New threads

This page contains the latest threads that were created in our community.

First look at Firefox's Multiple Picture-in-Picture video feature

Mozilla revealed some time ago that it was considering lifting the one-video limit for the Firefox web browser's Picture-in-Picture mode. While most Internet users may not have a need for that, unlocking the limit could be of interest to some users, e.g. when watching multiple sports matches, or different camera angles of a single one, or watching news or the stock market.

firefox multiple picture-in-picture videos
Mozilla enabled the feature in the most recent Firefox Nightly version by default. It is not obvious immediately that it is enabled, as it is necessary to open multiple tabs with videos to make use of the feature.
Here is how it works currently:
  1. Open a tab with a video in the Firefox web browser.
  2. Activate the Picture-in-Picture mode with a click on the button.
  3. Open another tab and load a website with a video.
  4. Activate the button with a click on the icon.
  5. Repeat steps 3 and 4.
  6. The new video is played on top of the playing one. You need to drag and drop it to view both.
Videos play simultaneously and so does the audio. You can mute the sound of individual videos to hear the sound of only one, but it is no requirement.
Videos can be paused and all other Picture-in-Picture controls are provided. The main Firefox window displays a "playing" indicator for all video tabs.

Link Fixer by Daniel Nixon

Everything 1.4.1.1005 released

help!!!

my computer specifically my MacBook Pro has been hijacked from marquis.com search engine. I have tried finding the malware on my computer and deleted and emptied my trash bin. but it seems to still have problems.

imuade's security configuration 2021

Hey guys, sorry to be late ;)
This is my current security configuration.
Waiting for your feedbacks :)

LAPS -> what about admin security groups

So we are considering using LAPS; as I understand this makes sure every workstation has its own local admin password, making it more difficult for hackers to horizontally move to other workstations in search of domain admin accounts.

Besides local admin, we have helpdesk / system administrator domain accounts, which are added to the local admin group through gpo. This security group is solely used for workstation admin access and cannot logon to servers or AD. The way I see it, these accounts pose the same threat that LAPS tries to solve. If one of the helpdesk accounts gets compromised, all workstations are compromised. Ok, unlike local admin accounts, a domain user password is easily reset, but this assumes we are aware of a password hack.

Should I disable the security group, and have administrators and helpdesk staff use the local admin password set by LAPS?
(they probably won't like that but let's assume they don't care)

Transfer data to Xiaomi phone

I bought a Xiaomi Redmi Note 9
I am upgrading from a Xiaomi Redmi Note 5A
I want to transfer the data. What's the best way to do that?
I already put the SIM in the new phone, and it's hard to connect the old phone to internet.
There is an app called

Copy My Data​

That is supposed to do it.
I am looking for a method that I don't need to install a new app on my old phone, because that would be a hassle at this point.
What can you suggest?

Data breach at Buyucoin crypto exchange leaks user info, trades

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.
Over the weekend, a threat actor known as ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange. [...]
The Buyucoin archive leaked by the threat actor this week includes three different data dumps allegedly of the exchange's MongoDB database. This archive contains three tar files named after the date the database was dumped, which was on June 1st, 2020, July 14th, 2020, and September 5th, 2020.
It is unknown if the threat actor performed these dumps on those dates or if they are backups created by Buyucoin.
These database dumps contain tables for user records, cryptocurrency trade transactions, linked bank account information, and others used internally by the exchange.
The user records table contains the information for 161,487 members. It includes email addresses, country, bcrypt hashed passwords, mobile numbers, and Google sign-in tokens if used when registering an account at the site. [...]
Buyucoin has also provided statements to Indian media stating that they are investigating the breach.
"Regarding the recent media reports, we are thoroughly investigating each and every aspect of the report about the malicious and unlawful cybercrime activities by foreign entities in mid-2020. Every BuyUcoin user with active portfolio has 3 factor authentication enabled trading accounts. All our user's portfolio assets are safe within a secure and encrypted environment. 95% of user's funds are kept in cold storage which are inaccessible to any server breach," Buyucoin said in a statement to Gadgets360.

