VPN by Google One

Source https://blog.google/products/google-one/new-vpn-by-google-one To give you peace of mind that your data is safe, we’re announcing the new VPN by Google One on our 2 TB and higher plans to provide an extra layer of online protection for...

Netflix will cost you $18 per month

While most folks are looking to cut costs here at the end of 2020, subscribers can look forward to paying more.

Free Antivirus of the Year 2020 - Nominate

Hello and we are back for 2020 :)

2015 Winner - Qihoo Total Security
2017 Winner - Avast Free Antivirus
2018 Winner - Kaspersky Security Cloud
2020 Winner - ???

Last time Kaspersky won the nominations & the final round. This time are we expecting anything different? Let's wait and watch :)

To make these nominations/results more constructive for the end-user, I will start a Pro & Con section for each antivirus in their respective sections. Please state what you found best in each antivirus to help other users.


NOMINATION PHASE: 31st Oct- 7th Nov

FINAL POLL: 5 Products (most nominated)
POLL PHASE: 8th Nov - 14th Nov


CURRENT NOMINATION STANDINGS (votes) - Till @Gandalf_The_Grey there may be more votes
Note: If I can't edit this post anymore, please check for my following posts for latest standings

1. Microsoft Defender (1)

Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers

University Email Hijacking Attacks Push Phishing, Malware

Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing malware.

Dave Bagget, CEO and co-founder of INKY, told Threatpost that there is no indication of how the accounts were compromised — but he speculated that the victims fell for a credential-harvesting scheme. Bagget also said that this month researchers continued to see phishing emails from real university accounts, so some accounts appear to still be compromised.

“A student may never change an originally assigned password, or may share it with a friend or friends,” according to Inky researchers on Thursday. “A professor may give a student the password to an account for a particular project and never change it when the project is done. Hackers tapping around find these carelessly handled accounts, take them over, and change the passwords themselves, locking out the original owner.”
Read more below:

Users of this popular VPN service could be subpoenaed for watching one movie

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies.

In all, NVIDIA issued nine patches, each fixing flaws in firmware used by DGX high-performance computing (HPC) systems, which are used for processor-intensive artificial intelligence (AI) tasks, machine learning and data modeling. All of the flaws are tied to its own firmware that runs on its DGX AMI baseboard management controller (BMC), the brains behind a remote monitoring service servers.

“Attacks can be remote (in case of internet connectivity), or if bad guys can root one of the boxes and get access to the BMC they can use the out of band management network to PWN the entire datacenter,” wrote researcher Sergey Gordeychik who is credited for finding the bugs. “If you have access to OOB, it is game is over for the target.”

Given the high-stake computing jobs typically running on the HPC systems, the researcher noted an adversary exploiting the flaw could “poison data and force models to make incorrect predictions or infect an AI model.”

How do i get rid of gestty.com pop ups

VPN by Google One

To give you peace of mind that your data is safe, we’re announcing the new VPN by Google One on our 2 TB and higher plans to provide an extra layer of online protection for your Android phone.

We already build advanced security into all our products, and the VPN extends that security to encrypt all of your phone’s online traffic, no matter what app or browser you’re using. The VPN is built into the Google One app, so with just one tap, you can rest assured knowing your connection is safe from hackers.
Learn more

Whitepaper [PDF]
Some minimum logging is performed to ensure quality of service, but your network traffic is never logged and your IP is not associated to your activity.

Spy Agency Ducks Questions about 'Back Doors' in Tech Products

The U.S. National Security Agency is rebuffing efforts by a leading Congressional critic to determine whether it is continuing to place so-called back doors into commercial technology products, in a controversial practice that critics say damages both U.S. industry and national security.

The NSA has long sought agreements with technology companies under which they would build special access for the spy agency into their products, according to disclosures by former NSA contractor Edward Snowden and reporting by Reuters and others. These so-called back doors enable the NSA and other agencies to scan large amounts of traffic without a warrant. Agency advocates say the practice has eased collection of vital intelligence in other countries, including interception of terrorist communications. The agency developed new rules for such practices after the Snowden leaks in order to reduce the chances of exposure and compromise, three former intelligence officials told Reuters. But aides to Senator Ron Wyden, a leading Democrat on the Senate Intelligence Committee, say the NSA has stonewalled on providing even the gist of the new guidelines.

“Secret encryption back doors are a threat to national security and the safety of our families – it’s only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security,” Wyden told Reuters. “The government shouldn’t have any role in planting secret back doors in encryption technology used by Americans.”
In at least one instance, a foreign adversary was able to take advantage of a back door invented by U.S. intelligence, according to Juniper Networks Inc, which said in 2015 its equipment had been compromised.

Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone

More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers

The results of 13 million medical examinations relating to around 3.5 million U.S. patients are unprotected and available to anyone on the internet, SecurityWeek has learned. This is despite the third week of this year's National Cybersecurity Awareness Month (week beginning 19 October 2020) majoring on 'Securing Internet-Connected Devices in Healthcare'. The details were disclosed to SecurityWeek by Dirk Schrader, global vice president at New Net Technologies (NNT -- a security and compliance software firm headquartered in Naples, Florida). He demonstrated that the records can be accessed via an app that can be downloaded from the internet by anyone. The records found are in files that are still actively updated, and provide three separate threats: personal identity theft (including the more valuable medical identity theft), personal extortion, and healthcare company breaches.

Schrader examined a range of radiology systems that include an image archive system -- PACS, or picture archiving and communication system. These contain not only imagery but metadata about individual patients. The metadata includes the name, data of birth, date and reason for the medical examination, and more.

A cyber attack on electricity generating stations in Israel

Netflix to increase prices yet again (2020)

Netflix is following up on last year's price hike with yet another.
  • Premium 4K (4-screen) @ $18 per month
  • Standard HD (2-screen) @ $14 per month
  • Basic SD (1-screen) @ $9 per month
This price change is not global, according to The Verge, and is only rolling out in the US, though some parts of Canada also saw a rate hike recently.

Brooklyn & Vermont hospitals are latest Ryuk ransomware victims

Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network are the latest victims of the Ryuk ransomware attack spree covering the healthcare industry across the U.S.

Yesterday, the U.S. government hosted an emergency call with stakeholders in the healthcare industry to alert them to an "increased and imminent cybercrime threat to U.S. hospitals and healthcare providers."

Any opinions on Driver Fix?

DoNot’s Firestarter abuses Google Firebase Cloud Messaging

The DoNot APT group is making strides to experiment with new methods of delivery for their payloads. They are using a legitimate service within Google's infrastructure which makes it harder for detection across a users network.

How did it work? Users are lured to install a malicious app on their mobile device. This malicious app then contains additional malicious code which attempts to download a payload based on information obtained from the compromised device. This ensures only very specific devices are delivered the malicious payload.

So what? Innovation across APT Groups is not unheard of and this shouldn't come as a huge surprise that a group continues to modify their operations to ensure they are as stealth as can be. This should be another warning sign to folks in geo-politically "hot" regions that it is entirely possible that you can become a victim of a highly motivated group.

Microsoft Teams now lets users turn off message previews

From a new text message or reaction to your posts, the Microsoft Teams toast notifications never stop on Windows 10. Today, Microsoft is rolling out a new feature that could be extremely useful if you don’t want to be bothered by a barrage of message previews that interrupt whatever you’re doing.

Microsoft Teams has always allowed users to control which notifications you receive, but it doesn’t allow you to change the appearance of the notifications and how you receive them.

After today’s update, you can now use Microsoft Teams’ new notifications setting to turn off message previews completely. The ability to turn off message previews in toast notification is rolling out to Microsoft Teams app for Windows 10.

If you’ve already updated your Teams client, you can follow these steps to turn off the message previews:
  • Click on your profile icon.
  • Select Settings.
  • Click on ‘Notifications’.
  • Under ‘Appearance and sound’, turn off ‘Show message preview’
  • Close the window.
It’s worth noting that the ability to turn off the previews has been one of the most requested features and it is also supposed to address the privacy concerns of the users.

When you turn message previews, you’re also disabling the pop-ups that appear when you’re sharing your screen during Teams meetings. With this new feature, you can now hide all previews.

According to the UserVoice community forum, Microsoft has been working on this feature for about two years now and it’s finally rolling it out to those using the desktop version of Teams.

Next month, Microsoft says it will also enable support for native notifications in Teams for Windows 10 and macOS. This will allow you to manage your notifications for almost everything using Windows 10 or macOS built-in settings. Or you can also use it to pause notifications completely so that you can buckle down and focus.
Read the full story (with pictures) here at Windows Latest:

Alexa for Windows 10 - Drop In support and improvements

Download - Microsoft Store: https://www.microsoft.com/en-us/p/alexa/9n12z3cctcnz

A recent update for Alexa on Windows 10 brings a fresh new look and support for more features, including Drop in for video calling. The update also improves the hands-free experience for the app.

Drop In allows you to quickly get in touch with people through video calls. With support for Drop In now available through the Windows 10 app, any PC with the app can work as an Alexa, enabled device for the feature.
  • Like
Reactions: harlan4096

Free Antivirus is Good Enough (5 reasons why)

This article comes from Windows Central.​

Source: Free antivirus software is good enough for most people, here's why

To summarise:
  1. Preinstalled on Windows 10 devices.
  2. Experts and reviewers recommend them.
  3. Minimal slowdowns
  4. Feature-rich
  5. Designed to be easy to operate. (Aka You don't need to read the 100 page manual)

However there is paragraph from the article which may require further clarification. While Defender ATP is not available for consumers, is Defender Antivirus still considered a next-gen component of ATP, or is ATP the next-gen component for Defender Antivirus?
Microsoft Defender Antivirus is described as the "next generation protection component" of the company's Defender Advanced Threat Protection (ATP). Without paying a penny, you have access to protection that brings together machine learning, big-data analysis and in-depth threat resistance research. It also detects and blocks apps that are deemed unsafe, even though it may not be detected as malware.

