New threads

This page contains the latest threads that were created in our community.

Ryuk ransomware operation updates hacking techniques

Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network.

The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet.

Furthermore, using targeted phishing emails to deliver the malware continues to be a favored initial infection vector for the threat actor.

Security researchers from the threat intelligence boutique Advanced Intelligence (AdvIntel) observed that Ryuk ransomware attacks this year relied more often on compromising exposed RDP connections to gain an initial foothold on a target network. [...]
The researchers say that the actor engages other cybercriminals to learn about the defenses on a network they attack to find a way to disable them.

Among the newer techniques the researchers saw in Ryuk ransomware attacks was the use of KeeThief, an open-source tool for extracting credentials from KeePass password manager.

KeeThief works by extracting key material (e.g. master password, key file) from the memory of a running KeePass process with an unlocked database.

Vitali Kremez, the CEO of AdvIntel, told BleepingComputer that the attackers used KeeThief to bypass EDR and other defenses by stealing the credentials of a local IT administrator with access to EDR software.

PSA: Severe bug in Babuk ransomware decryptor leads to data loss

One of the main tasks of the Emsisoft research lab is to keep track of new ransomware families. Our main goal is always to find flaws and weaknesses that allow us to decrypt victim files without them having to pay the threat actors operating the ransomware, but as part of our research, we are often one of the first people to learn about serious bugs in ransomware families in general.

In this particular case, we found a severe issue within the Babuk ransomware strain that targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray/RansomExx, Darkside, and since recently also Babuk.

Babuk has been a relative newcomer in the wild west that is the current ransomware threat landscape. They first appeared at the beginning of 2021 and like most ransomware gangs initially focused exclusively on encrypting Windows systems. Over the past couple of months, however, they quickly evolved their platform to jump onto the growing trend of attacking Linux-based systems like ESXi as well.

Unfortunately, the velocity at which they evolved their platform came at the cost of quality. As a result, there are multiple fundamental design flaws within both the encrypting and decrypting parts of Babuk on ESXi, which can lead to serious and irreparable data loss.

One of the bugs within the actual Babuk ransomware on ESXi is, that files can be encrypted multiple times. Multiple encryption layers are a nuisance, but ultimately just mean that with some manual effort a victim can still decrypt their data by simply decrypting the ransomed data again and again until all encryption layers have been removed.

The second bug will cause Babuk to only rename files on an ESXi server, but not encrypt them. This wouldn’t be a huge issue if it wasn’t for the fact that the decryptor provided by the Babuk threat actors has no precautions in place to detect whether a file with the *.babyk extension is actually encrypted or not. It will blindly “decrypt” these unencrypted files, trashing them in the process.

Bugs like this within ransomware are unfortunately increasingly common and they are one of the reasons, why we are offering our ransomware expertise to any victim of ransomware in the form of our Ransomware Recovery Services, where we offer a free evaluation of your specific case to bring potential bugs and issues that may hinder your successful recovery to your attention, and also provide solutions and workarounds in form of our own superior recovery tooling for a fixed-price fee.

Last but not least, we want to once again emphasise how important it is to create backups or snapshots of your encrypted data first, before running any sort of decryption tool no matter what its source is. Without either of those safety measures in place, any small bug or any brief operational issue can lead to severe and irrecoverable loss of your data. We understand that after an extended downtime that inevitably follows any ransomware attack, there is immense pressure to get systems back up and operational again as soon as possible. But it is important to not give in to that pressure and throw all safety and precaution measures overboard. Both your company’s and your data’s survival may depend on them.

Millions of passwords and private data are leaked by hack webshop Allekabels.nl

The private data and passwords of millions of Dutch people are leaked after a hack at the popular webshop Allekabels. According to experts, this is the largest data breach with passwords in the Netherlands ever. The stolen data is misused by criminals.

This is evident from research carried out by RTL Nieuws, which has seen and verified the stolen data. Allekabels' stolen database, containing the private data of some 3.6 million people, was put up for sale on a hacker forum at the end of January for a sum of 15,000 euros.

The ad was removed months ago, suggesting that the data was then sold. They are now traded among cyber criminals, and the data is actively misused to send, scam or hack people phishing messages.

Millions of passwords
In total, some 2.6 million unique email addresses are linked to names, home addresses, phone numbers, dates of birth and encrypted passwords. Those passwords still need to be cracked first, which is common after a data breach. With Allekabels, that's a piece of cake: a lot of the passwords are very weakly encrypted and can be cracked within seconds, according to experts.

The other million data is personal data of people who have ordered from Allekabels via a webshop such as Bol.com and Amazon. No email addresses or passwords were leaked from them.

It is the largest password data breach in the Netherlands ever, according to ethical hacker Rickey Gevers. He is the founder of Scattered Secrets, a website where you can look up in which data breaches your data occurs. "The Allekabels leak is extremely interesting and valuable to cybercriminals because of all the passwords and sensitive information," he said. In second place is prostitution site Hookers, of which some 250,000 passwords were leaked in 2019.

Best filters for Brave adblocker?

What filters should we use for Brave ad blocker?

Malwarebyte won't register with Windows Security

So just because of the recent improvements in performance in lab testing I was looking at just testing out Malwarebytes Premium since I have a license. But no matter what I do it won't register as a main AV with Windows Security. There are several threads about this in their forums, but I haven't seen a solution. Has anybody heard of one? More curious than anything, it seems they still have quite a bit of maturing to do. I have done the following:

1. Added my license (which worked, but then I forgot to tell it to start with Windows, and then it wasn't registered after a restart)
2. Toggled the button to register with Windows Security, waiting various amounts of time.
3. Restarted several times after telling it to start with Windows.
4. Uninstalld and reinstalled.
5. Uninstalled with their tool. Then let it reinstall.
6. Uninstalled with their tool and manually reinstalled.

