. It’s best for things like handling incoming calls and texts…and, okay, maybe Pokémon sightings. It also works well as a passive means of data collection, like a step counter or workout tracker, for example. But when it comes to apps, wearers would rather use their bigger-screened, more functional devices.

With the new SiriKit integration, apps may be able to forge a comeback on the platform. Imagine being able to say, “Siri, get me an Uber” to your watch, while leaving your iPhone in your pocket or purse. Then, as the car arrives, your watch notifies you with a notification and haptic feedback.

Of course, you could already do things like order an Uber via Apple Watch before today, but you’d have to tap around on the small screen to make that happen. Siri could make the process much more seamless.

SiriKit was already available on iPhone and iPad in iOS 10, but Apple Watch may be the most useful platform for the functionality.

According to Apple’s release notes on watchOS 3.2, not all apps will be able to take advantage of Siri integration, however. Instead, it will only be available to those in select domains, including messaging, payments, ride booking, workouts, calling and searching photos.

A new build of watchOS wasn’t among Apple’s suite of beta releases yesterday, when the company rolled out updated versions of iOS, macOS and tvOS to its developer community. However, Apple did publish the watchOS 3.2 “What’s New” guide, which indicates a beta build is soon coming.


via:  techcrunch

The day the internet stood still

The Internet is a landscape with an endless horizon. Its vastness of information, ideas, sounds, and images is matched only by its constant growth and ceaseless change.

But one day, the Internet stood still.

On Wednesday, January 18, 2012, websites all over the Internet covered their homepages in a uniform message. Google, Wikipedia, Amazon, Craigslist — giants of media and commerce — joined more than 50,000 sites in an unprecedented blackout. It was an act of protest so powerful and inspiring that it did something no one thought possible: It moved Congress.

The US Senate and House of Representatives had hoped to pass two severely restrictive online censorship bills quietly, without fanfare in the press or attention from the public. These bills were backed by the entertainment industry, and they would have fundamentally changed the Internet as we know it.

It wasn’t that the government went to people and asked them to take down particular material that was illegal. It shut down whole websites. Essentially, it stopped Americans from communicating entirely with certain other groups.

— Aaron Swartz on SOPA/PIPA

The Day the Internet Went Dark was the final stand in a campaign that forced Congress to rethink its secretive and cynical attempt to undermine freedom and openness on the net. Reeling from a massive wave of emails and calls from constituents, Congress abandoned the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA).

What Made This Fight Powerful

Looking back from five years in the future, the defeat of SOPA/PIPA by an unlikely coalition of Internet activists, online communities, and huge business interests is even more amazing. The call to action didn’t fall along party lines. It brought together libertarians, progressives, conservatives, and Tea Party activists. It didn’t matter if you were a major corporation or an individual citizen. For one day, the line was drawn, and the fight for a Free Internet changed everything.

The Internet is a landscape with an endless horizon. Its vastness of information, ideas, sounds, and images is matched only by its constant growth and ceaseless change.

But one day, the Internet stood still.

On Wednesday, January 18, 2012, websites all over the Internet covered their homepages in a uniform message. Google, Wikipedia, Amazon, Craigslist — giants of media and commerce — joined more than 50,000 sites in an unprecedented blackout. It was an act of protest so powerful and inspiring that it did something no one thought possible: It moved Congress.

The US Senate and House of Representatives had hoped to pass two severely restrictive online censorship bills quietly, without fanfare in the press or attention from the public. These bills were backed by the entertainment industry, and they would have fundamentally changed the Internet as we know it.

It wasn’t that the government went to people and asked them to take down particular material that was illegal. It shut down whole websites. Essentially, it stopped Americans from communicating entirely with certain other groups.

— Aaron Swartz on SOPA/PIPA

The Day the Internet Went Dark was the final stand in a campaign that forced Congress to rethink its secretive and cynical attempt to undermine freedom and openness on the net. Reeling from a massive wave of emails and calls from constituents, Congress abandoned the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA).