The antivirus software updates as part of the Microsoft updates we've all come to know and love, so there's no need to worry about keeping it up to date with virus definitions. Why would you pay for anything else?

New Windows 10 Manual Driver Updates process starts on November 5, 2020

Microsoft has changed driver distribution and installation processes on the company's Windows 10 operating system in recent time. The company moved the functionality to search for optional drivers from the Device Manager to the optional updates section of the Settings application, saying that it would improve the visibility of these updates to the user.

In August 2020, Microsoft revealed that "view optional updates" would be displayed on the main Windows Update page of the Settings application if optional updates, including drivers, are available.

These drivers can be installed manually by an administrator, but Microsoft suggests to only do so if specific problems or issues are noticed when using installed drivers.

Another change becomes available from November 5, 2020 onward for devices running Windows 10 version 2004. It changes the automatic driver installation process on Windows 10 version 2004 and newer machines.

The process does not change for devices that are connected to the Windows PC for the first time. Windows will check for available drivers and install these automatic driver updates on the device to ensure that devices function properly once connected.

The process changes for devices known to the PC already. While it is still possible to install drivers via Windows Update, these won't be installed automatically anymore on the device if available. Administrators need to seek out the optional updates section of Windows Updates to install these manually, e.g. when the installed driver has issues and no manufacturer driver is available or working properly either.

Microsoft decided to change the process of known device driver installations to give users more control over the entire process.

Basically, what it means is that less drivers will be installed automatically on Windows 10 version 2004 or newer devices.

The optional updates section is also the location that new feature updates are listed. While these are also listed on the startpage of Windows Update, along with options to download and install the feature update right away or to check out what is new, it is also possible to install the feature update from the optional updates page.
Read the full article here at Ghacks:

Kaspersky Total Security 5 Devices

Kaspersky Total Security 5 Devices 2020 - Download
Promo code : EMCGDFR37
Expires 10/30/20

Energized Protection

Energized Protection
ϟ hosts based: based on Hosts file, all the bad stuffs blocked with
ϟ any device: compatible with all devices, regardless of OS.
ϟ blockings: strictly blocks advertisements, malwares, spams, statistics & trackers on both web browsing and applications.
multiple formats: different variants for different devices.
ϟ Speed you need: reduce page loading time upto half of its actual time!
ϟ privacy: with all these annoyances blocking, it also increases privacy.
ϟ saves expense: greatly decreases data consumption saving expense.
ϟ clean: no extra abracadabra!

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass

Scammers have hatched a new way to attempt to bypass two-factor authentication (2FA) protections on Facebook.

Cybercriminals are sending bogus copyright-violation notices with the threat of taking pages down unless the user attempts to appeal. The first step in the “appeal?” The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA.

2FA is an added layer of protection on top of a username and password that usually involves sending a unique code to a mobile device, which must be entered to access a platform. But crooks are increasingly finding ways around it.

Ducklin explained in a recent post about his findings that Sophos regularly receives social media copyright infringement scam emails, but this one distinguished itself by launching a plausible attack using fraudulent pages generated on Facebook, giving their phishing emails an added air of legitimacy.

“None of these tactics are new — this scam was just an interesting and informative combination,” Ducklin wrote to Threatpost in an email about his findings. “Firstly, the email is short and simple; secondly, the link in the email goes to a legitimate site, namely Facebook; thirdly, the workflow on the scam site is surprisingly believable.”

The fake Facebook emails offer clues that they’re not legit, but Ducklin points out it’s convincing enough to goad social-media administrators into wanting to gather more information on the supposed copyright violation complaints, which means clicking on the phishing link in the email. [...]
Read more below:

More Hospitals Hit by Growing Wave of Ransomware Attacks

Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 pandemic. The troubling trend prompted federal law enforcement and health officials, on Wednesday, to sound the alarm and issue a dire warning of more attacks to come.

On Tuesday, Klamath Falls, Ore.-based Sky Lakes Medical Center’s computer systems were compromised by a ransomware attack. On the same day, New York-based St. Lawrence Health System said computers at three of its hospitals (in Canton-Potsdam, Massena and Gouverneur) were attacked by the ransomware variant Ryuk. [...]

Late Wednesday, a joint statement by the U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the U.S. Department of Health and Human Services the organizations warned of “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

Sky Lakes Medical Center said that its computer systems were “down” and and that scheduled procedures that require imaging services will need to be delayed. “Emergency and urgent care remain available,” it said in a statement.

The St. Lawrence Health System meanwhile said that within hours of the initial attack, its information systems department “disconnected all systems and shut down the affected network to prevent further propagation,” according to a statement.