I'm out of ideas, but this seems a glaring issue for something that is supposed to be used as a main AV. Most people on their forums seem to give up and run them side by side. I used to do that for a while, but it had a really big impact on game and app loading times. If anybody has any tips on a fix I'd be interested, but it's not the end of the world. Mostly a side project out of curiosity than anything.

Scam developers find new way around Apple’s App Store checks

Apple has repeatedly claimed the reason why they can not allow users to install apps from outside the App Store on their iPhones was that they would be much less safe from unscrupulous developers. There is now increasing evidence that Apple is doing little to protect their user base, with developers consistently able to find a way around the checks.

The latest has been revealed by entrepreneur Kosta Eleftheriou, who has been on a crusade of sorts on the issue.

He reports on a game called Jungle Runner, which appears to be a simple platformer.

malware game

The app uses online ads to get new users and pretends to have been covered by CNN Turkey in the past.



However when installed, if the app detects (via geolocation) it is being played in Turkey, this pretence is dropped, and the user interface is replaced by a web view which reveals the real purpose of the game – online gambling.



Because the app is a web view no actual code regarding the gambling aspect is present in the app, and the functionality is not revealed when Apple tests the app in other locations around the world. In addition, the app does not use Apple Pay, and users report that the actual gambling game is stacked very heavily against the players, with promises of bonuses not materialising.

Eleftheriou notes that the secret to the success of the game is that Apple users are more likely to install random apps from the web as they believe they are safe on Apple’s platform. Apple is however making promises it can not keep. In addition, Apple has been accused of profiting from apps that scam users, with some reluctance to address the issue, with basic features such as a report button not being present in the App Store.

Jungle Runner has now been removed from the Store, but the developers will soon be back, under a different name, with an app that is more or less the same. Apple appears unwilling or unable to fix the issue, which raises questions regarding the purpose of their walled garden, which appears to be more about keeping users locked in than keeping bad actors out.

Twitter is suffering again from a global outage this morning

Twitter is suffering a worldwide outage that started last night and is continuing into Saturday morning with erratic behavior and features partially working.

The issues people are experiencing include searches not working, content not loading with a spinning circle, images not displaying, or even problems logging into the site.

On mobile devices, Twitter users are being shown messages stating, "Tweets aren't loading right now. Try again."

These issues are erratic as they come and go and are affecting devices and people in different ways. From conversations with people in other countries this appears to be a global problem.

For example, on our BleepingComputer Twitter account, nothing is working at all. However, I can see tweets on my personal account, but I am having trouble searching and accessing direct messages.

Twitter is aware of the problem and stated it is a problem on their servers.

"We know that parts of Twitter still aren’t working for some of you. We’re fixing an issue with our servers to get things back to normal soon. Thanks for sticking with us," said Twitter's support account.

BleepingComputer has also reached out to Twitter via email for a statement but has not heard back.

This is a developing story.

Nvidia's GeForce RTX 3080 Ti 12GB reportedly priced at $999, launch in May

Hong Kong, it seems, is bustling with GPU activity as recently there was a seize of illegal GPUs being smuggled and today a bunch of upcoming Nvidia RTX 3080 Ti MSI Ventus models were spotted.

Tech site HKEPC has reported that it has spotted MSI Ventus models of Nvidia's upcoming RTX 3080 Ti 12GB graphics cards. The graphics cards were seen during the process of transit as they are reportedly being transported from Hong Kong and destined for US retail stores and such. This is in preparation of the 3080 Ti's reported launch next month. The site adds that Nvidia is pricing the RTX 3080 Ti at $999 which is the same as AMD's 16GB Radeon RX 6900 XT.

The rest of the article

Major BGP leak disrupts thousands of networks globally

A large BGP routing leak that occurred last night disrupted the connectivity for thousands of major networks and websites around the world.
Although the BGP routing leak occurred in Vodafone's autonomous network (AS55410) based in India, it has impacted U.S. companies, including Google, according to sources.

News article scoop on Huawei snooping on Dutch mobile network (since 2010)

Snooping accusations Huawei/ZTE mentioned in confidential report dating back to 2010
Dutch quality news paper "de Volkskrant" published a scoop today on a audit report from Cap Gemini conducted in 2010 on a security evaluation on Dutch mobile network of KPN. The consultancy firm found evidence that employees of Huawei had access to Call Detail Records and voice content. The report from 2010 was kept secret because decision makers involved feared KPN (mobile) to go bankrupt when this news would have been disclosed.


How Huawei gained access
For quality purpose a Mobile Network Operator has an option to listen for a few seconds to any phone call (without an order from Police or Justice). Huawei employees should only have access to this build-in tap (for quality check purpose) after receiving a temporary access code from KPN security employees. Not only did Huawei bypass this internal security mechanism by accessing this option directly, they also misused this quality check option by extending this tap from a few seconds to the full call length. Obviously this is not according to contract Huawei had with Dutch Telecom operator KPN (and Dutch law).

Huawei also managed to gain access to the heavily secured the "phone tap" system called 'Lawful Intercept" which is used by operators when justice or police asks to track and tap phone calls for legal purposes. The article hints that Huawei replaced encryption with a weaker version, which could be hacked (and probably was hacked). The quote from the consultancy mentions "weak encryption" for 2010 standards.


Impact not limited to Dutch telecom operator KPN
The KPN did a follow up study at their German mobile daughter E-plus, which used ZTE equipment (also Chinese) and the findings were the same. Those Huawei/ZTE systems are also used by Vodaphone and T-mobile to mention two of the largest EU-telecom operators. So it is very unlikely Huawei only limited this snooping to Dutch operator (since British and German operators are economical and political much more interesting than the Netherlands).


Reliabilty of this disclosure
Dutch reporters accompanying Dutch politicians to Chinese trade travels noticed that the politicians used burners to communicate during trade meetings. This adds to the credibility to the story beside the fact that the Volkskrant is the source. The Volkskrant is not a tabloid, but a quality newspaper with a sound journalistic reputation. The Volkskrant together with NRC and Parool are reliable quality news papers, who also were involved in the Panama papers disclosure.