What Made This Fight Powerful

Looking back from five years in the future, the defeat of SOPA/PIPA by an unlikely coalition of Internet activists, online communities, and huge business interests is even more amazing. The call to action didn’t fall along party lines. It brought together libertarians, progressives, conservatives, and Tea Party activists. It didn’t matter if you were a major corporation or an individual citizen. For one day, the line was drawn, and the fight for a Free Internet changed everything.

image image image

New Threats, Fragile Victories

But there wasn’t much time to rejoice in the defeat of SOPA/PIPA.

Later in 2012, Congress introduced the Cyber Intelligence Sharing and Protection Act (CISPA) and sparked a debate not just about privacy, but once again about laws designed to allow unprecedented government overreach.

The following year, a key leader of the SOPA/PIPA victory, Aaron Swartz, took his own life while facing decades in jail for allegedly downloading too many articles from an online database. It was a tragedy that forced a hard look at the law used to prosecute Aaron, the Computer Fraud and Abuse Act.

Then in 2014, a new threat emerged. A lawsuit brought by Verizon struck down the FCC’s rules on Net Neutrality and gave telecom companies a window to push for new restrictions. After a massive wave of grassroots support, including an online action reminiscent of the blackout against SOPA/PIPA, the FCC finally proposed rules that would fortify the openness of the Internet and our right to access it.

In the last five years, Internet freedom has come to mean fighting against so much more than censorship.

image image imageimage

image image


Looking Ahead

As power changes hands in Washington this month, many questions remain unanswered about the future of the Internet as a space for innovation, creativity, and expression. Donald Trump’s administration includes two new appointments to the FCC who have previously spoken out against Net Neutrality and may try to roll back existing FCC rules as soon as this year. That’s why activists who fought against SOPA/PIPA and stayed vigilant over the last five years aren’t waiting for Congress to introduce new bills to encourage the public to activate. They’re urging action now, while appointments are happening that signal the fights ahead.

If the 2012 victory against SOPA/PIPA taught us anything, it’s that whether or not the Internet will remain a place that everyone can access reliably and affordably to share, connect, and create freely depends on us.



What We Can Do

If SOPA had passed, this piece of writing might not exist. In fact, all of Medium could be taken down if a single company found fault with a single post. And if a handful of individuals hadn’t sounded the alarm when SOPA was introduced, that’s exactly what would have happened to so many sites like this one.

So, at the dawn of a new era of leadership in Washington, what can we do to continue the fight?

Join us in rededicating yourself to the preservation of this beautiful, wild creation we call the Internet. Keep Watch. Stay Free.




via:  techcrunch

How Drive-by Download Attacks Work – From Disbelief to Protection

The attack that spreads malware through a simple website visit.

What if I told you that there’s a type of cyber attack that can infect your computer with malware without you doing anything?

I don’t mean to make you paranoid, I really don’t. It’s just whenever I told my friends about drive-by download attacks, they stared at me in disbelief.

You mean I can get a malware infection on a legitimate website? And without clicking on anything at all? But… how?

The how part is what I want to explain in this guide. Especially because, with this attack, the standard “I don’t visit nasty websites so there’s no way I can get infected” argument doesn’t work. And this, unfortunately, is still an attitude shared by many.

1. What is a drive-by attack and how it happens

Imagine this: you get up in the morning, pull up your laptop and check your favorite news website. Once you’re on the page, the malicious code embedded into the website (usually an exploit kit) starts scanning your computer for security vulnerabilities. Just so you know, the security holes on your PC are usually created by outdated apps of all kinds, from plugins to browsers, chat apps and beyond.

Once the appropriate weakness has been spotted, malware goes on to infiltrate the system and take control of it. Just like in the graphic below:


If you ever become a victim of drive-by download attacks (which I really hope you don’t), you may experience the following stages.

At first, you’ll probably get mad at the website owner. If you can trace the infection back to the source, that is. However, the problem is that the owner most likely had nothing to do with it and didn’t even know that his website was distributing malware.

