New threads

This page contains the latest threads that were created in our community.

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. Zero-days are publicly disclosed flaws that haven't been patched by the vendor which, in some cases, are also actively exploited by attackers or have publicly available proof-of-concept exploits.

The bug, found by independent security researcher Park Minchan, is due to the way macOS processes inetloc files which inadvertently causes it to run any commands embedded by an attacker inside without any warnings or prompts.

On macOS, Internet location files with .inetloc extensions are system-wide bookmarks that can be used to open online resources (news://, ftp://, afp://) or local files (file://).

"A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands," SSD Secure Disclosure advisory published today revealed.
"These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user."

VMware warns of critical bug in default vCenter Server installs

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.
vCenter Server is a server management solution that helps IT admins manage virtualized hosts and virtual machines in enterprise environments via a single console.

"This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware.

"In this era of ransomware it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible."

Safari 15 Update for macOS Big Sur and macOS Catalina

Apple today released Safari 15 for macOS Big Sur and macOS Catalina devices, with Apple introducing support for features that are going to be coming in the macOS Monterey update set to be released laster this year.

Chrome 94 is coming today with support for controversial idle detection API

Chrome 93 rolled out to the Stable channel last month with support for WebOTP on desktop, and deprecation of the 3DES cipher suite in Transport Layer Security (TLS). Today, Chrome 94 will be released to the general public. Since Google is shifting to a four-week release cycle instead of its previous six-week cadence, and the fact that this build comes just three weeks after Chrome 93, the feature-set this time around is relatively smaller. However, it is certainly more controversial due to the introduction of support for an idle detection API.

Chrome 94 will offer more signals to developers to understand when a user is idle. The developer-facing notification will now be triggered for global signals such as interaction with other apps instead of only the current browser window. While the reaction from web developers has obviously been positive, Mozilla has shot down the API as harmful, citing "opportunity for surveillance capitalism" and the fact that a malicious site could utilize the API to maximize the device's compute resources without the user consenting or knowing about it. In the same vein, the development team behind WebKit - which is the browser engine for Apple's Safari - has provided a negative stance, stating that:

That doesn't seem like a strong enough use case for this API. For starters, there is no guarantee that the user won't immediately come back to the device. Also, who is such a service supposed to know what other device user might be using at any given point? We're definitely not going to let a website know all the devices a given user might be using at any given point. That's a very serious breach of the said user's privacy. It seems to me that such a suppression / distribution mechanism is best left for the underlying operating systems / web browsers to handle.

I'm going to stop responding to this thread at this point because none of the use cases presented either here or elsewhere are compelling, and none of the privacy or security mitigations you've presented here and I found elsewhere are adequate. However, not responding to this thread or future thread about this topic does not mean we'd reconsider our position. Unless a significant new development is being made in either one of the issues we've raised, our position will remain to object to the addition of this API unless otherwise stated regardless of whether we continue to say so in public or not.

Regardless, this API will be available for developers to utilize in Chrome 94 and will be enabled by default.

Another new developer interface included in Chrome 94 is the VirtualKeyboard API. The motivation is to give more control to web developers in terms of how they want the virtual keyboard to be placed and its shape. Currently, this is handled completely by User Agent behaviors. The feedback about this API from the Microsoft Edge team has been positive, which makes sense given that they participated in its development. However, Mozilla and Apple are yet to provide a stance.

Chrome 94 will also bring in support for a low-level WebCodecs API which will offer access to existing hardware and software media encoders and decoders. This will improve the performance of certain applications such as latency-sensitive game streaming.

AppCache is being removed from Chrome 94 too. Google says that this is a deprecated standard and is a security liability, so developers should use Service Workers instead. The feedback from developers has been mixed so far but Mozilla and Apple are in the process of removing it from their respective browsers too.

In terms of relatively smaller changes, Chrome 94 is getting a new display-capture feature policy, support for more color spaces in 2D canvases, cleanup of an API that was used by Flash, a CSS property to offer more control over how layouts interact with scrollbars, and improvements to an existing property to enhance interoperability of CSS 3D transforms.

Chrome 94 will also include a native scheduling API to allow developers to schedule tasks with three levels of priority: user-blocking, user-visible, and background. It also enables a TaskController which can be used to dynamically change these priorities of a task or cancel it altogether. The browser is also getting a sampling profiler to measure JavaScript execution time and debug performance issues. While the reaction from developers has been "strongly positive", Apple has offered a negative stance due to potential performance and security implications. Finally, Chrome 94 will also offer APIs to manipulate raw media output from camera, microphone, or screen capture. The idea is to facilitate machine learning applications so while developer feedback is positive, Mozilla and Apple have provided a negative stance.

Chrome 94 is expected to roll out later today. If it does not update to version 94 automatically for you throughout the course of the day, head over to Help > About Google Chrome to trigger the update once it becomes available. Next up is Chrome 95 which is currently in the Beta channel with a Stable release expected on October 19. This is in line with Google's new release cycle where Stable Chrome updates are released every four weeks.

Sticky Password Premium – free license for 1 year. For all devices

Get a free Sticky Password Premium license for all devices for 1 year or an 87% discount on a lifetime license. Robust password manager with on-premises database and cloud data synchronization.

Sticky Password Premium is a password manager that lets you store your credentials locally or in the cloud, syncing them to Windows, Mac, Android, iPhone, and iPad computers, ensuring you can create secure passwords and automatically enter them wherever you are.