My take
For me this settles the dispute on Chinese companies scooping in behalf of the Chinese government. The US-based accusations in regard to Chinese vendors are probably true. I used to think that the commercial stake would be higher for Huawei and ZTE than the political stake (they would be banned from Western communication infrastructure when US accusations were true). This is the reason I also bought a Chinese router (TP-link). I am not going to buy another router (I am not a person of interest :) ), but I am never going to buy Chinese communication devices anymore.

Smoking gun awating approval
I noticed this post is awaiting approval. Because of the impact I can onderstand that mods want to check on this smoking gun. Maybe @Gandalf_The_Grey, @rain2reign or @Jan Willy could confirm this Volkskrant article (because they read Dutch :) )

BazarLoader Malware Abuses Slack, BaseCamp Clouds

The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said.

And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain.

The BazarLoader downloader, written in C++, has the primary function of downloading and executing additional modules. BazarLoader was first observed in the wild last April – and since then researchers have observed at least six variants, “signaling active and continued development.”

It’s been recently seen being used as a staging malware for ransomware, particularly Ryuk.

“With a focus on targets in large enterprises, BazarLoader could potentially be used to mount a subsequent ransomware attack,” according to an advisory from Sophos, issued on Thursday.

AVG Firewall vs Avast Firewall

In AVG Internet Security is called "Enhanced Firewall" and in Avast only "Firewall".
I've read in an article review that AVG Internet Security's firewall is different from Avast's, it has something that still comes from the time before AVG was acquired by Avast, but it wasn't clear. So, what is the difference between the firewalls of AVG IS and Avast premiun?

Microsoft, Vivaldi, Mozilla, and Brave turn down Google's FLoC

Pretty much every browser maker but Google has pushed back against FLoC.

What you need to know
  • Vivaldi, Mozilla, and Brave have come out with strong statements against Google's FLoC.
  • FLoC uses your data to place you into groups for the purpose of advertising.
  • Microsoft also commented on FLoC, and appears to be against it.
The majority of criticism from the companies revolves around transparancy and how much data FLoC shares with sites. It's unclear how this many browsers turning it down will affect FLoC going forward.

Chrome can now link to specific text in a page, adds new PDF features

Earlier this week, Google released version 90 of Chrome, bringing along a few improvements and changes to the browser, but today, it announced a few more that are rolling out now or coming soon.

The first notable addition is the ability to create links to specific bits of text in a webpage. Users can highlight any part of a page, right-click it, and choose the "Copy link to highlight" option to create a link that opens the page in that specific part of the page. Last summer, Google released a Chrome extension called Link to Text Fragment that did the same thing, but it's now part of the browser itself. This is rolling out on Android and desktop versions of Chrome first, with iOS coming soon.

Next up there are some improvements to the PDF reader in Chrome, starting with a new side bar that features thumbnails for all the pages of the document, making it easier to jump to a specific page more quickly. There's also a new presentation mode that hides all the UI elements to focus on the document itself, and new tools like a two-page view and an updated toolbar at the top with quicker access to controls like zoom and print. This is all rolling out now on for desktop users.

Another notable addition is support for renaming your Chrome windows, which should help with managing different projects and their related tabs. To rename a window, users can right-click an empty area of the tab strip. This feature is rolling out now.

Finally, building on the performance improvements that Google has already delivered with recent updates to Chrome, the company is soon making it so that collapsing a tab group freezes all the tabs inside it. Currently, tabs are frozen after they've been inactive for a while, but this will expand the scope of tab freezing. This will be available in beta soon, so a stable release will have to wait a bit longer.

Google’s Project Zero finally give companies a 30 days grace period to roll out patches

The release of patches of the recent Hafnium Exchange exploit let to a further massive wave of Exchange server exploits as non-state threat actors reverse-engineered the patches to hack servers for non-political ransomware attacks. It is very often the case that a patch is the first criminal hackers learn of an exploit, and reverse engineering the patch is often a quick and easy way to develop an exploit for those who are still to be unpatched.

It is for this reason that Google’s Project Zero has often attracted a lot of flack since they insist on releasing details of exploits within 90 days, irrespective of whether companies such as Microsoft had enough time to test and roll out a fix.

Today Project Zero announced a new policy which would give companies 30 days to roll out their patch before disclosure, as long as they have actually developed the patch within the usual allotted 90 days, making it 120 days between discovery and disclosure. In cases where companies have not yet released a patch within 90 days disclosure would be at the end of the usual 90 day period.

Dell Optiplex 7010 MT Case Swap

My PC is an Dell Optiplex 7010 MT, I would like to change the case for some other one but there is not much information because Dell restricts connectors and some things that make it difficult to change the case.

Could you recommend a compatible case and what's necessary (if possible) to do it?

Auslogics boostspeed vs wise care 365 Which is better?

Hi, guys
As the Hadding Sayed, which software is better?
I searched over the internet found a lot of things, but non can really answer the question.

PSA: Apple is Updating Old Apps With Latest Signing Certificate Ahead of iOS 14.5

Users may notice that a number of very old apps are receiving new App Store updates. Instead of fixing bugs or adding new features, the updates are occurring because Apple is updating developers' apps that use a legacy ‌App Store‌ code signing certificate with the latest version so that they can launch correctly in the upcoming releases of iOS 14.5 and iPadOS 14.5.

Developers of affected apps do not need to re-sign their apps themselves, since Apple will issue the update and new signing certificate itself. Apple is issuing the updates with the What's New text "This app has been updated by Apple to use the latest Apple signing certificate."

Smartscreen conflicts with other browser extensions?

Sorry for a noob question here, I did search but did not find my answer. When you have Smartscreen enabled, then you have other browser extensions such as the Avast or AVG Online Security or Bitdefender Traffic Light, do they both work together OK or can there be conflicts between the two? Regardless of the AV you use, would it be best to just use only one browser extension? I know a lot of AVs have browser extensions too and was wondering whether they cause problems if you also have Smartscreen.