Is this email real or fake?

I received the following email from and I can't tell if its real or fake because official emails from yahoo have the logo in the inbox view and the yahoo is all in upper-case?

Dear Account User,

Access to your Email is about to expire due to subsequent Verification failure on your Account.

We recommend that you verify and authenticate your account within 48hrs to avoid the suspension.


if anyone can help me out that would be great :)

Why Antimalware Service Executable is running with KIS after WIn 10 20H2 update

After Windows 10 20H2 update, Antimalware Service Executable is running even there is KIS 2021 installed/
  • Like
Reactions: Protomartyr

Refurbished PC purchase (Any power supply advice?)

Made a nice Desktop PC buy for an early Birthday present. It's a Lenovo ThinkStation E30, with Xeon Quad core/8 thread 3.2GHz 8GB RAM 1TB HDD Win 10 Pro. + medium range Gforce graphics card for light/middle ground gaming. Total cost 115 dollars + 35 shipping. I think its a pretty good deal, for the Windows 10/1TB, etc.
PC 1.jpg

Well, the PC doesn't come with a power supply... normally I always get a cord with my past purchases, but my question might be pretty simple......

1. Are all PC's compadible with ANY standard computer power cord ? I have one attached and running my old PC now, but this PC suffered a faulty end to end error on the HDD, but I don't notice anything faulty with the cord itself... would this plug work okay anyway for my new PC coming soon ?

2. I also need to ask if a power cord could "go bad" and I not know it? Could this be a reason for my old PC's HDD errors ?

3. Can power outages, damage the power cord? (Even if plugged into a surge bar)

4. Is there a difference between Monitor and PC power cords? I do notice my monitor cords are darker, slimmer and have a lot of little ridged plastic design, covering the prongs. Once I plugged the Monitor cord into my computer, recently. Even when it was off.. a huge spark and popping sound happened. I quickly removed it, never again.

I'm a bit confused here, or paranoid just don't want to cause a huge spark and smoke when I plug in my refurbished PC. lol.

Thanks all.

Kaspersky Anti-Ransomware compatible with XP?

Anyone know if KAR can be used on an XP system?
  • Like
Reactions: Cortex

Brave browser first to nix CNAME deception

The Brave web browser will soon block CNAME cloaking, a technique used by online marketers to defy privacy controls designed to prevent the use of third-party cookies.

The browser security model makes a distinction between first-party domains – those being visited – and third-party domains – from the suppliers of things like image assets or tracking code, to the visited site. Many of the online privacy abuses over the years have come from third-party resources like scripts and cookies, which is why third-party cookies are now blocked by default in Brave, Firefox, Safari, and Tor Browser.

Read more here

A new Malware-as-a-service threat; Buer Loader

In September, Sophos discovered Buer as the root cause of a Ryuk ransomware attack, with the malware delivered via Google Docs and requiring the victim to enable scripted content in order to work. In this respect, Buer mimics Emotet and other loader malware variants.

Buer uses a stolen certificate issued by a Polish software developer in order to evade detection and checks for the presence of a debugger to ensure forensic analysis can be avoided.
Quoted from: The world of malware has a new rising star - and that's a big problem

Source: Hacks for sale: inside the Buer Loader malware-as-a-service

Microsoft Teams hits 115M users, up 50% since April; Satya Nadella sees ‘platform effect’ emerging

Microsoft continues to rapidly expand its Teams collaboration software user base. Teams now has 115 million daily active users, up more than 50% from April (75 million users), and more than 160% from March (44 million users).

Microsoft CEO Satya Nadella revealed the latest statistic during the company’s fiscal first quarter earnings call. The growth of Teams illustrates how more companies are using collaboration apps with the shift to remote work amid the pandemic. Others including Zoom, Slack, Google, and more offer competing products in the booming market for collaboration technology.

The Teams growth also explains one of the reasons why Microsoft’s revenue and profits climbed in the September quarter. The company’s Productivity and Business Processes division, which includes Teams, was up 11% over last year to $12.3 billion in the quarter.

“We are seeing increased usage intensity as people communicate, collaborate and co-author content across work, life, and learning,” Nadella said on the call.

Teams has an advantage over competitors because it is offered as a component of the Microsoft 365 subscription plans that include the company’s widely used Office productivity software.

Nadella touted how Microsoft is able to integrate Teams with other 365 apps such as PowerPoint and Dynamics. Microsoft is not only seeing increased Teams usage but also “significant growth of usage across all these modalities inside of Teams,” he said.

“Teams is very exciting to us, because unlike anything else that we’ve done at the application layer, it’s literally like a shell,” Nadella said. “It has a platform effect. It is meetings; it’s chat; it’s collaboration; as well as business process applications, integrated into Teams. That scaffolding richness literally makes it a very robust platform.”