Sticky Password Premium – free license for 1 year


Sticky Password Premium for Windows can automatically log in to websites and apps, import data from browsers and other password managers, automatically recognize and save the type of web account created, create passwords, and has a dashboard showing all weak passwords so that the user knows where to strengthen security.

Comparison of free and Premium versions of Sticky Password​

Free version of Sticky Password

  • Unlimited encrypted storage for passwords and data.
  • Automatic form filling and auto-log-in.
  • Strong password generator.
  • Secure digital wallet.
  • Protected notes.
  • Two-factor authentication.
  • Biometric authentication.
  • Portable USB version (Windows).
  • For all devices and browsers.
Sticky Password Premium – additional features

  • Cloud and local (Wi-Fi) synchronization between devices.
  • Secure cloud storage for your passwords and data.
  • Secure password exchange.
  • Assistance to endangered manatees.
  • Priority technical support.

TinyTurla - New Malware Keep a Secret Backdoor on Victim Machines

What's New?
Cisco Talos found a previously undiscovered backdoor from the Turla APT that we are seeing in the wild. This simple backdoor is likely used as a second-chance backdoor to maintain access to the system, even if the primary malware is removed. It could also be used as a second-stage dropper to infect the system with additional malware.

How did it Work?
The adversaries installed the backdoor as a service on the infected machine. They attempted to operate under the radar by naming the service "Windows Time Service", like the existing Windows service. The backdoor can upload and execute files or exfiltrate files from the infected system. In our review of this malware, the backdoor contacted the command and control (C2) server via an HTTPS encrypted channel every five seconds to check if there were new commands from the operator.

So What?
Due to this backdoor's limited functionality and simple coding style, it is not easy for anti-malware systems to detect it as malware. We found evidence in our telemetry that this software has been used by adversaries since at least 2020.
We found the backdoor via our telemetry, but we didn't know the exact way the malware was installed on the victim system. We still knew the adversaries used a .bat file, similar to the one shown later on, to install the backdoor. The backdoor comes in the form of a service DLL called w64time.dll. The description and filename makes it look like a valid Microsoft DLL. There is a real Microsoft w32time.dll on non-infected Windows systems in the %SYSTEMROOT%\system32 directory, but it doesn't have a w64time.dll brother. The malicious w64time.dll and the original w32time.dll are 64-bit PE files on a 64-bit Microsoft Windows system. Windows contains many applications that come in 32- and 64-bit versions, so it’s not easy to immediately recognize this malicious software by name.

AdGuard for Windows 7.7 beta released

The main focus of this release was to fix bugs and improve user experience. We performed tough tests and were unable to crash the app! But you can surely fix it, right? 🙂

For starters, we implemented low-level DNS settings, added the Finnish language and updated other translations.

There are not many significant changes in this version but we’ve put our energy into something no less important. We updated CoreLibs and DNSLibs, fixed various issues along the way, and did some magic with the filtering log to make it more user-friendly.

And just between us, we’re going to develop and release a brand new AdGuard for Windows. We bet you’ll find many killer feature there! besides, we plan to bring an extensive redesign to it. So stay tuned, and you’re going to witness the arrival of v8.0!

Worst case scenario for using a not trusted DNS?

Hello,

So based on my condition and probably most of people from my country(Iran) that got a very similiar condition,
I have to use a DNS from a provider that i don't know nothing about it. there is a privacy policy on their website but you know, it's Iran. in this country Privacy policies mean nothing. if they can they do abuse. unless they are good persons which we can't know ( they say they are tho. but that's just word you know. )

so why do i and people like me in Iran have to use their DNS? well most of companies like Java Paypal VISA .. AMD ..Adobe, Google, VMWare name it 99% of cybersecurity companies like AVAST Norton McAfee Kaspersky ESET GDATA SOPHOS etc.. they just blocking Iran IPs.
And the thing this DNS does i have no idea how but we can use the services that blocking our IPs the mentioned services/websites/products works when we use this DNS.
the location is still Iran when i check whatismyip websites obviously it doesn't change my country. but somehow it let us use services that blocking us.

so with that being said we kinda have to use their DNS. so what i and probably people in my situation might like to know is that what they can do if let's assume they are bad guys behind this DNS, what they can do to us worst scenario? and can we stop it while we using their service? like with using our IT knowledge etc?

Thanks in advance for your thoughts.

AMD's EPYC CPUs Push Netflix Server Bandwidth To 400 Gbps

Netflix has been serving up to 200 Gbps of TLS-encrypted video from a single server since 2020. Nonetheless, the company aims to double the bandwidth to 400 Gbps. During his presentation at the EuroBSD 2021 conference (via HardwareLuxx), Andrew Gallatin, Senior Software Engineer at Netflix, detailed the challenges of pushing the bandwidth envelope on its FreeBSD-based servers.

Netflix turned to AMD's EPYC Rome processors to achieve its goal. The company equipped its server with the EPYC 7502P, which wields 32 Zen 2 cores with a 2.5 GHz base clock and 3.35 GHz boost clock. More importantly, the 32-core beast offers up to 128 PCIe 4.0 lanes, good for about 250 GBps of bandwidth or around 2 Tbps in networking units. Netflix paired the EPYC 7502P with 256GB of DDR4-3200 memory, with a total memory bandwidth of up to 150 GBps, or 1.2 Tbps in networking units.