Thespooks's Systems 2021

This is my setup for 2021. I am considering using Kaspersky cloud free, but I am concerned about privacy. What is your advice?

Arequire's Mobile Security Config 2021

Current mobile security configuration.

Superantispyware

Dear all, need suggestion.
Is anyone using SUPERAntiSpyware and is anybody have some experience?
I use Emsisoft as malware solution and I will use SUPERAntiSpyware as a free Malware second scan and I will run it one a month.
Or give some other, a maybe a better solution for a second free scan?
Thank you

Is there a quick scan in ESET Nod32 14.0.22.0

Is there a quick scan in ESET Nod32 14.0.22.0? I have used ESET Nod32 for 2 years now and currently still using it, but I cannot find the quick scan settings. I don't know if I am way too hella blind that I cannot see this option or is there actually none?

Password Manager: Cookie Encryption

Does anyone know of a password manager that encrypts and stores the actual session data from web-browser?

Like... (when unlocked) automatically place the required cookies/session data in corresponding folder so the browser would never have to log-in to the websites.

I was thinking this would be a cool feature, but haven't come across any software that does it.

Yahoo Redirect not fixing

Hi so um every time I clicked a link in google, it would redirect my search query to yahoo. I tried everything, I scanned my computer with malware bytes, nothing came up. I reset my settings, deleted cookies, and history. However, the problem persists, please help ASAP.

Another ransomware now uses DDoS attacks to force victims to pay

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.

In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims' network or web site as an extra tool to force them to pay a ransom. At the time, the two operations using this new tactic were SunCrypt and RagnarLocker.

A distributed denial of service (DDoS) attack is when a threat actor floods a website or a network connection with more requests than it can handle, making the service inaccessible.

When a company suffers a ransomware attack, many victims restore from backups and do not bother contacting the attackers.

The Avaddon ransomware gang now uses DDoS attacks to take down a victim's site or network until the victim contacts them and begins negotiating.
"Also, their site is currently under DDoS Attack, we will attack it until they contact us," Avaddon stated on their ransomware data leak site. [...]

pfSense Plus - pfSense Factory Edition is now pfSense Plus

So the guys at Netgate decided to fork pfSense into 2 versions:

a) The community edition (CE) will remain open source
b) Factory edition is now a closed source version

More details here: Announcing pfSense® Plus

I've been using Netgate's SG 2440 appliance at home for exactly 5 years now (since Jan 2016) and while this move is not entirely surprising it does not bode well for the CE. Reddit /r/PFSENSE is ablaze with many unhappy users both Netgate customers and appliance/system builders alike.

Alternative is OPNSense. I dual boot it off a MMC card in my Netgate appliance. IMHO pfSense wins hands down. pfBlockerNG doesn't support OPNSense yet.

Microsoft Store game save automatically recovered after a full reformat and with a new Microsoft account. How is that possible?

Something weird happened on one of our computers, and I wanted to have your opinions on the matter.

My wife's playing Township on her Windows 10 desktop. The game is quite popular and is from the Microsoft Store. On the game settings, I have linked it to her Facebook account for save sync. A few days ago, I made a full reformat of her computer using the latest Windows 10 on USB (meaning reformatting and deleting every partition on every drive) and logged in using her new Microsoft account. This is a new Microsoft account that was never linked in any way to this computer. Upon reinstall, the very first thing I did was going to the Microsoft Store and download Township. To my surprise, upon launch, her game was restored to the way it was (her level, virtual coins, etc...), meaning her save was recovered.

What puzzles me is how's that possible? Here save couldn't have been loaded from a cloud save (new Microsoft account and not logged into Facebook or anything, as nothing else was installed). She doesn't play the game on any other device, so it couldn't have been loaded from some sort of network sync (if that's even a thing for games). My only guess is that Township logs your unique device ID and automatically loads your save from there.

While I've seen this behavior in some softwares (iolo System Mechanic will recover your license using your device ID even after a full reformat, for example), however I've never seen this happen with a game before. To my knowledge, if you log in to a reformated/reseted Windows/Mac/Android/iOS with a new account, you'll never recover a game save...