He added: “Meetings are important, but they are transactional. Work happens before meetings, during meetings, and after meetings. That ability to have the workflow completely stitched together is where Microsoft 365 really stands out. That reinforcing effect of Teams by itself, and then Microsoft 365 in conjunction with Teams, is where you’ll see a significant amount of usage growth, more so than individual tools of the past, even.”
Read the full story here at GeekWire:

Kaspersky 21.2 is signed! Testing ends.

Russian Espionage Group Updates Custom Malware Suite

The advanced persistent threat (APT) known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access.

Russia-tied Turla (a.k.a. Ouroboros, Snake, Venomous Bear or Waterbug) is a cyber-espionage group that’s been around for more than a decade. It’s known for its complex collection of malware and interesting command-and-control (C2) implementations. It targets governmental, military and diplomatic targets.

Accenture researchers observed a recent campaign against a foreign government in Europe that ran between June and October, which featured three legacy weapons, all with significant updates. They worked together as a kind of multi-layered threat toolkit.

One of the updated tools is the HyperStack remote procedure call (RPC)-based backdoor (named after the filename that its authors gave it). Accenture has tied it to the group for the first time, thanks to its use alongside the other two tools seen in the campaign: Known Turla second-stage remote-access trojans (RATs), Kazuar and Carbon.

“The RATs transmit the command-execution results and exfiltrate data from the victim’s network, while the RPC-based backdoors [including HyperStack] use the RPC protocol to perform lateral movement and issue and receive commands on other machines in the local network,” according to an Accenture analysis, released on Wednesday. “These tools often include several layers of obfuscation and defense-evasion techniques.”

Opera GX adds New Color Themes plus GX Cleaner to Purge Old Files

At Opera GX, we are very keen on providing users with the most customization options possible, and we just got even better at it. The Secondary Colors feature goes beyond the previously available browser highlight colors and lets you choose an entirely different color scheme for your browser. At Opera GX, we are very keen on providing users with the most customization options possible, and we just got even better at it. The Secondary Colors feature goes beyond the previously available browser highlight colors and lets you choose an entirely different color scheme for your browser.

GX goes way beyond the capabilities of traditional browsers: it actually lets you tune the performance of your system with its CPU, RAM and Network Limiters to give you that extra boost when gaming. This time, we’re pushing it further with GX Cleaner to purge those old and unnecessary files. GX Cleaner helps clean up the junk browser files you don’t use anymore (think cache, cookies, browsing history or downloaded files). It’s designed to improve browser performance while still allowing users to choose which files it deletes. This new tool provides several options for filtering files by date or specific browser location.

North Korea-Backed Spy Group Poses as Reporters in Spearphishing

The North Korean advanced persistent threat (APT) group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Kimsuky (a.k.a. Hidden Cobra) has been operating as a cyberespionage group since 2012 under the auspices of the regime in Pyongyang. Its mission is global intelligence gathering, CISA noted, which usually starts with spearphishing emails, watering-hole attacks, torrent shares and malicious browser extensions, in order to gain an initial foothold in target networks.

Primary targets include think-tanks, and diplomatic and high-level organizations in Japan, South Korea and the United States, with a focus on foreign policy and national-security issues related to the Korean peninsula, nuclear policy and sanctions, CISA added. It also targets the cryptocurrency industry.

In recent campaigns seen over the summer, the group ultimately sent malicious attachments embedded in spearphishing emails to gain initial access to victim organizations, according to an analysis, published on Tuesday. But the malicious content was deployed only after several initial exchanges with the target meant to build trust.

“Posing as South Korean reporters, Kimsuky exchanged several benign interview-themed emails with their intended target to ostensibly arrange an interview date and possibly build rapport,” according to CISA. “The emails contained the subject line, ‘Skype Interview requests of [redacted TV show] in Seoul,’ and began with a request to have the recipient appear as a guest on the show. The APT group invited the targets to a Skype interview on the topic of inter-Korean issues and denuclearization negotiations on the Korean Peninsula.”

After a recipient agreed to an interview, Kimsuky sent a subsequent email with a malicious document. And when the date of the interview got closer, the purported “reporter” sent an email canceling the interview. After obtaining initial access, the APT group ultimately deployed the BabyShark malware and PowerShell or the Windows Command Shell for execution.

Major Windows 10 UI refresh "sun valley" (2021)

Source: Microsoft plans big Windows 10 UI refresh in 2021 codenamed ‘Sun Valley'

Microsoft is planning to update many top-level user interfaces such as the Start menu, Action Center, and even File Explorer, with refreshed modern designs, better animations, and new features.

This UI project is codenamed "Sun Valley" internally and is expected to ship as part of the Windows 10 "Cobalt" release scheduled for the holiday 2021 season. Internal documentation describes the project as "reinvigorating" and modernizing the Windows desktop experience to keep up with customer expectation in a world driven by other modern and lightweight platforms.