For storage, Netflix's AMD-powered server utilizes 18 Western Digital WD SN720 2TB NVMe SSDs. It's also equipped with a pair of Nvidia's Mellanox ConnectX-6 Dx network adapters that communicate through a PCIe 4.0 x16 interface. Initially, Netflix was only getting 240 Gbps out of the server, primarily due to the limitation on the memory.

VLC 3.4 for Android is rolling out w/ Audio Player redesign & Bookmarks

VLC 3.4 for Android​

What’s new:
  1. The Audio Player interface gets a redesign. The improved interface now displays the content at the center.

    VLC 3.4 Android released with Audio Player redesign and bookmarks


  2. The cover mode lets you quickly fast forward or rewind your current playing media.
  3. The newly added bookmarks feature will be useful for podcasts, online courses, or audiobooks. Here is how to create the first bookmark in VLC. Launch VLC, browse and open media, tap on the three-dot icon, and select Bookmarks, and select + sign.
  4. The video grid has been modified for easier reading.
  5. Videolan has improved the VLC Android welcome screen or onboarding experience for the first use of App.
  6. The Player tips appear more clearer with modern design.

    VLC Video Player tips with modern design


  7. You no longer need to grant permissions when using play streams and network media in VLC.
  8. This update improves Android Auto navigation. It is now easier and quicker to browse and play your library while driving.
  9. Plenty of improvements were made on Playback and cover image generation.
  10. The video list has been redesigned for better readability
  11. Improves Shuffle mode.

V4.2.2 a minor AdGuard for iOS update

A minor AdGuard for iOS update: v4.2.2 changes the app's UI slightly to be more in accordance with iOS 15.

But our main focus is on v4.3 where we will introduce Safari Web Extensions: a completely new feature to greatly improve the ad blocking quality.

We intend to release it in the next few weeks. Stay tuned!

The best MacOS antivirus software for home users (June 2021)

During June and July 2021 we evaluated 7 home user security products for macOS BigSur.
We always used the most current version of all products for the testing.
They were allowed to update themselves and query their in-the-cloud services.
We focused on malware detection, false positives and performance.

Spotlight on Security: AV-Comparatives offers advice on choosing Android AV apps

This blogpost offers users assistance in selecting a suitable antivirus product for the Android platform. Eight of this year’s products qualified for certification, by reaching a malware protection rate of at least 99%, with less than 10 false positives, and a battery drain of less than 8%. In the Android 2021 test report, AV-Comparatives gives an overview of the general security-related components, which are summarised in the additional feature list.

Anti Malware: includes a function to scan against malicious apps

This feature is the only one required for AV-Comparatives‘ certification. When using and storing apps and files on external storage (e.g. SD card), it is recommended to make sure that the AV product supports scanning of external media. It should also be noted that with some AV products, scanning requires an active Internet connection. AV products may also support stalkerware detection. More information on stalkerware detection on Android can be found here (PDF).

Anti-Theft: includes remote functions in case the smartphone is lost or stolen

An anti-theft function with location tracking is already built into current versions of the Android operating system, but is also additionally offered by AV products. The anti-theft function makes it possible to reset the smartphone. The alarm function, for locating the smartphone or deterring a thief, should ideally only be controllable remotely. Optional is the activation of the front camera, and the automatic locking of the smartphone when the SIM card is changed.

Safe Browsing: includes a web-filter function to block dangerous websites

The anti-malware and anti-phishing protection features are often only implemented for certain browsers. Each AV product has its preferences as to which browser apps are supported.

App Audit: contains functions for controlling installed apps

The app audit feature, which provides information about permissions, mobile data usage, usage time, battery consumption and memory usage of individual apps, can be easier to use in AV products than in the operating system itself.

App Lock: contains a function to prevent unauthorised access to installed apps

An app-lock function for directly locking apps is helpful to protect sensitive app content or system settings from unauthorised access.

The right AV product for each person’s own smartphone should reflect the user’s own demands and technical requirements. If these are met, a trial version can often be used to test the product before purchase. Independent tests by AV-Comparatives provide useful guidance for selecting certified products.

the facebook files

Facebook Inc. knows, in acute detail, that its platforms are riddled with flaws that cause harm, often in ways only the company fully understands. That is the central finding of a Wall Street Journal series, based on a review of internal Facebook documents, including research reports, online employee discussions and drafts of presentations to senior management.

Opera 81 introduces Reader Mode for a better Reading Experience

Reader Mode: Finally, Opera Sofware is launching it with Opera 81 for Windows, Mac, and Linux, available in the dev channel as of now.

How to use Reader Mode in Opera on Desktop​

1. Visit an eligible webpage, when the book icon appears in the address bar, click on it

2. This loads the web page in a readable format.

clutter free web page available to read


3. You can improve your reading experience even further:


Click on customize appearance, select font from Sans-serif, Serif, and Monospace, choose a dark theme or sepia or continue using the default, drag the slider from small to large until you feel comfortable with text size on the screen.

customize Opera Reader Mode
controls to customize reader mode appearance
To exit Reader Mode, click on the book icon in the address bar again.

As of now, for Reader Mode, Opera doesn’t offer keyboard shortcuts, menu options, and settings, expect them to appear in future updates.

The feature is available by default in the Dev version, here is how you can enable it Opera 79 stable version.

How to Enable Reader Mode in Opera 79 stable now​

1. Visit opera://flags/#enable-reader-mode

Enable Reader Mode flag Opera


2. Select Enabled from the drop-down and restart Opera browser.

3. Visit a supported webpage, click on Opera menu >Page > toggle reader mode

You can access the Reader mode styling menu by clicking the A icon.

