Tuesday, 10 October 2017

Privacy-Based Librem 5 Phone Collected $ 1.5 Million

The privacy and security-based Librem 5 smartphone has collected over $ 1.5 million through a crowdfunding campaign . With this, Purism developer has achieved the goal of the campaign and the phone can be produced. The Librem 5 runs free and open source software on PureOS.

This is a Debian Linux-based operating system. The phone can also run other GNU distributions, such as Ubuntu, Fedora and Suse. Developers want to create a completely open development environment, rather than the closed platforms of other phone providers. Furthermore, developers say that the phone is being developed with security in mind and will use the "privacy by default" principle. Thus, the Librem will offer 5 decentralized end-to-end encrypted communications via the Matrix network and are the first 'ip native' smartphone in the world.

"We think that phones should not follow you or make an abuse of your digital life. We are in the middle of a digital rights revolution where you can pay the future", so let developers know the Librem 5 website. The phone can also communicate with other devices, such as monitors, mouse and keyboard and other platforms. The five-inch smartphone features 3GB of memory, 32GB of storage that can be expanded via a micro SD card and provides hardware, camera, microphone, baseband, wifi, and Bluetooth kill switches. The phone can be ordered through the crowd funding campaign for $ 599. The device should be delivered in January 2019.

ISC Warns Usb Cable With Built-In Sim Card

The Internet Storm Center (ISC) warns of usb cables that are sold and have a built-in sim card, mobile phone and microphone. Attackers could perform attacks or stolen data through such cables, according to Johannes Ullrich of the ISC.

For example, the $ 30-usb usb cable responds to text messages and can send those GPS coordinates. It is also possible to activate and listen to the microphone via a text message. "The main risk is to leave systems (and cables) left unattended in places with some public access," Ullrich notes. This applies, for example, to systems in hotel rooms or classrooms.

Users therefore get the advice to mark their cables so that they can not be replaced by other cables. In addition, the cables must be fastened. In conclusion, Ullrich states that the "usb spy cable" in question is easy to recognize when users know what to look for. "But I'm sure they can make a smaller cable and maybe a version that's a bit more expensive and not so easy to show the sim card."

Sleep Pattern WhatsApp Users Easy To Follow

It's easy to follow WhatsApp usage and sleep patterns of WhatsApp users. For example, information that can be sold to health insurers and credit agencies, says software engineer Robert Heaton . Using only the WhatsApp user's phone number, it is possible to read his status, as if he is online and when he was last seen.

It is not necessary to be friends with the WhatsApp user. Only a phone number is sufficient. Heaton wrote a simple script that requests information every 10 seconds at WhatsApp. Then he processed the data in a graph, making it clear that the sleep pattern of the WhatsApp user he wanted to follow became clear. Users can set to see their "last seen" status show. By default, however, this status is visible to everyone. Additionally, users can not hide their "online" status.

According to Heaton, it is so easy to make graphs of both theirs and strangers using their WhatsApp use and sleep patterns. Information that can be sold to health insurers and credit agencies that are interested in "deviant behavior", for example, let the engineer know. Other scenarios are outlined at Hacker News , which allows the status information to communicate which friends communicate in a contact list via the status information. For example, it may be outdated whether people are cheating or having an affair.

37,000 Chrome Users Downloaded Fake Version Of Adblock Plus

Over 37,000 Chrome users have downloaded a fake version of the popular Adblocker Adblock Plus. The extension was offered in the official Chrome Web Store, so the security investigator reports the "SwiftOnSecurity" alias on Twitter .

The extension used non-Latin characters so it seemed like it was about Adblock Plus. Over 37,000 Chrome users were deceived in this way. Once installed, the fake version shows all kinds of ads. The extension developer appears to be cloning more popular extensions and then offering it in the Chrome Web Store. Meanwhile, Google has removed the Chrome Web Store extension. The true version of Adblock Plus has more than 10 million users and over 158,000 reviews.

Monday, 9 October 2017

Infected Pornhub Ads Spread Kovter Malware

On the popular porn site Pornhub, infected advertisements appeared to infect visitors with malware. According to market researchers, the porn site is ranked in the top 30 of most visited websites in the world. Pornhub claims itself to get 75 million unique visitors a day.

The infected ads were spread through Traffic Junky's ad network. The ads passed users to a website that believed that there was an important update for the browser or Adobe Flash Player. When users clicked on the page, a JavaScript file was downloaded that installed the final malware. It was about malware that caused the computer advertising fraud. After being informed, both Traffic Junky and Pornhub have removed the ads, according to security company Proofpoint.