Apple reportedly steps up effort to build Google search alternative

Exosphere Fake or real

And a local engine that uses a cloud Avira

Honey: a privacy & security madness extension

This nice blog post is about the Honey extension and display the security and privacy problems with it:

The post is very long but detailed so I don't quote it here.

New Features coming to Avast and AVG 2021?

Are there any new features users should be excited for in Avast / AVG 2021 versions?

Sender of False DMCA Ordered Pay 370K in Damages

An individual who filed false copyright complaints with platforms including Facebook, Amazon, and Instagram in order to damage a rival's business has been heavily punished by a court. In a default judgment handed down this week, the defendant was ordered to pay almost $370k for abusing the DMCA.

Every day millions of DMCA takedown notices are sent to major online platforms including Google, YouTube, Facebook and Twitter. The aim is to remove content that infringes third-party copyrights and the majority succeed in that goal. However, some people see the takedown provisions of the DMCA either as a tool for censorship or one to be abused in order to seize an advantage over a competitor or rival. There are remedies available under the law that allow senders of malicious DMCA takedown notices to be financially punished but such conclusions are extremely rare. This week, however, a court ordered one abusive notice sender to pay what appears to be the most significant amount on record.

In December 2019, The California Beach Co., LLC, (CBC) filed a complaint in a California court alleging that Han Xian Du, an individual living in China, had filed multiple multiple DMCA complaints with various online platforms complaining that CBC’s content infringed copyright. CBC is the exclusive distributor of a kids’ playpen and sells its product through various outlets and via the Internet. Han Xian Du, on the other hand, used a distributor to sell “knockoff” variants of the playpen in the United States. According to the complaint, the defendant sent multiple DMCA takedown notices to Facebook and Instagram, demanding that CBC content should be taken down. Online platforms have a tendency to quickly remove allegedly infringing content and in this case it was no different. Instagram responded by removing CBC’s posts while Facebook disabled CBC’s account in its entirety. Neither of the platforms responded to appeals to have the content reinstated. On Christmas Day, 2019, things escalated when CBC’s product page on Amazon was also removed following a fraudulent DMCA takedown notice, bringing the company’s sales on the platform to a swift halt.

Experian : Credit Agency Told Stop Sharing Data Without Consent

Credit reference agency Experian has been sharing the personal information of millions of people without consent and must stop, the UK's information commissioner has ruled.

The firm sold on the data to businesses that used it to identify who could afford goods and services, as well as to political parties. The company must make "fundamental changes" to how it handles data or face a huge fine, the watchdog said. Experian has said it will appeal.
The two-year investigation was prompted by a complaint from the campaign group Privacy International. It found that Experian and two other credit reference agencies - Equifax and TransUnion - did a significant amount of "invisible" processing of data, meaning that people did not know it was happening. All firms provide a way for people to check their credit score for loans and credit cards. But they are also data brokers, collecting and selling on information gathered from a variety of sources.

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe

More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli security research firm Security Joes.

The researchers immediately alerted CERT Israel, the affected companies and the irrigation system vendor, Mottech Water Management, which did not immediately respond to a request for comment from Threatpost.

Mottech’s system allows for real-time control and monitoring of irrigation for both agricultural and turf/landscaping installations, via desktop and mobile phone. Sensor networks allow for the flexible and real-time allocation of water and fertilizer to different valves in the system. Access to the network could result in an attacker being able to flood fields or over-deliver fertilizer, for instance.

Security Joes regularly scans for Israeli open devices on the internet to check for vulnerabilities, the firm’s co-founder Ido Naor told Threatpost. Recently, its researchers discovered that 55 irrigation systems within Israel were visible on the open internet without password protections. After expanding their search, they found 50 others scattered around the world in countries including France, South Korea, Switzerland and the U.S.

“We’re talking about full-fledged irrigation systems, they could be entire cities,” Naor said. “We don’t look closely at what’s behind the address, because we don’t want to cause any trouble.”
Naor said that at last check, only about 20 percent of the identified vulnerable irrigation devices have had mitigation efforts taken to protect them so far.

LinkedIn, Instagram Vulnerable to Preview-Link RCE Security Woes

Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. At risk are Facebook Messenger, LINE, Slack, Twitter Direct Messages, Zoom and many others. In the case of Instagram and LinkedIn, it’s even possible to execute remote code on the companies’ servers through the feature, according to an analysis.

Firefox 82.0.1. released

Get it from your internal updater



  • Avoid an unnecessary prompt to reboot when using the full installer on Windows (bug 1671715)
  • Restored the ability to print on paper whose width or height is larger than 100 inches, e.g. for receipts (bug 1672370)
  • Fixed printing of documents with margins of zero, e.g. some PDFs (bug 1672529)
  • Fixed handling of the WebDriver:ClickElement command in the marionette testing framework (bug 1666755)
  • Stability fix (bug 1660539)

Abuse.ch Moving Forward

Published on 26th October 2020, 13:45:09 UTC

13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and abuse.ch was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.