Thanks for any info on this.

C.H.

Intel Alder Lake details leak, up to 16 core Alder Lake-S, W680 chipset

Intel's Alder Lake is the company's upcoming 12th gen 'Core i' series processor lineup and over the last few months, leaks related to it have been pouring in. Adding to the list of leaks is today's new information that we get regarding the Alder Lake-S processors. HXL on Twitter, who is a known leaker, has posted what appears to be an Intel roadmap for current and upcoming Workstation processors.

The roadmap has Alder Lake-S on it listed as an entry-level workstation or a high-end desktop (HEDT) part. It will pack up to 16 cores and will require a new W680 chipset, on the LGA 1700 socket. This new chipset will allegedly succeed the current W580 chipset built for Rocket Lake-S processors. For those wondering, the W series chipsets indicate Intel's HEDT motherboard parts.

Netac Technology will reportedly make DDR5 modules running at over 10,000MHz

We know the next-gen DDR5 memory will be fast. Just how fast it can get will depend on a multitude of factors. Currently, a lot of companies are working on this aspect and yesterday a report emerged from the outlet IT Home that says a Chinese memory firm called 'Netac Technology' is reportedly planning to build DDR5 DRAM modules capable of running at over 10,000MHz. While it isn't confirmed, what the actual news should mean is that Netac's new memory can do more than 10,000MT/s per second.

The company is allegedly using Micron's IFA45 Z9ZSB memory chips starting with 16GB (2Gx8) modules for now. The chips are built on Micron's 1z nm DRAM process node and running 40-40-40 sub-timings. Last year Micron stated that its DDR5 memory can do up to 6,400MT/s and 10,000 is certainly a number much higher than that.

Netac isn't the only company that's been in news recently in relation to making incredible and exciting upcoming DDR5 products. Samsung recently announced that it is building the world's first 512GB DDR5 module, although it wouldn't be as fast as Netac's solution and will top out at 7,200MT/s. The 512GB module is being designed to be used in high-performance enterprise environments like servers and such, but we expect Netac's 10,000MHz kits to be mainly gaming parts.

Avoid These Browsers

After browsing r/privacytoolsIO these are my conclusions.

If you really care about "privacy and freedom", you may want to avoid the following browsers and also ditch Windows/Mac.


❌ Brave

❌ Chromium - Valid points are made
here

❌ Google Chrome

❌ Microsoft Edge (Chromium)

  • ❌ Microsoft Edge (Legacy, unsupported)
  • ❌ Internet Explorer (unsupported)
❌ Opera

❌ Safari

❌ Vivaldi

Consider using these instead:

✅ Mozilla Firefox

✅ Tor Browser

Mozilla to start disabling FTP next week with removal set for Firefox 90

The handling of clicking on FTP links from within Firefox will soon be passed to other applications, as Mozilla will rip out Firefox's FTP implementation.

A year ago Mozilla announced its intention to shortly disable support for FTP, but it also said it would delay the move pending how the pandemic turned out.

By February, FTP was disabled in Firefox's nightly channel and it is currently also disabled in the Beta channel. For general release, FTP will be disabled in Firefox 88 released on April 19.

At this point, when Firefox encounters an FTP link, it will attempt to pass it off to an external application.

"Most places where an extension may pass 'ftp' such as filters for proxy or webRequest should not result in an error, but the APIs will no longer handle requests of those types," Mozilla add-ons community manager Caitlin Neiman wrote in a blog post.

"To help offset this removal, ftp has been added to the list of supported protocol_handlers for browser extensions. This means that extensions will be able to prompt users to launch a FTP application to handle certain links."

Two release cycles later in late June, Firefox 90 will have the FTP implementation removed altogether. This will also impact Firefox on Android.

Microsoft Edge Canary for Android matches desktop browser and features

Edge's new Canary version is now available from Google Play, and it is now mostly feature-parity with the desktop version.

What you need to know
  • Microsoft is working to unify the codebase across all platforms.
  • Edge Canary for Android is now live and ready to be downloaded.
  • This version of Edge for Android matches Edge Canary's latest release for Windows 10 desktop with many similar features.
Microsoft announced in early March that it was going to unify the code behind its Edge browser across mobile versions on iOS and Android. We're now getting our first taste of that with a brand-new Edge Canary build for Android that is ready to download (via Reddit).

This version of the Edge browser – 91.0.858.0 – also matches the Windows 10 desktop version of Edge Canary, just as Microsoft promised.

DataDefender

After 77 days of development, DD is pretty much ready. It is a standard backup app with a few unique features. Eventually we will add support for cloud backup, cloning, SQL backup, etc, but we are off to a great start.

In addition to the backup component, there is also what I believe to be a unique method for detecting ransomware. In a few days we will release a DD beta and I will explain how the anti-ransom mechanism works. If there is a similar ransomware detection mechanism on the market, please let me know (this is important).

The one thing I can tell you at this point is that it is nothing like Controlled Folder Access, or any of the anti-ransom mechanisms that grant or deny specific individual applications access to user data files. Tech like this is pretty cool, but it is extremely difficult to use and I would think would be quite easy to bypass (just a guess).

When it comes to ransomware, I believe detecting encryption relatively quickly and reliably is key. In other words, back ups are great, but if you have to restore half or all of your data, it can easily turn into a real mess.

Google releases Chrome 90 with HTTPS by default and security fixes

Google has just released Chrome version 90, bringing a privacy update that automatically adds HTTPS to a URL when it is available.

Chrome engineers flagged the HTTPS feature in February and Google has been testing it in Chrome 90 previews in the Canary and Beta channels. Additionally, Chrome 90 blocks downloads from HTTP sources if the page URL is HTTPS.
Google explained in a blogpost last month that the HTTPS default should help when users type "example.com" instead of "Example Domain". Chrome previously used http:// as the default protocol, but now defaults to https://.