What's your take on this? Am I missing something obvious? I'd be glad if you guys could lighten me up as I love knowing how my tech works...

RoboMan's 2021 Security Config

Morning fellas,

As from yesterday, this is my primary protection configuration.

I had about 40 days left for my Kaspersky license, but I was already experiencing some issues with certain applications (which Kaspersky support is trying to fix for more than a year now), so I decided to migrate anyways. I am not a fan of Windows Defender resource consumption, so I disabled it for good.

As for real time protection, I went with WiseVector StopX due to it's great malware protection capabilities. Since it's a basic antivirus with no extra modules, and taking into account the IMPORTANCE of default deny modules in 2021, I paired it up with VoodooShield (premium), which is configured to stay always ON. As an extra help, I hardened Windows with SysHardener.

I don't think I leave much of an open door for attack surface, but I'm 100% open for feedback and suggestions if you feel like I need it. I'm trying to avoid overkilling my laptop.

Thank you and stay safe.

YouTube.com is now available as a PWA

Source: Youtube web app gains PWA install prompt – may be hinting at offline support
The Youtube web app is now showing the PWA install prompt in the Chrome Omnibox for some. It’s important to note that some users have stated that they’ve seen this for a while now, but a mass rollout is significant versus a few people testing it in stages.

We’re seeing Google aggressively push the idea of turning many of its services into actual PWAs as they begin placing them in the Google Play Store in place of traditional apps.

More importantly, Google recently began enforcing a policy that would require developers to provide some form of offline functionality in order to make this PWA install prompt appear at the top of the Chrome browser.

My antivirus is detecting this as a treat PUA:Win32/Presenoker

I have a problem...
My windows is detecting this program as a threat.
Futhermore, despite having the option to remove it for some reason it keeps showing up on "Potencial Threats".
I already did some research and followed some steps to try to remove it, however it was unsuccessful.
Regards,
Lopes

Trend Micro Security 2021 Lite BETA

Trend Micro Security 2021 Lite BETA (v17.2.1083)

Enhancing Great Innovations
Be one of the first to try Trend Micro Security 2021 Lite using your personal laptop or desktop at home. Submit a completed online survey or report any critical bug and get a 3-month extension on your current license!

BETA Testing period: January 11 – February 1, 2021 PST

Trend Micro Maximum Security 2021 Lite mainly incorporates the following new features and enhancements:

Lighter installer package with the same protection

Enhanced installer size for faster download and installation. Get the following protection after installation:

Real-time Scan
Automatically scans files and folders downloaded or copied on the computer.

Manual Scan
Scans the most commonly accessed files and folders. A manual scan is triggered when the user initiates either Quick or Full Scan.

Web Threat protection
Scans websites as soon as you open them or clicked on a link.

Fill the registration form and download the beta HERE.

BIG thanks to @BigWrench for giving me the link to the beta! (y)


tmmain.jpg tmroot.jpgtmusage.jpg

Some first impressions:

- User interface is the same than in previous version
- Firewall Booster removed
- Installation package is now 100mb (about 450mb in previous version)
- No component downloads during installation
- Installs fast
- Basically zero impact to boot time (or i just don't notice it)
- Memory usage is about the same than in previous version

Test system: 7 years old Samsung laptop I3 2 ghz, 128 GB SSD (SATA II), 6gb ram

Hello MalwareTips!

I have been lurking here probably a year now and thought it was time to join the group. I have learned a lot from your posts and hope to learn much more as I go along. I am very glad to be part of the site.

What is your position on allowing extensions to run in Private mode?

Do you actually allow to run any of your standard browser extension to run in incognito/private mode, too? Is so, why and which extensions are that :)?

Bill Wonka's Security & Hardw Specs Config 2021

My latest configuration.

Home Security Technician (ADT) Admits Spying on Customers

A former home security technician has admitted habitually hacking into customers' home surveillance cameras to spy on people without their consent.

Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT.

SonicWall Hacked Using 0-Day in its Own VPN Product

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems.

The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News.

Kaspersky Exclusions

Has anyone bothered setting up exclusions for Kaspersky (Total Security in my case)?