The Opera Reader Moder features are powered by Dom Distiller, which Chrome uses for its Reader Mode.

Opera shows a book icon in the address bar when a page supports Reader mode, you can exit by clicking the same icon.

Marketron marketing services hit by Blackmatter ransomware

BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry.
Marketron provides cloud-based revenue and traffic management tools for broadcast and media organizations. It specializes in revenue management and audience engagement, handling advertising revenue of $5 billion every year.

In talks with BlackMatter ransomware​

Marketron customers learned of the incident in an email on Sunday night from the company CEO, Jim Howard, who said that “the Russian criminal organization BlackMatter” was responsible for the attack.

Payment API Bungling Exposes Millions of Users’ Payment Data

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data.

Bitdefender Total Security 2021

Hello all! :)
Today we are interested in the solution offered by Bitdefender.
Bitdefender is a Romanian company, leader in security for many years.
It offers its flagship software, Bitdefender, which is improving year after year.
For 2021, it has strengthened its focus on In The Cloud AI Machine Learning detection and behavioral protection.
And it's works!
Bitdefender makes us a healthy machine, also in the bonus test!
Only a small adware is present but quickly removable.
Highly recommended !

RAM Usage : Average (Only for disinfection, otherwise light)
Phishing Test : 4/4 (1 dead)
Malware URL test : 10/10 (all detected)
Fake crack : 1/1 (detected by Antivirus database)
Malware Pack : Remaining 17 threats
Result :
- Bitdefender : 0
- Zemana 0
- Hitman Pro 0
- McAfee 1 (adware)
- NPE 2 (adware and fake crack dropper)
- EEK 0

Microsoft and Google have had a vulnerable 2021, Atlas VPN declares

What you need to know
  • According to Atlas VPN, Microsoft and Google have had the most amount of vulnerabilities in tech during the first half of 2021.
  • Google rocked a whopping 547 total vulnerabilities, putting it as the pack leader of exposed companies.
  • Microsoft came in second with a still-noteworthy 432 vulnerabilities thanks to situations such as this year's Exchange server chaos.
If you thought all those stories earlier this year regarding Microsoft's various earth-shattering product vulnerabilities weren't going to net it some sort of award by the end of 2021, you thought wrong: Microsoft has officially scored Atlas VPN's silver medal for the most recorded vulnerabilities in the first half of 2021, topped only by gold medalist Google.

You can check out Atlas VPN's post for all the nitty-gritty details on who landed where outside of the podium placements (spoiler: Apple only managed eighth place with an embarrassing 67 vulnerabilities, not even getting close to Microsoft), but we're going to focus on the big winners of the awkward race: Google and Microsoft.

Google came out on top with 547 noted vulnerabilities in the first half of 2021, which Atlas reminds us directly endangers the over three billion Chrome users out there. And, though typically not one to be outdone, Microsoft has only managed a distant second to Google this time around, racking up 432 instances of unwanted exposure. The strong 432 figure was made possible in part by the Microsoft Exchange chaos that gobbled up most of early 2021's news cycle.

Microsoft has made it clear that it's not a fan of being vulnerable and even has various bounties active for those who want to make a buck quashing blindspots for Redmond. It appears more resources will be needed to keep itself off future Atlas VPN lists.

US farmer cooperative hit by $5.9M BlackMatter ransomware attack

U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.
NEW Cooperative is a farmer's feed and grain cooperative with over sixty locations throughout Iowa.

In a weekend ransomware attack, the threat actors demand a 5.9 million dollar ransom, which will increase to $11.8 million if a ransom is not paid in five days.
These ransom demands are a starting point for negotiations and usually lead to significantly smaller payments if a victim decides to pay.

NEW Cooperative has confirmed the attack to BleepingComputer and stated that they had taken their systems offline to contain the attack's spread.

Avast Ultimate Suite [Security, Cleanup and VPN] 2021, 5 Devices 2 Years - Download $17.99

  • Get complete online protection with Avast Premium Security: Our most advanced protection is your lightest, toughest defense against viruses, ransomware, spyware, zero-second threats, home Wi-Fi network vulnerabilities, and more. Protect all of your phones, computers, and tablets with Avast Premium Security.
  • Avast SecureLine VPN gives you true online privacy: Keep everything you do online completely private with our VPN's bank-grade encryption browse, bank, message, and shop without having to worry about hackers or anyone else seeing what you do online or stealing your data.
  • Avast Cleanup Premium is the ultimate cleanup and tuneup tool: Easily eliminate junk for a cleaner, faster, more efficient computer or phone. You'll also get quick-glance overviews of your device's health, one-click maintenance care, bloatware removal, and much more.

Kaspersky Total Security 2021 1 Year / 5 Devices - Download $18.99

  • Anti-Hacking: Prevent unauthorized access & hijacking of your computer and mobile devices.
  • Anti-Virus: Real-time antivirus works to guard you from common threats like worms & trojans to complex ones like botnets, rootkits & rogues.
  • Anti-Malware: Advanced anti-malware neutralizes threats including spyware, adware, keyloggers, spear phishing & hard-to-detect fileless attacks.
  • Payment Protection: Works on your Mac and PC by diverting you to a bank-grade protected browser when you make an online transaction. Preventing your credit card details and financial data getting intercepted by hackers.
  • Kids Protection: Advanced parental controls to track, filter & protect your kids' online activities.