Source

Parallels Desktop 16.5 for Mac - Adds Linux and Windows 10 on ARM support for M1

Homepage: Home
Product: What’s New in the Current Version? | Parallels Desktop 16 for Mac

Parallels Blog

We’re very excited to announce the highly anticipated Parallels® Desktop 16.5 for Mac with full, native support for Mac computers with either Apple M1 or Intel chips. Users will now be able to run Windows 10 on ARM Insider Preview and its applications as well as the most popular ARM-based Linux distributions on Apple M1 Mac computers.

With Parallels Desktop 16.5 for Mac, users can not only run Windows 10 on ARM Insider Preview in a virtual machine on M1 Mac computers but also Linux distributives Ubuntu 20.04, Kali Linux 2021.1, Debian 10.7 and Fedora Workstation 33-1.2.

False Alarm Test March 2021

Introduction

This report is an appendix to the Malware Protection Test March 2021 listing details about the discovered False Alarms.

In AV testing, it is important to measure not only detection capabilities but also reliability. One aspect of reliability is the ability to recognize clean files as such, and not to produce false alarms (false positives). No product is immune from false positives (FPs), but some produce more than others. False Positives Tests measure which programs do best in this respect, i.e. distinguish clean files from malicious files, despite their context. There is no complete collection of all legitimate files that exist, and so no “ultimate” test of FPs can be done. What can be done, and is reasonable, is to create and use a set of clean files which is independently collected. If, when using such a set, one product has e.g. 15 FPs and another only 2, it is likely that the first product is more prone to FPs than the other. It doesn’t mean the product with 2 FPs doesn’t have more than 2 FPs globally, but it is the relative number that is important.

Mailbox.org announce new prices and plans

Homepage: Secure e-mail for private and business customers | mailbox.org
Plans/Pricing: Secure e-mail for private and business customers | mailbox.org
Seven years after we started out with mailbox.org, we are now introducing a new set of price plans. By doing so, we are creating a simpler and more flexible pricing system that is easier to manage, and that also reflects many ideas and feedback received from our active user base.
  • As of today, the new price plans STANDARD, PREMIUM and LIGHT are available to all private and business customers.
  • Existing customers can choose to either remain on their old plan, or switch over to a new plan.
Previously, we offered the packages "Secure Mail“, "Team Mail“ and "Office“. These came with different allowances for storage space, which were not very flexible.

Our new price plans STANDARD, PREMIUM, and LIGHT have been specifically designed with the different feature and support needs of our users in mind. Additional storage capacity for mails and files on the Drive can now be added more flexibly than before.

Full details below:
1618509708562.png

SimpleDiscordCrypto - E2E client encryption for Discord users

Homepage: An00nymushun/End-to-end-Discord-Encryption

For Chrome: SimpleDiscordCrypt
For Firefox: SimpleDiscordCrypt – Get this Extension for 🦊 Firefox (en-US) **Incompatibility**
Tampermonkey script: https://gitlab.com/An0/SimpleDiscordCrypt/raw/master/SimpleDiscordCrypt.user.js

Discord message encryption plugin, it gives end-to-end client side encryption for your messages and files with automatic key exchange, works without BetterDiscord

For Chrome (and similar) use the extension
If you have Discord installed, use the installer (Alt+click to download, right click on the downloaded file and Run with PowerShell)
For mobile you should try Yandex Browser, it's Chromium based and supports extensions
Firefox is kind of supported but there is incompatibility because of 1048931 - Add PKCS8 import/export for ECDH keys to WebCrypto API
If nothing works, install it as a userscript (with Tampermonkey) or include the js file somehow else

Please do not download this plugin from untrusted sources, for example there is one in chrome store with the same name

NHS COVID-19 app update blocked by Apple and Google

Apple and Google have blocked a new update to the NHS COVID-19 app on iOS and Android because it breaks rules about collecting location data.
The new update to the contact-tracing app, which garnered much publicity last year due to its development back-and-forths, delayed launch, and ‘software glitches’, would have asked users to upload venue check-ins, thereby sharing location data.

The update was set to be released to coincide with the reopening of outdoor hospitality venues in England, with pub gardens and terraces being allowed to welcome back guests on 12 April. If a person tested positive for COVID-19 after visiting a venue, other people who had also visited the place could be alerted of the possibility that they too might have contracted the virus.

However, the function never made it to users’ phones, as the BBC reports that the update had been blocked due to a breach of Apple and Google’s joint Exposure Notifications rules, which bans apps from sharing “location data from the user's device with the public health authority, Apple, or Google”.

The NHS COVID-19 app must comply with the regulations due to it being based on the decentralised API model developed by Apple and Google, which stores the information collected through the app on users’ devices and only shares only a limited amount of data with epidemiologists monitoring the pandemic.

KB5001330 Windows Update is reportedly causing performance drop in games, failed installs and bootloops

Microsoft released the KB5001330 Windows Update this Tuesday, which brought many security fixes. Unfortunately it also seems to have introduced some issues, at least on some devices.
A handful of users on reddit have reported that the latest update causes performance drops in games. The troubles first surfaced in KB5000842, and has since reemerged in the latest patch. Well, you may say that Microsoft hasn't fixed it yet.

The primary issue appears to be frame drops in games, and this appears to be related to the VSync setting. Other issues reported by users include lag spikes, i.e., a sudden massive slowdown or stutter that happens for a few seconds.

I'm familiar with the problem that the users are reporting, as I experienced a similar issue on this computer last year (especially in Rise of the Tomb Raider and Assassin's Creed Origins). The lags were caused by the Nvidia 451.67 game ready driver, and this was delivered through Windows Update. I had to revert to an older video driver to fix the annoyances, so you could try a similar solution if you have such lags.