Since the launch of ZeuS Tracker in 2009, many years have passed, and new cyber threats have appeared. During this time, I came up with more projects aimed at helping the internet community that is fighting the endless battle against cyber crime. Since the start of abuse.ch, all data made available by the project has always been free of charge for both commercial and non-commercial purposes. More and more people started to use the threat intelligence offered by abuse.ch, and at the same time the amount of data handled by the project greatly increased. Operating the infrastructure needed to collect, process, and publish data to the public became increasingly challenging. Fortunately, I was able to partner with a handful of organizations to support the project with infrastructure. Operating abuse.ch in the past years without their support would not have been possible!

The two most recent projects are URLhaus & MalwareBazaar, which are both crowdsourced: most of the threat intelligence provided by these projects is produced by the infosec community, which includes IT security researchers from SOCs, CSIRTs or CERTs and also vendors of security solutions. It's great to see the community working together to make the internet safer!

Nevertheless, I'm confronted with some problems that I need to solve. As of today, abuse.ch is (still) a one man show; a project, which I mainly maintain in my spare time, and not for profit. This includes maintaining infrastructure that:

  • consists of around 50 servers and 200 sandboxes
  • generates over 130TB network traffic per month
  • answers around 2,000,000 API requests per day
  • handles almost 300,000,000 HTTP requests per month
  • generates 80GB of data - every day
Handling all of this has became pretty challenging in recent years, not necessarily from a technical perspective, but rather that of infrastructure costs, and need for specific knowledge of big data analysis. At the same time, I am having many ideas for new projects that not only require additional infrastructure, but also the necessary skills to handle and analyze data at scale. Therefore, I have thought a lot about the future of abuse.ch. I've talked not only with friends, but also other IT security folks, and lawyers, to figure out the options I have. My main goal has always been clear: I want to continue to provide data for the good of the internet - free for everyone.

After lots of back and forth, I came to the conclusion that the best option I have at the moment is to turn abuse.ch into a research project. By going this route I could:

  • finally accept funding from 3rd parties (which has not been possibile to date)
  • get the possibility to access to national and international research funds (such Swiss National Science Foundation or Horizon Europe)
  • hire someone with additional technical skills that can support my work on abuse.ch
But as always, things are not that easy as they seem. In order to turn abuse.ch into a research project, a handful of requirements must be fulfilled:

  1. Finding a university that will host my project (fortunately, I have already a mutual commitment from a Swiss university for that)
  2. Becoming employed by that university (part time), and ...
  3. That employment must be paid by funds which I need to raise now
About two months ago, I therefore reached out to big organizations who are using data from abuse.ch to protect either their network or their customers, to ask them for help. Unfortunately, I didn't got any fundamental commitments which honestly surprised and disappointed me; this is the reason why I have to reach out now. At the same time, organisations that became a victim of ransomware pay millions of dollars to cyber criminals to get their data back. Strange world, isn't it?
Your help is needed!
My goal is to collect enough funds by end of 2020 to turn abuse.ch into a research project. If your organization is using data from abuse.ch and you wish to fund the project, please reach out to me coSntacPtAmeM@abuse.ch (remove all capital letters).

What if...​

What would happen after the end of 2020 if my plan fails? Well, I honestly don't know. I will definitely not just quit by 2021-01-01. On the other hand, I've been running abuse.ch for more than 10 years, and I can't make any promises that I will continue doing it for another 10. After all these years, getting funding for a research project and spreading the workload out onto more than just my shoulders would be fair.

Steelcase Furniture Giant Hit by Ryuk Ransomware Attack

MT friends! Today, I have learned that one of the world's largest furniture manufacturing companies was recently infected with Ryuk ransomware. Please read below and at the end my thoughts on the situation.

As noted from the Bleeping Computer New Article by Lawrence Abrams:

Office furniture giant Steelcase has suffered a ransomware attack that forced them to shut down their network to contain the attack's spread.

Steelcase is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020.

Steelcase suffers a Ryuk ransomware attack​

In an 8-K form filed with the Securities and Exchange Commission (SEC), Steelcase has disclosed that they were the victim of a cyberattack on October 22nd, 2020.

On October 22, 2020, Steelcase Inc. (the “Company”) detected a cyberattack on its information technology systems. The Company promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations.
The Company is actively engaged in restoring the affected systems and returning to normal levels of operations. At this time, the Company is not aware of any data loss from its systems or any other loss of assets as a result of this attack. Although cyberattacks can be unpredictable, the Company does not currently expect this incident will have a material impact on its business operations or its financial results.

BleepingComputer has been actively tracking this attack after a source in the cybersecurity industry told us last week that Steelcase suffered a Ryuk ransomware attack.

We were told that Steelcase's devices were encrypted by Ryuk after first being targeted by the same group behind the recent attack on Sopra Steria and Universal Health Services.