"The combination of large scale malvertising campaigns on print-enabled websites with sophisticated social engineering that convinces users to infect themselves means that potential exposure to malware is quite high and millions of Internet users are reached," says the Proofpoint researcher with the alias Caffeine. "Once again, we see that attackers exploit the human factor as they adapt their tools and approaches to a landscape where traditional exploits are less effective." The investigator thus targets the fact that attacking vulnerabilities in browsers and Adobe Flash Player causes ever fewer infections to cyber criminals.

Indicators of Compromise (IOCs):

IOC Type
Suspicious Epom server 2017-10-01
Subdomain from a rogue KeyCDN customer 2017-10-01
KovCoreG soceng host  2017-10-01
KovCoreG soceng host  2017-10-01
            T016d6n7t96x2hc43r5f3u6gs61d.zip (zipped runme.js)  2017-10-01


 Kovter 2017-10-01

 Kovter 2017-10-01

WordPress Sites Vulnerable By Leak Into Postman SMTP Plug-In

Over 100,000 WordPress sites are vulnerable due to a vulnerability in the Postman SMTP plug-in, and a developer security update is not yet available. Postman is an SMTP mailer that helps send emails generated by the WordPress site.

The plug-in is vulnerable to reflected cross-site scripting, which allows an attacker to steal the content of cookies from, for example, the administrator, according to security company White Fir. Due to the unpatched vulnerability, WordPress decided to remove the plug-in from the database with available plug-ins on WordPress.org . Meanwhile, GitHub has published a patched version of Postman, but it has not been developed by the original author. The original developer would have been informed about the problem.

Tuesday, 3 October 2017

Personal Cyber Security

Rubica, the Answer to your Personal Cyber Security

Cyber security has become one of the major concerns around the globe especially given the increased number of operations relying on digital networking. There are numerous cyber related crimes that major organizations face every day hence the necessity for personal cyber security. Companies are currently spending billions of dollars trying to deal with the problems of cyber security. However, with a reliable personal cyber security provider like Rubica, you will be able to enjoy among the most reliable and most effective solutions to any cyber threat against your systems.

Rubica is a company that provides other organizations with the opportunity to strengthen their personal cyber security with the help of human intelligence. With Rubica, you are sure that your personal data is protected against all forms of online threats and your systems’ security enhanced to withstand common attacks. The main aim of Rubica is to help you be at peace with your digital operations through enhanced cyber security.

Rubica uses an app that you can install in your system. The firm also boasts of highly qualified and reliable experts that analyze and assess your system for any malicious activity. Once a digital security issue has been detected, the Rubica experts work towards neutralizing it for your safety and security. You can trust these experts because they comprise of a team of US Navy, Scotland Yard, and NSA who are fully trained to deal with all aspects of cyber security.

The reliance of major organizations on Rubica to help solve their cyber security fears has been enhanced by its 10-year experience in active, real-time, and personal analysis. The company uses its software and human intelligence to analyze the personal behavior sequence of each client.

For efficiency in promoting cyber security, Rubica has collaborated with multiple parties that include insurance companies, financial organizations, and legal consultants, among other relevant agencies. Rubica does this to promote cyber security education to its customers as well as the different communities from where the firm operates as a way of creating awareness about personal cyber security.

It is important to acknowledge that the impact of threats to personal cyber security has a way of affecting different economies and societies. For instance, the cyber-attack on Ukraine that eventually caught up with the rest of the world. This cyberattack affected major financial institutions forcing them to shut down all their computing and digital systems. Rubica could employ its expertise in such instances to enhance personal cyber security since all suspicious activities are identifiable before they can harm the targeted systems.

Wednesday, 5 July 2017

Developer Medoc Confirms Backdoor In Update

Ukrainian software company tax and accounting Medoc develops confirmed that attackers malicious code added to an update allowing the Petya-ransomware is installed. Initially the company denied even attackers had used the company's software to install Petya-ransomware. On Facebook , the company has been now confirms that the victim of a hack.

Previously, researchers at antivirus company ESET discovered attackers had added a backdoor on an update for Medoc which was released on June 22. The software company announced that it has developed an update that should fix the problem. The servers of the software have been seized by the police, so the update that addresses the issues and to prevent new attacks still can not be rolled. Ukrainian Police advise on Facebook to use non Medoc temporary and computers it is installed to disconnect from the network.

Test: Ten Tested Virus Scanners For MacOS

German test lab AV-Test has a new test virus put online, this time for anti-virus software for MacOS looked. The amount of new malware for MacOS is not commensurate with those for Windows. However, last year there was an increase in visible , of 819 new units in 2015 to 3033 in 2016.

Most infections MacOS is still doing for social engineering, in which users are tricked into installing malware, although some cases are known where attackers managed to add malware to legitimate programs. That there is little malware for MacOS in circulation is evident from the number of copies that malware-AV-Test used for the test. The lab works on Windows with tens of thousands of malware specimens. 184 specimens were used for the test with Mac malware.