Second, you’ll question how such a big and reputable website could become a malware-spreading agent. You might be surprised, but this happens all the time. Not because website owners want to imperil their visitors, but because software is not flawless and websites get hijacked. (More examples at the end of the article.) Another cause is the exploit-kits-as-a-service model, which makes hacking websites easy, fast and cost-effective.

Third, you’ll wonder how you can get a malware infection without clicking or downloading anything. This was the norm until a few years ago. As cybercriminals refined their tactics, they found ways to spread their malicious software without requiring user/victim interaction.

In drive-by download attacks, attackers compromise websites and embed malicious elements inside. These elements can range from malicious JavaScript code injects, to malvertisements, malicious redirects, cross-site scripting attacks (also known as XSS), malicious iFrames that execute invisibly or other subtle attack techniques that potential victims can’t spot on their own.

No matter the tactic, the objectives are clear: cyber criminals either want to install and run malicious software on your device or steal your sensitive information (financial, identity-related, etc.).

Consequences range from adware infections to financial loss or even data encryption (in the case of a ransomware infection).

2. How you’re exposing yourself to drive-by attacks

Of course no one wants to become a cyber attack victim, but you may be doing it unintentionally. Here are some of the ways you’re putting up the “Come and get it!” sign right where cyber criminals can sniff the opportunity:

You don’t update your software (operating system, browsers, plugins, desktop apps, mobile apps, etc.).

If you don’t think this is a big deal, let’s look at a single number.


This is how many vulnerabilities the top 3 most used browsers in the world  have  had last year and this year, until the date this post was first published (November 8, 2016).





Many of these security issues allow the attacker to take full control over the compromised system. From there on, the malicious hacker can do whatever he/she wants.

And it’s likely that you won’t see the drive-by download coming either. Not when you’re on NBC, reading the latest news.

You hoard plugins and add-ons in your browsers and never clean them up.

Do you even remember the last time you took a peek at what’s going on in your browser, plugin-wise?

The more add-ons and plugins you install in your browsers, the more you increase your chances that one of them will be hacked. Yes, these things can make your life easier, but blindly giving permission to all sorts of developers to your browser is not a great idea.

Do you check where these plugins come from? Do you install them from safe sources?

Ask yourself this and then reconsider. And do it before you go about your business and end up with financial malware on your PC.

You don’t use a safe browser for your online shopping or online banking activities.

Your browser is the entry point for most drive-by download attacks. So, for example, using Chrome for all your Internet-related needs could spell trouble. Especially if you’re a digital hoarder, like I just mentioned. (The first step to solving this is admitting it. We’ve all done it.)

Your banking data and identity-related info is what cyber criminals pine for. Don’t be the “stealing candy from a baby” type.

You rely on your (free) antivirus for all your online protection needs.

No matter how often we share this, it doesn’t seem to be enough: there is no panacea in terms of Internet security. Your antivirus can’t provide miracles (like knowing and blocking all the threats out there). And neither can any other single security products.


Because things are just too complicated, both in terms of software and hardware. Because cybercrime comes in volumes that no single company could possible handle. It doesn’t mean that they’re weak, it’s just the pragmatic reality of things.

It would be easy to have to buy just one thing to keep us safe online, but we can’t. So instead of wasting our energy wishing for things to be different, let’s all work together to make it happen.


You don’t know what fileless malware can do.

Not many people know that malware can be bundled together to wreak havoc on victim’s devices. Such malicious software cocktails can also include fileless malware, which your antivirus can’t detect. As the name suggests, this type of infection runs in the RAM memory of your device and it doesn’t use any files.

Drive-by attacks are notoriously stealthy and using fileless malware adds to this strategy and increases the impact. Reading up on fileless malware will open up your perspective and help you move from reactive to proactive online security (which is what we all need going forward).

You think that your mobile devices (smartphone, tablet) are safe by default

Android is plagued by malware of all sorts and drive-by download attacks are included on “the menu” as well. What’s more, you may have more data on your phone than on your laptop/desktop PC.

Your phone knows where you’ve been, who you’ve talked to, what messages you’ve written, you use it for online banking, for listening to music, etc. So why would you leave it unprotected?