I wanted to check if I experience similar issues with the latest patch, so I tested the KB5001330 update with my GTX 1650, and had no such troubles. Based on the comments from users, it is possible that the issue only affects newer GPUs like the NVidia 2000, 3000 and AMD R5 series. The thread also suggests an easy fix for the issue, you just have to uninstall the update. You can do so from the Settings > Update & Security > View Update History page.

So, if you're a gamer and are experiencing poor performance, low frame rates in games that used to run flawlessly until a few days ago, it is likely that the KB5001330 Windows Update could be the culprit. Once you have gotten rid of it, your games should work as normal.

Digging deeper, I noticed that this wasn't the only issue reported by users. Members at the Microsoft Community forums have stated that they have encountered issues with the KB5001330 Windows Update failing to install. The error code for this is 0x800f0984. Some groups say they got a different error, with the code 0x800f081f. This specific issue is related to Windows Update being unable to fetch the patch from Microsoft's servers.

If Windows Update says that it cannot download the patches, the solution that has been recommended by a Microsoft moderator is to reset WSUS (Windows Update Service and Agent). Some users say they encountered a problem that is more serious, as they were greeted by bootloops with the stop code 0xc000021a after installing the update. A couple of others seem to have experienced screen flickering that happens when resizing Chrome or Edge windows.

Reference links: 1, 2

HTTPS Everywhere Now Uses DuckDuckGo’s Smarter Encryption

Over the last few months the HTTPS Everywhere project has been deciding what to do with the new landscape of HTTPS in major browsers. Encrypted web traffic has increased in the last few years and major browsers have made strides in seeing that HTTPS becomes the default. This project has shepherded a decade of encrypted web traffic and we look onward to setting our efforts protecting people when new developments occur in the future. That said we’d like to announce that we have partnered with the DuckDuckGo team to utilize their Smarter Encryption rulesets into the HTTPS Everywhere web extension.
This is happening for several reasons:
  • Firefox has an HTTPS-Only Mode now.
  • Chrome doesn’t have HTTPS by default, but is slowly moving towards that goal with now directing to HTTPS in the navigation bar first before going to HTTP.
  • DuckDuckGo’s Smarter Encryption covers more domains than our current model.
  • Browsers and websites are moving away from issues that created a need for more granular ruleset maintenance.
    • Mixed content is now blocked in major browsers
    • Different domains for secure connection are now an older habit (i.e. secure.google.com), further removing the need for granular maintenance on HTTPS Everywhere rulesets
    • Chrome’s Manifest V3 declarativeNetRequest API will force the web extensions to have a ruleset cap. Instead of competing with other extensions like DuckDuckGo, if the user prefers to use HTTPS Everywhere or DuckDuckGo's Privacy Essentials, they will receive virtually the same coverage. We don’t want to create confusion for users on “who to choose” when it comes to getting the best coverage.
    • As HTTPS Everywhere goes into “maintenance mode”, users will have the opportunity to move to DuckDuckGo’s Privacy Essentials or use a browser that has HTTPS by default.
More info on DuckDuckGo’s Smarter Encryption here: Your Connection is Secure with DuckDuckGo Smarter Encryption
Phases for HTTPS Everywhere’s Rulesets
  • DuckDuckGo Update Channel with Smarter Encryption Rulesets [April 15, 2021].
  • Still accept HTTPS Everywhere Ruleset changes in Github Repo until the end of May, 2021.
  • Still host HTTPS Everywhere Rulesets until various partners and downstream channels that use our current rulesets, make needed changes and decisions.
  • Sunset HTTPS Everywhere Rulesets [Late 2021]
Afterwards, this will start the HTTPS Everywhere web extension EoL (End of Life) stage, which will be determined later after completing the sunset of HTTPS Everywhere Rulesets. By adding the DuckDuckGo Smarter Encryption Update Channel we can give everyone time to adjust and plan.

Thank you for contributing and using this project through the years. We hope you can celebrate with us the monumental effort HTTPS Everywhere has accomplished.

Real-World Protection Test Feb-Mar 2021 – Factsheet

Introduction

Our Real-World Protection Test is currently one of the most comprehensive and complex tests available, using a relatively large number of test cases. Currently, we are running this test under updated Microsoft Windows 10 Pro 64 Bit with up-to-date third-party software (such as Adobe Flash, Adobe Acrobat Reader, Java, etc.). Due to this, finding in-the-field working exploits and running malware is much more challenging than e.g. under a non-up-to-date system with unpatched/vulnerable third-party applications.

This fact sheet is a short overview of the Real-World Protection Test results of February and March 2021. The detailed overall result consumer product reports (covering four months each) are released in June and December. Each of the overall result reports will also contain a false-alarm test and will contain the awards the products reached based on their overall scores during the respective four-month period.

Malware Protection Test March 2021

Introduction

In the Malware Protection Test, malicious files are executed on the system. While in the Real-World Protection Test the vector is the web, in the Malware Protection Test the vectors can be e.g. network drives, USB or cover scenarios where the malware is already on the disk.

Please note that we do not recommend purchasing a product purely on the basis of one individual test or even one type of test. Rather, we would suggest that readers consult also our other recent test reports, and consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows a program to be tested in everyday use before purchase.

In principle, home-user Internet security suites are included in this test. However, some vendors asked us to include their (free) antivirus security product instead.

We fixed the problem with slow connection to Google domains in AdGuard DNS

Over the last one or two weeks we've been receiving a large amount of complaints about the AdGuard DNS's speed. And we couldn't have figured out the culprit — we measure speed in multiple locations all over the world, and according to our measurements it was fine in all of them.

But we finally found the root of the problem. Turns out, it wasn't about AdGuard DNS per se. It was doing its job just like it was designed to. But when it comes to IP addresses that it was returning, it's not all that good. For some domains (mainly Google-owned ones) AdGuard DNS was returning IP addresses belonging to Google China. As expected, these addresses would work rather slowly for most users.

What happened? How did it happen? We will give answers to this questions in a minute, but first we apologize for taking much more time to solve this problem than it could have taken.
So what was the problem?