Four products (Bitdefender, Intego, Symantec and Kaspersky Lab) were able to detect all malware instances. MacKeeper ends with a score of 85.9 percent down. Besides the detection was also the tax system looked when copying files. Then put Canimaan Software and MacKeeper down the best performance, followed by Kaspersky Lab and Symantec with one second difference. Intego slows the most systems. Finally, we looked at the false positives. In this case considers a virus if infected legitimate, clean files. During this test item was no virus in error.

Attackers Behind Petya-Ransomware Emptying Bitcoin Wallet

The attackers behind Petya-ransomware have 9,000 euros paid by victims transferred to another bitcoin wallet. That leaves Aleks Gostev on Twitter know, chief security expert at anti-virus firm Kaspersky Lab. The ransomware which last Tuesday infected several organizations showed users see a screen where they were instructed to make about $ 300 to the specified bitcoin wallet.

Unlike many other ransomware became for all victims the same bitcoin wallet used. Last night decided the attackers 9,000 victims who had paid to worry about another wallet. In addition, there appeared on Pastebin message that bitcoin 100 (225 000 euro) were asked for the decryption key to decrypt all infected systems by Petya.

However, it is unclear whether the persons who placed the Pastebin message also behind the Petya-ransomware. According to researcher Matt Suiche attackers try to confuse the public by the story Petya actually a wiper which data could again turn into a story about ransomware, let him opposite Vice Magazine know.

Cyber Security Council Wants More Companies To Be Notified Of Cyber Attack

The Cyber Security Council, the advisory body of the Cabinet when it comes to cyber security, wants more companies to be notified of a cyber attack, rather than just the vital sectors. According to Ron Moss, a member of the Council, the loss of Petya attack could have been less if companies such as APM Terminals and parcel TNT were warned before, let it faces BNR know.

In the case of the Petya-ransomware though there were no signs or information that the attack would take place, and the news was known until the outbreak had occurred. "If the attacks take place, then the damage is already done, then there is not much point to inform," said Ronald Prins of security firm Fox-IT. He points to the outbreak of the WannaCry-ransomware, which spread very rapidly. "And so there was no warning as possible."

D66 MP Kees Verhoeven endorses the opinion of the Cyber ​​Security Council and wants the government will implement it. "There could be considered a National Computer Emergency Response Team. A team which companies can exchange knowledge and information about cyber attacks." According to Verhoeven should be informed on the one hand on attacks and malware, but companies have on the other hand are structurally better prepared. "This is largely the responsibility of the companies themselves, but the government can play a supporting role. We have the National Cyber ​​Security Center. The infrastructure to do it so, but apparently works not yet."


The opinion of the Cyber Security Council has now been published online ( pdf ). It calls for a nationwide system of information centers for information exchange covering all Dutch businesses. In addition, suppliers must of internet products and services have an active stance when it comes to offering safe products and have to do the simple declaration to cybercrime to the police.

Fourth Largest South Korean Bitcoin Stock Exchange Bithumb Hacked

Attackers have hacked the fourth largest South Korean bitcoin stock exchange Bithumb and data and money of users stolen. Bithumb is one of the largest exchanges where digital currency bitcoin and ethereum traded. The attackers were able to access the personal information of nearly 32,000 Bithumb users, including names, mobile phone numbers and email addresses, so let know Brave New Coin.

According to the exhibition is about three percent of the customers. Let customers know that converted stolen millions of euros to digital currency, but Bithumb suggests that the attackers had no direct access to client funds. According to the fair, the attackers managed to penetrate through the computer of an employee. The attackers would then use the stolen personal information to calling customers and to steal additional information which transactions could be carried out.

Bithumb discovered the data breach on June 29 and alerted the authorities on 30 June. More than 100 Bithumb users have been reported to the South Korean police. The exchange said the victims of the data breach will pay a fee of the equivalent of 76 euros. Users who have suffered Further damages will be compensated for as soon as the amount is confirmed, so notify South Korean media.

Friday, 21 April 2017

Cybercriminals Use NSA Exploits To Attack Servers

Cyber criminals are currently actively using the NSA exploits last week by the hacker group Shadow Brokers were made public to provide servers backdoors and possibly spreading ransomware. Let know several security researchers.

Thus Double Pulsar tool found on the various servers. The NSA would use this tool after it has been through an exploit access to a server. In addition, security reports SenseCy that there is currently a "trend" going where the leaked NSA exploits used to infect Windows Servers with ransomware. The attackers were using either a vulnerability in Windows SMB Server make that Microsoft patched in March.

Further details are not given, however, about this ransomware attacks. Earlier researcher Kevin Beaumont predicted that the NSA exploits a ransomware worm would be used. "It's the next logical step yields for worms and criminals, because the money and is easy to do," says the researcher. Beaumont says that if known exploits are currently being used to servers a backdoor provide.