If you don’t update your operating system, the chances that you’ll be hacked multiply. Just take a peek at this real-life case of a drive-by attack that affected over 300.000 Android users.

You believe that Apple products are unhackable

This common misconception can endanger your data, so it may be time to let it go. While there’s no doubt that Apple products and their respective operating systems are a lot more secure than others, they’re also prone to malicious hacking.

And because some people just want to watch the world burn, here’s a case of a drive-by download attack involving a website connected to Dalai Lama, which targeted Mac users. It happened before and it can happen again. So my question to you is: why take unnecessary risks?

3. How to protect your devices and data from drive-by attacks

You can do more to shelter your sensitive information from the greedy hands of online criminals.

Update your software quickly and constantly.

When a software maker releases and update, cybercriminals will rush to reverse engineer it and target Internet users who have not applied the update. This is why updating your software (including your operating system) is key and this is why you need to do it fast!
Luckily, this is a part of your protection you can easily automate to save time and energy. I recommend you check out how Heimdal FREE can help you (download link at the end of this guide).

Once your updates are taken care of, it’s time to move on to the next phase.

Clean up your software.

The more plugins you have, the more exposed you are. Learn how to remove old software that’s making your computer vulnerable.
Get rid of the clutter! Keep only products you trust and use constantly. You’ll not only feel safer, but you’ll also be safer. Plus, you’ll probably speed up your PC too, which is a welcome benefit.

Use a separate browser for online shopping and financial transactions.

At the moment, Microsoft Edge is one of the safest options out there (if you eliminate Flash from your system altogether).

You can also choose to use an option such as Bitdefender Safepay or browse through these 8 alternatives.

Just make sure sure you pay extra attention when entering confidential data over the Internet.

Use a reliable antivirus with a built-in URL checker

Choosing the best antivirus for your PC is an important step and you still need this reactive protection layer on your system.

For example, Bitdefender has Search Advisor and Avira has Browser Safety, and they’re not the only ones that integrate this feature.

However, I feel like it’s my obligation to also present the potential pitfalls of browser extensions that rate websites before you click on links. Read and make your own decisions, but please don’t go without antivirus.

Go proactive

Now that your reactive protection is all set up, it’s time to handle the threats that your antivirus can’t catch. And this includes the fileless malware I mentioned earlier.

Traffic filtering is a key component of your online security, so I recommend you explore what it can do for you. Blocking threats based on where they come from can be a huge advantage for you, since changing infrastructure (servers especially) is a costly and difficult thing to do for cybercriminals.

Protect all your devices

My advice is to never take security for granted. Think of all your devices and what you can do to keep them safe. Don’t disregard your phone or tablet, or even your TV. Who knows how malware creators will improve drive-by attacks and which platforms they’ll target next?

Think of security as a core component of your digital life. It’s not a nice-to-have type of thing. It’s need-to-have!

Use an ad blocker

Drive-by download attacks often use online ads as infections vectors. Using an ad blocker will help you reduce your exposure to this type of attacks. It won’t eliminate the risk entirely, because, as you’ve seen in the beginning, drive-by attacks come in many shapes and sizes, but it will make your system safer.
I hope that this guide has helped you get a better idea of how drive-by download attacks work and what you can do to shelter your devices and data from them.


Automate your updates & keep malware out of your PC!

Heimdal FREE updates your apps automatically and silently and
blocks 85% of attacks that target vulnerabilities in your apps!




via:  heimdalsecurity

Update your Mac and iPhone – and help stop unwanted pwnage

Even though it’s a point release, Apple’s macOS Sierra 10.12.3 security update is a beefy 1.05Gbyte download.

(The term point release is a commonly used jargon word that refers to the sort of update that causes the smallest change to a product’s version identifier, and thus presumably the least amount of visual and functional change. Point releases are usually denoted by adding one to the rightmost number in the version string, as in this case of macOS 10.12.2 bumping up to 10.12.3.)

Nevertheless, we think it’s worth getting as soon as bandwidth allows, because the security holes that are fixed are well worth squashing.