There are four authoritative nameservers that are responsible for all of Google domains. They are configured in such way so that any client gets the IP address of the closest Google server. AdGuard DNS has almost 50 servers over the worild (and soon will have more), so why Google was returning Chinese servers' addresses to some of them?

You see, AdGuard DNS servers have several IP addresses — IPv6 as well as IPv4. And it seems Google failed to detect the IP address location properly when IPv6 was in use. They were serving records for China instead of the records for AdGuard DNS servers location.

So in the end, this turned out to be not much of a mystery. Be careful if you're using your own recursive DNS server — with IPv6 you can't make predictions.

To avoid this in the future we configured all our DNS servers to prefer IPv4. So you will not encounter slow connection speed when visiting Google domains anymore.
Read the full story with a detailed explanation on AdGuard's blog:

NEW Avast Version 21.3 (April 2021)

Hi all

NEW Avast Version 21.3 (April 2021)


Hi, all. Please welcome the newest version of Avast AV: 21.3 (21.3.2459)

Major public announcements
  • Better scan performance — We’ve made a lot of small performance improvements to various security components (running on background)
  • Improved Rescue Disk — We’ve added a portable web browser to our Rescue Disk so you can search the web even when Windows isn’t working
  • Fewer distractions — We no longer show pop-up messages when your antivirus is open
  • Passive Mode fix — We’ve fixed a bug that would sometimes disable Passive Mode soon after it was turned on

Bug-fix and improvement highlights for hardcore fans:
  • Because of an expiring MS certificate for signing drivers, we had to block updates and installations of users with outdated/unpatched versions of Win7 (up to KB3033929). Unless they update their OS, they will stay on 21.2 version.
  • Implemented Countdown (auto-close) of Cyber Capture dialogs
  • Additional Rescue Disk improvements (postponing toolkit installation until MSI installation finishes, adding retries to downloading RCD files, etc.)
  • Fixed cases when both our Firewall and Windows firewall were running simultaneously
  • Fixed issue where the restart dialog didn’t appear in Silent Mode
  • Fixed issues where our uninstall survey was not displayed
  • Fixed issue when the UI didn’t show the correct state of IDP (Behavioral Shield) features
  • Some of those scan optimizations mentioned in our public release notes include: Startup, registry callbacks, behavioral events, on-exec DLLs scanning, identified opportunities to skip some scans, etc.)
As usual a big thanks goes to the team for yet another successful release!

How to install:

1. Update from your existing Avast version via Settings -> Update -> Update program

2. Or you can download and install files:

Online installers (recommended):
Offline installers:

With best Regards
Mops21

Mouth-watering user concept of Windows 10 File Explorer has Reddit salivating

File Explorer in Windows 10 is an essential program that is widely utilized by users of the operating system. While Microsoft updates it from time to time, the changes are usually minor, and related to icon redesigns. This is probably why user concepts of File Explorer surface frequently, re-imagining what the program could look like, should Microsoft decide to fully redesign it at some point.

Today, we are taking a look at a new and sleek user concept for File Explorer created by Reddit user u/Alur2020 that has hundreds of users salivating on the Reddit thread. Have a look below.

The rest of the article and some gallery

Is Netflix back to 720p default on Edge web browsers?

100,000 Google Sites Used to Install SolarMarker RAT

Hackers are using search-engine optimization (SEO) tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan (RAT), used to gain a foothold on a network and later infect systems with ransomware, credential-stealers, banking trojans and other malware.

eSentire’s Threat Response Unit (TRU) discovered legions of unique, malicious web pages that contain popular business terms/particular keywords, including business-form related keywords like template, invoice, receipt, questionnaire and resume, researchers observed, in a report published Wednesday.

Attackers use Google search redirection and drive-by-download tactics to direct unsuspecting victims to the RAT—tracked by eSentire as SolarMarker (a.k.a. Jupyter, Yellow Cockatoo and Polazert). Typically a person who visits the infected site simply executes a binary disguised as a PDF by clicking on a purported “form” — thus infecting his or her machine.

“This is an increasingly common trend with malware delivery, which speaks to the improved security of applications such as browsers that handle vulnerable code,” researchers wrote. “Unfortunately, it reveals a glaring blind spot in controls, which allows users to execute untrusted binaries or script files at will.”

Firefox Stable gets option to show modified preferences on about:config only

Mozilla added an option to the about:config page of Firefox Stable that allows users to list only modified preferences. The organization launched the option in Firefox Nightly in February 2021 initially.

Firefox's about:config page can best be described as a treasure trove for users who want to modified browser preferences that are, for the most part, not displayed in the user interface options.

The configuration enables Firefox users to customize the browser heavily, for instance by enabling new features early or disabling unwanted features. The use of configuration files improves this further.

Modified preferences are displayed in bold on the about:config page, but there was no option until now to display only those using an option provided by Mozilla. While it is possible to use an hack using the Web Console of the Developer Tools to display only modified preferences, it is far from ideal and only a niche option.

Mozilla did launch a redesigned about:config page in Firefox 71, but it lacked some of the features of the previous version, including the ability to use deep links to preferences or sorting options.

When you open the about:config page in Firefox Stable right now, you will see an option to display only modified preferences. We tested this in Firefox 87 Stable, the latest version at the time of writing, and the option is there.
Just check the option in the upper right corner of the browser window to run a filter on all preferences. Firefox displays only those preferences that are modified in the interface.

Not all of these are user modified; in fact, the majority of returned preferences may have been modified by Firefox itself, and not by the user.

Still, for users who use about:config, it is a useful option as it enables them to go through the modified preferences quickly.

Proton Calendar is now available to all ProtonMail users - Beta release

Blog: Everyone can stay on top of their schedule with Proton Calendar beta

Play Store: Proton Calendar - Private and secure calendar - Apps on Google Play
Proton Calendar, our privacy-focused calendar app, is now available in beta on Android and web for everyone who has a ProtonMail account. Protected by the same end-to-end encryption used in ProtonMail, this simple, easy-to-use, and intuitive calendar will help you stay on top of your schedule while securing your data.