I have Windows Updates disabled, and don't desire to routinely update anything besides KTS.

It would be nice not to have to manually commit changes every time KTS updates, so I rather utilize the SD exclusions.

I installed KTS using Total Uninstall, which generated a nice detailed list of all the file and registry locations.

Adding all the file exclusions was pretty easy, but there are a ton of registry entries that I am not so enthusiastic about manually adding.

I wonder if there are a couple registry entries that are necessary to allow KTS to update, and if the large majority of them are 'stationary'.
sshot-002.png
sshot-003.png
sshot-004.png

As for the registry entries, they are quite extensive, so I will not list them here. It took me about 5-10 minutes to add all the file exclusions, but I imagine adding all the registry exclusions would take several hours.

Maybe I could wait until the next KTS update, and log it with Total Uninstall to see which registry keys are changed, and go from there.

Thought I would post this here, incase I am not the only one interested in this.

(The faded out entries are from Kaspersky VPN, that I have since uninstalled)

Adware in Chrome, Edge and Firefox. AV can't find the problem

Hello Guys,

first of all: Huge thanks for helping people in this forum. I'm from Germany so my english isn't the best and also the FRST-Reports are partly on german (i can translate if necessary).
To my Problem: A few days or weeks (I'm not quite sure) ago I noticed a huge amount of Ads in front of any google search within chrome, firefox and Edge. I already took following steps:
1. Reinstalled all browsers (nothing changed)
2. Searched for any malware/malicious extensions manually (nothing found)
3. Tried out different anti-virus programs (Avira, Kaspersky, Malwarebytes + Adwcleaner), but nothing was found. (I only ran / installed one at a time)
4. There is only one interesting thing: Malewarebyte's Adwcleaner can't find anything, but if I run the basic repairs afterwards, the ads are removed (until next reboot)

I also noticed the "Managed by your organization"-Label on top of the chrome settings and also can't explain why this is the case.
I hope you can help me with my case.

Best regards,
Gordian

Bonobos clothing store suffers a data breach, hacker leaks 70GB database

Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup of their database was downloaded by a threat actor. Bonobos states that the corporate systems were not breached during the attack.
Bonobos started as an online men's clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site. [...]
After BleepingComputer contacted Bonobos about the leaked database, the clothing store told us that the threat actors did not gain access to internal systems but rather to a backup file hosted in an external cloud environment.
"Protecting our customers’ data is something we take very seriously. We’re investigating this matter further and, so far, have found no evidence of unauthorized parties gaining access to Bonobos’ internal system. What we have discovered is an unauthorized third party was able to view a backup file hosted in an external cloud environment. We contacted the host provider to resolve this issue as soon as we became aware of it." "Also, we have taken additional precautionary steps, including turning off access points, invalidating account passwords and requiring password resets, to further secure customer accounts. We're emailing customers to notify them that their contact information and encrypted passwords may have been viewed by an unauthorized third party. Payment information was not affected by this issue. We’ll continue to share updates with customers as they become available," Bonobos told BleepingComputer via email.

I will kill you..

Yesteday I got a mail from "agent 12". "
Hey Nevi
""I am agent 12(!) Someone hired me to kill you. I got every detail info about you, your home address, your daily schedule, and that of your family.
For your safety and that of your family, Do not make the mistake of involving the cops or FBI in this. Do not think you would use another's phone
to communicate because all your activities are closely monitored
If you do anything stupid, I will be left with no option, but to do my job and leave.
This is Urgent. Reply me asap""

I wrote back and answered what he could do with his threat. Now it would great if the idiot tell me to send him money, then I'm totally sure it's a hoax.
Have anybody else here on MT tried this? :)

PrimoCache v4.0.1 released

PrimoCache v4.0.1 by Romex Software

What Is PrimoCache?

PrimoCache is a software caching solution that cooperates with system memory, solid-state drives (SSDs) and flash drives to accelerate relatively slow storage devices. It transparently stores disk data into faster cache devices such as system memory and SSDs, so that future read requests for those data will be served directly from the cache and be faster. Thus access time will be reduced, showing a great improvement in the system reading performance.