As far as we can tell, none of the low-level vulnerabilities, notably the ones described with the ominous words “an application may be able to execute arbitrary code with kernel privileges”, have been seen in the wild.

Instead, they were found and reported responsibly, some by Google’s Project Zero bug-hunting team, and others by competitors in the PwnFest 2016 competition held in November in South Korea.


PwnFest is a sponsored competition for serious bug-hunters, with serious prizes offered for what is often a serious amount of work required to get past the defences that modern operating systems and applications have.

Just for the record, Microsoft Edge, VMWare, Adobe Flash and Google’s Pixel phone were also successfully hacked at PwnFest along with Safari on macOS. (In fact, Edge and VMWare were “owned” twice, resulting in two payouts.)

By the way, iOS gets an update to 10.2.1, fixing many of the same bugs fixed in the macOS flavour of Apple’s source code.

In addition, the iPhone update fixes two security problems that perennially face mobile devices: lockscreen bugs.

As we’ve written many times before, today’s lockscreens aren’t what they used to be, because users expect a selectable subset of their regular apps and functions to be accessible, at least in part, from the lockscreen.

In other words, lockscreens don’t so much lock your phone as try to corral it into a restricted mode of operation, often relying on individual apps to modify their behaviour to suit how they’re being accessed.

Unsurprisingly, as we’ve noted before in the case of so-called internet kiosks, which try to provide a regular Windows or Linux computer that’s locked into a walled garden for internet access, adding additional security-related complexity to an already complex app doesn’t always end well.

What to do?

If you have an iDevice, you can check for the update and optionally install it right away using Settings| General | Software Update.

On a Mac, the quick way is to click on the Apple menu at top left, choose About This Mac, and click the [Software Update...] button.

Remember that security updates that don’t contain any so-called zero days (the name used when the patch arrives after a new bug is being actively abused) are a great chance to get ahead of the crooks…

…and, for what it’s worth, we updated iOS and macOS as soon as we saw Apple’s security bulletins, without any apparent problems.

So far, anyway.



via:  sophos

Cisco snaps up AppDynamics for $3.7B right before its IPO

Cisco said that it would acquire AppDynamics, which helps companies monitor application performance, for a whopping $3.7 billion.

And now, it would seem that AppDynamics’ long-awaited IPO (this week!) has been called off in favor of a giant acquisition. It isn’t Cisco’s first major acquisition in recent memory — in fact, the company has been quite active — with the company paying $1.4 billion for Jasper Technologies. All these seem to be moving Cisco from its era of its core hardware networking business. The idea of networking in general has evolved over time as new kinds of devices find their way onto the Internet, and now it would seem Cisco is continuing that move beyond its usual competency.

AppDynamics may have even been testing the waters of the IPO market to set a value for itself for negotiations with larger companies for a potential acquisition. It’s not entirely uncommon that companies are working to not only drop a filing and intent to go public while having acquisition talks behind the scenes.

“Applications have become the lifeblood of a company’s success. Keeping those apps running and performing well has never been more important,” the company said in a release. “Unfortunately, that job has only gotten harder, as IT departments and developers struggle with a tangled web of disconnected, complex data that’s hard to understand. The combination of Cisco and AppDynamics will allow us to provide end to end visibility and intelligence from the network through to the application; which, combined with security and scale, and help IT to drive a new level of business results.”

AppDynamics helps its customers monitor the performance of business applications, which help them get a deeper look into the guts and inner workings of their applications. By having a better overview, companies can more effectively spot chokepoints and performance issues that may be potentially holding back transactions and other kinds of action. The idea there is to catch issues before they become major issues and huge headaches for those companies. For Cisco, that means that it’s going to get yet another touchpoint for companies and offer them a more complete stack to help them run their businesses.

These kinds of major moves have been pretty much necessary for Cisco. In August, the company said it would pare back 7% of its workforce. It’s clear that the company is trying to rejigger itself, and bringing on board a new service like AppDynamics widens its portfolio of tools for potential clients. And of course, each new business it gets in the door with one service can also be converted to others.