If you already have ProtonMail, you can try Proton Calendar beta on the web and Android devices (with the beta app for iOS coming soon).

You can access Proton Calendar beta on the web by going to calendar.protonmail.com and logging in with your ProtonMail credentials.

Hackers Use Software Cracks and BitTorrent Client to Steal Cryptocurrency

Researchers from cybersecurity company Bitdefender are warning that hackers are using malicious software cracks to steal valuable data including cryptocurrency wallets. While compromised cracks are not new, this malware reportedly uses BitTorrent clients to transfer data and involves human operators.

It’s no secret that scammers are constantly trying to trick people into downloading malicious content from pirate sites. These files are generally easy to spot for seasoned pirates and they are often swiftly removed from well-moderated sites. However, for casual downloaders, malware can be a serious problem. Novices are often directed to dubious portals where these threats are harder to avoid. That can lead to disastrous consequences. This isn’t limited to annoying popups either, it can result in financial trouble as well.
Bitdefender reports that hackers are actively using software cracks to empty people’s cryptocurrency wallets. The company discovered a series of malicious KMS activators for Office and Windows, as well as Adobe Photoshop cracks. These can completely compromise the victim’s computer. If these malicious cracks are executed, they drop a copy of the legitimate data transfer software “ncat.exe” that can be controlled by the hackers. This tool is used to transfer valuable data from the victim’s computer through a TOR proxy. Interestingly, Bitdefender reports that the attackers also use BitTorrent clients to exfiltrate data. Bitdefender’s director of threat research, Bogdan Botezatu, informs us that they discovered instances of the Transmission client that shared stolen data via torrents.
these types of malware-ridden cracks mostly affect people who download files from sites that have little or no moderation. This is confirmed by Bitdefender as well. “These cracks are usually hosted on direct-download websites rather than on torrent portals, as the latter have a community that downvotes and flags malicious uploads,” Botezatu says. At the moment the malware-loaded cracks are most popular in North America and India. More technical details about the files and processes involved can be found in Bitdefender’s full writeup.

What car do you drive and what's your dream car?

As the title suggests what's your daily driver and what's your favorite or dream car. Pictures would be nice!
As for me, I have two cars. First is a Chevy trailblazer and the other one is a Seat Ibiza. My dream car is the LaFerrari. Here are some pictures that I took from the internet.

k.jpg
seat.jpg
external-content.duckduckgo.com.jpg

Facebook Container by Mozilla Firefox

Prevent Facebook from tracking you around the web. The Facebook Container extension for Firefox helps you take control and isolate your web activity from Facebook.

Deepware, anyone heard of this?


From the makers of Zemana. Looks pretty interesting! Deep Fake video detection AI.

Quake 2 rtx - flickering

Hello. I had a problem.

PC:

Monitor:AORUS FI27Q

Cpu: 10850K with Nzxt Kraken X73 ( 60c in game )

Gpu: Rtx 3090 Gaming Oc ( 60C in game )

Ram: 32gb 2x16 GB DDR4 GSKILL 3200MHZ XMP

Psu: Seasonic Ultra Prime Titanium 850W TX

mb: Aorus 490 Pro GamingSSD: Crucial 1TB Nvm SSD

Case: Cooler Master Cosmos C700P

Hi. Today i played Quake 2 rtx and get flickering on the same scene.
It was on 3 level.
Screen from that place:
jm.jpg

video


24:06 here

Walls start flicker to black colours + glitchy black object. I tried to reproduce this but now its ok. It was card issue or game?

Card is on stock

Forget Apple, I should be able to look at NSFW Discord servers wherever I want

Apple blocking NSFW Discord servers made me grateful for the openness of Windows 10.
Yesterday, Discord announced a move that will block all not safe for work (NSFW) servers on iOS devices (via iMore). The move was made to allow Discord's app to work with Apple's strict policies for NSFW content on iOS devices. Tumblr removed some adult content from its platform in a similar move that helped it return to the App Store after a brief time away. It seems that Discord is taking a page from the same playbook.

Discord's move isn't quite as dramatic. NSFW servers will still be on Discord, but you won't be able to access them on iOS devices (unless you're a server owner or moderator). You'll still be able to view NSFW content on desktop apps, the web (including the web on iOS devices), and presumably Android devices.

Discord's move to fit within Apple's guidelines gave me a new appreciation for the openness of Windows 10.

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

A zero-day vulnerability is when detailed information about a vulnerability or an exploit is released before the affected software developers can fix it. These vulnerabilities pose a significant risk to users as they allow threat actors to begin using them before a fix is released.

Today, a security researcher known as frust dropped a PoC exploit on Twitter for a zero-day bug Chromium-based browser that causes the Windows Notepad application to open.
another chrome 0dayavboy1337/1195777-chrome0day
Just here to drop a chrome 0day. Yes you read that right.
— frust (@frust93717815) April 14, 2021https://twitter.com/frust93717815/status/1382301769577861123?ref_src=twsrc^tfw
This new zero-day vulnerability comes a day after Google released Chrome 89.0.4389.128 to fix a different Chromium zero-day vulnerability publicly released on Monday.

Like Monday's zero-day vulnerability, frust's remote code execution vulnerability is not capable of escaping Chromium's sandbox security feature. Chromium's sandbox is a security feature that prevents exploits from executing code or accessing files on host computers.

Unless a threat actor chains the new zero-day with an unpatched sandbox escape vulnerability, the new zero-day in its current state cannot harm users unless they disable the sandbox.
Google was scheduled to release Chrome 90 for Desktop yesterday, April 13th, but instead released the new version of Chrome to fix the zero-day released on Monday.

It is not known if this additional zero-day with further prevent Chrome 90 from being released as Google plays catchup with security researchers.
  • Published
    Apr 8, 2019
  • Page views
    1,872
Top