Furthermore, PrimoCache is able to complete write requests very quickly by temporarily writing incoming data to fast cache devices first and writing them back to target disks later. In this manner, cache devices work as writing buffer, greatly improving the system writing performance and making the system able to handle heavy or stream write IOs.

Load Apps and Data Faster
Effectively cache your frequently used applications, documents and other data into faster storage devices, accessing them at up to RAM-like or SSD-like speeds. Make your computer more responsive for creating, gaming and producing, with less boot and load times.

Accelerate Writing
Complete write requests very quickly by temporarily storing incoming data into RAM or SSD storage first and writing them back to target disks later. Enable your computer to handle heavy or stream write IOs, while reducing writes and wear on disks.

Various and Tiered Caching Storage
Capable of interoperating with almost all faster storage devices, including system memory, invisible memory, solid-state drives and flash drives, to accelerate relatively slow storage. Two-level caching architecture is created, able to run RAM and SSD caching concurrently. RAM cache is ultra-fast, while SSD cache offers larger capacity and persistent cache. Using only single caching storage is also available.

Simple and Flexible
Setup caching and accelerate storage in just few simple clicks! Special features such as multiple caching strategies, different writing modes, individual read/write space and individual volume control, make caching flexible to various scenarios.

pc1.jpgpc2.jpg

Homepage | Product Overview | Download 30 day trial | Changelog | Community Forum

Shadow Defender - Free License

Great piece of software and a fantastic addition to any PC security configuration. You can stop unwanted changes, experiment with software, and try stuff out without having to worry about things. Now, I still recommend a VM for testing stuff. However, if you are worried about things spilling over to your computer or want a good air gap this software can be that answer - plus additional configuration for that true 'air gap' tight security.

Per Shadow Defender (about the program):

Shadow Defender can run your system in a virtual environment called 'Shadow Mode'. 'Shadow Mode' redirects each system change to a virtual environment with no change to your real environment. If you experience malicious activities and/or unwanted changes, perform a reboot to restore your system back to its original state, as if nothing happened.

With Shadow Defender, you have the flexibility to specify which files and folders are permanently saved to the real environment. This ensures important files and folders are kept after a reboot.

Hope everyone enjoys this software as much as I enjoy it! Now you can use the software for free. How cool!

~Brian

pwnedcrypto's security setup | 2021

Leave all suggestions and feedback below. :)

Privacy Redirect - Redirects Twitter, YouTube, Instagram, Google Maps, Reddit & Google Search requests to privacy friendly alternatives.

Available for Chrome and Firefox. I think Edge also has it

1611367005753.png

1611367088189.png


For example settings for Invidious

1611367198170.png



For Chrome


For Firefox

TROJANDROPPER

I recently did a virus scan on my computer and I have two viruses, Trojandropper, and backdoor:js... I'm really sad and I don't know how to remove them

Intel: Hackers stole unpublished earnings info from corporate site

Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results.
The data was part of Intel's yet unpublished quarterly earnings the company was planning to publish and file with the U.S. Securities and Exchange Commission after the stock market closed on Thursday.
However, after discovering the incident and finding that the stolen info was being shared outside the company, Intel published the quarterly earnings report minutes before the market's closure.
"We are investigating reports that non-authorized access may have been obtained to one graphic in our earnings material," Intel told BleepingComputer.
"Yesterday, once we became aware of these reports, we made the decision to issue our earnings announcement a brief time before the originally scheduled release time."
This measure was taken to prevent individuals who might have gained access to the stolen infographic from illegally using the information obtained in advance for an unfair advantage on the market.
The infographic was accessed and exfiltrated from Intel's corporate PR newsroom website as the company's Chief Financial Officer George Davis told the Financial Times — an infographic containing information related to the Q4 & FY 202o earnings statement is now available on Intel's newsroom.

Poco M3 typing problem

Googled all way around and I didn't find the answer. So let me try here 😅
Xiaomi Poco M3, MIUI 12, GBoard, AutoCorrection disabled, SpellChecker disabled globaly (in phone settings)
Still, in these apps Chrome, Viber, Messaging, the words are getting black underlined while I type (word is getting underlined until I press space and type the next word)
It's driving me crazy 🤬
Any suggestions?