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Those attacks utilized either the BazarLoader or TrickBot infections, which ultimately provide remote access to the Ryuk Ransomware threat actors, who then compromise the rest of the network and deploy Ryuk.

BazarBackdoor attack flow

BazarBackdoor attack flow
Source: Advanced Intel

It is unknown how many devices were encrypted or if business operations were impacted other than the shutting down of the network.

BleepingComputer has contacted Steelcase with further questions but has not heard back.

You can read this article at Bleeping Computer using the below link:

Steelcase furniture giant hit by Ryuk ransomware attack

Companies in my humble opinion need to be prepared for security situations. It is not a matter of 'if', but a matter of 'when' something like this happens to any given company.

I feel bad for Steelcase, Steelcase partners, Steelcase dealerships, and Steelcase customers. This situation goes from bad to worse in a heartbeat. I hope that Steelcase will recover from this attack and come out on the other side helping to teach the world about what they learned along with findings. I hope that Steelcase has an iron-clad insurance policy that will help them in overcoming the tremendous cost of downtime that their systems have been under. Can you imagine if all corporate systems were for a large part inaccessible for this large of a company? I would imagine the cost would be in the millions for damages alone that could be measured. We aren't even talking about the possible damages to reputation etc. that may cause brand trust issues or for potential future loss in business as it relates to what has happened.

Earlier today I was thinking to myself: What if consumers were expecting their product at a certain time and now everything is delayed? Most contracts have terms for failure to deliver and for that alone I bet will cost a ton of money.

What are your thoughts?


Setup NextDNS with Pfsense

Hello to all,

First things First:
For all Posted Applications and Lists
1. I am not responsible for damaged Hardware / Software of any kind
2. I do not own or am affiliated to the company / developers linked here
3. This is not a sponsored thread and do this as part of my hobby
4. Have fun and share your findings / experiences


I just wanted to document on how to install NextDNS on a Pfsense Firewall box.

Why install?

For me it was a "peace of mind" thing since like the most I have a dynamic IP and want to know how each client behaves on the logs. (Self registering over NextDNS api and ID)

What does it do?

It installs an alternative to the unbound DNS Server.

How is the Setup?

Actually super easy and only requires a NextDNS account if you have more then 300000 Queries. At that point I was not sure how much I needed so I bought a Pro account for my household. (Private/Family)

Cmon come to the point!

OK OK - First you need a NextDNS ID (works with temp accounts too) <300,000 Queries - Then the git page -> nextdns/nextdns

Then shell access to your pfsense box (SSH) -> Option 8 -> Then use the Install script
sh -c 'sh -c "$(curl -sL https://nextdns.io/install)"'
Follow the instructions and insert the ID provided by NextDNS

1. Disable the Service "unbound" over the WebGUI of the Pfsense box
2. Delete DNS entries under System -> General Setup
-> 3. If you have special settings under Services -> DNS Resolver -> Custom Options [Caution -> If you use PFblockerNG do not delete the first line to the config!]
-> 4. If you have PFblockerNG installed there is no need for it since NextDNS can handle the workload! [Just double check the NextDNS Logs to see if filters are setup as you want it]

after that we go again to the Pfsense shell -> (SSH) -> Option 8
What we do there is change the cache size -> nextdns/nextdns
sh -c "nextdns config set -cache-size=10MB"
sh -c "nextdns restart"
AND Only IF -> "NextDNS with a custom configuration ID is configured!"
sh -c "nextdns config set -max-ttl=5s"
sh -c "nextdns restart"
To clear out the cache as explained here -> nextdns/nextdns

Then test your config with NextDNS...

What is should do?

in the logs it should show your devices in the network that request DNS queries. Then all requests should show a lock symbol for DNS over HTTPS - I tested with DNS over TLS but had DNS Leak issues.

Proof of working config:

If more detail is needed just ask I am happy to provide more info.

Only If you want to help me out by getting NextDNS there is a Affiliate Link from me -> NextDNS <- Major Thanks in advance! I'll test some more and post updates... ;)

Best regards

CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant

The CBP is buying location data harvested from ordinary apps installed on peoples’ phones.

U.S. Customs and Border Protection is refusing to tell Congress what legal authority the agency is following to use commercially bought location data to track Americans without a warrant, according to the office of Senator Ron Wyden. The agency is buying location data from Americans all over the country, not just in border areas.

McAfee Endpoint Security 10.7 Action Enforcement problem

There is no 'Observation Mode' under Action Enforcement Settings yet McAfee logs say the malware (rated most likely malicious) is not blocked due to being in observation mode. Any idea why?



Mac users unable to print after Apple revoked HP certificate

Apple macOS X users with HP printers are left unable to print from their computers after Apple revoked a certificate that signed HP's print drivers.

The result was print drivers being mistaken on macOS X for malware, and user complaints springing up over the weekend.

KB4577586 removes Adobe Flash Player from your Windows system!