VoIP.ms phone services disrupted by DDoS extortion attack

Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation.
VoIP.ms is an Internet phone service company that provides affordable voice-over-IP service to businesses around the world.

Phone services disrupted as site goes down​

On September 16th, 2021, VoIP.ms became the victim of a distributed denial-of-service attack targeting their infrastructure, including DNS name servers.

AdGuard's statement in response to the Quad9 injunction

Hamburg Germany court (310 O 99/21) has recently sent a notice to Quad9 (a standard recursive DNS resolver) demanding to stop resolving certain domains for all residents in Germany on request from Sony Music GmbH. According to Sony, those domains in question are infringing on properties that they claim are covered by their copyrights. You can find more details in this article on the Quad9 website. We at AdGuard are deeply concerned by this court decision and see it as a very dangerous precedent.

Our response

DNS providers (such as Quad9 or AdGuard DNS) at their core are merely commercial intermediaries between their customers and various resources on the Internet. They do not provide Internet access per se, they offer their services so that users could access content faster and safer. It is preposterous to require from an intermediary to play the role of the web police and make sure third parties do not break the copyright law. After the creation of such precedent, it's not far-fetched to imagine that similar court rulings will be made in regard not just to other DNS resolvers, but to other digital intermediaries: browsers, antiviruses, VPNs, and so on. It goes without saying that this will result in utter chaos very soon.

Some make an argument that many DNS resolvers have their own blocklists, so that's not any different. While this is partly true, and some DNS providers (including AdGuard) offer server configurations that block certain domains (usually phishing/malware/ad ones), this argument doesn't stand up to any criticism. Firstly, most, if not all, of such DNS providers offer non-filtering configurations as well, so their customers are never in a position where they can't access a website which they would otherwise be able to reach. But more importantly, all DNS resolvers are commercial products which compete with each other. Users choose between them based on performance and other metrics, not on the fact that one resolver is legally obligated to block a particular domain while others are not.

Aside from these considerations, there are many other potential consequences which may have a devastating effect on the Internet as we know it.
  • The effect on the DNS resolvers may be catastrofic: it would require additional spendings to enforce the law for the citizens of a particular country. The spendings will only grow as more and more similar court rulings are handed out (which without a doubt will come eventually). It will become near impossible to uphold a DNS service, and all small DNS resolvers will vanish.
  • This will open the door to potential abuse. Surely some will try to use such court decisions in their own interests, to gain advantage over competitors or to otherwise make a profit by blocking certain websites.
  • Even if we ignore all consequences, it's technically impossible for a DNS resolver to restrict access to a certain web resource without blocking the entire domain where that resource is located. As the result, a huge chunk of the Internet will potentially become unavailable (e.g., the entire drive.google.com domain getting blocked because of one copyright-infringing material on someone's Google drive).

We are against censorship. Intellectual property is a serious matter, and by all means it must be protected, but DNS resolvers are not the ones who should be responsible for that.

We express our support to Quad9 in their legal fight against what we consider an incorrect and dangerous claim. This concerns not just them, and not just DNS providers, but everyone who cares about free Internet.
AdGuard Blog post:
Quad9 Blog post:
Discussed before but archived:

NVIDIA releases Game Ready and Studio drivers for Windows 11

NVIDIA today announced the release of Game Ready and Studio drivers for Windows 11. With these new updates, you can enjoy full support for DirectX 12 Ultimate on GeForce RTX graphics cards and laptops. The following features are enabled by these new Windows 11 drivers:
  • DirectX 12 Ultimate: DirectX 12 Ultimate codifies several RTX graphics rendering innovations such as Raytracing, Variable Rate Shading, Sampler Feedback, and Mesh Shaders to help developers make bigger, better worlds with faster performance.
  • Auto HDR: The majority of games run in Standard Dynamic Range (SDR). Auto HDR evaluates game content and converts it to High Dynamic Range (HDR), boosting the vibrancy of bright lights, making blacks more accurate, and in general emphasizing the details of a scene, making them more realistic and color accurate. If you play on a G-SYNC ULTIMATE or G-SYNC HDR-capable display, your gameplay will be automatically enhanced in your DirectX 11 and DirectX 12 SDR titles.
  • DirectStorage: DirectStorage brings a new standardized implementation of next-gen IO technology that developers of DirectX 12 games can utilize to accelerate loading speeds, and render massive worlds using textures and assets streamed from the NVMe SSD.
  • Faster NVIDIA Broadcast Performance: NVIDIA Broadcast is the industry’s leading video and audio enhancement app, using the power of AI and our GPU’s Tensor Cores to make audio clearer, eliminate background noise, and improve video quality. In Windows 11, GPU-accelerated hardware scheduling receives numerous improvements and is enabled by default, enabling users to use NVIDIA Broadcast while they livestream and run a game or 3D app seamlessly.
  • Windows Enhance Audio: A new Sound panel enables Windows 11 users to improve and enhance the audio coming out of their speakers and headphones, making dialog clearer.
  • Integrated Microsoft Teams: Chat, call and conference via Microsoft Teams, which is now integrated into the taskbar, providing a faster way to connect to colleagues, friends, and family. And with our Windows 11 drivers, GPU acceleration is fully supported, and via the Teams options you can route your audio and video via NVIDIA Broadcast to enhance calls and video conferences.
  • AI software platform: Now, with NVIDIA CUDA on Windows Subsystem for Linux (WSL), students can access NVIDIA’s world-leading software platform for artificial intelligence directly from their Windows 11 laptop and desktop PCs.
Source: NVIDIA

A New Wave of Malware Attack Targeting Organizations in South America

Alaska discloses ‘sophisticated’ nation-state cyberattack on health service

A nation-state cyber-espionage group has gained access to the IT network of the Alaska Department of Health and Social Service (DHSS), the agency said last week.