What’s next for Windows release notes

Microsoft has consolidated support.office.com and support.microsoft.com into a unified support site to make it easier for you to find support and troubleshooting resources for Microsoft 365. As part of this effort, you will see a number of changes and improvements to Windows release notes, the Windows update history pages, and related informational articles. Behind the scenes, we'll also be making foundational changes—to formatting, the user interface, and the type of metadata available.

In addition to making it easier to locate relevant support articles when using a search engine, the consolidation of these two information experiences increases our ability to quickly publish new articles and keep existing articles up to date.

There is nothing you need to do to benefit from these changes. We will begin to roll them out in the coming weeks. For those interested in the fine details, here are some of the changes you can expect.

EEK Files Detected as Malware by Microsoft Defender

I have used Emsisoft Emergency Kit a lot in the past. I may not use it as a common 3rd party scanner for now in combination with Microsoft Defender. Any time I run an update and scan Defender deletes some of the signatures during the scan. Emsisoft has confirmed it's a false positive on Defender's part, but I don't know what effect this is having on the scan for EEK. Just a heads up to anyone using it. Interestingly it is the first Real Time block I've ever seen from Defender. Apparently they changed something and made it more sensitive.

CaptureTrojan.PNG

The Secure Messaging App Conundrum: Signal vs. Telegram

In the last few days I have been asked by many non-crypto friends “to recommend a secure messaging app alternative to WhatsApp”. This report contains my answer ,

The Contenders

When discussing secure messaging apps, two of them come immediately to mind: Signal [5] and Telegram [11] 1 . Therefore, I decided to lay down as clearly as possible the reasons why one gives higher security guarantees than the other.

Disclaimer. Both Signal and Telegram care about security. Their teams are a collection of extremely smart people, and they do their best to protect their users. What sets them apart is their approach to security, and this is what I will analyze in this report. Neither protocol has been broken (yet), and as of the writing of this report I have never being in contact with any of the companies mentioned here.

TL;DR: Signal gives stronger security guarantees than Telegram. If you want to prioritize security, use Signal. If you really like cool stickers, ginormous groups (100 000 of users!), and are willing to trust the guys at Telegram (they are not Facebook after all), go for Telegram. Either choice gives you better security guarantees than WhatsApp , If you are looking of a summary of my points, read the Conclusions section.
Conclusions

Signal has a better security infrastructure than Telegram for three reasons:
1. Signal does not ask users to trust Signal, Telegram does (and this has strong implications on security).
2. Every communication in Signal is E2E encrypted, in Telegram groups cannot be. Even assuming that encryption does not make sense for public groups with thousands of members, the lack of E2E encryption for small groups seems unnecessarily problematic.
3. E2E encryption is on by default on Signal, and in fact it cannot be turned off. This is not the case for Telegram, and it is bad practice in security. The choice of the security settings should NOT be left to users: that is what experts are for.

Still, from a security standpoint either of them is a better choice than WhatsApp, because they are open source (with some caveats in the case of Telegram, see the previous section for a more detailed explanation).
Read the full research in this pdf by Cecilia Boschini:

Favicons may be used to track users

Security researchers of the University of Illinois at Chicago have discovered a new method to track Internet users that is persistent across sessions, even if users clear cookies and the browsing cache.

The research paper Tales of F A V I C O N S and Caches: Persistent Tracking in Modern Browsers highlights that favicons may be used in conjunction with fingerprinting techniques to track users.

Favicons are used by site to display a small site icon, e.g. in the address bar of browsers that support it but also elsewhere, e.g. in the bookmarks or tabs. Favicons are cached by the browser, but are stored independently from other cached items such as HTML files or site images.

Users who use built-in functionality to clear the cache will have these cached files removed from storage but not favicons. In other words: favicons persist over browsing sessions even if the user clears the cache, and they are accessible even in private browsing or Incognito mode sessions.

Browsers detect and cache favicons of sites automatically, and sites may use a single line of code to specify their favicon.