AppDynamics was already competing with the likes of New Relic and larger incumbents, and the acquisition will bring Cisco into even further and deeper competition with other software providers in the space. So of course it’s a risky play, but it seems pretty clear that Cisco is willing to take those kinds of risks and figure out what it looks like in 2017.

Indeed, AppDynamics might have seen the signs that its IPO would be well-tested given the performance of New Relic. That company’s stock has had a bumpy road and has ended up largely unchanged over the past few years. AppDynamics filed to go public in December, where it showed decent revenue growth but slightly widening losses. Enterprise companies that are generating a profit generally seem to be palatable to public markets, whereas AppDynamics seems like it was in the growth stages of its life.


FindTheCompany | Graphiq

But there’s also a minor subtext to note here: the first IPO of 2017 has been effectively called off. There have been a lot of major tech IPOs that have been in the tea leaves this year — Dropbox and Spotify among them — as well as ones that are pretty much confirmed like Snap. But for now we’ll have to wait a little longer to see what the market thinks of tech IPOs this year.

AppDynamics previously raised $314.5 million, and was most recently valued at $1.9 billion. So the exit looks like it’s about a 2x jump from its previous valuation — which is not all that bad of an outcome in the scope of larger enterprise deals. The deal will be in cash and assumed equity awards, Cisco said in a statement.


via:  techcrunch

Severe vulnerability in Cisco’s WebEx extension for Chrome leaves PCs open to easy attack

If you have the Cisco WebEx Chrome browser extension installed make sure you’re running the latest version.

Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.

In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string” to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine.



The impact on you at home: It’s a good idea for anyone who uses this extension to make sure it’s updated to the latest version given the severity of the vulnerability. To start type chrome://extensions into the Chrome address bar and hit Enter. Next, scroll down until you see the entry for the Cisco WebEx Extension—extensions are organized alphabetically. To the right of the extension name you should hopefully see version 1.0.5, as pictured above.

Protect yourself

If you don’t, you can do one of three things.

The first is to uninstall the extension by clicking the garbage can icon, and then reinstall it from the Chrome Web Store. The second method is to check the Developer mode box in the top right corner of the chrome://extensions page. That will reveal a button in the top right corner called Update extensions now. Click that, and you should be all set.

It’s not clear if version 1.0.5 offers any significant protection against the threat Ormandy describes. Apparently, all version 1.0.3 did was offer a pop-up anytime that magic code was used, according to Cloudfare security researcher Filippo Valsorda. That puts the onus on the user to make sure they really want to be using WebEx when that pop-up appears.

webex chrome or desktop app


That brings us to the last solution. If you’d rather not bother with the extension it’s also possible to use a temporary, downloadable desktop program each time you want to use WebEx. That may not be convenient, but it’s an alternative.

Ormandy’s discovery raised enough eyebrows that Mozilla blocked WebEx for Firefox. At this writing, version 1.0.3 of the extension (released on Tuesday, January 24) was in the Firefox add-ons catalog; however, as Mozilla has yet to review the updated extension it can’t be installed on the mainstream version of Firefox 43 and up.


via:  networkworld

HP recalls an additional 101,000 batteries over fire concerns

Back in June, HP recalled 41,000 batteries in the US over concerns surrounding overheating, fire and burn hazards. This week, the company’s tacked a pretty massive number onto that tally, adding 101,000 additional batteries (on top of around 4,000 in Mexico and 3,000 in Canada).

The recall, detailed by the US Consumer Product Safety Commission, covers lithium ion units compatible with HP, Compaq, HP ProBook, HP ENVY, Compaq Presario and HP Pavilion systems sold between March 2013 and October of last year through Best Buy, Walmart, Costco, Sam’s Club and HP’s site.

The additional recall was spurred on by a report of an overheating system that melted and caused charring, resulting in around $1,000 in property damages. The CPSC is recommending that consumers stop using the batteries, pull them out of their laptop and contact HP for a replacement.

According to an HP rep who spoke to CNET about the matter, the recall, while large, apparently effects around one-percent of the laptops the company sold during the three-and-a-half year timeframe covered by the CPSC.


via:  techcrunch