The attack, which is still being investigated, was discovered on May 2, earlier this year, by a security firm, which notified the agency.

PSA: PS4 firmware v9.0 update bricks PlayStation 4 consoles

Sony's new PlayStation 4 firmware update is reportedly hardware-bricking PS4 consoles.
Sony just released PS4's new v9.0 update alongside the PS5's big SSD expansion update, and some users are reporting that the firmware patch is hard-bricking their PS4 consoles. Multiple users on Reddit report that their base PS4s and PS4 Pros have stopped functioning after downloading the v9.0 update. Others report the PS4 is blinking blue, which signifies some sort of hardware or OS error. Reports say the consoles will not power on and do not work, however some users have gotten their systems to operate with a hard reset (unplugging the console for a minute or so and then rebooting).

Other users are reporting significant slowdowns on PS4 and PS4 Pro hardware, or consistent 35888 error codes (or SU-42118) preventing the update from being installed. The general consensus for a solution is trying to reinstall the update after a hard reset and praying for the best. The most frustrating part is that gamers can't use their PS4s or PS4 Pros online without downloading the update; Sony forces users to update to the latest firmware in order to connect to the internet or the PlayStation Store.

As someone who's had their launch 2013 Xbox One soft-bricked by Microsoft updates no less than 3 times, I can commiserate with these users and understand how frustrating it is when your hardware is slowly becoming obsolete by firmware patches. A soft-brick is usually reversible by re-installing the OS, but a hard-brick is usually permanent. Sony is asking users to spend $100 in order to repair consoles that have been hard-bricked by its own official updates.

Read more: PSA: PS4 firmware v9.0 update bricks PlayStation 4 consoles

New "Elon Musk Club" crypto giveaway scam promoted via email

A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks.

Before you dismiss these scams, saying that no one falls for them, similar crypto scams have been hugely successful and have generated hundreds of thousands of dollars in the past.

For example, scammers made $180K in a single day in 2018, Twitter suffered a massive attack where crypto scammers earned $580K in a week in January 2021, and then another scam stole $145K in February.

Just last week, someone sent three bitcoin, or $150,074 at the time, to a known crypto giveaway scam.

The Elon Musk Club scam​

While most cryptocurrency scams target social media users, scammers now use email spam to promote a new "Elon Musk Club" or "Elon Musk Mutual Aid Fund" giveaway.
However, these bitcoin addresses are owned by the scammers who take your "donation" but do not send anything in return.

So far, BleepingComputer has seen two bitcoin addresses associated with these scams:
While the scammers have only earned ~$3,661 from these two addresses, many other bitcoin addresses are likely used in this scam.

Even worse, while writing this article, the second bitcoin address received three more "donations." showing that this scam continues to be successful.

As these scams have the potential to generate a large amount of money for threat actors, they are not going away any time soon and will likely continue to spread to other messaging platforms.

Therefore, everyone needs to recognize that almost every crypto giveaway site is a scam, especially those that pretend to be from Elon Musk, Tesla, SpaceX, and Gemini.

If you receive emails, tweets, or other messages on social media promoting these types of giveaways, it is safer to realize that cryptocurrency you send will not produce anything in return.

AVG Antivirus Free 2021

Hello all!
AVG has recently released a new update of its free antivirus, I decided to test it!
AVG, bought by Avast in 2016, offers a pretty complete free antivirus.
Even if I still wonder what differentiates Avast to AVG, it offers... same as Avast!
In terms of detection, AVG blocks all malicious URLs as well as attacks from the pack.
It still has trouble with malware cleanup, or a detected file was not removed.
AVG is also annoying with its various ads like its brother Avast...

RAM Usage : Very low
Phishing Test : 2/5 (3 missed)
Malware URL test : 10/10 (all detected)
Fake crack : 1/1 (detected by database, unknow in CyberCapture)
Malware Pack : Remaining 31 threats
Result :
- AVG : 0
- Zemana 1 (2 but 1 FP.. AVG dll)
- Hitman Pro 1 (Sophos)
- McAfee 1
- NPE 2
- EEK 2
System protected but there are still malware residues

Amazon Web Services (AWS) S3 Publicly accessible bucket

Are your Amazon S3 buckets secure? Do you know which ones are public or private? Do you even know which ones are supposed to be?

Data breaches are expensive. Facebook notoriously exposed 540 million records of its users recently, which was a contributing factor of the $5 billion fine they were issued by the FTC. Unfortunately, these kinds of breaches feel increasingly common. By one account, 7% of all Amazon Web Services (AWS) S3 buckets are publicly accessible. While some of these buckets are intentionally public, it’s all too common for non-public sensitive data to be exposed accidentally in public-facing buckets.

Do you use any security tool to improve your overall bucket security posture?

TestmyAV

I have not used TestmyAV for some time but it doesn't appear to work for me any longer. Clicking on their malware link brings me to Cognition - Data Protection Experts
Is the site not supported anymore?