A single favicon is not enough to identify users based on it, but the researchers discovered a way to plant multiple favicons in the favicon cache. The site does a series of redirects through several subdomains to save multiple different favicons in the cache. Each saved favicon creates its own entry in the cache, and all of them together can be used to identify users provided that enough favicons are saved using the methodology.

favicon attack


Redirects happen without any user interaction as everything is controlled by the site in question.

The researchers tested the attack against the Chromium-based browsers Google Chrome, Brave, Safari and Microsoft Edge, and found them all vulnerable to the attack. They did try the attack on Firefox but found a bug that prevented the browser from reading cached favicon entries. Once fixed, Firefox would likely be vulnerable to the attack as well.

The attack takes a bit of time according to the research paper, but it should be possible to improve the performance with optimizations.

We find that combining our favicon based tracking technique with immutable browser-fingerprinting attributes that do not change over time allows a website to reconstruct a 32-bit tracking identifier in 2 seconds.
The researchers suggest several mitigation and counter-measure options, all of which require that browser makers change favicon-related functionality.

Favicons may be used to track users - gHacks Tech News

How To Fix WBXD File

Last 3 days ago I was downloaded Iobit software that offer free licensed with crack and then after I downloaded it says needs to install but I need to turn off my anti virus, so I turned off my windows defender and then after my pc was slow down and my images can not be open. Any idea how to fix this? Thank you

League of Antivirus - Heimdal Thor Premium Home 2.5.314 vs Malicious URLs, Phishing URLs, Malware Samples

Heimdal Thor Premium Home 2.5.314 vs Malicious URLs, Phishing URLs, Malware Samples, Real-World Detection

Galaxy S21 Ultra vs iPhone 12 Pro Max

Hi guys,

I ordered iPhone 12 Pro Max few days ago, then cancelled the order and got Samsung Galaxy S21 Ultra.

How’s Samsung software and Android nowadays? It’s been around 7 years I haven’t followed up on that.

Retiring Tucows Downloads

We have made the difficult decision to retire the Tucows Downloads site. We’re pleased to say that much of the software and other assets that made up the Tucows Downloads library have been transferred to our friends at the Internet Archive for posterity.
Tucows Downloads has had an incredible run. Retiring it is the right move but that doesn’t alter the fact that it will always hold a special place in hearts and our story. We’re thankful to the thousands of software developers who used Tucows Downloads to get their software in front of millions of people, driving billions of downloads over more than 25 years.

Thank you.

Sincerely,
Elliot Noss
CEO, Tucows

CHwapi hospital hit by Windows BitLocker encryption cyberattack

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.
On Sunday, CHwapi suffered an attack that caused the hospital to redirect patients to other hospitals and delay surgical procedures.
While the hospital's services are slowly recovering and surgical operations have resumed, CHwapi continues to cancel some services and redirect urgent cases to other hospitals.
- Information sessions for future parents on January 20 and 21 are canceled.
- The consultations are maintained;
- Surgical operations resumed this Wednesday, January 20;
- Patient data has not been compromised;
- The distribution circuit of Covid vaccines in MR / MRS is not disrupted;
- For the moment, the CHwapi no longer receives urgent cases sent by service 100. Patients are redirected to other hospitals.​

Laptops Given to British Schoolkids Preloaded with Malware

A shipment of laptops supplied to British schoolkids by the Department for Education to help them learn under lockdown came preloaded with malware, The Register can reveal.

The affected laptops, supplied to schools under the government's Get Help With Technology (GHWT) scheme, which started last year, came bundled with the Gamarue malware – an old remote access worm from the 2010s. The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware. A spokesperson for the manufacturer was not available for comment. These devices have shipped over the past three to four weeks, though it is unclear how many of them are infected. It is believed the devices were imaged as they left the factory. One source at a school told The Register that the machines in question seemed to have been manufactured in late 2019 and appeared to have been loaded with their DfE-specified software last year. We have been shown emails sent to and from the Department for Education (DfE), which runs the GHWT scheme, flagging up concerns about the laptops. It appears that at least one school is formatting and reimaging the laptops from a known clean build before issuing them to pupils.
Top