Thanks

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects

LMT Anti-Malware 5.8.1

Hello all! For my 1st video on YouTube, I wanted to test a software I've been following for a long time, LMT Anti-Malware !
Developed by @LeMinhThanh it offers several layers of protection that we can activate ourselves.
As an engine, it uses VirusTotal, Google YARA and its CutDock engine.
As far as protection is concerned, it is very solid!
On the other hand, its anti-phishing protection is very bad, CutDock needs to be improved and the machine gets infected by a worm.
LMT detects EEK files as infection by Yara Engine.
It is very good, even promising...

Ram Usage : 56Mo after optimisation
Phishing Test : 1/3 ( 2 dead, 1 missed, 1 detected)
Malware URL test : 10/10 (all detected)
Fake crack : 1/1 (detected by IA)
Malware Pack : detected 42 by Cutdock / the rest by VirusTotal except some...)
Result : HitmanPro 3 / McAfee 4 / Zemana Nothing / NPE 3 )
System infected by a worm (EEK files patched)

Escan very bad company

the worst company policy I have ever seen in my life: escan

i bought 1 pc 3-year 6 months ago (Amazon.in v14 version).Escan was updated to the new version this week.(v22)
when I contacted support, they asked for a fee for the upgrade. i bought the product for 400 rupees. The fee they want from me is 2280 rupees: 30 dollars!!! why should I pay so much money for a program that I use for only 6 months ? support is also not helping. think what should I do ?

Hitman pro

Hitman pro result : norton pua ???

Ransomware gang threatens to wipe decryption key if negotiator hired

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files.

Last week, BleepingComputer first reported that the Ragnar Locker ransomware gang threatened to automatically publish a victim's stolen data if they contacted law enforcement or negotiation firms.

Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims' networks.
All this started with a call to action made by Allan Liska, a member of Recorded Future's CSIRT (computer security incident response team), on Twitter over the weekend.

Since then, with the help of several other contributors that joined his efforts, the list quickly grew to include security flaws found in products from over a dozen different software and hardware vendors.
While these bugs have been or still are exploited by one ransomware group or another in past and ongoing attacks, the list has also been expanded to include actively exploited flaws, as security researcher Pancak3 explained.

The list comes in the form of a diagram providing defenders with a starting point for shielding their network infrastructure from incoming ransomware attacks.

Intel's Entire 12th Gen Alder Lake T-Series 35W Low-Power CPU Lineup Leaks

Now, we're learning about some new additions to the Alder Lake family in the form of the low-power T-Series. The information comes from FanlessTech, which claims to have received info on the full lineup of processors (seven SKUs). In addition, the range extends further down-market than the K/KF models with two Core i3 SKUs, and all the processors are rated at 35 watts instead of 125 watts.
  • Core i9-12900K 16 (8+8) 24T up to 5.3GHz UHD Graphics 770
  • Core i9-12900T 16 (8+8) 24T up to 4.9GHz UHD Graphics 770
  • Core i7-12700K 12 (8+4) 20T up to 5.0GHz UHD Graphics 770
  • Core i7-12700T 12 (8+4) 20T up to 4.7GHz UHD Graphics 770
  • Core i5-12600K 6 (6+4) 16T up to 4.9GHz UHD Graphics 770
  • Core i5-12600T 6 (6+0) 12T up to 4.6GHz UHD Graphics 770
  • Core i5-12500T 6 (6+0) 12T up to 4.4GHz UHD Graphics 770
  • Core i5-12400T 6 (6+0) 12T up to 4.2GHz UHD Graphics 730
  • Core i3-12300T 4 (4+0) 8T up to 4.2GHz UHD Graphics 730
  • Core i3-12100T 4 (4+0) 8T up to 4.1GHz UHD Graphics 730
The biggest things that jump at us are that while the 16-core/24-thread configuration of the Core i9-12900T matches that of the Core i9-12900K, it features a 400MHz lower maximum turbo boost. It's a similar situation with the Core i7-12700T, which has a 300MHz lower maximum turbo clock.

Starlink Will Use Lasers To Provide Astronauts With Internet Coverage

Space Exploration Technologies Corp.'s (SpaceX) Starlink satellite internet service will soon provide internet connectivity to space travelers and astronauts, according to the company's chief Mr. Elon Musk. Starlink is currently in its beta test phase, which could end soon if Musk's words bear fruit as the executive also believes that the service will be ready for operational service next month.

The new satellites will feature optical connectivity, also referred to as lasers, with SpaceX having launched the first batch of the new spacecraft earlier this month with the Falcon 9 rocket. Now, according to comments made by Musk late night yesterday, Starlink will use these spacecraft and the older ones to provide astronauts and other space travelers with internet connectivity as they ascend through the Earth's atmosphere.

NEW Avast Version 21.8 (September 2021)

Hi all

NEW Avast Version 21.8 (September 2021)

Hi, all. Please welcome the newest version of Avast AV: 21.8 (21.8.2487)

Major public announcement:
  • A new logo for Avast! — As the digital world changes, we change with it. We’re proud to unveil a new expression of our identity, reflecting our continued commitment to protecting people’s digital freedom
Other notable improvements in the release:
  • Sign in more securely — We're now using OpenID, a more secure sign-in standard, to sign you in to your Avast Account
  • Improved exceptions — It's now possible to add exceptions solely for Behavior Shield
  • Fixed a tray icon bug — Our system tray icon now shows the proper status of shields after a PC restart
  • Password Protection update - we're now protecting newly created backup files of passwords stored in the browser
  • Firewall tweaks - We're now blocking switching to public profile when RDP is used
As usual a big thanks goes to the team for yet another successful release!

How to install:

1. Update from your existing Avast version via Settings -> Update -> Update program

2. Or you can download and install files:

Online installers (recommended):
Offline installers:

(In case the hyperlink here wouldn't work in your browser, just paste and copy the URL to the browser address bar)

With best Regards
Mops21

AMD Chipset Vulnerability Leaks Passwords, Patch Available

Apply this patch right away if you have an AMD CPU.

AMD has divulged details about a chipset vulnerability that can allow non-privileged users to read and dump some types of memory pages in Windows. This technique allows an attacker to steal passwords or enable other types of attacks, including circumventing standard KASLR exploitation (aka Spectre and Meltdown) mitigations (via TheRecord).

AMD originally issued the patch several weeks ago, but without disclosing which vulnerabilities were addressed. This new disclosure answers those questions.

How to choose for the gradual development of the system?

Now Android and IOS systems are constantly updated. Which system will they prefer to use?

Admin of DDoS service behind 200,000 attacks faces 35yrs in prison

At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations.
32-year old Matthew Gatrel of St. Charles, Illinois, ran two websites that allowed paying users to launch more than 200,000 DDoS attacks on targets in both the private and public sector.

Booter service and bulletproof server hosting​


Court documents reveal that Gatrel had been operating the DDoS services since at least October 2014. He ran two sites, DownThem and Ampnode, both enabling DDoS attacks.

Gatrel used DownThem to sell subscriptions for his DDoS services (also called “booters“ or “stressers“) and AmpNode offered “bulletproof” server hosting options to customers that needed servers pre-configured with DDoS attack scripts and lists of vulnerable systems that could amplify the assault.

When going through the records of the DownThem booter website, the investigators found it had more than 2,000 registered customers. According to the documents, users are responsible for launching over 200,000 DDoS attacks.

Alphabet Project Taara Pushes 700TB Of Data At 20Gbps Over 5KM With Fricken Laser Beams

Google parent company Alphabet had an ambitious plan to provide internet to underserved regions across the globe via Project Loon. Project Loon involved the use of high-altitude balloons that hovered in the Earth's stratosphere and provided internet connectivity to people on the ground. Commercial service first kicked off in Kenya, and balloons were later stationed to provide internet coverage following natural disasters in Peru and Puerto Rico

While Project Loon has since been dissolved, the underlying technology is still beneficial in the communications field. For example, through the use of wireless optical communication (WOC) technology, Alphabet's Project Taara initiative can provide a 20 Gbps data link between two points with a clear line of sight.

Billions more Android devices will reset risky app permissions

Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year.

The permission auto-reset feature, first introduced with Android 11, is designed to protect users' privacy by automatically removing runtime permissions for apps that haven't been used for months.

Runtime permissions (aka dangerous permissions), as Google explains, display prompts to request access to sensitive or private user data.

When this feature starts rolling out to older Android devices, it will be made available on all devices with Google Play services and running Android 6.0 (API level 23) up to and including Android 10 (API level 29).

"Starting in December 2021, we are expanding this to billions more devices. This feature will automatically be enabled on devices with Google Play services that are running Android 6.0 (API level 23) or higher," Google explained.

"On these devices, users can now go to the auto-reset settings page and enable/disable auto-reset for specific apps.

"The system will start to automatically reset the permissions of unused apps a few weeks after the feature launches on a device."

AdGuard relaunches news digest

Please welcome our new digest!

As companies find more sophisticated ways to harvest and analyze user data, as governments seek more options to control people's online activities, it's becoming more and more important to keep your eye on the ball and understand what happens around. Awareness, inter alia, may help to raise your voice against controversial innovations just in time.

There were times when we published a monthly digest of industry news that had been covered in our blog, but it didn't catch on. Now we want to experiment with a weekly format. In today's article we collected the recent news from the industry of ad blocking, privacy protection, and Web security, which we consider worthy of your time — and also some of the older news that may have went past you back then but still retain their relevance today.

1. Should you go passwordless just yet?
2. "Facebook Files" revealing all the dark secrets we already suspected about
3. Just reminding you why ads are not good
4. You might be wrong about who's actually eavesdropping on you
Read the full digest on AdGuard Blog:

Greetings from the UK

Stumbled across this site while looking for samples. Our work have recently introduced some perimeter security devices and a few keen beans have been asked to give it a test 🤷‍♂️;)

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years

A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying under the radar.

Cisco Talos dubbed the malware attacks "Operation Layover," building on previous research from the Microsoft Security Intelligence team in May 2021 that delved into a "dynamic campaign targeting the aerospace and travel sectors with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AsyncRAT."

This banking Trojan abuses YouTube to manage remote settings

The spam-spread malware is another headache for Latin America in the cybersecurity realm.

A banking Trojan has been detected that abuses YouTube, Pastebin, and other public platforms in order to spread and control compromised machines.

On Friday, ESET wrapped up a series on banking Trojans present in Latin America -- including Janeleiro, a new malware sample similar to Casbaneiro, Grandoreiro, and Mekotio -- but this one does not just hit that region; instead, campaigns have been detected across Brazil, Mexico, and Spain.

In a blog post, the cybersecurity researchers said that the Trojan, named Numando, has been active since 2018. Written in Delphi, this financial malware displays fake overlay windows to dupe victims into submitting sensitive data, such as the credentials used to access financial services.
  • Published
    Apr 8, 2019
  • Page views
    9,848
Top